App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=1.06 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.059/1.059/1.059/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7984 0 --:--:-- --:--:-- --:--:-- 9250
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Mon Mar 23 07:02:47 2026 from 192.168.100.2 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.761 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.761/0.761/0.761/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=67 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=67 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49744 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49744 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=59072 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=59072 packets=20 bytes=4768 [ASSURED] mark=0 use=1 appdetect[L4:22] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=66 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=66 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 9.8M 0 --:--:-- --:--:-- --:--:-- 10.8M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5626 0 --:--:-- --:--:-- --:--:-- 6166
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47464 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47464 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5283 0 --:--:-- --:--:-- --:--:-- 6166
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Mon Mar 23 07:05:59 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47472 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47472 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=50362 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=50362 packets=20 bytes=4768 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47464 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47464 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.479 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.479/0.479/0.479/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=54640 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54640 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=68 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=68 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47472 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47472 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=40801 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40801 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=50362 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=50362 packets=20 bytes=4768 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=47464 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=47464 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=50886 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50886 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.795 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.795/0.795/0.795/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6589 0 --:--:-- --:--:-- --:--:-- 7400
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56792 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56792 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46354 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46354 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=58022 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58022 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5054 0 --:--:-- --:--:-- --:--:-- 5285
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+zm8C1NwxzrvakaiEPJaAUOGGa6WWUmtc= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19+vMnsK48fT8tZz1jp7G/RtH+/XATK2ySUfB7coFyzjGXbUaxz2Ao+ set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/c6F50bii2lLv5/KJYmf9rx8Hfa5mQeKE= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/XFJPflEw7IsrjMt83ecODh/0W1qxQR/csm4/yE6SGfgXeGt/wE2a6 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.542 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.542/0.542/0.542/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Mar 23 07:07:32.335530 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.7M, max 13.8M, 12.0M free. Mar 23 07:07:32.338355 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:07:32.338427 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:07:32.347301 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:07:32.619876 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 07:07:32.954556 osdx OSDxCLI[2568]: User 'admin' entered the configuration menu. Mar 23 07:07:33.050388 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Mar 23 07:07:33.114381 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 23 07:07:33.229335 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Mar 23 07:07:33.313966 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Mar 23 07:07:33.417670 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Mar 23 07:07:33.478454 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Mar 23 07:07:33.598946 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Mar 23 07:07:33.659340 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Mar 23 07:07:33.768020 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Mar 23 07:07:33.845266 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Mar 23 07:07:33.948353 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Mar 23 07:07:34.033257 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Mar 23 07:07:34.108702 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Mar 23 07:07:34.197551 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Mar 23 07:07:34.273165 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Mar 23 07:07:34.392548 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Mar 23 07:07:34.459925 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Mar 23 07:07:34.561084 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Mar 23 07:07:34.642818 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Mar 23 07:07:34.762955 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Mar 23 07:07:34.832795 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Mar 23 07:07:34.939608 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Mar 23 07:07:35.003702 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 23 07:07:35.123651 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Mar 23 07:07:35.185386 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 23 07:07:35.300827 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Mar 23 07:07:35.400990 osdx OSDxCLI[2568]: User 'admin' added a new cfg line: 'show working'. Mar 23 07:07:35.515397 osdx ubnt-cfgd[17986]: inactive Mar 23 07:07:35.647029 osdx INFO[18024]: FRR daemons did not change Mar 23 07:07:35.806344 osdx kernel: nfUDPlink: module init Mar 23 07:07:35.806404 osdx kernel: app-detect: module init Mar 23 07:07:35.806416 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 23 07:07:35.806426 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 23 07:07:35.806437 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 23 07:07:35.806448 osdx kernel: app-detect: expression init Mar 23 07:07:35.806463 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 23 07:07:35.806473 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 23 07:07:35.850343 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Mar 23 07:07:35.850402 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:35.850415 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:35.850424 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:35.850434 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Mar 23 07:07:35.850441 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 23 07:07:35.850449 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 23 07:07:35.850461 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 23 07:07:35.850468 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 23 07:07:35.850476 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 23 07:07:35.850484 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 23 07:07:35.850494 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 23 07:07:35.850502 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 23 07:07:35.850509 osdx kernel: app-detect: dictionary _remote_ enabled Mar 23 07:07:35.850517 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:35.850524 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:35.850531 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:35.850538 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:35.850546 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Mar 23 07:07:35.850555 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:35.850563 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:35.850572 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:35.850579 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Mar 23 07:07:35.850586 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 23 07:07:35.850593 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 23 07:07:35.850600 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 23 07:07:35.850607 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 23 07:07:35.850614 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 23 07:07:35.850621 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 23 07:07:35.850628 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 23 07:07:35.850638 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 23 07:07:35.850649 osdx kernel: app-detect: dictionary _remote_ enabled Mar 23 07:07:35.850661 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:35.850668 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:35.850675 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:35.850682 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:35.850689 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:35.861064 osdx INFO[18061]: Updated /etc/default/osdx_tcatd.conf Mar 23 07:07:35.861118 osdx INFO[18061]: Restarting Traffic Categorization (TCATD) service ... Mar 23 07:07:35.890799 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 23 07:07:36.224154 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 23 07:07:36.225452 osdx osdx-tcatd[18065]: Dict_client. rdict_num 2 mark 5555 local-vrf Mar 23 07:07:36.225773 osdx osdx-tcatd[18065]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Mar 23 07:07:36.225862 osdx osdx-tcatd[18065]: Dict_client. rdict_num 1 mark 5555 local-vrf Mar 23 07:07:36.225908 osdx osdx-tcatd[18065]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Mar 23 07:07:36.262418 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 23 07:07:36.319454 osdx WARNING[18155]: No supported link modes on interface eth1 Mar 23 07:07:36.321203 osdx modulelauncher[18155]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 23 07:07:36.321220 osdx modulelauncher[18155]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 23 07:07:36.322678 osdx modulelauncher[18155]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Mar 23 07:07:36.322690 osdx modulelauncher[18155]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 23 07:07:36.362352 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 07:07:36.416188 osdx WARNING[18235]: No supported link modes on interface eth0 Mar 23 07:07:36.418110 osdx modulelauncher[18235]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 07:07:36.418124 osdx modulelauncher[18235]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 07:07:36.419653 osdx modulelauncher[18235]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 23 07:07:36.419667 osdx modulelauncher[18235]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 23 07:07:36.618292 osdx cfgd[1860]: [2568]Completed change to active configuration Mar 23 07:07:36.633650 osdx OSDxCLI[2568]: User 'admin' committed the configuration. Mar 23 07:07:36.667803 osdx OSDxCLI[2568]: User 'admin' left the configuration menu. Mar 23 07:07:39.787085 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack clear'. Mar 23 07:07:39.937297 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:38536/10.215.168.1:80 Mar 23 07:07:39.937379 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:38536/10.215.168.1:80 Mar 23 07:07:39.937395 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Mar 23 07:07:39.937407 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:39.937429 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 23 07:07:39.937387 osdx osdx-tcatd[18065]: UDP_Server. Read 27 bytes Mar 23 07:07:39.937392 osdx osdx-tcatd[18065]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Mar 23 07:07:39.937413 osdx osdx-tcatd[18065]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 23 07:07:39.937424 osdx osdx-tcatd[18065]: UDP_Server. Read 27 bytes Mar 23 07:07:39.937426 osdx osdx-tcatd[18065]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Mar 23 07:07:39.937441 osdx osdx-tcatd[18065]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 23 07:07:39.954080 osdx osdx-tcatd[18065]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Mar 23 07:07:39.954100 osdx osdx-tcatd[18065]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Mar 23 07:07:39.954205 osdx osdx-tcatd[18065]: UDP_Server. Sent 38 bytes Mar 23 07:07:39.954337 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 23 07:07:39.954364 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:39.954376 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:39.954388 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 23 07:07:39.954398 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:39.954409 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:39.954419 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Mar 23 07:07:39.954730 osdx osdx-tcatd[18065]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Mar 23 07:07:39.954743 osdx osdx-tcatd[18065]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Mar 23 07:07:39.954791 osdx osdx-tcatd[18065]: UDP_Server. Sent 38 bytes Mar 23 07:07:39.958338 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 23 07:07:39.958380 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:39.958389 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:39.958397 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:39.958405 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:39.958413 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:39.958420 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38536 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38536 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=51420 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=51420 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=43732 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=43732 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=51432 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=51432 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45335 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45335 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40697 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40697 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 20 35 3214 5731 ----------------------------------------------------- Total 20 35 3214 5731
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38536 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38536 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=51420 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=51420 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=43732 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=43732 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=51432 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=51432 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45335 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45335 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40697 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40697 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4790 0 --:--:-- --:--:-- --:--:-- 5285 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38536 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38536 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=51420 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=51420 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=43732 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=43732 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=51318 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51318 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=51432 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=51432 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=45335 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45335 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=40697 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40697 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=33287 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33287 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s916ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 3049 0 --:--:-- --:--:-- --:--:-- 3083
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=42584 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42584 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=51326 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51326 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18qDpJZ/8FVHihKV4+bzWPZHbIu/Zq8e2E= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+JbRSOUTj7uLqenpVpgehwdxOwxgnzgtvhu+x6ShhL9qqkh3w8BXxo set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/mxswRvlQoufBrneJr0WzcM8GOhRX7FfA= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/G9DLRv4WCskNc5iIZsb7DUhuXK2zXGI3WKNA/eXcobqCfgf4j4pZ5 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35268 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35268 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=43732 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=43732 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35691 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35691 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38171 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38171 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57216 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57216 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57232 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57232 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52163 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52163 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55782 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55782 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59764 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59764 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55500 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55500 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=50875 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50875 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35268 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35268 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=43732 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=43732 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=42999 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42999 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35691 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35691 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=38171 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38171 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57216 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57216 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57232 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57232 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=50722 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50722 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=49178 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49178 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=47007 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47007 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=52163 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52163 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=55782 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55782 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=59764 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59764 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Mar 23 07:07:48.550492 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Mar 23 07:07:48.550499 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.550511 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:48.550518 osdx kernel: app-detect: freed hash table Mar 23 07:07:48.550525 osdx kernel: app-detect: freed memory for hashes+appids Mar 23 07:07:48.550532 osdx kernel: app-detect: dictionary _remote_ deleted Mar 23 07:07:48.550540 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.550546 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Mar 23 07:07:48.550553 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.550560 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:48.550567 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Mar 23 07:07:48.550575 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.550582 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Mar 23 07:07:48.550589 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.550596 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Mar 23 07:07:48.550604 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 23 07:07:48.550611 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 23 07:07:48.550618 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 23 07:07:48.550625 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 23 07:07:48.550632 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 23 07:07:48.550641 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 23 07:07:48.550650 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 23 07:07:48.550657 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 23 07:07:48.550664 osdx kernel: app-detect: dictionary _remote_ enabled Mar 23 07:07:48.550671 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.550678 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:48.550685 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 23 07:07:48.550692 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.550699 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:48.582347 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 23 07:07:48.582418 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.582432 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:48.582444 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:48.582455 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.582466 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:48.582476 osdx kernel: app-detect: dictionary _remote_ disabled Mar 23 07:07:48.582494 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.582505 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:48.582516 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.582526 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:48.582540 osdx kernel: app-detect: freed hash table Mar 23 07:07:48.582551 osdx kernel: app-detect: freed memory for hashes+appids Mar 23 07:07:48.582562 osdx kernel: app-detect: dictionary _remote_ deleted Mar 23 07:07:48.582573 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.582584 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:48.582594 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.582606 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:48.582616 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Mar 23 07:07:48.582628 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.582638 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:48.582649 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.582659 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Mar 23 07:07:48.582670 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Mar 23 07:07:48.582680 osdx kernel: app-detect: set type of dict _remote_ to remote Mar 23 07:07:48.582691 osdx kernel: app-detect: user set num_hash_entries=40000 Mar 23 07:07:48.582702 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Mar 23 07:07:48.582714 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Mar 23 07:07:48.582725 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Mar 23 07:07:48.582735 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Mar 23 07:07:48.582748 osdx kernel: app-detect: enable remote dictionary _remote_ Mar 23 07:07:48.582759 osdx kernel: app-detect: dictionary _remote_ enabled Mar 23 07:07:48.582769 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:48.582780 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:48.582789 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:48.582800 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:48.582811 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:48.628084 osdx INFO[18485]: Updated /etc/default/osdx_tcatd.conf Mar 23 07:07:48.628133 osdx INFO[18485]: Restarting Traffic Categorization (TCATD) service ... Mar 23 07:07:48.634721 osdx osdx-tcatd[18065]: UDP_Server. Received STOP signal. Cleanup Mar 23 07:07:48.634767 osdx osdx-tcatd[18065]: Dict_client. Cleanup Mar 23 07:07:48.634758 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 23 07:07:48.636546 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Mar 23 07:07:48.636680 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 23 07:07:48.658705 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 23 07:07:48.978671 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 23 07:07:48.979729 osdx osdx-tcatd[18489]: Dict_client. rdict_num 2 mark 5555 local-vrf Mar 23 07:07:48.991970 osdx osdx-tcatd[18489]: Dict_client. rdict_num 1 mark 5555 local-vrf Mar 23 07:07:49.155578 osdx cfgd[1860]: [2568]Completed change to active configuration Mar 23 07:07:49.158213 osdx OSDxCLI[2568]: User 'admin' committed the configuration. Mar 23 07:07:49.183005 osdx OSDxCLI[2568]: User 'admin' left the configuration menu. Mar 23 07:07:49.318525 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack clear'. Mar 23 07:07:51.406266 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:55782/10.215.168.66:53 Mar 23 07:07:51.406549 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:55782/10.215.168.66:53 Mar 23 07:07:51.406567 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Mar 23 07:07:51.406578 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Mar 23 07:07:51.406588 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:51.406615 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 23 07:07:51.406655 osdx osdx-tcatd[18489]: UDP_Server. Read 27 bytes Mar 23 07:07:51.406664 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Mar 23 07:07:51.406685 osdx osdx-tcatd[18489]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 23 07:07:51.406696 osdx osdx-tcatd[18489]: UDP_Server. Read 27 bytes Mar 23 07:07:51.406699 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Mar 23 07:07:51.406705 osdx osdx-tcatd[18489]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Mar 23 07:07:51.407869 osdx osdx-tcatd[18489]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Mar 23 07:07:51.407888 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Mar 23 07:07:51.407937 osdx osdx-tcatd[18489]: UDP_Server. Sent 38 bytes Mar 23 07:07:51.408162 osdx osdx-tcatd[18489]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Mar 23 07:07:51.408174 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Mar 23 07:07:51.408208 osdx osdx-tcatd[18489]: UDP_Server. Sent 38 bytes Mar 23 07:07:51.410341 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 23 07:07:51.410375 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:51.410388 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:51.410400 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 23 07:07:51.410411 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:51.410428 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:51.410439 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Mar 23 07:07:51.410450 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 23 07:07:51.410461 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:51.410472 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:51.410483 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:51.410493 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:51.410504 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:51.410514 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Mar 23 07:07:51.489571 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:52163/10.215.168.66:53 Mar 23 07:07:51.489822 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:52163/10.215.168.66:53 Mar 23 07:07:51.489838 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Mar 23 07:07:51.489849 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Mar 23 07:07:51.489856 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:51.489864 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 23 07:07:51.489906 osdx osdx-tcatd[18489]: UDP_Server. Read 27 bytes Mar 23 07:07:51.489915 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Mar 23 07:07:51.489937 osdx osdx-tcatd[18489]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Mar 23 07:07:51.489953 osdx osdx-tcatd[18489]: UDP_Server. Read 27 bytes Mar 23 07:07:51.489956 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Mar 23 07:07:51.489963 osdx osdx-tcatd[18489]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Mar 23 07:07:51.490987 osdx osdx-tcatd[18489]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity" : 0, "age": 0, "threathistory": 0}}}]} Mar 23 07:07:51.491007 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Mar 23 07:07:51.491058 osdx osdx-tcatd[18489]: UDP_Server. Sent 38 bytes Mar 23 07:07:51.491286 osdx osdx-tcatd[18489]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity" : 0, "age": 0, "threathistory": 0}}}]} Mar 23 07:07:51.491299 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Mar 23 07:07:51.491330 osdx osdx-tcatd[18489]: UDP_Server. Sent 38 bytes Mar 23 07:07:51.494339 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 23 07:07:51.494375 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:51.494388 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:51.494404 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:51.494416 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:51.494427 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:51.494438 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Mar 23 07:07:51.494449 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 23 07:07:51.494460 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:51.494471 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:51.494482 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 23 07:07:51.494493 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:51.494503 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:51.494514 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Mar 23 07:07:51.594729 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:59764/10.215.168.66:53 Mar 23 07:07:51.595020 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:59764/10.215.168.66:53 Mar 23 07:07:51.595038 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Mar 23 07:07:51.595048 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Mar 23 07:07:51.595070 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:51.595081 osdx kernel: app-detect: search in dict _remote_, prio 2 Mar 23 07:07:51.595106 osdx osdx-tcatd[18489]: UDP_Server. Read 28 bytes Mar 23 07:07:51.595113 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Mar 23 07:07:51.595153 osdx osdx-tcatd[18489]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Mar 23 07:07:51.595165 osdx osdx-tcatd[18489]: UDP_Server. Read 28 bytes Mar 23 07:07:51.595168 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Mar 23 07:07:51.595176 osdx osdx-tcatd[18489]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Mar 23 07:07:51.596203 osdx osdx-tcatd[18489]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Mar 23 07:07:51.596218 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Mar 23 07:07:51.596280 osdx osdx-tcatd[18489]: UDP_Server. Sent 39 bytes Mar 23 07:07:51.596531 osdx osdx-tcatd[18489]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Mar 23 07:07:51.596544 osdx osdx-tcatd[18489]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Mar 23 07:07:51.596601 osdx osdx-tcatd[18489]: UDP_Server. Sent 39 bytes Mar 23 07:07:51.598340 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Mar 23 07:07:51.598369 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:51.598379 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Mar 23 07:07:51.598387 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Mar 23 07:07:51.598399 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:51.598406 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:51.598414 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Mar 23 07:07:51.598421 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Mar 23 07:07:51.598429 osdx kernel: app-detect: linked list of enabled dicts: Mar 23 07:07:51.598436 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Mar 23 07:07:51.598443 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Mar 23 07:07:51.598451 osdx kernel: app-detect: linked list of disabled dicts: Mar 23 07:07:51.598458 osdx kernel: app-detect: (empty, no dicts) Mar 23 07:07:51.598464 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Mar 23 07:07:51.701574 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack show'. Mar 23 07:07:52.794986 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:50722/10.215.168.66:53 Mar 23 07:07:52.795235 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:50722/10.215.168.66:53 Mar 23 07:07:52.795292 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Mar 23 07:07:52.795311 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Mar 23 07:07:52.795319 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:52.795326 osdx kernel: app-detect: appid 82000007 found in hash dictionary Mar 23 07:07:52.795334 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Mar 23 07:07:52.906004 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:47007/10.215.168.66:53 Mar 23 07:07:52.906275 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:47007/10.215.168.66:53 Mar 23 07:07:52.906292 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Mar 23 07:07:52.906304 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Mar 23 07:07:52.906315 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:52.906360 osdx kernel: app-detect: appid 8200000f found in hash dictionary Mar 23 07:07:52.906373 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Mar 23 07:07:53.001823 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:42999/10.215.168.66:53 Mar 23 07:07:53.002105 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:42999/10.215.168.66:53 Mar 23 07:07:53.002135 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Mar 23 07:07:53.002147 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Mar 23 07:07:53.002158 osdx kernel: app-detect: search in dict _remote_, prio 1 Mar 23 07:07:53.002188 osdx kernel: app-detect: appid 82000004 found in hash dictionary Mar 23 07:07:53.002200 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Mar 23 07:07:53.136192 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s48ms 192.168.2.10 U130:15 28s156ms 192.168.2.20 U130:4 28s252ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s960ms 192.168.2.10 U130:15 28s68ms 192.168.2.20 U130:4 28s164ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s824ms 192.168.2.10 U130:15 27s932ms 192.168.2.20 U130:4 28s28ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s724ms 192.168.2.10 U130:15 27s832ms 192.168.2.20 U130:4 27s928ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19kfsf1GtAGNWYWQXLcgpk6K+hxT3TBA3c= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18/Yrm7idtnMAfh7D1kdGmF8uHCY/ikN6rPQ0FHOY3//XRoMkwQj7F4 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+qbpEwBmTaX44tTeSAp1mNRo5AQ9KPCRU= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18OrJMXow/77KU9g+dZc2ONf0j8ZwB9N0YRazQC6TiuBdUGQTCOXPi5 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5043 0 --:--:-- --:--:-- --:--:-- 5285
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 3642 0 --:--:-- --:--:-- --:--:-- 3700
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=40946 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40946 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=40962 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40962 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=37846 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=37846 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=43732 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=43732 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40936 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40936 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=37852 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=37852 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=58161 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58161 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=44499 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44499 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38971 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38971 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s60ms 192.168.2.10 U130:15;U131:25 28s800ms 192.168.2.20 U130:4;U131:92 28s892ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s972ms 192.168.2.10 U130:15;U131:25 28s712ms 192.168.2.20 U130:4;U131:92 28s804ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s884ms 192.168.2.10 U130:15;U131:25 28s624ms 192.168.2.20 U130:4;U131:92 28s716ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+wDvMrvhMclgNH9Rztvvjz16d4jS19Ptw= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19kOS7W5QjsYtdVjw4TDSz7Jo5M2pK6paI=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-03-23 07:08:10.102484+00:00 1 68.22 DICTERROR2 true 2026-03-23 07:08:10.102269+00:00 1 68.27
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19BnOP9tT3QehF9sugtJCFXuKfRwvao7qY= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18U1vJt+pTrCRLXlIRq5UD9mn3dKNCuxGw=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-03-23 07:08:17.088724+00:00 2026-03-23 07:08:10.102484+00:00 2 48.80 DICTERROR2 false 2026-03-23 07:08:17.088409+00:00 2026-03-23 07:08:10.102269+00:00 2 48.81
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18ZAv5UjtvYvzqEcagomP1K+bb+e67H/g0= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/i2J2bF1LExeUs++p56DsrgxXi+RCXwEEFVDzOqjQ5ly+0od/m9Brj set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19YieG4EWVDVoQ/8qeko9UpcNBGitT189o= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18Sq/fd/4hXAbb9MSeDbBvMVH0V67z8WYemoZL7VB+9cga943KWL5Ji set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.728 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.728/0.728/0.728/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=42616 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=42616 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38212 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38212 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38222 dport=443 vrf=MYVRF packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38222 vrf=MYVRF packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38642 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38642 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=49004 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49004 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=50664 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50664 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 19 36 3162 5771 ----------------------------------------------------- Total 19 36 3162 5771
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5906 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=42616 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=42616 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38212 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38212 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=38644 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38644 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=56738 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56738 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38222 dport=443 vrf=MYVRF packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38222 vrf=MYVRF packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38642 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38642 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=49004 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49004 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=50664 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50664 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=42616 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=42616 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=38642 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38642 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38648 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38648 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=46820 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46820 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38236 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38236 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38226 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38226 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6636 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=42616 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=42616 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=56962 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56962 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=38642 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38642 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38648 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38648 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=46820 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46820 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=59502 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59502 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38236 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38236 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=38226 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=38226 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=42616 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=42616 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=43750 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=43750 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=59516 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59516 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=38648 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38648 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=38649 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38649 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=43738 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=43738 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6618 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=42616 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=42616 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=43750 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=43750 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=59516 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59516 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=59530 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59530 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=38648 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38648 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=38649 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38649 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=47163 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47163 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=43738 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=43738 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.