App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.964 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.964/0.964/0.964/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 2527 0 --:--:-- --:--:-- --:--:-- 2642
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Apr 16 16:11:15 2026 from 192.168.100.2 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.476 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.476/0.476/0.476/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=34908 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=34908 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=253 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=253 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=54518 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=54518 packets=21 bytes=4856 [ASSURED] mark=0 use=1 appdetect[L4:22] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=254 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=254 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 9900k 0 --:--:-- --:--:-- --:--:-- 10.8M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6827 0 --:--:-- --:--:-- --:--:-- 7400
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49444 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49444 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5543 0 --:--:-- --:--:-- --:--:-- 6166
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Apr 16 16:14:48 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=37258 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=37258 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49446 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49446 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49444 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49444 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.587 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.587/0.587/0.587/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35331 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35331 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=37258 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=37258 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=54043 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54043 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49446 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49446 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38237 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38237 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=255 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=255 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49444 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49444 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.757 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.757/0.757/0.757/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 1097 0 --:--:-- --:--:-- --:--:-- 1121
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55259 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55259 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=49690 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49690 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57152 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57152 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8363 0 --:--:-- --:--:-- --:--:-- 9250
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+l7rjQtaJQ48zP7BFHnwHBmciVCRsyKy0= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18pIX3CSlAz1XVTZewV54JPCmdFBeb1LaWb9WVXzfYWII7dvMg0099U set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19pp+OhsC7OOUK/ulL+y9iw2w7xGXZdk3M= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19pn3Qj2FTIkPAj2yheSePuHw+2U35Vj2xm/zC2001lmsELLicgygiF set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=3.02 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.016/3.016/3.016/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Apr 16 16:16:26.360743 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.7M, max 13.8M, 12.0M free. Apr 16 16:16:26.364381 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:16:26.364437 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:16:26.371049 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:16:26.750525 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:16:27.037419 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:16:27.136540 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Apr 16 16:16:27.566527 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Apr 16 16:16:27.645522 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Apr 16 16:16:27.858947 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Apr 16 16:16:27.952914 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Apr 16 16:16:28.062343 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Apr 16 16:16:28.203958 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Apr 16 16:16:28.326841 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Apr 16 16:16:28.433732 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Apr 16 16:16:28.564475 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Apr 16 16:16:28.653614 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Apr 16 16:16:28.776807 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Apr 16 16:16:28.911224 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Apr 16 16:16:29.025099 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Apr 16 16:16:29.091463 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Apr 16 16:16:29.226291 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Apr 16 16:16:29.336955 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Apr 16 16:16:29.428719 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Apr 16 16:16:29.528823 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Apr 16 16:16:29.634449 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Apr 16 16:16:29.703732 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Apr 16 16:16:29.807146 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Apr 16 16:16:29.880521 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 16 16:16:29.998354 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Apr 16 16:16:30.065420 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Apr 16 16:16:30.176702 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Apr 16 16:16:30.261096 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:16:30.409202 osdx ubnt-cfgd[181005]: inactive Apr 16 16:16:30.484624 osdx INFO[181043]: FRR daemons did not change Apr 16 16:16:30.645394 osdx kernel: nfUDPlink: module init Apr 16 16:16:30.645451 osdx kernel: app-detect: module init Apr 16 16:16:30.645464 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 16 16:16:30.645475 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Apr 16 16:16:30.645487 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Apr 16 16:16:30.645499 osdx kernel: app-detect: expression init Apr 16 16:16:30.645515 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:16:30.645526 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:16:30.664372 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Apr 16 16:16:30.664434 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:30.664448 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:30.664476 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:30.664489 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Apr 16 16:16:30.664507 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Apr 16 16:16:30.664527 osdx kernel: app-detect: set type of dict _remote_ to remote Apr 16 16:16:30.664544 osdx kernel: app-detect: user set num_hash_entries=40000 Apr 16 16:16:30.664556 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Apr 16 16:16:30.664568 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Apr 16 16:16:30.664579 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Apr 16 16:16:30.664589 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Apr 16 16:16:30.664607 osdx kernel: app-detect: enable remote dictionary _remote_ Apr 16 16:16:30.664618 osdx kernel: app-detect: dictionary _remote_ enabled Apr 16 16:16:30.664634 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:30.664647 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:30.664658 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:30.664669 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:30.664682 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Apr 16 16:16:30.664693 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:30.664704 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:30.664715 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:30.664726 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Apr 16 16:16:30.664737 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Apr 16 16:16:30.664748 osdx kernel: app-detect: set type of dict _remote_ to remote Apr 16 16:16:30.664759 osdx kernel: app-detect: user set num_hash_entries=40000 Apr 16 16:16:30.664769 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Apr 16 16:16:30.664781 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Apr 16 16:16:30.664792 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Apr 16 16:16:30.664803 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Apr 16 16:16:30.664814 osdx kernel: app-detect: enable remote dictionary _remote_ Apr 16 16:16:30.664827 osdx kernel: app-detect: dictionary _remote_ enabled Apr 16 16:16:30.664838 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:30.664849 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:30.664860 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:30.664871 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:30.664882 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:30.674395 osdx INFO[181080]: Updated /etc/default/osdx_tcatd.conf Apr 16 16:16:30.674437 osdx INFO[181080]: Restarting Traffic Categorization (TCATD) service ... Apr 16 16:16:30.708924 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Apr 16 16:16:31.069753 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Apr 16 16:16:31.070357 osdx osdx-tcatd[181084]: Dict_client. rdict_num 2 mark 5555 local-vrf Apr 16 16:16:31.071872 osdx osdx-tcatd[181084]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Apr 16 16:16:31.072040 osdx osdx-tcatd[181084]: Dict_client. rdict_num 1 mark 5555 local-vrf Apr 16 16:16:31.072075 osdx osdx-tcatd[181084]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Apr 16 16:16:31.120392 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Apr 16 16:16:31.170605 osdx WARNING[181174]: No supported link modes on interface eth1 Apr 16 16:16:31.172216 osdx modulelauncher[181174]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Apr 16 16:16:31.172230 osdx modulelauncher[181174]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Apr 16 16:16:31.173519 osdx modulelauncher[181174]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:16:31.173531 osdx modulelauncher[181174]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:16:31.208376 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:16:31.255836 osdx WARNING[181254]: No supported link modes on interface eth0 Apr 16 16:16:31.257685 osdx modulelauncher[181254]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:16:31.257698 osdx modulelauncher[181254]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:16:31.259061 osdx modulelauncher[181254]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:16:31.259070 osdx modulelauncher[181254]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:16:31.468148 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:16:31.480037 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:16:31.497233 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:16:34.564882 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack clear'. Apr 16 16:16:34.769887 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:40758/10.215.168.1:80 Apr 16 16:16:34.769964 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:40758/10.215.168.1:80 Apr 16 16:16:34.769977 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Apr 16 16:16:34.770004 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:34.770016 osdx kernel: app-detect: search in dict _remote_, prio 2 Apr 16 16:16:34.770235 osdx osdx-tcatd[181084]: UDP_Server. Read 27 bytes Apr 16 16:16:34.770245 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Apr 16 16:16:34.770265 osdx osdx-tcatd[181084]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Apr 16 16:16:34.770280 osdx osdx-tcatd[181084]: UDP_Server. Read 27 bytes Apr 16 16:16:34.770283 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Apr 16 16:16:34.770295 osdx osdx-tcatd[181084]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Apr 16 16:16:34.807842 osdx osdx-tcatd[181084]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Apr 16 16:16:34.810963 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Apr 16 16:16:34.811064 osdx osdx-tcatd[181084]: UDP_Server. Sent 38 bytes Apr 16 16:16:34.811273 osdx osdx-tcatd[181084]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Apr 16 16:16:34.811290 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Apr 16 16:16:34.811395 osdx osdx-tcatd[181084]: UDP_Server. Sent 38 bytes Apr 16 16:16:34.813017 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Apr 16 16:16:34.813066 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:34.813078 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:34.813089 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:34.813100 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:34.813112 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:34.813122 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Apr 16 16:16:34.813134 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Apr 16 16:16:34.813145 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:34.813156 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:34.813167 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Apr 16 16:16:34.813178 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:34.813189 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:34.813200 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40797 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45826 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45826 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45585 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45585 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40758 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40758 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45814 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45814 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 19 34 3162 5615 ----------------------------------------------------- Total 19 34 3162 5615
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40797 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45826 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45826 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45585 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45585 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40758 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40758 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45814 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45814 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5701 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=40797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40797 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45826 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45826 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=40772 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40772 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=45585 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45585 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40758 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40758 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45814 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45814 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=58342 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58342 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s932ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 9848 0 --:--:-- --:--:-- --:--:-- 12333
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=45510 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=45510 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=46298 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46298 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18F9m+RqokHilMh1FMnsvG+wqq99LLm8Gw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/5Eobky5XGpehf6XnTcTnIK1TFi/Y3CxiigdDQS7pt7pEurDvKalz+ set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/hTAleE8DkQlXGsWPFyTXCV7mvcXWhYf0= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/zXJb29FvffgrInCnDv4a7xqnyPm2U1bf3elux9h7/1N0JbZ+I1SmR set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56092 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56092 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=47189 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47189 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=37669 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37669 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=39875 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39875 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44198 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44198 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=53955 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53955 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36062 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36062 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3599 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56094 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56094 packets=7 bytes=1938 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51792 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51792 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=50718 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50718 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56092 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56092 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=47189 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47189 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=37669 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37669 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51639 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51639 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=42593 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42593 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=39875 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39875 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=44198 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44198 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59441 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59441 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=43622 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43622 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=53955 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53955 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=36062 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36062 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56094 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56094 packets=7 bytes=1938 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Apr 16 16:16:43.612512 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Apr 16 16:16:43.612521 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.612529 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:43.612536 osdx kernel: app-detect: freed hash table Apr 16 16:16:43.612543 osdx kernel: app-detect: freed memory for hashes+appids Apr 16 16:16:43.612550 osdx kernel: app-detect: dictionary _remote_ deleted Apr 16 16:16:43.612557 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.612564 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Apr 16 16:16:43.612571 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.612578 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:43.612585 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Apr 16 16:16:43.612595 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.612605 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Apr 16 16:16:43.612612 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.612620 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Apr 16 16:16:43.612633 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Apr 16 16:16:43.612645 osdx kernel: app-detect: set type of dict _remote_ to remote Apr 16 16:16:43.612655 osdx kernel: app-detect: user set num_hash_entries=40000 Apr 16 16:16:43.612664 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Apr 16 16:16:43.612672 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Apr 16 16:16:43.612679 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Apr 16 16:16:43.612687 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Apr 16 16:16:43.612694 osdx kernel: app-detect: enable remote dictionary _remote_ Apr 16 16:16:43.612701 osdx kernel: app-detect: dictionary _remote_ enabled Apr 16 16:16:43.612708 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.612715 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:43.612722 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Apr 16 16:16:43.612729 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.612736 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:43.636379 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Apr 16 16:16:43.636445 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.636464 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:43.636481 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:43.636492 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.636503 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:43.636540 osdx kernel: app-detect: dictionary _remote_ disabled Apr 16 16:16:43.636561 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.636573 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:43.636585 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.636602 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:43.636614 osdx kernel: app-detect: freed hash table Apr 16 16:16:43.636636 osdx kernel: app-detect: freed memory for hashes+appids Apr 16 16:16:43.636652 osdx kernel: app-detect: dictionary _remote_ deleted Apr 16 16:16:43.636664 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.636676 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:43.636687 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.636699 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:43.636709 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Apr 16 16:16:43.636721 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.636731 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:43.636743 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.636753 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Apr 16 16:16:43.636790 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Apr 16 16:16:43.636806 osdx kernel: app-detect: set type of dict _remote_ to remote Apr 16 16:16:43.636820 osdx kernel: app-detect: user set num_hash_entries=40000 Apr 16 16:16:43.636832 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Apr 16 16:16:43.636845 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Apr 16 16:16:43.636856 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Apr 16 16:16:43.636867 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Apr 16 16:16:43.636878 osdx kernel: app-detect: enable remote dictionary _remote_ Apr 16 16:16:43.636889 osdx kernel: app-detect: dictionary _remote_ enabled Apr 16 16:16:43.636900 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:43.636911 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:43.636922 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:43.636933 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:43.636943 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:43.677117 osdx INFO[181504]: Updated /etc/default/osdx_tcatd.conf Apr 16 16:16:43.677171 osdx INFO[181504]: Restarting Traffic Categorization (TCATD) service ... Apr 16 16:16:43.685598 osdx osdx-tcatd[181084]: UDP_Server. Received STOP signal. Cleanup Apr 16 16:16:43.685651 osdx osdx-tcatd[181084]: Dict_client. Cleanup Apr 16 16:16:43.685689 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Apr 16 16:16:43.688598 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Apr 16 16:16:43.688762 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Apr 16 16:16:43.716860 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Apr 16 16:16:44.045650 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Apr 16 16:16:44.046910 osdx osdx-tcatd[181508]: Dict_client. rdict_num 2 mark 5555 local-vrf Apr 16 16:16:44.058013 osdx osdx-tcatd[181508]: Dict_client. rdict_num 1 mark 5555 local-vrf Apr 16 16:16:44.245669 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:16:44.248280 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:16:44.277131 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:16:44.453167 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack clear'. Apr 16 16:16:46.720417 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:37669/10.215.168.66:53 Apr 16 16:16:46.720694 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:37669/10.215.168.66:53 Apr 16 16:16:46.720716 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Apr 16 16:16:46.720727 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Apr 16 16:16:46.720738 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:46.720748 osdx kernel: app-detect: search in dict _remote_, prio 2 Apr 16 16:16:46.720814 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes Apr 16 16:16:46.720821 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Apr 16 16:16:46.720838 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Apr 16 16:16:46.720850 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes Apr 16 16:16:46.720853 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Apr 16 16:16:46.720859 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Apr 16 16:16:46.721776 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Apr 16 16:16:46.721793 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Apr 16 16:16:46.721845 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes Apr 16 16:16:46.721995 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Apr 16 16:16:46.722008 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Apr 16 16:16:46.722059 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes Apr 16 16:16:46.724368 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Apr 16 16:16:46.724392 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:46.724403 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:46.724413 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:46.724421 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:46.724428 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:46.724436 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Apr 16 16:16:46.724443 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Apr 16 16:16:46.724452 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:46.724465 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:46.724473 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Apr 16 16:16:46.724480 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:46.724488 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:46.724495 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Apr 16 16:16:46.835013 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:47189/10.215.168.66:53 Apr 16 16:16:46.835379 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:47189/10.215.168.66:53 Apr 16 16:16:46.835412 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Apr 16 16:16:46.835423 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Apr 16 16:16:46.835435 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:46.835446 osdx kernel: app-detect: search in dict _remote_, prio 2 Apr 16 16:16:46.835543 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes Apr 16 16:16:46.835554 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Apr 16 16:16:46.835572 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Apr 16 16:16:46.835589 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes Apr 16 16:16:46.835592 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Apr 16 16:16:46.835603 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Apr 16 16:16:46.836750 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Apr 16 16:16:46.836768 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Apr 16 16:16:46.836843 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes Apr 16 16:16:46.837506 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Apr 16 16:16:46.837519 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Apr 16 16:16:46.837574 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes Apr 16 16:16:46.840372 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Apr 16 16:16:46.840411 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:46.840424 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:46.840435 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:46.840447 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:46.840465 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:46.840478 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Apr 16 16:16:46.840490 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Apr 16 16:16:46.840506 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:46.840518 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:46.840534 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Apr 16 16:16:46.840547 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:46.840557 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:46.840568 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Apr 16 16:16:46.923212 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:39875/10.215.168.66:53 Apr 16 16:16:46.923493 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:39875/10.215.168.66:53 Apr 16 16:16:46.923511 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Apr 16 16:16:46.923523 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Apr 16 16:16:46.923533 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:46.923556 osdx kernel: app-detect: search in dict _remote_, prio 2 Apr 16 16:16:46.923578 osdx osdx-tcatd[181508]: UDP_Server. Read 28 bytes Apr 16 16:16:46.923591 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Apr 16 16:16:46.923612 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Apr 16 16:16:46.923626 osdx osdx-tcatd[181508]: UDP_Server. Read 28 bytes Apr 16 16:16:46.923633 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Apr 16 16:16:46.923641 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Apr 16 16:16:46.924501 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Apr 16 16:16:46.924514 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Apr 16 16:16:46.924580 osdx osdx-tcatd[181508]: UDP_Server. Sent 39 bytes Apr 16 16:16:46.924726 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Apr 16 16:16:46.924739 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Apr 16 16:16:46.924766 osdx osdx-tcatd[181508]: UDP_Server. Sent 39 bytes Apr 16 16:16:46.928372 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Apr 16 16:16:46.928414 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:46.928427 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Apr 16 16:16:46.928437 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Apr 16 16:16:46.928448 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:46.928464 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:46.928476 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Apr 16 16:16:46.928487 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Apr 16 16:16:46.928498 osdx kernel: app-detect: linked list of enabled dicts: Apr 16 16:16:46.928507 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Apr 16 16:16:46.928517 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Apr 16 16:16:46.928529 osdx kernel: app-detect: linked list of disabled dicts: Apr 16 16:16:46.928539 osdx kernel: app-detect: (empty, no dicts) Apr 16 16:16:46.928548 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Apr 16 16:16:47.034499 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'. Apr 16 16:16:48.106413 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:50718/10.215.168.66:53 Apr 16 16:16:48.106678 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:50718/10.215.168.66:53 Apr 16 16:16:48.106700 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Apr 16 16:16:48.106709 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Apr 16 16:16:48.106717 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:48.106725 osdx kernel: app-detect: appid 82000007 found in hash dictionary Apr 16 16:16:48.106732 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Apr 16 16:16:48.188445 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:43622/10.215.168.66:53 Apr 16 16:16:48.192371 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:43622/10.215.168.66:53 Apr 16 16:16:48.192388 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Apr 16 16:16:48.192400 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Apr 16 16:16:48.192411 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:48.192423 osdx kernel: app-detect: appid 8200000f found in hash dictionary Apr 16 16:16:48.192445 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Apr 16 16:16:48.285527 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:59441/10.215.168.66:53 Apr 16 16:16:48.285890 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:59441/10.215.168.66:53 Apr 16 16:16:48.285927 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Apr 16 16:16:48.285939 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Apr 16 16:16:48.285949 osdx kernel: app-detect: search in dict _remote_, prio 1 Apr 16 16:16:48.285959 osdx kernel: app-detect: appid 82000004 found in hash dictionary Apr 16 16:16:48.285969 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Apr 16 16:16:48.443441 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s176ms 192.168.2.10 U130:15 28s260ms 192.168.2.20 U130:4 28s356ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s92ms 192.168.2.10 U130:15 28s176ms 192.168.2.20 U130:4 28s272ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s4ms 192.168.2.10 U130:15 28s88ms 192.168.2.20 U130:4 28s184ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s928ms 192.168.2.10 U130:15 28s12ms 192.168.2.20 U130:4 28s108ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/SSHZj2hyZvTVuYUMZdzHuEf4c1MMXmc4= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/3Y0ei93wGUGgo3JsZ6KgO/ATkKLsssRkrT/zAHH/59seAj7EOiZAI set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18PxGya2jd1x3cPtYedyaSVJiW1dI9JU9Q= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/pKy4CuaYy2t/p9fkG+WCwxhRO9IVZ++bmo4nv6p++I+zgtDcZ30HV set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5528 0 --:--:-- --:--:-- --:--:-- 6166
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 9494 0 --:--:-- --:--:-- --:--:-- 12333
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54721 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54721 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36036 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36036 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46306 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46306 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=38932 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38932 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38926 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38926 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=53343 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53343 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46310 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46310 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=38946 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38946 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s128ms 192.168.2.10 U130:15;U131:25 28s792ms 192.168.2.20 U130:4;U131:92 28s892ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s52ms 192.168.2.10 U130:15;U131:25 28s716ms 192.168.2.20 U130:4;U131:92 28s816ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s948ms 192.168.2.10 U130:15;U131:25 28s612ms 192.168.2.20 U130:4;U131:92 28s712ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+fujhd5WUsSG1KvPnuU6efA45nzFbJ0mA= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/0lK2IGfWfN1NmX3iousqIfq65hQfqZ50=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-04-16 16:17:04.903044+00:00 1 66.42 DICTERROR2 true 2026-04-16 16:17:04.903164+00:00 1 66.46
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/l4xz5yN9xzuf87DQLwKgu1zyspRwFtqA= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+SLFWNfqr6FOx/wKVwdTIhveGJg2TpTfM=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-04-16 16:17:11.426505+00:00 2026-04-16 16:17:04.903044+00:00 2 46.49 DICTERROR2 false 2026-04-16 16:17:11.425708+00:00 2026-04-16 16:17:04.903164+00:00 2 46.50
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19YPVwZgXjATxTPbLI9CSUhGoCnlClnhoI= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+5ccwcFN19Ca6CVQGehSEs5JozzOQuRF/fu2VEpnOweY9zNbQ2zWJe set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19nPyE6/oEMjCRRAYoVp5p+TNy58ks78Bc= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/dD0KvYsx2Z+hzzAc56BrshjC607vzActGInyPkTcBviFfk8yAtemA set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.529 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.529/0.529/0.529/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=53827 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53827 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55574 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55574 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=40181 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40181 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55576 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55576 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 20 37 3214 5823 ----------------------------------------------------- Total 20 37 3214 5823
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7711 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=48600 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48600 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=53827 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53827 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55574 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55574 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46094 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46094 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=40181 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40181 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55576 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55576 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55600 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55600 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=51270 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51270 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55590 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55590 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5548 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55600 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55600 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=51270 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51270 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=54639 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54639 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=35306 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35306 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55590 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55590 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=35310 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35310 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33346 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33346 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=41386 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41386 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33354 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33354 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4888 0 --:--:-- --:--:-- --:--:-- 5285 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=35326 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35326 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=35310 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35310 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33346 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33346 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=41386 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41386 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33354 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33354 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59809 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59809 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.