Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional...
Configuring an ACL Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document. An ACL is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are used primarily for packet filtering.
Page 8
auto—Sorts ACL rules in depth-first order. Depth-first ordering ensures that any subset of a rule is always matched before the rule. Table 1 lists the sequence of tiebreakers that depth-first ordering uses to sort rules for each type of ACL. Table 1 Sort ACL rules in depth-first order ACL category Sequence of tie breakers...
Traditional packet filtering matches only first fragments of IPv4 packets, and allows all subsequent non-first fragments to pass through. Attackers can fabricate non-first fragments to attack networks. To avoid the risks, the HP ACL implementation: Filters all fragments by default, including non-first fragments.
Configuration task lists IPv4 ACL configuration task list Task Remarks Configuring a time range Optional Configuring an IPv4 basic ACL Required Configuring an IPv4 advanced ACL Configure at least one task Configuring an Ethernet frame header ACL Copying an IPv4 ACL Optional Enabling IPv4 ACL acceleration Optional...
Create a maximum of 256 time ranges, each with 32 periodic statements and 12 absolute statements at most. To do… Command… Remarks Enter system view. system-view –– Required. time-range time-range-name { start-time to end-time days [ from By default, no time range exists. Configure a time range.
Configuring an IPv6 basic ACL To do… Command… Remarks Enter system view. system-view –– Required. By default, no ACL exists. acl ipv6 number acl6-number IPv6 basic ACLs are numbered in Create an IPv6 basic ACL view [ name acl6-name ] [ match-order the range 2000 to 2999.
Page 13
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering. To do… Command… Remarks Enter system view. system-view –– Required. By default, no ACL exists. acl number acl-number [ name IPv4 advanced ACLs are Create an IPv4 advanced ACL acl-name ] [ match-order { auto | numbered in the range 3000 to and enter its view.
Configuring an IPv6 advanced ACL IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6 address, protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number, TCP/UDP destination port number, ICMP message type, and ICMP message code. Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
Configuring an Ethernet frame header ACL Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type. To do…...
To achieve the best trade-off between memory and ACL processing performance, HP recommends enabling ACL acceleration for large ACLs. For example, when you use a large ACL for a session-based service, such as NAT or ASPF, enable ACL acceleration to avoid session timeouts caused by ACL processing delays.
Displaying and maintaining ACLs To do... Command… Remarks display acl { acl-number | all | name Display the IPv4 ACL configuration and acl-name } [ | { begin | exclude | Available in any view. match statistics (centralized device). include } regular-expression ] display acl { acl-number | all | name Display the IPv4 ACL configuration and acl-name } [ slot slot-number ] [ |...
Page 18
Figure 1 IPv4 ACL Financial database server 192.168.0.100/24 GE1/0/1 GE1/0/2 GE1/0/4 Router A GE1/0/3 ’ Financial department Marketing department President s office 192.168.2.0/24 192.168.3.0/24 192.168.1.0/24 Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. <RouterA>...
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms The output shows that the database server can be pinged.
Page 20
Figure 2 IPv6 ACL Financial database server 1000::100/16 GE1/0/1 GE1/0/2 GE1/0/4 Router A GE1/0/3 Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. <RouterA> system-view [RouterA] time-range work 8:0 to 18:0 working-day # Create an IPv6 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits access from the president’s office to the database server, one rule permits access from the financial department to the database server during working hours, and one rule denies access from other departments to the database server.
Page 21
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms The output shows the database server can be pinged. # Ping the database server from a PC in the marketing department during working hours. C:\>...
QoS overview In data communications, QoS is the capability of a network to provide differentiated service guarantees for diverse traffic in terms of bandwidth, delay, jitter, and drop rate. Network resources are scarce. The contention for resources requires that QoS prioritize important traffic flows over trivial ones.
DiffServ model The DiffServ model is a multiple-service model that can satisfy diverse QoS requirements. It is easy to implement and extend. DiffServ does not signal the network to reserve resources before sending data, as IntServ does. All QoS techniques in this document are based on the Diff-Serv model. QoS techniques The QoS techniques fall into traffic classification, traffic policing, traffic shaping, line rate, congestion management, and congestion avoidance.
Congestion avoidance monitors the network resource usage and is usually applied to the outgoing traffic of a port. When congestion worsens, congestion avoidance actively reduces the queue length by dropping packets. QoS processing flow in a device Figure 4 briefly describes how the QoS module processes traffic: The traffic classifier identifies and classifies traffic for subsequent QoS actions.
Configuring QoS The following approaches are available for configuring QoS: Non-policy approach Policy approach. Some features support both approaches, but some support only one. Non-policy approach In non-policy approach, configure QoS service parameters directly without using a QoS policy. For example, use the line rate feature to set a rate limit on an interface without using a QoS policy.
Configuring a QoS policy Figure 5 shows how to configure a QoS policy. Figure 5 QoS policy procedure Define a class Define a behavior Define a policy Apply the policy To an To online To a interface users VLAN or PVC Defining a class To define a class, specify its name and then configure the match criteria in class view.
MPLS EXP-based predefined classes—mpls-exp0, mpls-exp1, …mpls-exp7: Matches MPLS EXP value 0, 1, …7, respectively. To do… Command… Remarks Enter system view. system-view — Required. By default, the operator of a class is AND. The operator of a class can be AND or OR. Create a class and enter class traffic classifier tcl-name ...
Defining a policy You associate a behavior with a class in a QoS policy to perform the actions defined in the behavior for the class of packets. A QoS policy can contain multiple class-to-behavior associations, which are matched in the order they are configured.
To nest a child QoS policy in a parent QoS policy: To do… Command… Remarks Enter system view. system-view — Create a class for the parent policy and traffic classifier tcl-name — enter class view. [ operator { and | or } ] Configure match criteria.
Page 30
To do… Command… Remarks Enter system view. system-view — Enter interface interface-type Use either command. interface interface-number Settings in interface view take view Enter interface view or effect on the current interface. PVC view. interface atm interface-number Settings in PVC view take effect Enter PVC on the current PVC.
Applying the QoS policy to a VLAN QoS policies cannot be applied to dynamic VLANs, for example, VLANs created by GVRP. VLAN QoS policies are applied globally to all interface cards. If the hardware resources of an interface card are insufficient, applying a QoS policy to VLANs may fail on the interface card. The system does not automatically roll back the QoS policy configuration already applied to the main processing unit or other interface cards.
Configuring priority mapping The features in this chapter are available only on routers with a SAP interface card working in bridge mode. Overview When a packet arrives, a router assigns a set of QoS priority parameters to the packet based on a certain priority field carried in the packet or the port priority of the incoming port, depending on your configuration.
Configuration task list Configure priority mapping in any of the following approaches: Configuring priority trust mode―In this approach, configure a port to look up a certain priority, 802.1p for example, in incoming packets, in the priority mapping tables. If no packet priority is trusted, the port priority of the incoming port is used.
Configuring a port to trust packet priority for priority mapping Configure the router to trust a particular priority field carried in packets for priority mapping on ports or globally. To configure the trusted packet priority type on an interface or port group: To do…...
Configuration examples Priority trust mode configuration example Network requirements As shown in Figure 6, Router A is connected through its GigabitEthernet 1/0/1 port to Router C. The IP precedence of its traffic is 3. Router B is connected through its GigabitEthernet 1/0/2 port to Router C. The IP precedence of its traffic is 1.
Approach 2 # Assign port priority to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. Ensure the priority of GigabitEthernet 1/0/1 is higher than GigabitEthernet 1/0/2. <RouterC> system-view [RouterC] interface gigabitethernet 1/0/1 [RouterC-GigabitEthernet1/0/1] qos priority 3 [RouterC-GigabitEthernet1/0/1] quit [RouterC] interface gigabitethernet 1/0/2 [RouterC-GigabitEthernet1/0/2] qos priority 1 [RouterC-GigabitEthernet1/0/2] quit Priority mapping table and priority marking configuration example...
Page 37
Figure 7 Priority mapping table and priority marking Internet Host Host Server Server GE1/0/5 Management R&D GE1/0/2 GE1/0/3 department department GE1/0/4 GE1/0/1 Router Data server Host Server Mail server Public Marketing servers department Configuration procedure Configure trusting port priority # Set the port priority of GigabitEthernet 1/0/1 to 3. <Router>...
Page 38
Configure the priority mapping table # Configure the 802.1p-to-local priority mapping table to map 802.1p priority values 3, 4, and 5 to local precedence values 2, 6, and 4. This guarantees the R&D department, management department, and marketing department decreased priorities to access the public server. [Router] qos map-table dot1p-lp [Router-maptbl-dot1p-lp] import 3 export 2 [Router-maptbl-dot1p-lp] import 4 export 6...
Configuring traffic policing, traffic shaping, and line rate Traffic policing, traffic shaping, and rate limit are QoS technologies that help assign network resources, such as bandwidth. These technologies increase network performance and user satisfaction. For example, configure a flow to use only the resources committed to it in a certain time range, which avoids network congestion caused by burst traffic.
CBS is implemented with bucket C, and EBS with bucket E. In each evaluation, packets are measured against the buckets and colored following these rules: If bucket C has enough tokens, packets are colored green. If bucket C does not have enough tokens but bucket E has enough tokens, packets are colored yellow. ...
Traffic shaping Traffic shaping provides measures to adjust the rate of outbound traffic actively. A typical traffic shaping application limits the local traffic output rate according to the downstream traffic policing parameters. The difference between traffic policing and GTS is that packets to be dropped with traffic policing are retained in a buffer or queue with GTS, as shown in Figure 9.
Line rate The line rate of a physical interface specifies the maximum rate for forwarding packets (including critical packets). Line rate also uses token buckets for traffic control. With line rate configured on an interface, all packets to be sent through the interface are first handled by the token bucket at line rate. If enough tokens are in the token bucket, packets can be forwarded.
Configuring traffic policing Configure traffic policing in either policy approach or non-policy approach. If traffic policing is configured in both policy approach and non-policy approach, the configuration in policy approach takes effect. Configuring traffic policing in policy approach To do… Command…...
Configuring traffic policing in non-policy approach Configuring CAR list-based traffic policing To do… Command… Remarks Enter system view. system-view — qos carl carl-index { precedence precedence- value | mac mac-address | mpls-exp mpls- Required. exp-value | dscp dscp-list | { destination-ip- Configure a CAR list.
To do… Command… Remarks gts cir committed-information-rate [ cbs In absolute value committed-burst-size [ ebs excess-burst-size Configure a GTS [ queue-length queue-length ] ] ] Required. action. gts percent cir cir-percent [ cbs cbs-time [ ebs In percentage ebs-time ] ] Return to system view.
Configuring the line rate To do… Command… Remarks Enter system view. system-view — Enter interface view. interface interface-type interface-number — qos lr outbound cir committed-information- Configure the line rate for the interface. rate [ cbs committed-burst-size [ ebs excess- Required. burst-size ] ] Configuring packet resequencing When the network traffic is out of sequence, some systems that cannot resequence packets, such as a video...
Configuration examples Network requirements As shown in Figure GigabitEthernet 1/0/3 of Router A is connected to GigabitEthernet 1/0/1 of Router B. Server, Host A, and Host B can access the Internet through Router A and Router B. Server, Host A, and GigabitEthernet 1/0/1 of Router A are in the same network segment. ...
Page 48
Configuration procedure Configure Router A # Configure GTS on GigabitEthernet 1/0/3, shaping the packets when the sending rate exceeds 500 kbps to decrease the packet loss rate of GigabitEthernet 1/0/1 of Router B. <RouterA> system-view [RouterA] interface gigabitethernet 1/0/3 [RouterA-GigabitEthernet1/0/3] qos gts any cir 500 [RouterA-GigabitEthernet1/0/3] quit # Configure ACLs to permit the packets from Server and Host A.
IP rate limiting configuration example Network requirements As shown in Figure 13, limit the rate of packets entering GigabitEthernet 1/0/2 of the Router as follows: Perform per-IP-address rate limiting for traffic sourced from Host A through Host Z, which are on the network segment 2.1.1.1 through 2.1.1.100, with the per-IP-address rate limit of 500 bps.
Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes.
Page 51
Table 3 Congestion management technology comparison Number of Type Advantages Disadvantages queues All packets are treated equally. The available bandwidth, delay, and drop probability are determined by the arrival order of packets. No restriction on traffic from connectionless protocols (protocols ...
Number of Type Advantages Disadvantages queues Flexible traffic classification based on various rules and differentiated queue scheduling mechanisms for EF, AF, and BE services Highly precise bandwidth guarantee and queue scheduling on the basis of AF service weights for various AF services Configurable ...
Page 53
FIFO does not address congestion problems. If only one FIFO output/input queue exists on a port, you cannot ensure timely delivery of mission-critical or delay-sensitive traffic or smooth traffic jitter. The situation worsens if malicious traffic is present to occupy bandwidth aggressively. To control congestion and prioritize forwarding of critical traffic, you must use other queue scheduling mechanisms, where multiple queues can be configured.
Page 54
Figure 17 CQ Queue 0 Priority queue Queue 1 Packets to be sent through this interface Packets sent Queue 2 Interface …… Queue 15 Classify Schedule Sending queue Queue 16 CQ provides 17 queues, numbered from 0 to 16. Queue 0 is a reserved system queue, and queues 1 through 16 are customer queues, as shown in Figure 17.
Page 55
Figure 18 WFQ Queue 1 weight 1 Packets to be sent through this interface Packets sent Queue 2 weight 2 Interface …… Queue N-1 weight N-1 Classify Schedule Sending queue Queue N weight N Before WFQ is introduced, ensure you have understood FQ. FQ is designed for fairly allocating network resources to reduce delay and jitter of each traffic flow as possible.
Page 56
Class-based queuing Figure 19 CBQ Emergency queue Packets to be sent out this interface AF 1 Packets sent …… AF 64 Classify Schedule Default queue CBQ extends WFQ by supporting user-defined classes. When network congestion occurs, CBQ enqueues packets by user-defined traffic classification rules. Before that, congestion avoidance actions, such as tail drop or WRED and bandwidth restriction check, are performed before packets are enqueued.
The system matches packets with classification rules in the following order: Match packets with priority classes and then the other classes Match packets with priority classes in the configuration order Match packets with other classes in the configuration order ...
To do… Command… Remarks interface atm Enter PVC interface-number view pvc vpi/vci Required. 1024 for the GE interface of an A6602 router or an FIP-210/SAP interface card. qos fifo queue-length Configure the FIFO queue size. queue-length 1024 for the POS interface of an A6602 router or an FIP-210 interface card.
Configuration procedure Configure Router A # Configure ACLs to match the packets from Server and Host A, respectively. [RouterA] acl number 2001 [RouterA-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0 [RouterA] acl number 2002 [RouterA-acl-basic-2002] rule permit source 1.1.1.2 0.0.0.0 # Configure a PQ list that assigns the packets from Server to the top queue and those from Host A to the bottom queue when congestion occurs.
To do… Command… Remarks Required. Apply the CQ list to the interface. qos cq cql cql-index FIFO applies by default. display qos cq interface [ interface- Optional. Display interface CQ list type interface-number ] [ | { begin | configuration information. exclude | include } regular- Available in any view.
To do… Command… Remarks display qos wfq interface [ interface-type Optional. Display interface WFQ interface-number ] [ | { begin | exclude | configuration information. Available in any view. include } regular-expression ] WFQ configuration example Network requirements Configure WFQ on Serial 2/0/1, setting the maximum queue size to 100, and the total number of queues to 512.
Predefined traffic behaviors The system predefines some of the following traffic behaviors and defines QoS features for them: ef—Assigns a class of packets to the EF queue and assigns 20% of the available interface/PVC bandwidth to the class of packets. ...
Defining a traffic behavior To define a traffic behavior, create the traffic behavior first and then configure QoS attributes in traffic behavior view. Configuring AF and the minimum guaranteed bandwidth To do… Command… Remarks Enter system view. system-view — Required. Create a traffic behavior and enter traffic behavior The specified behavior name...
Configuring WFQ To do… Command… Remarks Enter system view. system-view — Required. Create a traffic behavior and The specified traffic behavior name traffic behavior behavior-name enter traffic behavior view. cannot be the name of any system-defined behavior. queue wfq [ queue-number Configure WFQ.
Using WRED drop When the WRED drop configuration is removed, other configurations under it are deleted. The WRED configuration in QoS policies overrides the WRED configuration directly configured on interfaces. To do… Command… Remarks Enter system view. system-view — Required. Create a traffic behavior traffic behavior and enter traffic...
Page 67
Configuring DSCP values in WRED To perform this configuration, ensure DSCP-based WRED drop has been enabled with wred dscp. To do… Command… Remarks Enter system view. system-view — Required Create a traffic behavior traffic behavior The specified traffic behavior name cannot and enter traffic behavior behavior-name be the name of any system-defined...
Defining a QoS policy A QoS policy is a set of class-to-behavior associations. A behavior is a set of QoS actions, such as queue scheduling (for example, EF, AF, and WFQ), traffic policing, traffic shaping, WRED, and priority marking. To associate a traffic behavior with a specific class in policy view: To do…...
NOTE: HP recommends configuring the maximum available interface bandwidth to be smaller than the actual available bandwidth of the physical interface or logical link. On a primary channel or template interface (such as VT) configured with qos max-bandwidth, AF and EF queues perform queue bandwidth check and calculation based on the bandwidth specified with qos max-bandwidth;...
# Enter interface view. [Sysname] interface gigabitethernet 1/0/1 # Set the maximum available bandwidth to 60 kbps on interface GigabitEthernet 1/0/1. [Sysname-GigabitEthernet1/0/1] qos max-bandwidth 60 Setting the maximum reserved bandwidth as a percentage of available bandwidth The maximum reserved bandwidth is set on a per-interface basis. It decides the maximum bandwidth assignable for the QoS queues on an interface.
CBQ configuration example Network requirements As shown in Figure 22, traffic travels from Router C to Router D through Router A and Router B. Configure a QoS policy to meet the following requirements: Traffic from Router C is classified into three classes based on DSCP values; perform AF for traffic with the ...
[RouterA] traffic behavior af21_behav [RouterA-behavior-af21_behav] queue af bandwidth pct 5 [RouterA-behavior-af21_behav] quit # Define a traffic behavior, and enable EF and set a maximum bandwidth percentage of 30% (both bandwidth and delay are guaranteed for EF traffic) in the traffic behavior. [RouterA] traffic behavior ef_behav [RouterA-behavior-ef_behav] queue ef bandwidth pct 30 [RouterA-behavior-ef_behav] quit...
HP recommends setting the token number to 1 on an interface for FTP transmission. If the upper layer protocol, UDP, for example, does not provide flow control, do not use the QoS token function to improve data transmission efficiency.
<Sysname> system-view # Enter interface view. [Sysname] interface serial 1/0/1 # Set the number of QoS tokens to 1, and re-enable the interface to make the configuration take effect. [Sysname-Serial1/0/1] qos qmtoken 1 [Sysname-Serial1/0/1] shutdown [Sysname-Serial1/0/1] undo shutdown Configuring packet information pre-extraction On a logical interface, such as a tunnel, RPR logical, Layer 3 aggregate, or HDLC link bundle interface, if the interface has processed the incoming IP packets, for example, if the tunnel interface has used GRE to encapsulate packets, the GRE-encapsulated packets enter the QoS module for processing.
Configuring hardware congestion management The features in this chapter are available only on routers with a SAP interface card working in bridge mode. Overview Network congestion degrades service quality on a traditional network. Congestion is a situation where the forwarding rate decreases due to insufficient resources, resulting in extra delay. Congestion is more likely to occur in complex packet switching circumstances.
Page 76
SP queuing SP queuing is designed for mission-critical applications, which require preferential service to reduce the response delay when congestion occurs. Figure 24 SP queuing schematic diagram Queue 7 High priority Packets to be sent through this port Queue 6 Sent packets Interface ……...
Page 77
WRR queuing WRR queuing schedules all the queues in turn to ensure every queue can be served for a certain time, as shown in Figure Figure 25 WRR queuing schematic diagram Queue 0 Weight 1 Packets to be sent through this port Queue 1 Weight 2 Sent packets...
Page 78
WFQ queuing Figure 26 WFQ queuing schematic diagram Queue 1 Band width 1 Packets to be sent through this port Queue 2 Band width 2 Sent packets Interface …… Queue N-1 Band width N-1 Sending queue Queue Packet scheduling classification Queue N Band width N WFQ is similar to WRR.
Configuration task list To manage hardware congestion, use either of the following: Configure queue scheduling for each queue in interface view or port group view, as described in Per-queue hardware congestion management. Configure queue scheduling in a QoS policy, as described in Configuring CBQ.
Configuration example Network requirements Configure GigabitEthernet 1/0/1 to use SP queuing. Configuration procedure # Enter system view <Sysname> system-view # Configure GigabitEthernet 1/0/1 to use SP queuing. [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qos sp Configure WRR queuing WRR queuing includes basic WRR queuing and group-based WRR queuing. With a WRR queue configured on an interface, WRR queuing is enabled on the interface, and other queues on the interface use the default WRR scheduling value and are assigned to the default WRR priority group.
Page 81
Configuring group-based WRR queuing To do… Command… Remarks Enter system view. system-view — Enter Use either command. interface interface-type interface Settings in interface view take interface-number view Enter interface view or effect on the current interface. port group view. Settings in port group view take Enter port port-group manual effect on all ports in the port...
[Sysname-GigabitEthernet1/0/1] qos wrr 4 group 1 weight 10 Configuring WFQ queuing With a WFQ queue configured, an interface has WFQ enabled. Other queues on the interface use the default WFQ scheduling value, which varies with router models. Configuring basic WFQ queuing To do…...
To do… Command… Remarks display qos wfq interface [ interface-type interface Optional. Display queuing -number ] [ | { begin | configuration. Available in any view. exclude | include } regular- expression ] Configuration example Network requirements Configure WFQ queues on an interface and assign the scheduling weight 1, 5, 10, 20, and 10 to queue 1, queue 3, queue 4, queue 5, and queue 6, respectively.
Defining a class To do… Command… Remarks Enter system view. system-view — Required. traffic classifier tcl-name By default, the and keyword is Create a class and enter class view. [ operator { and | or } ] used, and the relation between match criteria is logical AND.
Page 85
Configuring WFQ To do… Command… Remarks Enter system view. system-view — Required. Create a traffic behavior and The specified traffic behavior name traffic behavior behavior-name enter traffic behavior view. cannot be the name of any system-defined behavior. Configure WFQ. queue wfq Required.
Defining a QoS policy To associate a traffic behavior with a specific class in policy view: To do… Command… Remarks Enter system view. system-view — Create a policy and enter qos policy policy-name — policy view. Required. tcl-name: Class name. It must be the name classifier tcl-name of an existing system-defined or Associate a traffic behavior...
Displaying and maintaining CBQ To do… Command… display traffic classifier { system-defined | user- Display class configuration information. defined } [ tcl-name ] [ | { begin | exclude | include } regular-expression ] display traffic behavior { system-defined | user- Display traffic behavior configuration information.
Page 88
Router C and Router D can reach each other through Router A and Router B. The DSCP field of the traffic has been set before it enters Router A. Configuring Router A # Define three classes to match the IP packets with DSCP AF1 1, AF21, and EF, respectively. <RouterA>...
Configuring congestion avoidance Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance actively monitors network resources (such as queues and memory buffers), and drops packets when congestion is expected to occur or deteriorate. Compared with end-to-end flow control, this flow control mechanism controls the load of more flows in a router.
In this way, the benefits of the flow with a smaller queue size are protected. Configuring WRED On the A6600 routers, configure WRED by configuring WRED parameters on an interface and enabling WRED. Parameters Determine the following parameters before configuring WRED: The upper threshold and lower threshold—When the average queue size is smaller than the lower...
Configuring WRED on an interface To configure qos wred enable on an interface, you must first enable WFQ on the software interface. To do… Command… Remarks Enter system view. system-view — interface interface-type Enter interface view. — interface-number qos wred [ dscp | ip-precedence ] Enable WRED.
Displaying and maintaining WRED To do… Command… Remarks Display WRED configuration display qos wred interface [ interface- information on the interface or all type interface-number ] [ | { begin | Available in any view. interfaces. exclude | include } regular-expression ] Configuration example Network requirements As shown in...
Configuring traffic filtering Filter in or filter out a class of traffic by associating the class with a traffic filtering action. For example, filter packets sourced from a specific IP address according to network status. To do… Command… Remarks Enter system view. system-view —...
Traffic filtering configuration example Network requirements As shown in Figure 30, Host is connected to GigabitEthernet 1/0/1 of Router. Configure traffic filtering to filter the packets whose source port is not 21 and received on GigabitEthernet 1/0/1. Figure 30 Traffic filtering Host Router GE1/0/1...
Configuring priority marking Priority marking sets the priority fields or flag bits of packets to modify the priority of traffic. For example, use priority marking to set IP precedence or DSCP for a class of IP traffic to change its transmission priority in the network.
To do… Command… Remarks display traffic behavior { system-defined | user- Optional. Display the priority marking configuration. defined } [ behavior-name ] [ | Available in any view. { begin | exclude | include } regular-expression ] Configuration example Network requirements As shown in Figure 31, the enterprise network of a company interconnects hosts with servers through Router.
Page 98
# Create advanced ACL 3001, and configure a rule to match packets with destination IP address 192.168.0.2. [Router] acl number 3001 [Router-acl-adv-3001] rule permit ip destination 192.168.0.2 0 [Router-acl-adv-3001] quit # Create advanced ACL 3002, and configure a rule to match packets with destination IP address 192.168.0.3.
Configuring traffic redirecting The features in this chapter are available only on routers with a SAP interface card working in bridge mode. Overview Traffic redirecting is the action of redirecting the packets matching the specific match criteria to a certain location for processing.
To do… Command… Remarks Return to system view. quit — To an interface Applying the QoS policy to an — or PVC interface or PVC Apply the QoS policy. Applying the QoS policy to a To a VLAN — VLAN Configuration example Traffic redirection to an interface configuration Network requirements...
Page 101
Configuration procedure # Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1. <RouterA> system-view [RouterA] acl number 2000 [RouterA-acl-basic-2000] rule permit source 2.1.1.1 0 [RouterA-acl-basic-2000] quit # Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2. [RouterA] acl number 2001 [RouterA-acl-basic-2001] rule permit source 2.1.1.2 0 [RouterA-acl-basic-2001] quit...
Page 102
# Create a policy named policy, associate class classifier_1 with behavior behavior_1, associate class classifier_2 with behavior behavior_2, and associate class classifier_3 with behavior behavior_3 in the policy. [RouterA] qos policy policy [RouterA-qospolicy-policy] classifier classifier_1 behavior behavior_1 [RouterA-qospolicy-policy] classifier classifier_2 behavior behavior_2 [RouterA-qospolicy-policy] classifier classifier_3 behavior behavior_3 [RouterA-qospolicy-policy] quit # Apply the policy named policy to the incoming traffic of GigabitEthernet 1/0/1.
Configuring DAR The DAR feature identifies packets of dynamic protocols by examining Layer 4 to Layer 7 content other than the IP header. The feature helps service providers and businesses limit aggressive bandwidth use (by applications like BitTorrent) to ensure fairness and network performance. BitTorrent is a P2P file sharing communications protocol, enabling personal computers to directly exchange data or services.
Enabling DAR for P2P traffic recognition P2P traffic recognition is system resource demanding. It is disabled by default to avoid impacts on other modules. To do… Command… Remarks Enter system view. system-view — interface interface-type Enter Layer 3 Ethernet interface view. —...
Displaying and maintaining DAR for non-P2P traffic To do… Command… Remarks display dar protocol-statistic p2p [ interface interface-type interface- Display DAR protocol packet statistics. number ] [ direction { in | out } ] [ | Available in any view. { begin | exclude | include } regular- expression ] reset dar protocol-statistic p2p...
Page 106
# Configure a packet filtering behavior. [Router] traffic behavior deny [Router-behavior-deny] filter deny [Router-behavior-deny] quit # Create a QoS policy and associate the traffic behavior with the class in the policy. [Router] qos policy p2p [Router-qospolicy-p2p] classifier p2p behavior deny [Router-qospolicy-p2p] quit # Enable DAR for traffic recognition on GigabitEthernet 1/1 and apply the QoS policy to the incoming traffic of GigabitEthernet 1/1.
Create a behavior and enter behavior view. Required. behavior-name Optional. Configure the accounting action. accounting The A6600 router counts traffic in packets. Return to system view. quit — Create a policy and enter policy view. qos policy policy-name —...
Page 108
Figure 34 Traffic accounting Host Router GE1/0/1 Configuration procedure # Create basic ACL 2000, and configure a rule to match packets with source IP address 1.1.1.1. <Router> system-view [Router] acl number 2000 [Router-acl-basic-2000] rule permit source 1.1.1.1 0 [Router-acl-basic-2000] quit # Create a class named classifier_1, and use ACL 2000 as the match criterion in the class.
Configuring QPPB The QPPB feature enables you to classify IP packets based on BGP community lists, prefix lists, and BGP AS paths. With QPPB, the BGP route sender preclassifies routes before advertising them, and the BGP route receiver sets the IP precedence and QoS-local ID for the routes and takes appropriate QoS actions on packets matching the routes.
Configuring the route sender Configure the BGP route sender to set route attributes for routes before advertising them. Configuring basic BGP functions For more information, see Layer 3—IP Routing Configuration Guide. Creating a routing policy Configure a routing policy to classify routes and set route attributes for the route classes. For more information, see Layer 3—IP Routing Configuration Guide.
Configuration examples IPv4 QPPB configuration example Network requirements As shown in Figure 35, all routers run BGP. Router B receives routes, sets QPPB IP precedence and QoS-local IDs, and uses the QoS policy to limit the traffic rate to 512 kbps. Figure 35 QPPB in a BGP-routed IPv4 network AS 2000 AS 1000...
Page 112
# Configure a QoS policy. [RouterB] traffic classifier qppb [RouterB-classifier-qppb] if-match ip-precedence 1 [RouterB-classifier-qppb] if-match qos-local-id 3 [RouterB-classifier-qppb] quit [RouterB] traffic behavior qppb [RouterB-behavior-qppb] car cir 512 green pass red discard [RouterB-behavior-qppb] quit [RouterB] qos policy qppb [RouterB-qospolicy-qppb] classifier qppb behavior qppb [RouterB-qospolicy-qppb] quit # Apply QoS policy qppb to incoming traffic on interface Serial 2/0/1.
MPLS L3VPN QPPB configuration example Network requirements As shown in Figure 36, all routers run BGP. Router C receives routes, sets the QPPB QoS-local IDs, and uses the QoS policy to limit the traffic rate to 2 Mbps in each direction. Figure 36 QPPB configuration in an MPLS L3VPN (on routers) AS 100 AS 200...
IPv6 QPPB configuration example Network requirements As shown in Figure 37, all routers run BGP. Router B receives routes and sets the QPPB IP precedence. Figure 37 QPPB in an IPv6 network (on routers) AS 2000 AS 1000 GE1/0/1 GE1/0/1 S2/0/1 2::1/64 1::1/64...
Page 119
Verify the configuration # Check whether the related routes on Router A take effect. [RouterA] display ipv6 routing-table Routing Table : Destinations : 7 Routes : 7 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol...
Configuring MPLS QoS MPLS-related knowledge is necessary for understanding MPLS QoS. In the area of QoS, to provide the support for DiffServ as IP does, MPLS uses three bits analogous to IP precedence, called ―EXP bits‖ to carry class-of-service information. With the EXP bits, MPLS QoS is achieved to identify different traffic flows and implement differentiated services, guaranteeing low delay and low packet loss ratio for voice and video traffic.
Configuration prerequisites Complete basic MPLS configurations. For more information about basic MPLS configurations, see MPLS Configuration Guide. Configuration procedure To do… Command… Remarks Enter system view. system-view — interface interface-type Enter interface view. — interface-number Required. The action argument for MPLS can be the qos car { inbound | following: outbound } { any | acl...
To do… Command… Remarks Required. Configure a match if-match [ not ] mpls-exp The match criterion applies only to MPLS criterion for the class. exp-value-list packets. Return to system view. quit — Create a traffic behavior traffic behavior and enter traffic behavior —...
Configure MPLS PQ To do… Command… Remarks Enter system view. system-view — qos pql pql-index protocol mpls exp Configure a PQ list. exp-value-list queue { bottom | middle | Required. normal | top } Enter interface view. interface interface-type interface-number —...
Page 125
Configure a QoS policy on the incoming interface GigabitEthernet 1/0/1 on PE 1 and set the EXP field value for an MPLS packet according to the DSCP attribute of the MPLS packets. On the router P, classify traffic on the basis of the EXP field and configure flow-based CBQ: guarantee ...
Page 126
[PE1-behavior-exp1] traffic behavior exp2 [PE1-behavior-exp2] remark mpls-exp 2 [PE1-behavior-exp2] traffic behavior exp3 [PE1-behavior-exp3] remark mpls-exp 3 [PE1-behavior-exp3] traffic behavior exp4 [PE1-behavior-exp4] remark mpls-exp 4 [PE1-behavior-exp4] quit # Create QoS policy REMARK, and associate the behaviors with the classes in the QoS policy, so as to mark different classes of packets with different EXP values.
Page 127
# Create QoS policy QUEUE, and associate the behaviors with the classes to satisfy the following requirements: guarantee 10% of the bandwidth for traffic with an EXP value of 1; guarantee 20% of the bandwidth for traffic with an EXP value of 2; guarantee 30% of the bandwidth for traffic with an EXP value of 3;...
Configuring FR QoS On an FR interface, use generic QoS services to perform traffic policing, traffic shaping, congestion management, and congestion avoidance. You can also use FR-specific QoS mechanisms, including FRTS, FR traffic policing, FR congestion management, FR DE rule list, and FR queuing management. FR QoS is more flexible than generic QoS.
Page 129
Figure 40 FRTS implementation 192kbps 64kbps S2/0/1 S2/0/1 Frame relay network Router A Router B CIR ALLOW = 64kbps CBS = 8000bit EBS = 8000bit FRTS is applied on the outgoing interfaces of a router. It can provide you with parameters like CIR ALLOW, CIR, CBS, and EBS.
Traffic policing FR traffic policing monitors the traffic entering the network from each PVC, and restricts the traffic within a permitted range. If the traffic on a PVC exceeds the user-defined threshold, the router takes some measures, like packet drop, to protect the network resources. Figure 42 FR traffic policing implementation 192Kbps 64Kbps...
FR PVC queuing mechanisms include FIFO, PQ, CQ, WFQ, CBQ, and RTPQ. Only RTPQ can coexist with another queuing mechanism. Among these queuing mechanisms, the A6600 routers support only FIFO. With FRTS enabled on an interface, only FIFO, RTPQ, or PVC PQ is available on the interface.
Configuration task list Task Remarks Creating and configuring an FR class Required Configuring FRTS Optional Configuring FR traffic policing Optional Configuring FR congestion management Optional Configuring FR DE rule list Optional Configuring FR PVC queuing Optional Configuring FR fragmentation Optional Creating and configuring an FR class The system integrates QoS services on FR PVCs into FR classes to provide a flexible and complete solution for FR traffic control and service quality.
In FR class view, configure QoS parameters for QoS services such as FRTS, FR traffic policing, FR congestion management, and FR queuing. See the subsequent sections for detailed parameter configurations. Configuring FRTS To do... Command... Remarks Enter system view. system-view —...
Configuring FR traffic policing To do... Command... Remarks Enter system view. system-view — interface interface-type Enter FR interface view. — interface-number Required. Disabled by default. FR traffic policing is applied to the Enable FR traffic policing. fr traffic-policing interfaces receiving FR packets and can only be applied to the DCE of an FR network.
Configuring FR congestion management for an FR PVC The router determines whether congestion has occurred based on the percentage of the current FR PVC queue length to the total interface queue length. If the percentage exceeds the set congestion threshold, the router considers that congestion has occurred and takes action on packets, for example, drops packets, to alleviate the condition.
Configuring FR PVC queuing With FRTS enabled on an FR interface, each FR PVC of the interface is configured with an independent queuing mechanism. By default, FR PVCs use FIFO queuing. With congestion management enabled, an FR interface supports only FIFO queuing. ...
Displaying and maintaining FR QoS To do... Command... Remarks Display the mapping relationship between FR display fr class-map { fr-class class-name | classes and interfaces (including the DLCIs of an interface interface-type interface- number } Available in interface, subinterfaces of an interface, and the [ | { begin | exclude | include } any view.
Configuration procedure # Create FR class 96k and configure its FRTS parameters. [Router] fr class 96k [Router-fr-class-96k] cir allow 96000 [Router-fr-class-96k] cir 32000 [Router-fr-class-96k] cbs 96000 [Router-fr-class-96k] ebs 32000 [Router-fr-class-96k] traffic-shaping adaptation becn 20 [Router-fr-class-96k] quit # Enable FR encapsulation and FRTS on interface Serial 2/0/1. [Router] interface serial 2/0/1 [Router-Serial2/0/1] link-protocol fr [Router-Serial2/0/1] fr traffic-shaping...
Page 139
# Create DLCI 16, and apply the FR class test1 to DLCI 16. [RouterA-Serial2/0/1] fr dlci 16 [RouterA-fr-dlci-Serial2/0/1-16] fr-class test1 Configure Router B # Create FR class test1, enable FR fragmentation, and set the fragment size to 80 bytes. <RouterB> system-view [RouterB] fr class test1 [RouterB-fr-class-test1] fragment 80 [RouterB-fr-class-test1] quit...
After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources. Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. ...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 142
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Appendix A Default priority mapping tables For the default dscp-dscp priority mapping tables, an input value yields a target value equal to it. Table 4 Default dot1p-lp and dot1p-dp priority mapping tables Input priority value dot1p-lp mapping dot1p-dp mapping Local precedence 802.1p priority (dot1p) Drop precedence (dp) (lp)
Appendix B Packet precedences IP precedence and DSCP values Figure 47 ToS and DS fields Bits: Bits: Preced Type of IPv4 ToS DS-Field DSCP ence Service byte (for IPv4,ToS octet,and for IPv6,Traffic Class octet ) Must Class Selector Currently RFC 1349 codepoints Unused RFC 1122...