|
Review the below example session table outcome for a session routed by the SD-WAN rule, note the IP addresses were substituted by characters for security reasons:
session info: proto=6 proto_state=05 duration=2 expire=0 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty f00
statistic(bytes/packets/allow_err): org=3809/14/1 reply=24914/22/1 tuples=2
tx speed(Bps/kbps): 1677/13 rx speed(Bps/kbps): 10975/87
orgin->sink: org pre->post, reply pre->post dev=11->3/3->11 gwy=z.z.z.z/x.x.x.x <<< This line shows the interface index numbers, explained in step 1
hook=post dir=org act=snat x.x.x.x:63232->y.y.y.y:443(z.z.z.z:63232)
hook=pre dir=reply act=dnat y.y.y.y:443->z.z.z.z:63232(x.x.x.x:63232)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=6 pol_uuid_idx=14730 auth_info=0 chk_client_info=0 vd=0
serial=0013a5c6 tos=ff/ff app_list=0 app=0 url_cat=0
sdwan_mbr_seq=1 sdwan_service_id=1 <<< routing follows the SD-WAN rule number 1 and selected member is member 1
rpdb_link_id=ff000001 ngfwid=n/a
npu_state=0x000100
no_ofld_reason: npu-flag-off
- Refer to the arrows pointing to the below section from the session table:
Below section is the routing, from interface index 11 to 3 and from 3 to 11.
orgin->sink: org pre->post, reply pre->post dev=11->3/3->11 gwy=z.z.z.z/x.x.x.x
Index 11 and index 3 are the kernel index numbers for the real interface numbers.
-
To find out the real interface numbers, use the below command:
For interface index= 3 which is the outgoing interface in this scenario:
diag net interface list | grep index=3
if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0 <----- 'if=port1' means interface=port1.
For interface index=11 which is the incoming interface:
# diag net interface list | grep index=11
if=port9 family=00 type=1 index=11 mtu=1500 link=0 master=0 <-----'if=port9' means interface=port9.
These indexes are created by the kernel. It is not possible to change them.
-
From the session table below section, it is obvious the traffic is routed to port1 according to a configured SD-WAN rule id 1:
sdwan_mbr_seq=1 sdwan_service_id=1
-
SD-WAN member interface number can be retrieved, from the kernel index number using the below command:
diag sys sdwan zone
Zone Underlay-01 index=2
members(2): 3(port1) 4(port2) <----- 3 is kernel index for interface port1 and 4 is kernel index for interface port2.
Zone virtual-wan-link index=1
members(0):
SD-WAN member sequence number is created when the interface is added to SD-WAN.
By default, the index will start from 1. But if a member is configured via CLI, it is also possible to use another, higher interface index (max index is 512).
|
