App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.925 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.925/0.925/0.925/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7589 0 --:--:-- --:--:-- --:--:-- 9250
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 5 02:13:46 2026 from 10.0.0.2 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.383 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.383/0.383/0.383/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=47460 dport=22 packets=24 bytes=5059 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=47460 packets=22 bytes=4963 [ASSURED] mark=0 use=1 appdetect[L4:22] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=42244 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42244 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=919 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=919 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=920 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=920 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 11.4M 0 --:--:-- --:--:-- --:--:-- 13.0M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6088 0 --:--:-- --:--:-- --:--:-- 6166
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=42268 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42268 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7325 0 --:--:-- --:--:-- --:--:-- 7400
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 5 02:42:07 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=47474 dport=22 packets=22 bytes=4955 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=47474 packets=21 bytes=4911 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=42284 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42284 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=42268 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42268 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.369 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.369/0.369/0.369/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44388 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44388 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=47474 dport=22 packets=22 bytes=4955 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=47474 packets=21 bytes=4911 [ASSURED] mark=0 use=1 appdetect[U128:31] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=42284 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42284 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=42268 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=42268 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59142 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59142 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=921 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=921 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56669 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56669 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=1.06 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.064/1.064/1.064/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10243 0 --:--:-- --:--:-- --:--:-- 12333
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46354 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46354 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=43564 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43564 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=37986 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37986 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10924 0 --:--:-- --:--:-- --:--:-- 12333
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18P1MxvGatJnAlpHHm7Q3/U4UTmB77Ldd0= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/JZsFzdDjK2PnkVHRpZ1JYJ7vrs4zubtciDeIOhz88zVMw4/65nqvr set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19J7adcEqsWgtTs+sp/OKc3qORETyxpV2w= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19ohBoHq8OpZI4r6tWsm4eHHrOYledwgg+J+AWNrjaDNrk/IQtWpP5G set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.439 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.439/0.439/0.439/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
May 05 02:43:33.000287 osdx systemd-timedated[682785]: Changed local time to Tue 2026-05-05 02:43:33 UTC May 05 02:43:33.001401 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'set date 2026-05-05 02:43:33'. May 05 02:43:33.002836 osdx systemd-journald[1908]: Time jumped backwards, rotating. May 05 02:43:33.290139 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.9M, max 13.8M, 11.8M free. May 05 02:43:33.290840 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:43:33.290902 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:43:33.301267 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:43:33.525855 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system coredump delete all'. May 05 02:43:33.728560 osdx OSDxCLI[598646]: User 'admin' entered the configuration menu. May 05 02:43:33.813998 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. May 05 02:43:33.887398 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. May 05 02:43:33.946952 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. May 05 02:43:34.042491 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. May 05 02:43:34.092404 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. May 05 02:43:34.184011 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. May 05 02:43:34.233279 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. May 05 02:43:34.329082 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. May 05 02:43:34.382630 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. May 05 02:43:34.474573 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. May 05 02:43:34.523856 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. May 05 02:43:34.636246 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. May 05 02:43:34.706486 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. May 05 02:43:34.819055 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. May 05 02:43:34.871926 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. May 05 02:43:34.976374 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. May 05 02:43:35.039417 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. May 05 02:43:35.117216 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. May 05 02:43:35.167832 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. May 05 02:43:35.260589 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. May 05 02:43:35.310612 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. May 05 02:43:35.398685 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. May 05 02:43:35.448957 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. May 05 02:43:35.544537 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. May 05 02:43:35.596579 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. May 05 02:43:35.684815 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. May 05 02:43:35.752285 osdx OSDxCLI[598646]: User 'admin' added a new cfg line: 'show working'. May 05 02:43:35.848469 osdx ubnt-cfgd[682846]: inactive May 05 02:43:35.905473 osdx INFO[682884]: FRR daemons did not change May 05 02:43:36.086838 osdx kernel: nfUDPlink: module init May 05 02:43:36.086884 osdx kernel: app-detect: module init May 05 02:43:36.086898 osdx kernel: app-detect: registered: sysctl net.appdetect May 05 02:43:36.086906 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 05 02:43:36.086914 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 05 02:43:36.086922 osdx kernel: app-detect: expression init May 05 02:43:36.086933 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 05 02:43:36.086942 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 05 02:43:36.102846 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) May 05 02:43:36.102906 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:36.102916 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:36.102925 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:36.102934 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) May 05 02:43:36.102942 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 05 02:43:36.102951 osdx kernel: app-detect: set type of dict _remote_ to remote May 05 02:43:36.102963 osdx kernel: app-detect: user set num_hash_entries=40000 May 05 02:43:36.102971 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 05 02:43:36.102980 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 05 02:43:36.102988 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 05 02:43:36.102996 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 05 02:43:36.103004 osdx kernel: app-detect: enable remote dictionary _remote_ May 05 02:43:36.103013 osdx kernel: app-detect: dictionary _remote_ enabled May 05 02:43:36.103021 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:36.103029 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:36.103037 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:36.103046 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:36.103053 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) May 05 02:43:36.103061 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:36.103071 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:36.103080 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:36.103087 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) May 05 02:43:36.103096 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 05 02:43:36.103104 osdx kernel: app-detect: set type of dict _remote_ to remote May 05 02:43:36.103113 osdx kernel: app-detect: user set num_hash_entries=40000 May 05 02:43:36.103121 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 05 02:43:36.103130 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 05 02:43:36.103138 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 05 02:43:36.103146 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 05 02:43:36.103154 osdx kernel: app-detect: enable remote dictionary _remote_ May 05 02:43:36.103163 osdx kernel: app-detect: dictionary _remote_ enabled May 05 02:43:36.103173 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:36.103181 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:36.103189 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:36.103197 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:36.103205 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:36.111537 osdx INFO[682921]: Updated /etc/default/osdx_tcatd.conf May 05 02:43:36.111577 osdx INFO[682921]: Restarting Traffic Categorization (TCATD) service ... May 05 02:43:36.155179 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 05 02:43:36.420898 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 05 02:43:36.422019 osdx osdx-tcatd[682925]: Dict_client. rdict_num 2 mark 5555 local-vrf May 05 02:43:36.422104 osdx osdx-tcatd[682925]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server May 05 02:43:36.422171 osdx osdx-tcatd[682925]: Dict_client. rdict_num 1 mark 5555 local-vrf May 05 02:43:36.422202 osdx osdx-tcatd[682925]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server May 05 02:43:36.454837 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 May 05 02:43:36.501824 osdx WARNING[683015]: No supported link modes on interface eth1 May 05 02:43:36.504902 osdx modulelauncher[683015]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on May 05 02:43:36.504915 osdx modulelauncher[683015]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. May 05 02:43:36.506085 osdx modulelauncher[683015]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- May 05 02:43:36.506097 osdx modulelauncher[683015]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. May 05 02:43:36.538840 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 05 02:43:36.578582 osdx WARNING[683095]: No supported link modes on interface eth0 May 05 02:43:36.581784 osdx modulelauncher[683095]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 05 02:43:36.581797 osdx modulelauncher[683095]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 05 02:43:36.582873 osdx modulelauncher[683095]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- May 05 02:43:36.582881 osdx modulelauncher[683095]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. May 05 02:43:36.765706 osdx cfgd[1648]: [598646]Completed change to active configuration May 05 02:43:36.776613 osdx OSDxCLI[598646]: User 'admin' committed the configuration. May 05 02:43:36.791512 osdx OSDxCLI[598646]: User 'admin' left the configuration menu. May 05 02:43:38.951378 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack clear'. May 05 02:43:39.080037 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:49642/10.215.168.1:80 May 05 02:43:39.080102 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:49642/10.215.168.1:80 May 05 02:43:39.080112 osdx kernel: app-detect: dictionary search for enterprise.opentok.com May 05 02:43:39.080120 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:39.080127 osdx kernel: app-detect: search in dict _remote_, prio 2 May 05 02:43:39.080214 osdx osdx-tcatd[682925]: UDP_Server. Read 27 bytes May 05 02:43:39.080223 osdx osdx-tcatd[682925]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com May 05 02:43:39.080240 osdx osdx-tcatd[682925]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 05 02:43:39.080251 osdx osdx-tcatd[682925]: UDP_Server. Read 27 bytes May 05 02:43:39.080253 osdx osdx-tcatd[682925]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com May 05 02:43:39.080265 osdx osdx-tcatd[682925]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 05 02:43:39.091117 osdx osdx-tcatd[682925]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 05 02:43:39.091133 osdx osdx-tcatd[682925]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 May 05 02:43:39.091197 osdx osdx-tcatd[682925]: UDP_Server. Sent 38 bytes May 05 02:43:39.091675 osdx osdx-tcatd[682925]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 05 02:43:39.091686 osdx osdx-tcatd[682925]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 May 05 02:43:39.091723 osdx osdx-tcatd[682925]: UDP_Server. Sent 38 bytes May 05 02:43:39.094830 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 05 02:43:39.094848 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:39.094859 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:39.094869 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 05 02:43:39.094877 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:39.094884 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:39.094893 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds May 05 02:43:39.094901 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 05 02:43:39.094909 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:39.094916 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:39.094926 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:39.094934 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:39.094941 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:39.094948 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52602 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52602 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=47869 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=47869 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52604 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52604 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54274 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54274 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45521 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45521 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49642 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49642 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 38 3318 5907 ----------------------------------------------------- Total 22 38 3318 5907
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52602 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52602 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=47869 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=47869 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52604 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52604 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54274 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54274 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=45521 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45521 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49642 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49642 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6263 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52602 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52602 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=51437 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51437 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=47869 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=47869 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52604 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52604 packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=49656 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49656 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=54274 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54274 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=45521 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45521 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49642 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49642 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s936ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10260 0 --:--:-- --:--:-- --:--:-- 12333
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=59370 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59370 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=33143 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33143 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19rW6pVxXfkb89wLI19RaOQ3wKHb3OMen8= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19KRmESUIA1H7VgLzdIrZxd5DZdWVrHmi7ULm2aSTCil7/yC3Kc/qUR set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+hd6BAIjwMntCbwjL3C8ai2UHbvSC5+mU= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX199MJP0EXRsvZpCJ0Fxh0e2nwTcF3y/hvVgHUf8bADBp9XuGfnLpQDM set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48329 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48329 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44772 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44772 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=47869 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=47869 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=42128 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42128 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54410 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54410 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35593 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35593 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54396 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54396 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36736 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36736 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=32823 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=32823 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55219 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55219 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=48329 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48329 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59529 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59529 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=44772 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44772 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57197 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57197 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=47869 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=47869 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=42128 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42128 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57307 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57307 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54410 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54410 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51433 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51433 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35593 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35593 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=54396 dport=443 packets=9 bytes=1345 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=54396 packets=9 bytes=2042 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=36736 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36736 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=32823 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=32823 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56911 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56911 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
May 05 02:43:47.146979 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote May 05 02:43:47.146990 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.147011 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:47.147021 osdx kernel: app-detect: freed hash table May 05 02:43:47.147031 osdx kernel: app-detect: freed memory for hashes+appids May 05 02:43:47.147040 osdx kernel: app-detect: dictionary _remote_ deleted May 05 02:43:47.147050 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.147059 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote May 05 02:43:47.147068 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.147077 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:47.147086 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) May 05 02:43:47.147098 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.147108 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote May 05 02:43:47.147119 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.147129 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) May 05 02:43:47.147140 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 05 02:43:47.147152 osdx kernel: app-detect: set type of dict _remote_ to remote May 05 02:43:47.147163 osdx kernel: app-detect: user set num_hash_entries=40000 May 05 02:43:47.147173 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 05 02:43:47.147185 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 05 02:43:47.147198 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 05 02:43:47.147208 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 05 02:43:47.147225 osdx kernel: app-detect: enable remote dictionary _remote_ May 05 02:43:47.147237 osdx kernel: app-detect: dictionary _remote_ enabled May 05 02:43:47.147247 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.147258 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:47.147268 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 05 02:43:47.147279 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.147289 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:47.162837 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 05 02:43:47.162876 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.162885 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:47.162893 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:47.162901 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.162908 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:47.162915 osdx kernel: app-detect: dictionary _remote_ disabled May 05 02:43:47.162923 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.162930 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:47.162937 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.162944 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:47.162952 osdx kernel: app-detect: freed hash table May 05 02:43:47.162961 osdx kernel: app-detect: freed memory for hashes+appids May 05 02:43:47.162968 osdx kernel: app-detect: dictionary _remote_ deleted May 05 02:43:47.162975 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.162983 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:47.162990 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.163004 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:47.163012 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) May 05 02:43:47.163019 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.163027 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:47.163034 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.163041 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) May 05 02:43:47.163048 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ May 05 02:43:47.163057 osdx kernel: app-detect: set type of dict _remote_ to remote May 05 02:43:47.163064 osdx kernel: app-detect: user set num_hash_entries=40000 May 05 02:43:47.163071 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) May 05 02:43:47.163079 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) May 05 02:43:47.163086 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) May 05 02:43:47.163093 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 May 05 02:43:47.163102 osdx kernel: app-detect: enable remote dictionary _remote_ May 05 02:43:47.163109 osdx kernel: app-detect: dictionary _remote_ enabled May 05 02:43:47.163116 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:47.163123 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:47.163130 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:47.163137 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:47.163144 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:47.199077 osdx INFO[683346]: Updated /etc/default/osdx_tcatd.conf May 05 02:43:47.199170 osdx INFO[683346]: Restarting Traffic Categorization (TCATD) service ... May 05 02:43:47.208564 osdx osdx-tcatd[682925]: UDP_Server. Received STOP signal. Cleanup May 05 02:43:47.208595 osdx osdx-tcatd[682925]: Dict_client. Cleanup May 05 02:43:47.208638 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 05 02:43:47.210620 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. May 05 02:43:47.210796 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 05 02:43:47.239817 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 05 02:43:47.504048 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 05 02:43:47.505146 osdx osdx-tcatd[683350]: Dict_client. rdict_num 2 mark 5555 local-vrf May 05 02:43:47.514110 osdx osdx-tcatd[683350]: Dict_client. rdict_num 1 mark 5555 local-vrf May 05 02:43:47.679556 osdx cfgd[1648]: [598646]Completed change to active configuration May 05 02:43:47.681508 osdx OSDxCLI[598646]: User 'admin' committed the configuration. May 05 02:43:47.695824 osdx OSDxCLI[598646]: User 'admin' left the configuration menu. May 05 02:43:47.828845 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack clear'. May 05 02:43:49.896470 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:35593/10.215.168.66:53 May 05 02:43:49.896876 osdx osdx-tcatd[683350]: UDP_Server. Read 27 bytes May 05 02:43:49.896884 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com May 05 02:43:49.896902 osdx osdx-tcatd[683350]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 05 02:43:49.896914 osdx osdx-tcatd[683350]: UDP_Server. Read 27 bytes May 05 02:43:49.896916 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com May 05 02:43:49.896921 osdx osdx-tcatd[683350]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} May 05 02:43:49.897797 osdx osdx-tcatd[683350]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 05 02:43:49.897815 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 May 05 02:43:49.897847 osdx osdx-tcatd[683350]: UDP_Server. Sent 38 bytes May 05 02:43:49.897964 osdx osdx-tcatd[683350]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} May 05 02:43:49.897976 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 May 05 02:43:49.898006 osdx osdx-tcatd[683350]: UDP_Server. Sent 38 bytes May 05 02:43:49.898835 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:35593/10.215.168.66:53 May 05 02:43:49.898853 osdx kernel: app-detect: dictionary search for enterprise.opentok.com May 05 02:43:49.898862 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com May 05 02:43:49.898869 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:49.898876 osdx kernel: app-detect: search in dict _remote_, prio 2 May 05 02:43:49.898884 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 05 02:43:49.898898 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:49.898907 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:49.898915 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 05 02:43:49.898922 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:49.898934 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:49.898941 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds May 05 02:43:49.898949 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 05 02:43:49.898957 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:49.898964 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:49.898971 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:49.898979 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:49.898985 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:49.898993 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds May 05 02:43:49.963111 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:36736/10.215.168.66:53 May 05 02:43:49.963368 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:36736/10.215.168.66:53 May 05 02:43:49.963381 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com May 05 02:43:49.963388 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com May 05 02:43:49.963396 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:49.963404 osdx kernel: app-detect: search in dict _remote_, prio 2 May 05 02:43:49.963453 osdx osdx-tcatd[683350]: UDP_Server. Read 27 bytes May 05 02:43:49.963459 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com May 05 02:43:49.963477 osdx osdx-tcatd[683350]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} May 05 02:43:49.963490 osdx osdx-tcatd[683350]: UDP_Server. Read 27 bytes May 05 02:43:49.963493 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com May 05 02:43:49.963500 osdx osdx-tcatd[683350]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} May 05 02:43:49.964278 osdx osdx-tcatd[683350]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} May 05 02:43:49.964291 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 May 05 02:43:49.964321 osdx osdx-tcatd[683350]: UDP_Server. Sent 38 bytes May 05 02:43:49.964445 osdx osdx-tcatd[683350]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} May 05 02:43:49.964455 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F May 05 02:43:49.964492 osdx osdx-tcatd[683350]: UDP_Server. Sent 38 bytes May 05 02:43:49.966837 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 05 02:43:49.966854 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:49.966866 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:49.966877 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:49.966897 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:49.966909 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:49.966920 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds May 05 02:43:49.966933 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 05 02:43:49.966944 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:49.966955 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:49.966966 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 05 02:43:49.966977 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:49.966987 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:49.966998 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds May 05 02:43:50.056446 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:32823/10.215.168.66:53 May 05 02:43:50.056680 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:32823/10.215.168.66:53 May 05 02:43:50.056703 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com May 05 02:43:50.056712 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com May 05 02:43:50.056731 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:50.056738 osdx kernel: app-detect: search in dict _remote_, prio 2 May 05 02:43:50.056769 osdx osdx-tcatd[683350]: UDP_Server. Read 28 bytes May 05 02:43:50.056775 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com May 05 02:43:50.056793 osdx osdx-tcatd[683350]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} May 05 02:43:50.056804 osdx osdx-tcatd[683350]: UDP_Server. Read 28 bytes May 05 02:43:50.056805 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com May 05 02:43:50.056810 osdx osdx-tcatd[683350]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} May 05 02:43:50.057594 osdx osdx-tcatd[683350]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} May 05 02:43:50.057605 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 May 05 02:43:50.057655 osdx osdx-tcatd[683350]: UDP_Server. Sent 39 bytes May 05 02:43:50.057778 osdx osdx-tcatd[683350]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} May 05 02:43:50.057789 osdx osdx-tcatd[683350]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C May 05 02:43:50.057814 osdx osdx-tcatd[683350]: UDP_Server. Sent 39 bytes May 05 02:43:50.058836 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) May 05 02:43:50.058853 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:50.058865 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) May 05 02:43:50.058878 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote May 05 02:43:50.058898 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:50.058910 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:50.058921 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds May 05 02:43:50.058932 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) May 05 02:43:50.058943 osdx kernel: app-detect: linked list of enabled dicts: May 05 02:43:50.058954 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote May 05 02:43:50.058964 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) May 05 02:43:50.058976 osdx kernel: app-detect: linked list of disabled dicts: May 05 02:43:50.058986 osdx kernel: app-detect: (empty, no dicts) May 05 02:43:50.058996 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds May 05 02:43:50.157956 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack show'. May 05 02:43:51.231445 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:51433/10.215.168.66:53 May 05 02:43:51.234889 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:51433/10.215.168.66:53 May 05 02:43:51.234903 osdx kernel: app-detect: dictionary search for enterprise.opentok.com May 05 02:43:51.234922 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com May 05 02:43:51.234930 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:51.234937 osdx kernel: app-detect: appid 82000007 found in hash dictionary May 05 02:43:51.234949 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache May 05 02:43:51.312287 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:57307/10.215.168.66:53 May 05 02:43:51.312498 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:57307/10.215.168.66:53 May 05 02:43:51.312510 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com May 05 02:43:51.312520 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com May 05 02:43:51.312527 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:51.312534 osdx kernel: app-detect: appid 8200000f found in hash dictionary May 05 02:43:51.312542 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache May 05 02:43:51.406893 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:55219/10.215.168.66:53 May 05 02:43:51.407127 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:55219/10.215.168.66:53 May 05 02:43:51.407151 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com May 05 02:43:51.407160 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com May 05 02:43:51.407167 osdx kernel: app-detect: search in dict _remote_, prio 1 May 05 02:43:51.407175 osdx kernel: app-detect: appid 82000004 found in hash dictionary May 05 02:43:51.407182 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache May 05 02:43:51.505181 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s284ms 192.168.2.10 U130:15 28s364ms 192.168.2.20 U130:4 28s460ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s224ms 192.168.2.10 U130:15 28s304ms 192.168.2.20 U130:4 28s400ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s124ms 192.168.2.10 U130:15 28s204ms 192.168.2.20 U130:4 28s300ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s64ms 192.168.2.10 U130:15 28s144ms 192.168.2.20 U130:4 28s240ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19SM7idW+/xoUdBFi2BLBiSJkvaB9g+0gQ= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/MvCUsLaR0jhFPYHaFOfB61n6rts9h1CBCrD5a1nBYCoNU+vEIVycg set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/enf0e1brVqKRobuYxlX0Fu+MFmgXRYb0= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18+VF4i1rPJgzldxGil6rbJjlJ6PdLonpL5LqQlGQo6DZmRgyCCb/go set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6559 0 --:--:-- --:--:-- --:--:-- 7400
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 9935 0 --:--:-- --:--:-- --:--:-- 12333
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56796 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56796 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=57532 dport=80 packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=57532 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=56810 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=56810 packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=57540 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=57540 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=35504 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35504 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=47869 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=47869 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=54977 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54977 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59671 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59671 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=57550 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=57550 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s248ms 192.168.2.10 U130:15;U131:25 28s832ms 192.168.2.20 U130:4;U131:92 28s916ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s184ms 192.168.2.10 U130:15;U131:25 28s768ms 192.168.2.20 U130:4;U131:92 28s852ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s88ms 192.168.2.10 U130:15;U131:25 28s672ms 192.168.2.20 U130:4;U131:92 28s756ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+Qcjs8H1cawgNjLz7mogKulEoQZZRPIk8= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+66ZMVWzllcnugz/S2Ctt1xlhTfXsIdWM=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-05-05 02:44:06.649551+00:00 1 70.32 DICTERROR2 true 2026-05-05 02:44:06.649378+00:00 1 70.36
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/4yZz07iZXrnsR+vH2fmBl5mb7HeFr+vI= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+UQZffaG/Lufihm2co5IEP2JB4G9acb/A=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-05-05 02:44:12.945448+00:00 2026-05-05 02:44:06.649551+00:00 2 47.00 DICTERROR2 false 2026-05-05 02:44:12.945304+00:00 2026-05-05 02:44:06.649378+00:00 2 47.01
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18bSo7GJBGD5FcYeMFc33uVElUb6Mr0AXg= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19ezUexUFI/Q51dEob/jNUIxptilfmXjqzlKqByG3kph5D2D24D+3Q8 set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX190lBh/pn3uyWM10+644qRstESQYQV64Co= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18cXLegU/g8Kgo08rMdblBatBck2sXJu2n4D0e6V5ezcILvmV8Mx07E set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.408 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.408/0.408/0.408/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=47265 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47265 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49066 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49066 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=51230 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51230 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49068 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49068 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=38928 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38928 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=34583 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34583 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 39 3318 6116 ----------------------------------------------------- Total 22 39 3318 6116
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 10610 0 --:--:-- --:--:-- --:--:-- 12333 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=47265 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47265 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49066 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49066 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=51234 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51234 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=41102 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41102 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=51230 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51230 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49068 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49068 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=38928 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38928 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=34583 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34583 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=35384 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35384 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40968 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40968 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49096 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49096 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49084 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49084 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=51230 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51230 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=38928 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38928 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6605 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=35384 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35384 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40968 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40968 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49096 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49096 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=49084 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=49084 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=40970 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40970 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=51230 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=51230 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=37009 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37009 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=38928 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38928 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 9 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=40968 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40968 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44902 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44902 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40972 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40972 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=38928 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38928 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=57598 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57598 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44916 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44916 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6556 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=40597 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40597 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=40968 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40968 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44902 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44902 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46272 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46272 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=40972 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=40972 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=38928 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=38928 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=57598 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57598 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=44916 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=44916 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.