< Home

Example: Configuring a UDP Test

FW_A serves as an NQA client to check the connectivity between the client and a specified UDP port on a server and measures the speed at which UDP packets are transmitted between the client and server.

Networking Requirements

As shown in Figure 1, FW_A serves as an NQA client, while FW_B serves as an NQA server. A UDP test is configured to measure the speed at which UDP packets are transmitted between FW_A and FW_B.

Figure 1 Networking diagram for a UDP test

Procedure

  1. Set IP addresses for interfaces and assign the interfaces to security zones.

    # Set an IP address for the interface on FW_A.

    <FW_A> system-view
[FW_A] interface GigabitEthernet 0/0/1
[FW_A-GigabitEthernet0/0/1] ip address 1.1.1.1 24
[FW_A-GigabitEthernet0/0/1] quit

    # Assign the interface on FW_A to the Untrust zone.

    [FW_A] firewall zone untrust
[FW_A-untrust] add interface GigabitEthernet 0/0/1
[FW_A-untrust] quit

    # Set an IP address for the interface on FW_B.

    <FW_B> system-view
[FW_B] interface GigabitEthernet 0/0/1
[FW_B-GigabitEthernet0/0/1] ip address 2.2.2.2 24
[FW_B-GigabitEthernet0/0/1] quit

    # Assign the interface on FW_B to the Untrust zone.

    [FW_B] firewall zone untrust
[FW_B-untrust] add interface GigabitEthernet 0/0/1
[FW_B-untrust] quit

  2. Configure security policies.

    # Configure a security policy on FW_A.

    [FW_A] security-policy
[FW_A-policy-security] rule name nqa
[FW_A-policy-security-rule-nqa] source-zone local
[FW_A-policy-security-rule-nqa] destination-zone untrust
[FW_A-policy-security-rule-nqa] source-address 1.1.1.1 32
[FW_A-policy-security-rule-nqa] destination-address 2.2.2.2 32
[FW_A-policy-security-rule-nqa] action permit
[FW_A-policy-security-rule-nqa] quit
[FW_A-policy-security] quit

    # Configure a security policy on FW_B.

    [FW_B] security-policy
[FW_B-policy-security] rule name nqa
[FW_B-policy-security-rule-nqa] source-zone untrust
[FW_B-policy-security-rule-nqa] destination-zone local
[FW_B-policy-security-rule-nqa] source-address 1.1.1.1 32
[FW_B-policy-security-rule-nqa] destination-address 2.2.2.2 32
[FW_B-policy-security-rule-nqa] action permit
[FW_B-policy-security-rule-nqa] quit
[FW_B-policy-security] quit

  3. Configure FW_B as the NQA server.

    # Set an IP address and a port number for listening to UDP connection requests.

    [FW_B] nqa-server udpecho 2.2.2.2 6000

  4. Configure FW_A as the NQA client.

    # Configure a UDP test instance.

    [FW_A] nqa test-instance admin udp
[FW_A-nqa-admin-udp] test-type udp
[FW_A-nqa-admin-udp] destination-address ipv4 2.2.2.2
[FW_A-nqa-admin-udp] destination-port 6000

    # Immediately start the test.

    [FW_A-nqa-admin-udp] start now

Verification

Run the display nqa results command on FW_A to view the test results.

<FW_A> display nqa results
 NQA entry(admin, udp) :testFlag is inactive ,testtype is udp
  1 . Test 1 result   The test is finished
   Send operation times: 3              Receive response times: 3          
   Completion:success                   RTD OverThresholds number: 0       
   Attempts number:1                    Drop operation number:0            
   Disconnect operation number:0        Operation timeout number:0         
   System busy operation number:0       Connection fail number:0           
   Operation sequence errors number:0   RTT Status errors number:0         
   Destination ip address:10.7.1.10                                      
   Min/Max/Average Completion Time: 32/109/67
   Sum/Square-Sum  Completion Time: 203/16749
   Last Good Probe Time: 2016-8-5 16:9:21.6
   Lost packet ratio: 0 %

Configuration Scripts

Configuration script of FW_A

#
sysname FW_A
#
interface GigabitEthernet 0/0/1
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet 0/0/1
#
security-policy
 rule name nqa
  source-zone local
  destination-zone untrust
  source-address 1.1.1.1 32
  destination-address 2.2.2.2 32
  action permit
#
nqa test-instance admin udp
 test-type udp
 destination-address ipv4 2.2.2.2
 destination-port 6000
 start now /*This command is a one-time action. Therefore, the result is not saved in the configuration file.*/

Configuration script of FW_B

#
sysname FW_B
#
interface GigabitEthernet 0/0/1
 undo shutdown
 ip address 2.2.2.2 255.255.255.0
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet 0/0/1
#
security-policy
 rule name nqa
  source-zone untrust
  destination-zone local
  source-address 1.1.1.1 32
  destination-address 2.2.2.2 32
  action permit
#
nqa-server udpecho 2.2.2.2 6000
Parent Topic: Configuration Examples for NQA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >