App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.664 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.664/0.664/0.664/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5919 0 --:--:-- --:--:-- --:--:-- 6166
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.4 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Jun 4 10:33:18 2026 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.391 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.391/0.391/0.391/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=57016 dport=22 packets=24 bytes=5059 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=57016 packets=20 bytes=4779 [ASSURED] mark=0 use=1 appdetect[L4:22] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=58356 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58356 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=46 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=46 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=45 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=45 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 11.0M 0 --:--:-- --:--:-- --:--:-- 13.0M
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8606 0 --:--:-- --:--:-- --:--:-- 9250
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=58380 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58380 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6569 0 --:--:-- --:--:-- --:--:-- 7400
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.9.4 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Jun 4 11:03:16 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=58396 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58396 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=58380 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58380 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=57028 dport=22 packets=24 bytes=5059 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=57028 packets=20 bytes=4795 [ASSURED] mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.366 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.366/0.366/0.366/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=58396 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58396 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59914 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59914 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=47 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=47 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=42370 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42370 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=58380 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=58380 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=57028 dport=22 packets=24 bytes=5059 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=57028 packets=20 bytes=4795 [ASSURED] mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=50785 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50785 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.768 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.768/0.768/0.768/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4907 0 --:--:-- --:--:-- --:--:-- 5285
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48069 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48069 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59335 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59335 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=49184 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49184 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U6:42 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5377 0 --:--:-- --:--:-- --:--:-- 6166
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX183hFIQVtin7QegDjBNhfQuSI9Qj2gDk/k= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/j1lxzutNo6H30lMEcq15frRhEJU07a8VkY4FYxDH44XiGdBBr+gmn set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18YADXUUrTNjtccWfJGYtBC7lgv06ioOfo= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18HkTjSG7vUXc1OcLQ+UH1kHKN4rOsVCUue59+3jaJSvPcB3y6ID4+a set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.828 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.828/0.828/0.828/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Jun 04 11:04:50.058179 osdx systemd[1]: Started systemd-timedated.service - Time & Date Service. Jun 04 11:04:50.000394 osdx systemd-timedated[52950]: Changed local time to Thu 2026-06-04 11:04:50 UTC Jun 04 11:04:50.001216 osdx systemd-journald[2213]: Time jumped backwards, rotating. Jun 04 11:04:50.001908 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'set date 2026-06-04 11:04:50'. Jun 04 11:04:50.329553 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 3.5M, max 13.8M, 10.3M free. Jun 04 11:04:50.333224 osdx systemd-journald[2213]: Received client request to rotate journal, rotating. Jun 04 11:04:50.333313 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4. Jun 04 11:04:50.341948 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'. Jun 04 11:04:50.597889 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'. Jun 04 11:04:50.844916 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu. Jun 04 11:04:50.991295 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Jun 04 11:04:51.043142 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 04 11:04:51.154823 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Jun 04 11:04:51.224687 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Jun 04 11:04:51.317786 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Jun 04 11:04:51.368572 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Jun 04 11:04:51.463982 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Jun 04 11:04:51.523505 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Jun 04 11:04:51.611150 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Jun 04 11:04:51.674731 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Jun 04 11:04:51.764007 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Jun 04 11:04:51.843930 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Jun 04 11:04:51.947215 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Jun 04 11:04:52.034756 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Jun 04 11:04:52.118416 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Jun 04 11:04:52.221603 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Jun 04 11:04:52.286351 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Jun 04 11:04:52.369191 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Jun 04 11:04:52.424531 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Jun 04 11:04:52.518613 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Jun 04 11:04:52.594510 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Jun 04 11:04:52.695501 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Jun 04 11:04:52.759765 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 04 11:04:52.850207 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Jun 04 11:04:52.903782 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Jun 04 11:04:52.997877 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Jun 04 11:04:53.073524 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'. Jun 04 11:04:53.181416 osdx ubnt-cfgd[53011]: inactive Jun 04 11:04:53.243981 osdx INFO[53049]: FRR daemons did not change Jun 04 11:04:53.409222 osdx kernel: nfUDPlink: module init Jun 04 11:04:53.409281 osdx kernel: app-detect: module init Jun 04 11:04:53.409294 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 04 11:04:53.409307 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 04 11:04:53.409318 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 04 11:04:53.409330 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 04 11:04:53.409347 osdx kernel: app-detect: expression init Jun 04 11:04:53.409358 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 04 11:04:53.409369 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 04 11:04:53.413213 osdx kernel: app-detect: selected hash dict hash table with 13 hash bits and 8192 buckets for max 5000 entries (supported range 2^8...2^20) Jun 04 11:04:53.413245 osdx kernel: app-detect: allocated memory for hash table with 8192 buckets (65536 bytes) Jun 04 11:04:53.413256 osdx kernel: app-detect: allocated memory for 5000 hash entries (520000 bytes) Jun 04 11:04:53.413264 osdx kernel: app-detect: CNAME database reallocated to 5000 entries Jun 04 11:04:53.425223 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Jun 04 11:04:53.425270 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:04:53.425284 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:04:53.425291 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:04:53.425299 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Jun 04 11:04:53.425307 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 04 11:04:53.425315 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 04 11:04:53.425322 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 04 11:04:53.425329 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 04 11:04:53.425337 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 04 11:04:53.425344 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 04 11:04:53.425351 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 04 11:04:53.425359 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 04 11:04:53.425368 osdx kernel: app-detect: dictionary _remote_ enabled Jun 04 11:04:53.425376 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:04:53.425383 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:04:53.425393 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:04:53.425403 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:04:53.425410 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Jun 04 11:04:53.425418 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:04:53.425425 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:04:53.425433 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:04:53.425440 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Jun 04 11:04:53.425447 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 04 11:04:53.425454 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 04 11:04:53.425467 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 04 11:04:53.425478 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 04 11:04:53.425486 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 04 11:04:53.429219 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 04 11:04:53.429250 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 04 11:04:53.429260 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 04 11:04:53.429268 osdx kernel: app-detect: dictionary _remote_ enabled Jun 04 11:04:53.429276 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:04:53.429283 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:04:53.429290 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:04:53.429298 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:04:53.429305 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:04:53.439485 osdx INFO[53086]: Updated /etc/default/osdx_tcatd.conf Jun 04 11:04:53.439573 osdx INFO[53086]: Restarting Traffic Categorization (TCATD) service ... Jun 04 11:04:53.481587 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 04 11:04:53.795644 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 04 11:04:53.796764 osdx osdx-tcatd[53090]: Dict_client. rdict_num 2 mark 5555 local-vrf Jun 04 11:04:53.796853 osdx osdx-tcatd[53090]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Jun 04 11:04:53.796927 osdx osdx-tcatd[53090]: Dict_client. rdict_num 1 mark 5555 local-vrf Jun 04 11:04:53.796970 osdx osdx-tcatd[53090]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Jun 04 11:04:53.833245 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 04 11:04:53.875919 osdx WARNING[53180]: No supported link modes on interface eth1 Jun 04 11:04:53.877482 osdx modulelauncher[53180]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Jun 04 11:04:53.877496 osdx modulelauncher[53180]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Jun 04 11:04:53.878589 osdx modulelauncher[53180]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Jun 04 11:04:53.878598 osdx modulelauncher[53180]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Jun 04 11:04:53.913301 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 04 11:04:53.958145 osdx WARNING[53260]: No supported link modes on interface eth0 Jun 04 11:04:53.959465 osdx modulelauncher[53260]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 04 11:04:53.959479 osdx modulelauncher[53260]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 04 11:04:53.961016 osdx modulelauncher[53260]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Jun 04 11:04:53.961026 osdx modulelauncher[53260]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Jun 04 11:04:54.144115 osdx cfgd[1850]: [31450]Completed change to active configuration Jun 04 11:04:54.155138 osdx OSDxCLI[31450]: User 'admin' committed the configuration. Jun 04 11:04:54.170453 osdx OSDxCLI[31450]: User 'admin' left the configuration menu. Jun 04 11:04:56.794838 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system conntrack clear'. Jun 04 11:04:56.950736 osdx osdx-tcatd[53090]: UDP_Server. Read 27 bytes Jun 04 11:04:56.950746 osdx osdx-tcatd[53090]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Jun 04 11:04:56.950765 osdx osdx-tcatd[53090]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 04 11:04:56.950780 osdx osdx-tcatd[53090]: UDP_Server. Read 27 bytes Jun 04 11:04:56.950782 osdx osdx-tcatd[53090]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Jun 04 11:04:56.950798 osdx osdx-tcatd[53090]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 04 11:04:56.953226 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:46152/10.215.168.1:80 Jun 04 11:04:56.953266 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:46152/10.215.168.1:80 Jun 04 11:04:56.953276 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Jun 04 11:04:56.953290 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:04:56.953300 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 04 11:04:56.964320 osdx osdx-tcatd[53090]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Jun 04 11:04:56.964338 osdx osdx-tcatd[53090]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Jun 04 11:04:56.964392 osdx osdx-tcatd[53090]: UDP_Server. Sent 38 bytes Jun 04 11:04:56.964766 osdx osdx-tcatd[53090]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Jun 04 11:04:56.964778 osdx osdx-tcatd[53090]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Jun 04 11:04:56.964810 osdx osdx-tcatd[53090]: UDP_Server. Sent 38 bytes Jun 04 11:04:56.965246 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 04 11:04:56.965288 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:04:56.965300 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:04:56.965312 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:04:56.965323 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:04:56.965334 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:04:56.965345 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Jun 04 11:04:56.965357 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 04 11:04:56.965368 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:04:56.965379 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:04:56.965390 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 04 11:04:56.965406 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:04:56.965417 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:04:56.965428 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=40035 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40035 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46152 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46152 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57028 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57028 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57026 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57026 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59854 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59854 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40268 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40268 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 19 35 3162 5751 ----------------------------------------------------- Total 19 35 3162 5751
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=40035 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40035 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46152 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46152 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57028 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57028 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57026 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57026 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59854 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59854 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=40268 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40268 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5790 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=37491 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37491 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=40035 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40035 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=46152 dport=80 packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46152 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57028 dport=443 packets=9 bytes=1555 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57028 packets=8 bytes=3329 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57026 dport=443 packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57026 packets=8 bytes=3358 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=59854 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59854 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46166 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46166 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=40268 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40268 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s916ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5824 0 --:--:-- --:--:-- --:--:-- 6166
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=46174 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=46174 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=40905 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40905 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/PM8RxZ+3VJlY59R2TDcFoR1ishHCYAHI= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19+dLFQakVsts9eNGYuHf9XTnGErprrELEWn0BrnYEqMhI352p3G93y set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/MVXNSYvMUkKyGL50KkMCpDca7XhnLQRI= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX195nzKImWX+utlrJELPoahGwB+sdCqn5rGnzWnGl6JeCYFtlVTaO7M5 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55140 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55140 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57048 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57048 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=40035 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40035 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=57475 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57475 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44336 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44336 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=49733 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49733 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=47977 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47977 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=50473 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50473 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] tcp 6 3599 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57060 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57060 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56825 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56825 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=55140 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55140 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57048 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57048 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=40035 dport=49000 packets=6 bytes=332 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40035 packets=6 bytes=398 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=45489 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45489 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=57475 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57475 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=44336 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44336 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51560 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51560 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=49733 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49733 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56749 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56749 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=44898 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=44898 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=55476 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55476 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=47977 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=47977 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=50473 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50473 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57060 dport=443 packets=12 bytes=1501 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57060 packets=8 bytes=1990 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Jun 04 11:05:05.653380 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Jun 04 11:05:05.653390 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.653401 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:05:05.653413 osdx kernel: app-detect: freed hash table Jun 04 11:05:05.653424 osdx kernel: app-detect: freed memory for hashes+appids Jun 04 11:05:05.653435 osdx kernel: app-detect: dictionary _remote_ deleted Jun 04 11:05:05.653452 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.653462 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Jun 04 11:05:05.653473 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.653483 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:05.653494 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Jun 04 11:05:05.653505 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.653515 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote Jun 04 11:05:05.653526 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.653536 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Jun 04 11:05:05.653547 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 04 11:05:05.653558 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 04 11:05:05.653568 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 04 11:05:05.653577 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 04 11:05:05.653589 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 04 11:05:05.653601 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 04 11:05:05.653613 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 04 11:05:05.653624 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 04 11:05:05.653635 osdx kernel: app-detect: dictionary _remote_ enabled Jun 04 11:05:05.653646 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.653657 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:05:05.653668 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 04 11:05:05.653681 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.653692 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:05.673243 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 04 11:05:05.673285 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.673294 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:05.673302 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:05:05.673310 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.673317 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:05.673326 osdx kernel: app-detect: dictionary _remote_ disabled Jun 04 11:05:05.673333 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.673340 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:05.673347 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.673354 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:05:05.673362 osdx kernel: app-detect: freed hash table Jun 04 11:05:05.673369 osdx kernel: app-detect: freed memory for hashes+appids Jun 04 11:05:05.673376 osdx kernel: app-detect: dictionary _remote_ deleted Jun 04 11:05:05.673383 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.673390 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:05.673410 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.673417 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:05.673424 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Jun 04 11:05:05.673432 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.673439 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:05.673446 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.673452 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Jun 04 11:05:05.673462 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Jun 04 11:05:05.673475 osdx kernel: app-detect: set type of dict _remote_ to remote Jun 04 11:05:05.673483 osdx kernel: app-detect: user set num_hash_entries=40000 Jun 04 11:05:05.673490 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Jun 04 11:05:05.673498 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Jun 04 11:05:05.673505 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Jun 04 11:05:05.673512 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Jun 04 11:05:05.673525 osdx kernel: app-detect: enable remote dictionary _remote_ Jun 04 11:05:05.673536 osdx kernel: app-detect: dictionary _remote_ enabled Jun 04 11:05:05.673544 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:05.673550 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:05.673559 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:05:05.673566 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:05.673574 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:05.698251 osdx INFO[53511]: Updated /etc/default/osdx_tcatd.conf Jun 04 11:05:05.698290 osdx INFO[53511]: Restarting Traffic Categorization (TCATD) service ... Jun 04 11:05:05.704580 osdx osdx-tcatd[53090]: UDP_Server. Received STOP signal. Cleanup Jun 04 11:05:05.704625 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 04 11:05:05.704619 osdx osdx-tcatd[53090]: Dict_client. Cleanup Jun 04 11:05:05.706821 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Jun 04 11:05:05.706978 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 04 11:05:05.721683 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 04 11:05:06.026803 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 04 11:05:06.028113 osdx osdx-tcatd[53515]: Dict_client. rdict_num 2 mark 5555 local-vrf Jun 04 11:05:06.039757 osdx osdx-tcatd[53515]: Dict_client. rdict_num 1 mark 5555 local-vrf Jun 04 11:05:06.198032 osdx cfgd[1850]: [31450]Completed change to active configuration Jun 04 11:05:06.200187 osdx OSDxCLI[31450]: User 'admin' committed the configuration. Jun 04 11:05:06.214921 osdx OSDxCLI[31450]: User 'admin' left the configuration menu. Jun 04 11:05:06.347197 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system conntrack clear'. Jun 04 11:05:08.427435 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:55140/10.215.168.66:53 Jun 04 11:05:08.427822 osdx osdx-tcatd[53515]: UDP_Server. Read 27 bytes Jun 04 11:05:08.427830 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Jun 04 11:05:08.427847 osdx osdx-tcatd[53515]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 04 11:05:08.427859 osdx osdx-tcatd[53515]: UDP_Server. Read 27 bytes Jun 04 11:05:08.427861 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Jun 04 11:05:08.427866 osdx osdx-tcatd[53515]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Jun 04 11:05:08.428980 osdx osdx-tcatd[53515]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Jun 04 11:05:08.428995 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Jun 04 11:05:08.429048 osdx osdx-tcatd[53515]: UDP_Server. Sent 38 bytes Jun 04 11:05:08.429227 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:55140/10.215.168.66:53 Jun 04 11:05:08.429260 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Jun 04 11:05:08.429273 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Jun 04 11:05:08.429284 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:05:08.429294 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 04 11:05:08.429304 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 04 11:05:08.429318 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:08.429327 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:08.429337 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:05:08.429346 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:08.429355 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:08.429364 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Jun 04 11:05:08.429372 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 04 11:05:08.429379 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:08.429387 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:05:08.429397 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 04 11:05:08.429406 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:08.429414 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:08.429421 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Jun 04 11:05:08.429268 osdx osdx-tcatd[53515]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "ag e": 0, "threathistory": 0}}}]} Jun 04 11:05:08.429277 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Jun 04 11:05:08.429312 osdx osdx-tcatd[53515]: UDP_Server. Sent 38 bytes Jun 04 11:05:08.542663 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:49733/10.215.168.66:53 Jun 04 11:05:08.543045 osdx osdx-tcatd[53515]: UDP_Server. Read 27 bytes Jun 04 11:05:08.543055 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Jun 04 11:05:08.543074 osdx osdx-tcatd[53515]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Jun 04 11:05:08.543087 osdx osdx-tcatd[53515]: UDP_Server. Read 27 bytes Jun 04 11:05:08.543090 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Jun 04 11:05:08.543100 osdx osdx-tcatd[53515]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Jun 04 11:05:08.548026 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:49733/10.215.168.66:53 Jun 04 11:05:08.548090 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Jun 04 11:05:08.548100 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Jun 04 11:05:08.548108 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:05:08.548116 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 04 11:05:08.548190 osdx osdx-tcatd[53515]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity" : 0, "age": 0, "threathistory": 0}}}]} Jun 04 11:05:08.548202 osdx osdx-tcatd[53515]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity" : 0, "age": 0, "threathistory": 0}}}]} Jun 04 11:05:08.548207 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Jun 04 11:05:08.548212 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Jun 04 11:05:08.548265 osdx osdx-tcatd[53515]: UDP_Server. Sent 38 bytes Jun 04 11:05:08.548451 osdx osdx-tcatd[53515]: UDP_Server. Sent 38 bytes Jun 04 11:05:08.549233 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 04 11:05:08.549264 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:08.549277 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:05:08.549289 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 04 11:05:08.549300 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:08.549311 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:08.549322 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Jun 04 11:05:08.549339 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 04 11:05:08.549351 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:08.549362 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:08.549373 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:05:08.549390 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:08.549407 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:08.549418 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Jun 04 11:05:08.664472 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:47977/10.215.168.66:53 Jun 04 11:05:08.668052 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:47977/10.215.168.66:53 Jun 04 11:05:08.668093 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Jun 04 11:05:08.668104 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Jun 04 11:05:08.668113 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:05:08.668153 osdx kernel: app-detect: search in dict _remote_, prio 2 Jun 04 11:05:08.668168 osdx osdx-tcatd[53515]: UDP_Server. Read 28 bytes Jun 04 11:05:08.668177 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Jun 04 11:05:08.668213 osdx osdx-tcatd[53515]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Jun 04 11:05:08.668228 osdx osdx-tcatd[53515]: UDP_Server. Read 28 bytes Jun 04 11:05:08.668231 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Jun 04 11:05:08.668238 osdx osdx-tcatd[53515]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Jun 04 11:05:08.670273 osdx osdx-tcatd[53515]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Jun 04 11:05:08.670296 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Jun 04 11:05:08.670309 osdx osdx-tcatd[53515]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Jun 04 11:05:08.670320 osdx osdx-tcatd[53515]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Jun 04 11:05:08.670343 osdx osdx-tcatd[53515]: UDP_Server. Sent 39 bytes Jun 04 11:05:08.670346 osdx osdx-tcatd[53515]: UDP_Server. Sent 39 bytes Jun 04 11:05:08.673255 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Jun 04 11:05:08.673285 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:08.673293 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Jun 04 11:05:08.673301 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Jun 04 11:05:08.673309 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:08.673316 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:08.673324 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Jun 04 11:05:08.673336 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Jun 04 11:05:08.673344 osdx kernel: app-detect: linked list of enabled dicts: Jun 04 11:05:08.673351 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Jun 04 11:05:08.673358 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Jun 04 11:05:08.673366 osdx kernel: app-detect: linked list of disabled dicts: Jun 04 11:05:08.673373 osdx kernel: app-detect: (empty, no dicts) Jun 04 11:05:08.673379 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Jun 04 11:05:08.795681 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system conntrack show'. Jun 04 11:05:09.891125 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:44898/10.215.168.66:53 Jun 04 11:05:09.891390 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:44898/10.215.168.66:53 Jun 04 11:05:09.891410 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Jun 04 11:05:09.891418 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Jun 04 11:05:09.891426 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:05:09.891434 osdx kernel: app-detect: appid 82000007 found in hash dictionary Jun 04 11:05:09.891461 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Jun 04 11:05:09.987387 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:56749/10.215.168.66:53 Jun 04 11:05:09.987679 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:56749/10.215.168.66:53 Jun 04 11:05:09.987717 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Jun 04 11:05:09.987757 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Jun 04 11:05:09.987767 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:05:09.987774 osdx kernel: app-detect: appid 8200000f found in hash dictionary Jun 04 11:05:09.987782 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Jun 04 11:05:10.102106 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:45489/10.215.168.66:53 Jun 04 11:05:10.102383 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:45489/10.215.168.66:53 Jun 04 11:05:10.102407 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Jun 04 11:05:10.102419 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Jun 04 11:05:10.102428 osdx kernel: app-detect: search in dict _remote_, prio 1 Jun 04 11:05:10.102454 osdx kernel: app-detect: appid 82000004 found in hash dictionary Jun 04 11:05:10.102477 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Jun 04 11:05:10.208253 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 28s52ms 192.168.2.10 U130:15 28s148ms 192.168.2.20 U130:4 28s264ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s980ms 192.168.2.10 U130:15 28s76ms 192.168.2.20 U130:4 28s192ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s824ms 192.168.2.10 U130:15 27s920ms 192.168.2.20 U130:4 28s36ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s700ms 192.168.2.10 U130:15 27s796ms 192.168.2.20 U130:4 27s912ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+Z2NM/QQqM9D0HHjaHB1mtM7kp6UVAQCs= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+YJ3bvnWEOlDhgMfzwomLYE8ECiNGHdc8yDYZ5gaytwZrAgRiCX0MN set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19eS6pJqXOCVStoVnpsiN4z6dKpntIVM+A= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/jguIb5JtUJNMKgDkZg5iZ1a8UW6u3FXBuBzAJm6dSxBGCTh8asubg set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5345 0 --:--:-- --:--:-- --:--:-- 6166
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 4694 0 --:--:-- --:--:-- --:--:-- 5285
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=54494 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=54494 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=54810 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=54810 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=54500 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=54500 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=40035 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=40035 packets=2 bytes=132 mark=0 use=1 appdetect[L3:17;L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=53927 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53927 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52396 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52396 packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=54490 dport=80 packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=54490 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=39744 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39744 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52406 dport=443 packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52406 packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L3:6;L4:443] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m55s32ms 192.168.2.10 U130:15;U131:25 28s804ms 192.168.2.20 U130:4;U131:92 28s892ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s964ms 192.168.2.10 U130:15;U131:25 28s736ms 192.168.2.20 U130:4;U131:92 28s824ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m54s856ms 192.168.2.10 U130:15;U131:25 28s628ms 192.168.2.20 U130:4;U131:92 28s716ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19bwgCGg9qIoqFFEQUAjODwfeCs0ruBrbg= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19kd23FHnTO5Zbn1/U0OEl7VqOHsE07GI4=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-06-04 11:05:29.604228+00:00 1 52.44 DICTERROR2 true 2026-06-04 11:05:29.603978+00:00 1 52.47
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18AXNVIx2bEGsRtU8vPoWhhUeHU47+jHcQ= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19mXfOL7HiYYH8AyjRzb1HyyCaIYpLW3es=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-06-04 11:05:36.142952+00:00 2026-06-04 11:05:29.604228+00:00 2 40.67 DICTERROR2 false 2026-06-04 11:05:36.142686+00:00 2026-06-04 11:05:29.603978+00:00 2 40.69
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/E0n2eqagfuYFetEzJaU7/GOqqkSSq+Jo= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+9P0wcaGCD+FJMExCnzb0tkkXRNyFcAFyyPoph5TS3ymyrRQ/Gp1a2 set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18rWddTIIbtkoTFX0cDGo+N5SS/cKCrCXA= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX183shQI+V0407p21Y86DeYsS0NCEHdT2Og4cfp/54B88qgI3b77yDG4 set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=1.07 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.069/1.069/1.069/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49818 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49818 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59658 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59658 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=41829 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41829 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=58438 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=58438 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=49114 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49114 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=58440 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=58440 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 20 36 3214 5783 ----------------------------------------------------- Total 20 36 3214 5783
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6174 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49818 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49818 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=59658 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59658 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=41829 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41829 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=43955 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43955 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=49824 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49824 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=58438 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=58438 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=49114 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49114 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=58440 dport=443 vrf=MYVRF packets=10 bytes=1607 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=58440 vrf=MYVRF packets=9 bytes=3410 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33304 dport=443 vrf=MYVRF packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33304 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=49818 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49818 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=33254 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33254 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49826 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49826 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33292 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33292 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=49114 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49114 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8171 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33304 dport=443 vrf=MYVRF packets=3 bytes=480 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33304 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=49818 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49818 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=33254 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33254 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=49826 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49826 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33292 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33292 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=45103 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45103 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=49114 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49114 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=49830 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49830 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 297 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33314 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33314 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 8 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=49826 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49826 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 299 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=36502 dport=80 vrf=MYVRF packets=7 bytes=1737 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36502 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3597 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33310 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33310 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=127.0.0.1 dst=127.0.0.1 sport=49114 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49114 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=50515 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50515 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7520 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33314 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33314 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=37128 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=37128 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 6 CLOSE src=192.168.2.101 dst=10.215.168.1 sport=49826 dport=80 vrf=MYVRF packets=4 bytes=457 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=49826 vrf=MYVRF packets=3 bytes=444 [ASSURED] mark=0 use=1 appdetect[L4:80] tcp 6 298 ESTABLISHED src=192.168.2.101 dst=10.215.168.1 sport=36502 dport=80 vrf=MYVRF packets=8 bytes=2062 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36502 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=36510 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36510 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=33310 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=33310 vrf=MYVRF packets=2 bytes=623 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=49114 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=49114 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=50515 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=50515 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.