App-Dictionary

These scenarios check the application dictionary support provided by app-detect feature.

Local Storage Application Dictionary

Description

DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.2.100/24
set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic nat source rule 1 address masquerade
set system conntrack app-detect dns-host
set system conntrack app-detect http-host
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.2.101/24
set protocols static route 0.0.0.0/0 next-hop 192.168.2.100
set service dns forwarding name-server 10.215.168.66
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 10.215.168.66/24
set service dns forwarding local-ttl 30
set service dns forwarding name-server 127.0.0.1
set service dns static host-name enterprise.opentok.com inet 10.215.168.1
set service dns static host-name static.opentok.com inet 192.168.2.100
set service dns static host-name www.gamblingteldat.com inet 192.168.2.10
set service dns static host-name www.newspaperteldat.com inet 192.168.2.20
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 10.215.168.1 from DUT1:

admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.964 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.964/0.964/0.964/0.000 ms

Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   2527      0 --:--:-- --:--:-- --:--:--  2642

Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:

admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null
Show output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts.
admin@10.215.168.66's password:
Welcome to Teldat OSDx v4.2.9.2

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Thu Apr 16 16:11:15 2026 from 192.168.100.2
admin@osdx$

Step 7: Ping IP address 10.215.168.64 from DUT1:

admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1
Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data.
64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.476 ms

--- 10.215.168.64 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.476/0.476/0.476/0.000 ms

Step 8: Run command system conntrack show at DUT0 and expect this output:

Show output
tcp      6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=34908 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=34908 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1]
icmp     1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=253 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=253 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1]
tcp      6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=54518 dport=22 packets=24 bytes=5032 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=54518 packets=21 bytes=4856 [ASSURED] mark=0 use=1 appdetect[L4:22]
icmp     1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=254 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=254 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1]
conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.

Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 68181  100 68181    0     0  9900k      0 --:--:-- --:--:-- --:--:-- 10.8M

Note

The dictionary file contains the following test entries used in this scenario:

Show output
<app id="30" name="Teldat Test" version="1">
<fqdn_list>
<fqdn>10.215.168.1</fqdn>
</fqdn_list>
</app>
<app id="31" name="Teldat Test 2" version="1">
<address_list>
<range id="1">
<net_address>10.215.168.64</net_address>
<net_mask>255.255.255.192</net_mask>
</range>
</address_list>
</app>

Step 10: Modify the following configuration lines in DUT0 :

set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz'
set system conntrack app-detect enable_dict_match_priv_ip

Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               0
Modifications in IP-cache                         0
Matches in dynamic dictionaries                   0
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 12: Run command system conntrack clear at DUT0.

Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   6827      0 --:--:-- --:--:-- --:--:--  7400

Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

appdetect\[U128:30\shttp-host:10.215.168.1\]
Show output
tcp      6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49444 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49444 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1]
conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.

Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               0
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   1
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   5543      0 --:--:-- --:--:-- --:--:--  6166

Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               1
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   2
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:

admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null
Show output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts.
admin@10.215.168.66's password:
Welcome to Teldat OSDx v4.2.9.2

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Thu Apr 16 16:14:48 2026 from 10.215.168.64
admin@osdx$

Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]
Show output
tcp      6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=37258 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=37258 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[U128:31]
tcp      6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49446 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49446 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1]
tcp      6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49444 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49444 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1]
conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.

Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    1
Matches in IP-cache                               1
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   2
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 21: Ping IP address static.opentok.com from DUT1:

admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1
Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data.
64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.587 ms

--- static.opentok.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.587/0.587/0.587/0.000 ms

Step 22: Run command system conntrack show at DUT0 and expect this output:

Show output
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=35331 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35331 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31]
tcp      6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=37258 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=37258 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[U128:31]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=54043 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54043 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com]
tcp      6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49446 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49446 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=38237 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38237 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31]
icmp     1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=255 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=255 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12]
tcp      6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=49444 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49444 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1]
conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.

Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    4
Matches in IP-cache                               2
Modifications in IP-cache                         2
Matches in dynamic dictionaries                   3
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

CLI Custom Application Dictionary

Description

DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.2.100/24
set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic nat source rule 1 address masquerade
set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com
set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test'
set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com
set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test'
set system conntrack app-detect http-host
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.2.101/24
set protocols static route 0.0.0.0/0 next-hop 192.168.2.100
set service dns forwarding name-server 10.215.168.66
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 10.215.168.66/24
set service dns forwarding local-ttl 30
set service dns forwarding name-server 127.0.0.1
set service dns static host-name enterprise.opentok.com inet 10.215.168.1
set service dns static host-name static.opentok.com inet 192.168.2.100
set service dns static host-name www.gamblingteldat.com inet 192.168.2.10
set service dns static host-name www.newspaperteldat.com inet 192.168.2.20
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 10.215.168.1 from DUT1:

admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.757 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.757/0.757/0.757/0.000 ms

Step 5: Run command system conntrack clear at DUT0.

Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               0
Modifications in IP-cache                         0
Matches in dynamic dictionaries                   0
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 7: Run command system conntrack clear at DUT0.

Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   1097      0 --:--:-- --:--:-- --:--:--  1121

Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

appdetect\[U6:42\shttp-host:enterprise.opentok.com\]
Show output
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=55259 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55259 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=49690 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49690 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=57152 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57152 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53]
conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.

Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               0
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   1
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   8363      0 --:--:-- --:--:-- --:--:--  9250

Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               1
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   2
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Remote Application Dictionary

Description

DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.

Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.

Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.

Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.

Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.2.100/24
set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic nat source rule 1 address masquerade
set interfaces ethernet eth1 traffic policy out POL
set system conntrack app-detect debug
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+l7rjQtaJQ48zP7BFHnwHBmciVCRsyKy0=
set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18pIX3CSlAz1XVTZewV54JPCmdFBeb1LaWb9WVXzfYWII7dvMg0099U
set system conntrack app-detect dictionary 1 remote mark 5555
set system conntrack app-detect dictionary 1 remote property category
set system conntrack app-detect dictionary 1 remote ssl-allow-insecure
set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19pp+OhsC7OOUK/ulL+y9iw2w7xGXZdk3M=
set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19pn3Qj2FTIkPAj2yheSePuHw+2U35Vj2xm/zC2001lmsELLicgygiF
set system conntrack app-detect dictionary 2 remote mark 5555
set system conntrack app-detect dictionary 2 remote property reputation
set system conntrack app-detect dictionary 2 remote ssl-allow-insecure
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http
set system conntrack app-detect http-host
set system conntrack app-detect refresh-flow-appid
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POL rule 1 action accept
set traffic policy POL rule 1 selector RDICT
set traffic policy POL rule 2 action drop
set traffic policy POL rule 2 selector RESOLVING
set traffic selector RDICT rule 1 mark 5555
set traffic selector RESOLVING rule 1 app-detect state detecting
set traffic selector RESOLVING rule 1 app-detect state host-detected

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.2.101/24
set protocols static route 0.0.0.0/0 next-hop 192.168.2.100
set service dns forwarding name-server 10.215.168.66
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 10.215.168.66/24
set service dns forwarding local-ttl 30
set service dns forwarding name-server 127.0.0.1
set service dns static host-name enterprise.opentok.com inet 10.215.168.1
set service dns static host-name static.opentok.com inet 192.168.2.100
set service dns static host-name www.gamblingteldat.com inet 192.168.2.10
set service dns static host-name www.newspaperteldat.com inet 192.168.2.20
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 10.215.168.1 from DUT1:

admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=3.02 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.016/3.016/3.016/0.000 ms

Step 5: Run command system conntrack clear at DUT0.

Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:

Show output
Apr 16 16:16:26.360743 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.7M, max 13.8M, 12.0M free.
Apr 16 16:16:26.364381 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 16:16:26.364437 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 16:16:26.371049 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 16:16:26.750525 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 16 16:16:27.037419 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu.
Apr 16 16:16:27.136540 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'.
Apr 16 16:16:27.566527 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Apr 16 16:16:27.645522 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'.
Apr 16 16:16:27.858947 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'.
Apr 16 16:16:27.952914 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'.
Apr 16 16:16:28.062343 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'.
Apr 16 16:16:28.203958 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'.
Apr 16 16:16:28.326841 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'.
Apr 16 16:16:28.433732 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'.
Apr 16 16:16:28.564475 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'.
Apr 16 16:16:28.653614 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'.
Apr 16 16:16:28.776807 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'.
Apr 16 16:16:28.911224 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'.
Apr 16 16:16:29.025099 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'.
Apr 16 16:16:29.091463 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'.
Apr 16 16:16:29.226291 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'.
Apr 16 16:16:29.336955 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'.
Apr 16 16:16:29.428719 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'.
Apr 16 16:16:29.528823 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'.
Apr 16 16:16:29.634449 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'.
Apr 16 16:16:29.703732 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'.
Apr 16 16:16:29.807146 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'.
Apr 16 16:16:29.880521 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Apr 16 16:16:29.998354 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'.
Apr 16 16:16:30.065420 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
Apr 16 16:16:30.176702 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'.
Apr 16 16:16:30.261096 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'.
Apr 16 16:16:30.409202 osdx ubnt-cfgd[181005]: inactive
Apr 16 16:16:30.484624 osdx INFO[181043]: FRR daemons did not change
Apr 16 16:16:30.645394 osdx kernel: nfUDPlink: module init
Apr 16 16:16:30.645451 osdx kernel: app-detect: module init
Apr 16 16:16:30.645464 osdx kernel: app-detect: registered: sysctl net.appdetect
Apr 16 16:16:30.645475 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Apr 16 16:16:30.645487 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Apr 16 16:16:30.645499 osdx kernel: app-detect: expression init
Apr 16 16:16:30.645515 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Apr 16 16:16:30.645526 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Apr 16 16:16:30.664372 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty)
Apr 16 16:16:30.664434 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:30.664448 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:30.664476 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:30.664489 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type unknown (target_dict)
Apr 16 16:16:30.664507 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_
Apr 16 16:16:30.664527 osdx kernel: app-detect: set type of dict _remote_ to remote
Apr 16 16:16:30.664544 osdx kernel: app-detect: user set num_hash_entries=40000
Apr 16 16:16:30.664556 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20)
Apr 16 16:16:30.664568 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes)
Apr 16 16:16:30.664579 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes)
Apr 16 16:16:30.664589 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3
Apr 16 16:16:30.664607 osdx kernel: app-detect: enable remote dictionary _remote_
Apr 16 16:16:30.664618 osdx kernel: app-detect: dictionary _remote_ enabled
Apr 16 16:16:30.664634 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:30.664647 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:30.664658 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:30.664669 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:30.664682 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty)
Apr 16 16:16:30.664693 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:30.664704 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:30.664715 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:30.664726 osdx kernel: app-detect:   (0) dictionary _remote_, priority 2 type unknown (target_dict)
Apr 16 16:16:30.664737 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_
Apr 16 16:16:30.664748 osdx kernel: app-detect: set type of dict _remote_ to remote
Apr 16 16:16:30.664759 osdx kernel: app-detect: user set num_hash_entries=40000
Apr 16 16:16:30.664769 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20)
Apr 16 16:16:30.664781 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes)
Apr 16 16:16:30.664792 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes)
Apr 16 16:16:30.664803 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3
Apr 16 16:16:30.664814 osdx kernel: app-detect: enable remote dictionary _remote_
Apr 16 16:16:30.664827 osdx kernel: app-detect: dictionary _remote_ enabled
Apr 16 16:16:30.664838 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:30.664849 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:30.664860 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:30.664871 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:30.664882 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:30.674395 osdx INFO[181080]: Updated /etc/default/osdx_tcatd.conf
Apr 16 16:16:30.674437 osdx INFO[181080]: Restarting Traffic Categorization (TCATD) service ...
Apr 16 16:16:30.708924 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon...
Apr 16 16:16:31.069753 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon.
Apr 16 16:16:31.070357 osdx osdx-tcatd[181084]: Dict_client. rdict_num 2 mark 5555 local-vrf
Apr 16 16:16:31.071872 osdx osdx-tcatd[181084]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server
Apr 16 16:16:31.072040 osdx osdx-tcatd[181084]: Dict_client. rdict_num 1 mark 5555 local-vrf
Apr 16 16:16:31.072075 osdx osdx-tcatd[181084]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server
Apr 16 16:16:31.120392 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Apr 16 16:16:31.170605 osdx WARNING[181174]: No supported link modes on interface eth1
Apr 16 16:16:31.172216 osdx modulelauncher[181174]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Apr 16 16:16:31.172230 osdx modulelauncher[181174]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Apr 16 16:16:31.173519 osdx modulelauncher[181174]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --
Apr 16 16:16:31.173531 osdx modulelauncher[181174]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 16:16:31.208376 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 16:16:31.255836 osdx WARNING[181254]: No supported link modes on interface eth0
Apr 16 16:16:31.257685 osdx modulelauncher[181254]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 16:16:31.257698 osdx modulelauncher[181254]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 16:16:31.259061 osdx modulelauncher[181254]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 16:16:31.259070 osdx modulelauncher[181254]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 16:16:31.468148 osdx cfgd[1833]: [165502]Completed change to active configuration
Apr 16 16:16:31.480037 osdx OSDxCLI[165502]: User 'admin' committed the configuration.
Apr 16 16:16:31.497233 osdx OSDxCLI[165502]: User 'admin' left the configuration menu.
Apr 16 16:16:34.564882 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack clear'.
Apr 16 16:16:34.769887 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:40758/10.215.168.1:80
Apr 16 16:16:34.769964 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:40758/10.215.168.1:80
Apr 16 16:16:34.769977 osdx kernel: app-detect: dictionary search for enterprise.opentok.com
Apr 16 16:16:34.770004 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:34.770016 osdx kernel: app-detect: search in dict _remote_, prio 2
Apr 16 16:16:34.770235 osdx osdx-tcatd[181084]: UDP_Server. Read 27 bytes
Apr 16 16:16:34.770245 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com
Apr 16 16:16:34.770265 osdx osdx-tcatd[181084]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0}
Apr 16 16:16:34.770280 osdx osdx-tcatd[181084]: UDP_Server. Read 27 bytes
Apr 16 16:16:34.770283 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com
Apr 16 16:16:34.770295 osdx osdx-tcatd[181084]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0}
Apr 16 16:16:34.807842 osdx osdx-tcatd[181084]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a
ge": 0, "threathistory": 0}}}]}
Apr 16 16:16:34.810963 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058
Apr 16 16:16:34.811064 osdx osdx-tcatd[181084]: UDP_Server. Sent 38 bytes
Apr 16 16:16:34.811273 osdx osdx-tcatd[181084]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a
ge": 0, "threathistory": 0}}}]}
Apr 16 16:16:34.811290 osdx osdx-tcatd[181084]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007
Apr 16 16:16:34.811395 osdx osdx-tcatd[181084]: UDP_Server. Sent 38 bytes
Apr 16 16:16:34.813017 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled)
Apr 16 16:16:34.813066 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:34.813078 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:34.813089 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:34.813100 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:34.813112 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:34.813122 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Apr 16 16:16:34.813134 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled)
Apr 16 16:16:34.813145 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:34.813156 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:34.813167 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote
Apr 16 16:16:34.813178 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:34.813189 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:34.813200 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds

Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

tcp.*dst=10.215.168.1.*dport=443
Show output
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=40797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40797 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53]
tcp      6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45826 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45826 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=45585 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45585 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 27 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40758 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40758 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45814 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45814 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.

Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:

1\s+[1-9]\d*\s+\d+
Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1)

-----------------------------------------------------
rule   pkts match  pkts eval  bytes match  bytes eval
-----------------------------------------------------
1              19         34         3162        5615
-----------------------------------------------------
Total          19         34         3162        5615

Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]
Show output
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=40797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40797 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53]
tcp      6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45826 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45826 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=45585 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45585 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 27 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40758 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40758 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45814 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45814 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.

Step 11: Run command system conntrack clear at DUT1.

Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   5701      0 --:--:-- --:--:-- --:--:--  6166

admin@osdx$

Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

appdetect\[U130:7\shttp-host:enterprise.opentok.com\]
Show output
udp      17 25 src=192.168.2.101 dst=10.215.168.66 sport=40797 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40797 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53]
tcp      6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45826 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45826 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443]
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=40772 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40772 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com]
udp      17 25 src=192.168.2.101 dst=10.215.168.66 sport=45585 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45585 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 25 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40758 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40758 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=45814 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=45814 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=58342 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=58342 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.

Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

10.215.168.1\s*.*U130:7
Show output
----------------------------------------
     IP       Application ID  Expires in
----------------------------------------
10.215.168.1  U130:7          4m57s932ms

Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               0
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   1
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 16: Run command system conntrack clear at DUT0.

Step 17: Run command system conntrack clear at DUT1.

Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   9848      0 --:--:-- --:--:-- --:--:-- 12333

Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

appdetect\[U130:7\shttp-host:enterprise.opentok.com\]
Show output
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=45510 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=45510 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=46298 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46298 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.

Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:

Show output
---------------------------------------------------
                App-detect Stats                  #
---------------------------------------------------
Matches in static dictionaries                    0
Matches in IP-cache                               1
Modifications in IP-cache                         1
Matches in dynamic dictionaries                   2
Times appid has been refreshed                    0
Ips blacklisted from cache due to appid flapping  0
Matches in DNS CNAME cache                        0
Entries in DNS CNAME cache                        0

Step 21: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.2.100/24
set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic nat source rule 1 address masquerade
set interfaces ethernet eth1 traffic policy out POL
set system conntrack app-detect app-id-storage override
set system conntrack app-detect debug
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18F9m+RqokHilMh1FMnsvG+wqq99LLm8Gw=
set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/5Eobky5XGpehf6XnTcTnIK1TFi/Y3CxiigdDQS7pt7pEurDvKalz+
set system conntrack app-detect dictionary 1 remote mark 5555
set system conntrack app-detect dictionary 1 remote property category
set system conntrack app-detect dictionary 1 remote ssl-allow-insecure
set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/hTAleE8DkQlXGsWPFyTXCV7mvcXWhYf0=
set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/zXJb29FvffgrInCnDv4a7xqnyPm2U1bf3elux9h7/1N0JbZ+I1SmR
set system conntrack app-detect dictionary 2 remote mark 5555
set system conntrack app-detect dictionary 2 remote property reputation
set system conntrack app-detect dictionary 2 remote ssl-allow-insecure
set system conntrack app-detect dns
set system conntrack app-detect dns-host
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http
set system conntrack app-detect http-host
set system conntrack app-detect refresh-flow-appid
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POL rule 1 action accept
set traffic policy POL rule 1 selector RDICT
set traffic policy POL rule 2 action drop
set traffic policy POL rule 2 selector RESOLVING
set traffic selector RDICT rule 1 mark 5555
set traffic selector RESOLVING rule 1 app-detect state detecting
set traffic selector RESOLVING rule 1 app-detect state host-detected

Step 22: Run command system conntrack clear at DUT0.

Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   enterprise.opentok.com
Address: 10.215.168.1
** server can't find enterprise.opentok.com: REFUSED

Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.gamblingteldat.com
Address: 192.168.2.10
** server can't find www.gamblingteldat.com: REFUSED

Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.newspaperteldat.com
Address: 192.168.2.20
** server can't find www.newspaperteldat.com: REFUSED

Step 26: Run command system conntrack show at DUT0 and expect this output:

Show output
tcp      6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56092 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56092 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=47189 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47189 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=37669 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37669 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=39875 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39875 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=44198 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44198 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53]
udp      17 29 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=53955 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53955 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=36062 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36062 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 3599 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56094 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56094 packets=7 bytes=1938 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.

Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   enterprise.opentok.com
Address: 10.215.168.1
** server can't find enterprise.opentok.com: REFUSED

Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.gamblingteldat.com
Address: 192.168.2.10
** server can't find www.gamblingteldat.com: REFUSED

Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.newspaperteldat.com
Address: 192.168.2.20
** server can't find www.newspaperteldat.com: REFUSED

Step 30: Run command system conntrack show at DUT0 and expect this output:

Show output
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=51792 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51792 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=50718 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50718 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com]
tcp      6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56092 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56092 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=47189 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47189 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=37669 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37669 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=51639 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51639 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=42593 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42593 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=39875 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39875 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=44198 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44198 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53]
udp      17 28 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=59441 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59441 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=43622 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43622 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=53955 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53955 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=36062 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36062 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56094 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56094 packets=7 bytes=1938 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.

Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:

Show output
Apr 16 16:16:43.612512 osdx kernel: app-detect:   (0) dictionary _remote_, priority 2 type remote
Apr 16 16:16:43.612521 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.612529 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:43.612536 osdx kernel: app-detect: freed hash table
Apr 16 16:16:43.612543 osdx kernel: app-detect: freed memory for hashes+appids
Apr 16 16:16:43.612550 osdx kernel: app-detect: dictionary _remote_ deleted
Apr 16 16:16:43.612557 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.612564 osdx kernel: app-detect:   (0) dictionary _remote_, priority 2 type remote
Apr 16 16:16:43.612571 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.612578 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:43.612585 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty)
Apr 16 16:16:43.612595 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.612605 osdx kernel: app-detect:   (0) dictionary _remote_, priority 2 type remote
Apr 16 16:16:43.612612 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.612620 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type unknown (target_dict)
Apr 16 16:16:43.612633 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_
Apr 16 16:16:43.612645 osdx kernel: app-detect: set type of dict _remote_ to remote
Apr 16 16:16:43.612655 osdx kernel: app-detect: user set num_hash_entries=40000
Apr 16 16:16:43.612664 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20)
Apr 16 16:16:43.612672 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes)
Apr 16 16:16:43.612679 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes)
Apr 16 16:16:43.612687 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3
Apr 16 16:16:43.612694 osdx kernel: app-detect: enable remote dictionary _remote_
Apr 16 16:16:43.612701 osdx kernel: app-detect: dictionary _remote_ enabled
Apr 16 16:16:43.612708 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.612715 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:43.612722 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote
Apr 16 16:16:43.612729 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.612736 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:43.636379 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled)
Apr 16 16:16:43.636445 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.636464 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:43.636481 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:43.636492 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.636503 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:43.636540 osdx kernel: app-detect: dictionary _remote_ disabled
Apr 16 16:16:43.636561 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.636573 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:43.636585 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.636602 osdx kernel: app-detect:   (0) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:43.636614 osdx kernel: app-detect: freed hash table
Apr 16 16:16:43.636636 osdx kernel: app-detect: freed memory for hashes+appids
Apr 16 16:16:43.636652 osdx kernel: app-detect: dictionary _remote_ deleted
Apr 16 16:16:43.636664 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.636676 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:43.636687 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.636699 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:43.636709 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty)
Apr 16 16:16:43.636721 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.636731 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:43.636743 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.636753 osdx kernel: app-detect:   (0) dictionary _remote_, priority 2 type unknown (target_dict)
Apr 16 16:16:43.636790 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_
Apr 16 16:16:43.636806 osdx kernel: app-detect: set type of dict _remote_ to remote
Apr 16 16:16:43.636820 osdx kernel: app-detect: user set num_hash_entries=40000
Apr 16 16:16:43.636832 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20)
Apr 16 16:16:43.636845 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes)
Apr 16 16:16:43.636856 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes)
Apr 16 16:16:43.636867 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3
Apr 16 16:16:43.636878 osdx kernel: app-detect: enable remote dictionary _remote_
Apr 16 16:16:43.636889 osdx kernel: app-detect: dictionary _remote_ enabled
Apr 16 16:16:43.636900 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:43.636911 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:43.636922 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:43.636933 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:43.636943 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:43.677117 osdx INFO[181504]: Updated /etc/default/osdx_tcatd.conf
Apr 16 16:16:43.677171 osdx INFO[181504]: Restarting Traffic Categorization (TCATD) service ...
Apr 16 16:16:43.685598 osdx osdx-tcatd[181084]: UDP_Server. Received STOP signal. Cleanup
Apr 16 16:16:43.685651 osdx osdx-tcatd[181084]: Dict_client. Cleanup
Apr 16 16:16:43.685689 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon...
Apr 16 16:16:43.688598 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully.
Apr 16 16:16:43.688762 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon.
Apr 16 16:16:43.716860 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon...
Apr 16 16:16:44.045650 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon.
Apr 16 16:16:44.046910 osdx osdx-tcatd[181508]: Dict_client. rdict_num 2 mark 5555 local-vrf
Apr 16 16:16:44.058013 osdx osdx-tcatd[181508]: Dict_client. rdict_num 1 mark 5555 local-vrf
Apr 16 16:16:44.245669 osdx cfgd[1833]: [165502]Completed change to active configuration
Apr 16 16:16:44.248280 osdx OSDxCLI[165502]: User 'admin' committed the configuration.
Apr 16 16:16:44.277131 osdx OSDxCLI[165502]: User 'admin' left the configuration menu.
Apr 16 16:16:44.453167 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack clear'.
Apr 16 16:16:46.720417 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:37669/10.215.168.66:53
Apr 16 16:16:46.720694 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:37669/10.215.168.66:53
Apr 16 16:16:46.720716 osdx kernel: app-detect: dictionary search for enterprise.opentok.com
Apr 16 16:16:46.720727 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com
Apr 16 16:16:46.720738 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:46.720748 osdx kernel: app-detect: search in dict _remote_, prio 2
Apr 16 16:16:46.720814 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes
Apr 16 16:16:46.720821 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com
Apr 16 16:16:46.720838 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0}
Apr 16 16:16:46.720850 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes
Apr 16 16:16:46.720853 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com
Apr 16 16:16:46.720859 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0}
Apr 16 16:16:46.721776 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a
ge": 0, "threathistory": 0}}}]}
Apr 16 16:16:46.721793 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058
Apr 16 16:16:46.721845 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes
Apr 16 16:16:46.721995 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a
ge": 0, "threathistory": 0}}}]}
Apr 16 16:16:46.722008 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007
Apr 16 16:16:46.722059 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes
Apr 16 16:16:46.724368 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled)
Apr 16 16:16:46.724392 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:46.724403 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:46.724413 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:46.724421 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:46.724428 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:46.724436 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Apr 16 16:16:46.724443 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled)
Apr 16 16:16:46.724452 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:46.724465 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:46.724473 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote
Apr 16 16:16:46.724480 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:46.724488 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:46.724495 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Apr 16 16:16:46.835013 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:47189/10.215.168.66:53
Apr 16 16:16:46.835379 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:47189/10.215.168.66:53
Apr 16 16:16:46.835412 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com
Apr 16 16:16:46.835423 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com
Apr 16 16:16:46.835435 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:46.835446 osdx kernel: app-detect: search in dict _remote_, prio 2
Apr 16 16:16:46.835543 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes
Apr 16 16:16:46.835554 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com
Apr 16 16:16:46.835572 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0}
Apr 16 16:16:46.835589 osdx osdx-tcatd[181508]: UDP_Server. Read 27 bytes
Apr 16 16:16:46.835592 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com
Apr 16 16:16:46.835603 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0}
Apr 16 16:16:46.836750 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity
": 0, "age": 0, "threathistory": 0}}}]}
Apr 16 16:16:46.836768 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019
Apr 16 16:16:46.836843 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes
Apr 16 16:16:46.837506 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity
": 0, "age": 0, "threathistory": 0}}}]}
Apr 16 16:16:46.837519 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F
Apr 16 16:16:46.837574 osdx osdx-tcatd[181508]: UDP_Server. Sent 38 bytes
Apr 16 16:16:46.840372 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled)
Apr 16 16:16:46.840411 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:46.840424 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:46.840435 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:46.840447 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:46.840465 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:46.840478 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds
Apr 16 16:16:46.840490 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled)
Apr 16 16:16:46.840506 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:46.840518 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:46.840534 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote
Apr 16 16:16:46.840547 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:46.840557 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:46.840568 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds
Apr 16 16:16:46.923212 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:39875/10.215.168.66:53
Apr 16 16:16:46.923493 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:39875/10.215.168.66:53
Apr 16 16:16:46.923511 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com
Apr 16 16:16:46.923523 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com
Apr 16 16:16:46.923533 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:46.923556 osdx kernel: app-detect: search in dict _remote_, prio 2
Apr 16 16:16:46.923578 osdx osdx-tcatd[181508]: UDP_Server. Read 28 bytes
Apr 16 16:16:46.923591 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com
Apr 16 16:16:46.923612 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0}
Apr 16 16:16:46.923626 osdx osdx-tcatd[181508]: UDP_Server. Read 28 bytes
Apr 16 16:16:46.923633 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com
Apr 16 16:16:46.923641 osdx osdx-tcatd[181508]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0}
Apr 16 16:16:46.924501 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit
y": 0, "age": 0, "threathistory": 0}}}]}
Apr 16 16:16:46.924514 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004
Apr 16 16:16:46.924580 osdx osdx-tcatd[181508]: UDP_Server. Sent 39 bytes
Apr 16 16:16:46.924726 osdx osdx-tcatd[181508]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit
y": 0, "age": 0, "threathistory": 0}}}]}
Apr 16 16:16:46.924739 osdx osdx-tcatd[181508]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C
Apr 16 16:16:46.924766 osdx osdx-tcatd[181508]: UDP_Server. Sent 39 bytes
Apr 16 16:16:46.928372 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled)
Apr 16 16:16:46.928414 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:46.928427 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote (target_dict)
Apr 16 16:16:46.928437 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote
Apr 16 16:16:46.928448 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:46.928464 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:46.928476 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds
Apr 16 16:16:46.928487 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled)
Apr 16 16:16:46.928498 osdx kernel: app-detect: linked list of enabled dicts:
Apr 16 16:16:46.928507 osdx kernel: app-detect:   (0) dictionary _remote_, priority 1 type remote
Apr 16 16:16:46.928517 osdx kernel: app-detect:   (1) dictionary _remote_, priority 2 type remote (target_dict)
Apr 16 16:16:46.928529 osdx kernel: app-detect: linked list of disabled dicts:
Apr 16 16:16:46.928539 osdx kernel: app-detect:   (empty, no dicts)
Apr 16 16:16:46.928548 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds
Apr 16 16:16:47.034499 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'.
Apr 16 16:16:48.106413 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:50718/10.215.168.66:53
Apr 16 16:16:48.106678 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:50718/10.215.168.66:53
Apr 16 16:16:48.106700 osdx kernel: app-detect: dictionary search for enterprise.opentok.com
Apr 16 16:16:48.106709 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com
Apr 16 16:16:48.106717 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:48.106725 osdx kernel: app-detect: appid 82000007 found in hash dictionary
Apr 16 16:16:48.106732 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache
Apr 16 16:16:48.188445 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:43622/10.215.168.66:53
Apr 16 16:16:48.192371 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:43622/10.215.168.66:53
Apr 16 16:16:48.192388 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com
Apr 16 16:16:48.192400 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com
Apr 16 16:16:48.192411 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:48.192423 osdx kernel: app-detect: appid 8200000f found in hash dictionary
Apr 16 16:16:48.192445 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache
Apr 16 16:16:48.285527 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:59441/10.215.168.66:53
Apr 16 16:16:48.285890 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:59441/10.215.168.66:53
Apr 16 16:16:48.285927 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com
Apr 16 16:16:48.285939 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com
Apr 16 16:16:48.285949 osdx kernel: app-detect: search in dict _remote_, prio 1
Apr 16 16:16:48.285959 osdx kernel: app-detect: appid 82000004 found in hash dictionary
Apr 16 16:16:48.285969 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache
Apr 16 16:16:48.443441 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'.

Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:

Show output
----------------------------------------
     IP       Application ID  Expires in
----------------------------------------
10.215.168.1  U130:7          28s176ms
192.168.2.10  U130:15         28s260ms
192.168.2.20  U130:4          28s356ms

Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

10.215.168.1\s*.*U130:7
Show output
----------------------------------------
     IP       Application ID  Expires in
----------------------------------------
10.215.168.1  U130:7          28s92ms
192.168.2.10  U130:15         28s176ms
192.168.2.20  U130:4          28s272ms

Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

192.168.2.10\s*.*U130:15
Show output
----------------------------------------
     IP       Application ID  Expires in
----------------------------------------
10.215.168.1  U130:7          28s4ms
192.168.2.10  U130:15         28s88ms
192.168.2.20  U130:4          28s184ms

Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

192.168.2.20\s*.*U130:4
Show output
----------------------------------------
     IP       Application ID  Expires in
----------------------------------------
10.215.168.1  U130:7          27s928ms
192.168.2.10  U130:15         28s12ms
192.168.2.20  U130:4          28s108ms

Step 36: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.2.100/24
set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic nat source rule 1 address masquerade
set interfaces ethernet eth1 traffic policy out POL
set system conntrack app-detect app-id-storage chained
set system conntrack app-detect debug
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/SSHZj2hyZvTVuYUMZdzHuEf4c1MMXmc4=
set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/3Y0ei93wGUGgo3JsZ6KgO/ATkKLsssRkrT/zAHH/59seAj7EOiZAI
set system conntrack app-detect dictionary 1 remote mark 5555
set system conntrack app-detect dictionary 1 remote property category
set system conntrack app-detect dictionary 1 remote ssl-allow-insecure
set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18PxGya2jd1x3cPtYedyaSVJiW1dI9JU9Q=
set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/pKy4CuaYy2t/p9fkG+WCwxhRO9IVZ++bmo4nv6p++I+zgtDcZ30HV
set system conntrack app-detect dictionary 2 remote mark 5555
set system conntrack app-detect dictionary 2 remote property reputation
set system conntrack app-detect dictionary 2 remote ssl-allow-insecure
set system conntrack app-detect dns
set system conntrack app-detect dns-host
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http
set system conntrack app-detect http-host
set system conntrack app-detect refresh-flow-appid
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POL rule 1 action accept
set traffic policy POL rule 1 selector RDICT
set traffic policy POL rule 2 action drop
set traffic policy POL rule 2 selector RESOLVING
set traffic selector RDICT rule 1 mark 5555
set traffic selector RESOLVING rule 1 app-detect state detecting
set traffic selector RESOLVING rule 1 app-detect state host-detected

Step 37: Run command system conntrack clear at DUT0.

Step 38: Run command system conntrack clear at DUT0.

Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 40: Run command system conntrack clear at DUT1.

Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   5528      0 --:--:-- --:--:-- --:--:--  6166

Step 42: Run command system conntrack clear at DUT1.

Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   9494      0 --:--:-- --:--:-- --:--:-- 12333

Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]
Show output
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=54721 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54721 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=36036 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36036 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53]
tcp      6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46306 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46306 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443]
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=38932 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38932 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=38926 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38926 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com]
udp      17 29 src=192.168.2.101 dst=10.215.168.66 sport=53343 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53343 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53]
udp      17 27 src=127.0.0.1 dst=127.0.0.1 sport=36264 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=36264 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000]
tcp      6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=46310 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=46310 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443]
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=38946 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=38946 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.

Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.gamblingteldat.com
Address: 192.168.2.10
** server can't find www.gamblingteldat.com: REFUSED

Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.newspaperteldat.com
Address: 192.168.2.20
** server can't find www.newspaperteldat.com: REFUSED

Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.gamblingteldat.com
Address: 192.168.2.10
** server can't find www.gamblingteldat.com: REFUSED

Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:

Show output
Server:         10.215.168.66
Address:        10.215.168.66#53

Name:   www.newspaperteldat.com
Address: 192.168.2.20
** server can't find www.newspaperteldat.com: REFUSED

Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)
Show output
-----------------------------------------
     IP       Application ID   Expires in
-----------------------------------------
10.215.168.1  U130:7;U131:88   4m55s128ms
192.168.2.10  U130:15;U131:25  28s792ms
192.168.2.20  U130:4;U131:92   28s892ms

Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)
Show output
-----------------------------------------
     IP       Application ID   Expires in
-----------------------------------------
10.215.168.1  U130:7;U131:88   4m55s52ms
192.168.2.10  U130:15;U131:25  28s716ms
192.168.2.20  U130:4;U131:92   28s816ms

Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:

192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)
Show output
-----------------------------------------
     IP       Application ID   Expires in
-----------------------------------------
10.215.168.1  U130:7;U131:88   4m54s948ms
192.168.2.10  U130:15;U131:25  28s612ms
192.168.2.20  U130:4;U131:92   28s712ms

Step 52: Modify the following configuration lines in DUT0 :

set system alarm DICTERROR1
set system alarm DICTERROR2
set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1
set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2

Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:

DICTERROR1\s+false
Show output
--------------------------------------------------------------------
  Alarm     Status  Toggled  Prev-toggled  Toggle-count  Time up (%)
--------------------------------------------------------------------
DICTERROR1  false                                     0         0.00
DICTERROR2  false                                     0         0.00

Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:

DICTERROR2\s+false
Show output
--------------------------------------------------------------------
  Alarm     Status  Toggled  Prev-toggled  Toggle-count  Time up (%)
--------------------------------------------------------------------
DICTERROR1  false                                     0         0.00
DICTERROR2  false                                     0         0.00

Step 55: Modify the following configuration lines in DUT0 :

set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+fujhd5WUsSG1KvPnuU6efA45nzFbJ0mA=
set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/0lK2IGfWfN1NmX3iousqIfq65hQfqZ50=

Step 56: Run command system conntrack clear at DUT0.

Step 57: Run command system conntrack clear at DUT1.

Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:

(DICTERROR1|DICTERROR2)\s+true
Show output
---------------------------------------------------------------------------------------------
  Alarm     Status              Toggled               Prev-toggled  Toggle-count  Time up (%)
---------------------------------------------------------------------------------------------
DICTERROR1  true    2026-04-16 16:17:04.903044+00:00                           1        66.42
DICTERROR2  true    2026-04-16 16:17:04.903164+00:00                           1        66.46

Step 60: Modify the following configuration lines in DUT0 :

set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/l4xz5yN9xzuf87DQLwKgu1zyspRwFtqA=
set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+SLFWNfqr6FOx/wKVwdTIhveGJg2TpTfM=

Step 61: Run command system conntrack clear at DUT0.

Step 62: Run command system conntrack clear at DUT1.

Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:

(DICTERROR1|DICTERROR2)\s+false
Show output
-----------------------------------------------------------------------------------------------------------------
  Alarm     Status              Toggled                         Prev-toggled            Toggle-count  Time up (%)
-----------------------------------------------------------------------------------------------------------------
DICTERROR1  false   2026-04-16 16:17:11.426505+00:00  2026-04-16 16:17:04.903044+00:00             2        46.49
DICTERROR2  false   2026-04-16 16:17:11.425708+00:00  2026-04-16 16:17:04.903164+00:00             2        46.50

Remote Application Dictionary run in a VRF

Description

DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.

Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.

Phase 2: Using the local-interface option with an interface assigned to the VRF.

Phase 3: Using the local-address option to source from an address on an interface in the VRF.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.2.100/24
set interfaces ethernet eth0 vrf MYVRF
set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic nat source rule 1 address masquerade
set interfaces ethernet eth1 traffic policy out POL
set interfaces ethernet eth1 vrf MYVRF
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19YPVwZgXjATxTPbLI9CSUhGoCnlClnhoI=
set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+5ccwcFN19Ca6CVQGehSEs5JozzOQuRF/fu2VEpnOweY9zNbQ2zWJe
set system conntrack app-detect dictionary 1 remote local-vrf MYVRF
set system conntrack app-detect dictionary 1 remote property category
set system conntrack app-detect dictionary 1 remote ssl-allow-insecure
set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF
set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19nPyE6/oEMjCRRAYoVp5p+TNy58ks78Bc=
set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/dD0KvYsx2Z+hzzAc56BrshjC607vzActGInyPkTcBviFfk8yAtemA
set system conntrack app-detect dictionary 2 remote local-vrf MYVRF
set system conntrack app-detect dictionary 2 remote property reputation
set system conntrack app-detect dictionary 2 remote ssl-allow-insecure
set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http
set system conntrack app-detect http-host
set system conntrack app-detect refresh-flow-appid
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf MYVRF
set traffic policy POL rule 1 action accept
set traffic policy POL rule 1 selector RDICT
set traffic policy POL rule 2 action drop
set traffic policy POL rule 2 selector RESOLVING
set traffic selector RDICT rule 1 vrf-mark MYVRF
set traffic selector RESOLVING rule 1 app-detect state detecting
set traffic selector RESOLVING rule 1 app-detect state host-detected

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.2.101/24
set protocols static route 0.0.0.0/0 next-hop 192.168.2.100
set service dns forwarding name-server 10.215.168.66
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 10.215.168.66/24
set service dns forwarding local-ttl 30
set service dns forwarding name-server 127.0.0.1
set service dns static host-name enterprise.opentok.com inet 10.215.168.1
set service dns static host-name static.opentok.com inet 192.168.2.100
set service dns static host-name www.gamblingteldat.com inet 192.168.2.10
set service dns static host-name www.newspaperteldat.com inet 192.168.2.20
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 10.215.168.1 from DUT1:

admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.529 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.529/0.529/0.529/0.000 ms

Step 5: Run command system conntrack clear at DUT0.

Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRF
Show output
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
udp      17 28 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=53827 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53827 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55574 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55574 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=40181 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40181 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53]
tcp      6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55576 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55576 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.

Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:

1\s+[1-9]\d*\s+\d+
Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1)

-----------------------------------------------------
rule   pkts match  pkts eval  bytes match  bytes eval
-----------------------------------------------------
1              20         37         3214        5823
-----------------------------------------------------
Total          20         37         3214        5823

Step 9: Run command system conntrack clear at DUT1.

Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   7711      0 --:--:-- --:--:-- --:--:--  9250

admin@osdx$

Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]
Show output
tcp      6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
udp      17 25 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=48600 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48600 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 25 src=192.168.2.101 dst=10.215.168.66 sport=53827 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53827 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55574 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55574 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443]
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=46094 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46094 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com]
udp      17 25 src=192.168.2.101 dst=10.215.168.66 sport=40181 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40181 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53]
tcp      6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55576 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55576 vrf=MYVRF packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.

Step 12: Modify the following configuration lines in DUT0 :

delete system conntrack app-detect dictionary 1 remote local-vrf
delete system conntrack app-detect dictionary 2 remote local-vrf
set system conntrack app-detect dictionary 1 remote local-interface eth1
set system conntrack app-detect dictionary 2 remote local-interface eth1

Step 13: Run command system conntrack clear at DUT0.

Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRF
Show output
tcp      6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80]
udp      17 27 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55600 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55600 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=51270 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51270 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55590 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55590 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.

Step 16: Run command system conntrack clear at DUT1.

Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   5548      0 --:--:-- --:--:-- --:--:--  6166

admin@osdx$

Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]
Show output
tcp      6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46090 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46090 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80]
udp      17 25 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55600 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55600 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 25 src=192.168.2.101 dst=10.215.168.66 sport=51270 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51270 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
udp      17 28 src=192.168.2.101 dst=10.215.168.66 sport=54639 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54639 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=35306 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35306 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com]
tcp      6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=55590 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=55590 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.

Step 19: Modify the following configuration lines in DUT0 :

delete system conntrack app-detect dictionary 1 remote local-interface
delete system conntrack app-detect dictionary 2 remote local-interface
set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64
set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64

Step 20: Run command system conntrack clear at DUT0.

Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0^C


Operation aborted by user.

admin@osdx$

Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRF
Show output
udp      17 27 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80]
tcp      6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=35310 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35310 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33346 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33346 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=41386 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41386 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33354 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33354 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443]
conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.

Step 23: Run command system conntrack clear at DUT1.

Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:

Show output
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    37  100    37    0     0   4888      0 --:--:-- --:--:-- --:--:--  5285

admin@osdx$

Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:

vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]
Show output
tcp      6 src=192.168.2.101 dst=10.215.168.1 sport=35326 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35326 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com]
udp      17 25 src=127.0.0.1 dst=127.0.0.1 sport=38244 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38244 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000]
tcp      6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=46104 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46104 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80]
tcp      6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=35310 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=35310 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com]
tcp      6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33346 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33346 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 25 src=192.168.2.101 dst=10.215.168.66 sport=41386 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41386 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
tcp      6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33354 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33354 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443]
udp      17 27 src=192.168.2.101 dst=10.215.168.66 sport=59809 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59809 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53]
conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.