Contents Configuring ACLs ·············································································6 Overview ···································································································································· 6 ACL types ···························································································································· 6 Numbering and naming ACLs ·································································································· 6 Match order ·························································································································· 6 Rule numbering ···················································································································· 7 Fragment filtering with ACLs ···································································································· 8 Command and hardware compatibility······························································································ 8 Configuration restrictions and guidelines ·························································································· 8 Configuration task list····················································································································...
Page 4
Configuring priority mapping ····························································· 37 Overview ·································································································································· 37 Introduction to priorities ········································································································ 37 Priority maps ······················································································································ 37 Priority mapping configuration tasks ······························································································ 37 Configuring a priority map ············································································································ 38 Configuring priority maps ······································································································ 38 Configuring a port to trust packet priority for priority mapping ······························································ 38 Changing the port priority of an interface ························································································...
Page 5
Defining a traffic behavior ····································································································· 72 Defining a QoS policy ··········································································································· 76 Applying the QoS policy ········································································································ 76 Setting the maximum available interface bandwidth ··································································· 77 Setting the maximum reserved bandwidth as a percentage of available bandwidth ·························· 77 CBQ configuration example ··································································································· 78 Configuring RTPQ ······················································································································...
Page 6
Appendix C Introduction to packet precedences ············································································· 115 IP precedence and DSCP values ························································································· 115 802.1p priority ··················································································································· 116 EXP values ······················································································································ 117 Configuring MPLS QoS ································································· 118 Overview ································································································································ 118 Feature and hardware compatibility ····························································································· 118 Configuration prerequisites ········································································································ 119 Configuring MPLS CAR ·············································································································...
Page 7
Documentation feedback ···································································································· 141 Index ························································································· 143...
Configuring ACLs Overview An access control list (ACL) is a set of rules for identifying traffic based on criteria such as source IP address, destination IP address, and port number. The rules are also called permit or deny statements. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs"...
Table 1 Sort ACL rules in depth-first order ACL type Sequence of tie breakers VPN instance. More 0s in the source IPv4 address wildcard (more 0s means a IPv4 basic ACL narrower IPv4 address range). Rule configured earlier. VPN instance. Specific protocol number.
For example, if the step is 5, and there are five rules numbered 0, 5, 9, 10, and 12, the newly defined rule is numbered 15. If the ACL does not contain a rule, the first rule is numbered 0. Whenever the step changes, the rules are renumbered, starting from 0.
Configuration task list Tasks at a glance (Required.) Perform one or more of the following tasks: • Configuring a basic ACL • Configuring an advanced ACL • Configuring a Layer 2 ACL (Optional.) Copying an ACL (Optional.) Configuring packet filtering with ACLs (Optional.) Enabling ACL acceleration Configuring a basic ACL...
Configuring an IPv4 advanced ACL IPv4 advanced ACLs match packets based on the following criteria: • Source IP addresses. • Destination IP addresses. • Packet priorities. • Protocol numbers. • Other protocol header information, such as TCP/UDP source and destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Step Command Remarks By default, no ACLs exist. The value range for a numbered IPv6 advanced ACL is 3000 to 3999. Use the acl ipv6 advanced acl ipv6 advanced { acl-number | Create an IPv6 advanced acl-number command to enter the name acl-name } [ match-order ACL and enter its view.
• 802.1p priority (VLAN priority). • Link layer protocol type. To configure a Layer 2 ACL: Step Command Remarks Enter system view. system-view By default, no ACLs exist. The value range for a numbered Layer 2 ACL is 4000 to 4999. acl mac { acl-number | name Use the acl mac acl-number Create a Layer 2 ACL and...
Configuring packet filtering with ACLs This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets on the specified interface. Applying an ACL to an interface for packet filtering Step Command Remarks Enter system view. system-view interface interface-type...
Step Command Remarks The default setting is 0 minutes. Set the interval for outputting acl { logging | trap } interval By default, the device does not packet filtering logs interval generate log entries or SNMP notifications. notifications for packet filtering. Setting the packet filtering default action Step Command...
Step Command Remarks acl { [ ipv6 ] { advanced | basic } { acl-number | name acl-name } | Create an ACL and enter its acl-number name view. acl-name } } [ match-order { auto | config } ] Enable ACL acceleration for By default, ACL acceleration is accelerate...
Page 21
Figure 1 Network diagram Financial database server 192.168.0.100/24 GE1/0/1 GE1/0/2 GE1/0/4 Device GE1/0/3 President's office Financial department Marketing department 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. <Device> system-view [Device] time-range work 08:0 to 18:00 working-day # Create an IPv4 advanced ACL numbered 3000.
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms # Verify that a PC in the Marketing department cannot ping the database server during working hours.
Page 23
Figure 2 Network diagram Server zone Financial database server 192.168.0.100/24 GE1/0/1 GE1/0/2 GE1/0/4 Device GE1/0/3 President Finance Market zone zone zone Financial department Marketing department President's office 192.168.2.0/24 192.168.3.0/24 192.168.1.0/24 Configuration procedure # Create security zone Server, and add interface GigabitEthernet 1/0/1 to the security zone. <Device>...
Page 24
[Device] acl advanced 3001 [Device-acl-ipv4-adv-3001] rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work [Device-acl-ipv4-adv-3001] quit # Configure ACL 3002 to deny access from any other department to the financial database server. [Device] acl advanced 3002 [Device-acl-ipv4-adv-3002] rule deny ip source any destination 192.168.0.100 0 [Device-acl-ipv4-adv-3002] quit # Create a zone pair with the source security zone President and destination security zone Server.
Page 25
Request timed out. Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), # Display configuration and match statistics for IPv4 advanced ACL 3001 and 3002 on the device during working hours. [Device] display acl 3001 Advanced IPv4 ACL 3001, 2 rules, ACL's step is 5 rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work...
QoS overview In data communications, Quality of Service (QoS) provides differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. QoS manages network resources and prioritizes traffic to balance system resources. The following section describes typical QoS service models and widely used QoS techniques.
• Congestion avoidance. The following section briefly introduces these QoS techniques. All QoS techniques in this document are based on the DiffServ model. Deploying QoS in a network As shown in Figure 3, traffic classification, traffic shaping, traffic policing, congestion management, and congestion avoidance mainly implement the following functions: •...
Congestion management when congestion occurs. Figure 4 QoS processing flow Tokens Drop Other Classify the proce traffic Remark ssing Packets received Token bucket on the interface Classification Traffic policing Priority marking Toekn Drop Drop Enqueue Queue 0 Dequeue Queue 1 Classify the Other traffic...
Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy.
Defining a traffic class Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name By default, no traffic classes exist. enter traffic class view. [ operator { and | or } ] By default, no match criterion is configured.
Configuring a child policy You can nest a QoS policy in a traffic behavior to reclassify the traffic class associated with the behavior. Then the system performs the actions defined in the QoS policy on the reclassified traffic. The QoS policy nested in the traffic behavior is called the child policy. The QoS policy that nests the behavior is called the parent policy.
• PW—The QoS policy takes effect on the traffic of a PW. For information about PWs, see MPLS Configuration Guide. • Control plane—The QoS policy takes effect on the traffic received on the control plane. • Management interface control plane—The QoS policy takes effect on the traffic sent from the management interface to the control plane.
Step Command Remarks • Enter cross-connect PW view: a. xconnect-group group-name b. connection connection-name c. peer ip-address pw-id pw-id [ in-label label-value out-label label-value pw-class class-name tunnel-policy tunnel-policy-name ] * • Enter VSI LDP PW view: d. vsi vsi-name [ hub-spoke ] e.
If the hardware resources of an interface card are insufficient, applying a QoS policy to the control plane might fail on the interface card. The system does not automatically roll back the QoS policy configuration already applied to the MPU or other interface cards. To ensure consistency, you must use the undo qos apply policy command to manually remove the QoS policy configuration applied to them.
To apply the QoS policy to the management interface control plane: Step Command Remarks Enter system view. system-view Enter management interface control plane control-plane management view. Apply the QoS policy By default, no QoS policy is to the management qos apply policy policy-name inbound applied to the management interface control plane.
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number default setting minutes. subinterface uses traffic rate statistics collection period statistics collection qos flow-interval interval configured main period for the interface. interface. A PVC uses the statistics collection period configured on the ATM main interface.
Page 37
Task Command Display information about QoS policies display qos policy interface [ interface-type interface-number applied to interfaces (distributed devices [ pvc { pvc-name | vpi/vci } ] ] [ slot slot-number ] [ inbound | in standalone mode/centralized devices outbound ] in IRF mode).
Page 38
Task Command Clear the statistics for the QoS policy applied to a control plane (distributed reset qos policy control-plane slot slot-number devices in standalone mode/centralized devices in IRF mode). Clear the statistics for the QoS policy reset qos policy control-plane chassis chassis-number slot applied to a control plane (distributed slot-number devices in IRF mode).
Configuring priority mapping Overview When a packet arrives, a device assigns a set of QoS priority parameters to the packet based on either of the following: • A priority field carried in the packet. • The port priority of the incoming port. This process is called priority mapping.
• Changing port priority—If no packet priority is trusted, the port priority of the incoming port is used. By changing the port priority of a port, you change the priority of the incoming packets on the port. To configure priority mapping, perform the following tasks: Tasks at a glance (Optional.) Configuring a priority map...
When you configure the trusted packet priority type on an interface, use the following available keywords: • dot1p—Uses the 802.1p priority of received packets for mapping. • dscp—Uses the DSCP precedence of received IP packets for mapping. To configure the trusted packet priority type on an interface: Step Command Remarks...
Priority mapping table and priority marking configuration example Network requirements As shown in Figure • The Marketing department connects to GigabitEthernet 1/0/1 of Device, which sets the 802.1p priority of traffic from the Marketing department to 3. • The R&D department connects to GigabitEthernet 1/0/2 of Device, which sets the 802.1p priority of traffic from the R&D department to 4.
Page 44
Figure 7 Network diagram Internet Host Host Server Server GE1/0/5 GE1/0/3 GE1/0/2 Mgmt Dept R&D Dept GE1/0/4 GE1/0/1 Device Data server Host Server Mail server Public servers Marketing Dept Configuration procedure Configure trusting port priority: # Set the port priority of GigabitEthernet 1/0/1 to 3. <Device>...
Page 45
Map the local precedence values 6 and 2 to local precedence values 2 and 3 and keep local precedence value 4 unchanged. This guarantees the Management department, Marketing department, and R&D department decreased priorities to access the Internet. [Device] traffic classifier rd [Device-classifier-rd] if-match local-precedence 6 [Device-classifier-rd] quit [Device] traffic classifier market...
Configuring traffic policing, GTS, and rate limit Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic. Traffic policing, Generic Traffic Shaping (GTS), and rate limit control the traffic rate and resource usage according to traffic specifications.
CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or forwarding rate allowed by bucket C. CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward. EBS—Size of bucket E minus size of bucket C, which specifies the transient burst of traffic ...
Figure 8 Traffic policing Put tokens into the bucket at the set rate Packets to be sent out this interface Packets sent Classify Token bucket Drop Traffic policing is widely used in policing traffic entering the ISP networks. It can classify the policed traffic and take predefined policing actions on each packet depending on the evaluation result: •...
Figure 9 GTS Tokens are put into the bucket at the set rate Packets to be sent through this interface Packets sent Packet classification Token bucket Queue Packets dropped For example, in Figure 10, Router B performs traffic policing on packets from Router A and drops packets exceeding the limit.
Figure 11 Rate limit implementation Put tokens to the bucket at the set rate Packets to be sent Packets sent Token Queue bucket Buffer The token bucket mechanism limits traffic rate when accommodating bursts. It allows bursty traffic to be transmitted if enough tokens are available. If tokens are scarce, packets cannot be transmitted until efficient tokens are generated in the token bucket.
Page 51
Step Command Remarks By default, no match criterion is configured. Configure a match if-match [ not ] match-criteria For more information about the criterion. if-match command, see ACL and QoS Command Reference. Return system quit view. Create traffic behavior and enter traffic behavior behavior-name By default, no traffic behaviors exist.
Configuring traffic policing by using the non-MQC approach Configuring CAR-list-based traffic policing Step Command Remarks Enter system view. system-view qos carl carl-index { dscp dscp-list | mac mac-address | mpls-exp mpls-exp-value | precedence precedence-value destination-ip-address By default, no CAR lists Configure a CAR list.
Step Command Remarks qos car { inbound | outbound } any cir committed-information-rate committed-burst-size excess-burst-size ] ] [ green action | red action | yellow action ] * Configure By default, no CAR policy is policy for all traffic on qos car { inbound | outbound } any cir configured on an interface.
Step Command Remarks By default, no match criterion is configured. Configure match configurable match if-match [ not ] match-criteria criterion. criteria, see the if-match command in ACL and QoS Command Reference. Return to system view. quit Create traffic default, traffic behavior enter traffic behavior behavior-name...
To configure the rate limit for a PW: Step Command Remarks Enter system view. system-view • Enter cross-connect PW view: a. xconnect-group group-name b. connection connection-name c. peer ip-address pw-id pw-id [ in-label label-value out-label label-value pw-class class-name | tunnel-policy tunnel-policy-name ] * •...
Configuration procedure Configure Router A: # Configure GTS on GigabitEthernet 1/0/3 to shape the packets when the sending rate exceeds 500 kbps. This decreases the packet loss rate of GigabitEthernet 1/0/1 of Router B. <RouterA> system-view [RouterA] interface gigabitethernet 1/0/3 [RouterA-GigabitEthernet1/0/3] qos gts any cir 500 [RouterA-GigabitEthernet1/0/3] quit # Configure ACLs to permit the packets from the server and Host A.
Page 59
Figure 13 Network diagram Router GE1/0/1 Internet GE1/0/2 …… Host Z Host A 2.1.1.100/8 2.1.1.1/8 Configuration procedure # Configure per-IP-address rate limiting on GigabitEthernet 1/0/2 to meet the following requirements: • Limit the rate of each host on the network segment 2.1.1.1 through 2.1.1.100. •...
Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 14 shows common congestion scenarios.
Page 61
Figure 15 FIFO queuing Packets to be sent through this interface Packets sent Queue Interface Sending queue PQ is designed for mission-critical applications. Mission-critical applications require preferential treatment to reduce the response delay when congestion occurs. PQ can flexibly determine the order of forwarding packets by network protocol (for example, IP and IPX), incoming interface, packet length, source/destination address, and so on.
During a cycle of queue scheduling, CQ first empties the system queue. Then, it schedules the 16 queues in a round robin way. It sends a certain number of bytes out of each queue in the ascending order of queue 1 to queue 16. CQ guarantees a certain amount of bandwidth to common packets, and ensures that mission-critical packets are assigned more bandwidth.
When dequeuing packets, WFQ assigns the outgoing interface bandwidth to each traffic flow by precedence. The higher precedence value a traffic flow has, the more bandwidth it gets. For example, five flows exist in the current interface with precedence 0, 1, 2, 3, and 4, respectively. The total bandwidth quota is the sum of all the (precedence value + 1)s, 1 + 2 + 3 + 4 + 5 = 15.
assigned to it. During congestion, the packets of each priority class exceeding the assigned bandwidth are discarded. • Bandwidth queuing (BQ)—An AF queue. The BQ provides guaranteed bandwidth for AF traffic, and schedules the AF classes proportionally. The system supports up to 64 AF queues. •...
Figure 20 RTPQ RTP queue Packets to be sent Packets sent Dequeued first Other queuing Interface Classify Sending Schedule mechanisms: PQ, queue CQ, and WFQ Congestion management technique comparison Congestion management techniques offer different QoS capabilities to meet different application requirements, as explained in Table Table 3 Congestion management technique comparison...
Number Type Advantages Disadvantages queues • Easy to configure. • Bandwidth guarantee for packets from cooperative (interactive) sources (such as TCP packets). • Reduces jitter. • Reduces the delay for interactive applications The processing speed is slower than Configurable with a small amount of FIFO.
• MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. Setting the FIFO queue size FIFO is the default queue scheduling mechanism for an interface, and the FIFO queue size is configurable.
Step Command Remarks If you specify a VT interface, this command displays (Optional.) Display the PQ display qos queue pq interface configuration and statistics for all configuration and statistics for [ interface-type interface-number interfaces interfaces or PVCs. [ pvc { pvc-name | vpi/vci } ] ] interface.
# Apply PQ list 1 to GigabitEthernet 1/0/2. [RouterA] interface gigabitethernet 1/0/2 [RouterA-GigabitEthernet1/0/2] qos pq pql 1 Configuring CQ You can configure a CQ list that contains up to 16 queues. The CQ list specifies the following information: • The queue where a packet is placed in. •...
Step Command Remarks The default setting is 20. (Optional.) Set the maximum In response to bursts of traffic, qos cql cql-index queue queue-id length of a queue in a CQ you can increase the maximum queue-length queue-length list. queue length to improve queue scheduling performance.
Step Command Remarks • Enter interface view: interface interface-type interface-number • Enter interface or PVC view. Enter PVC view: a. interface atm interface-number b. pvc vpi/vci dscp precedence By default, WFQ is not Configure queue-length max-queue-length configured interface or PVC. queue-number total-queue-number ] * interface or PVC.
Predefined classes The system predefines some classes and defines general rules for the classes. You can use the following predefined classes when defining a policy: • default-class—Matches the default traffic. • ef, af1, af2, af3, af4—Matches IP DSCP value ef, af1, af2, af3, af4, respectively. •...
Page 75
• You cannot configure the queue af command together with the queue ef or queue sp command in the same traffic behavior. • To configure queue af for multiple classes of a policy, you must configure them in one of the following units: Bandwidth.
Page 76
Configuring SP When you configure SP, follow these restrictions and guidelines: • You cannot configure the queue sp command together with any of the following commands in one traffic behavior: queue af. queue-length. queue ef. • The default class cannot be associated with a traffic behavior including SP. To configure SP: Step Command...
Page 77
Step Command Remarks Enter system view. system-view Create a traffic behavior traffic behavior and enter traffic behavior By default, no traffic behaviors exist. behavior-name view. Enable WRED. wred [ dscp | ip-precedence ] By default, WRED is not enabled. Setting the exponent for WRED to calculate the average queue size Before configuring the WRED exponent, make sure the following requirements are met: •...
To set the lower limit, upper limit, and drop probability denominator for an IP precedence value in WRED: Step Command Remarks Enter system view. system-view Create a traffic behavior and By default, no traffic behaviors traffic behavior behavior-name enter traffic behavior view. exist.
Step Command Remarks • Enter interface view: interface interface-type interface-number Settings in interface view take • effect on the current interface. Enter PVC view: Enter interface or PVC view. Settings in PVC view take a. interface effect on the current PVC. interface-number b.
Use the default maximum reserved bandwidth setting in most situations. When tuning the setting, make sure the Layer 2 frame header plus the data traffic is smaller than the maximum available bandwidth of the interface. To set the maximum reserved bandwidth on an interface: Step Command Remarks...
[RouterA] traffic classifier af11_class [RouterA-classifier-af11_class] if-match dscp af11 [RouterA-classifier-af11_class] quit [RouterA]traffic classifier af21_class [RouterA-classifier-af21_class] if-match dscp af21 [RouterA-classifier-af21_class] quit [RouterA] traffic classifier ef_class [RouterA-classifier-ef_class] if-match dscp ef [RouterA-classifier-ef_class] quit # Define two traffic behaviors, and enable AF and set a minimum guaranteed bandwidth percentage of 5% in each traffic behavior.
Step Command Remarks • Enter interface view: interface interface-type interface-number • Enter PVC view: Enter interface or PVC view. a. interface interface-number b. pvc vpi/vci rtpq start-port first-rtp-port-number end-port default, RTPQ Configure RTPQ. last-rtp-port-number bandwidth configured. bandwidth [ cbs cbs ] Enabling packet information pre-extraction The IP packets received on the physical interface for a tunnel interface might have been processed by the tunnel interface.
As a best practice to improve the data transmission efficiency, do not configure this feature if the upper-layer protocols (for example, UDP) do not support flow control. To configure QoS tokens: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.
Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance: • Actively monitors network resources (such as queues and memory buffers). • Drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, congestion avoidance cooperates with the flow control mechanism at the source end to regulate the network traffic size.
• Drop probability. When FIFO, PQ, or CQ is used, you can set the following parameters for each queue to provide differentiated drop policies: • Exponent for average queue size calculation. • Upper threshold. • Lower threshold. • Drop probability. Relationship between WRED and queuing mechanisms Figure 23 Relationship between WRED and queuing mechanisms Queue 1 weight 1...
–n –n Average queue size = ( previous average queue size x (1 – 2 ) ) + (current queue size x 2 where n is the exponent. • Denominator for drop probability calculation—The greater the denominator, the smaller the calculated drop probability.
[Sysname-GigabitEthernet1/0/1] qos wred ip-precedence enable # Set the following parameters for packets with IP precedence value 3: lower threshold 20, upper threshold 40, and drop probability 1/15. [Sysname-GigabitEthernet1/0/1] qos wred ip-precedence 3 low-limit 20 high-limit 40 discard-probability 15 # Set the exponent for average queue size calculation to 6. [Sysname-GigabitEthernet1/0/1] qos wred weighting-constant 6 Displaying and maintaining WRED Execute display commands in any view.
Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from an IP address according to network status. Configuration procedure To configure traffic filtering: Step Command...
Figure 24 Network diagram Host Device GE1/0/1 Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is not 21. <Device> system-view [Device] acl advanced 3000 [Device-acl-ipv4-adv-3000] rule 0 permit tcp source-port neq 21 [Device-acl-ipv4-adv-3000] quit # Create a traffic class named classifier_1, and use ACL 3000 as the match criterion in the traffic class.
Configuring priority marking Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a class of IP packets to control the forwarding of these packets.
Step Command Remarks 10. Return to system view. quit Choose • Applying the QoS policy to an interface application destinations or PVC as needed. 11. Apply the QoS policy. • Applying the QoS policy to a control default, plane policy is applied. 12.
Page 93
[Device-acl-ipv4-adv-3001] rule permit ip destination 192.168.0.2 0 [Device-acl-ipv4-adv-3001] quit # Create advanced ACL 3002, and configure a rule to match packets with destination IP address 192.168.0.3. [Device] acl advanced 3002 [Device-acl-ipv4-adv-3002] rule permit ip destination 192.168.0.3 0 [Device-acl-ipv4-adv-3002] quit # Create a traffic class named classifier_dbserver, and use ACL 3000 as the match criterion in the traffic class.
Configuring traffic redirecting Traffic redirecting redirects packets matching the specified match criteria to a location for processing. You can redirect packets to an interface. Feature and hardware compatibility This feature is supported only on the following ports: • Layer 2 Ethernet ports on Ethernet switching modules. •...
Step Command Remarks Choose • Applying the QoS policy to an interface application destinations or PVC as needed. 11. Apply the QoS policy. • Applying the QoS policy to a control default, plane policy is applied. 12. (Optional.) Display traffic display traffic behavior...
Page 97
# Create a traffic behavior named behavior_1, and configure the action of redirecting traffic to GigabitEthernet 2/1/2. [Device] traffic behavior behavior_1 [Device-behavior-behavior_1] redirect interface gigabitethernet 2/1/2 [Device-behavior-behavior_1] quit # Create a traffic behavior named behavior_2, and configure the action of redirecting traffic to GigabitEthernet 2/1/3.
Configuring QPPB The term "router" in this document refers to both routers and Layer 3 switches. Overview The QoS Policy Propagation Through the Border Gateway Protocol (QPPB) feature enables you to classify IP packets based on the following attributes: • BGP community lists.
Enabling QPPB on the route receiving interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, QPPB is disabled. bgp-policy destination Enable QPPB source ip-prec-map This command applies only to interface. ip-qos-map } * incoming traffic.
Page 101
Configuration procedure Configure IP addresses for each interface. (Details not shown.) Configure a BGP connection to Router B, and add the network 1.1.1.0/8 to the BGP routing table on Router A. <RouterA> system-view [RouterA] bgp 1000 [RouterA-bgp] peer 168.1.1.2 as-number 2000 [RouterA-bgp] peer 168.1.1.2 connect-interface GigabitEthernet 1/0/2 [RouterA-bgp] address-family ipv4 [RouterA-bgp-ipv4] import-route direct...
Page 102
Verifying the configuration # Verify that the related route on Router B takes effect. [RouterB] display ip routing-table 1.1.1.0 24 verbose Summary Count : 1 Destination: 1.1.1.0/24 Protocol: BGP Process ID: 0 SubProtID: 0x2 Age: 00h00m33s Cost: 0 Preference: 255 IpPre: 1 QosLocalID: 3 Tag: 0...
Page 107
224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 # Verify that the related routes on Router B take effect. [RouterB] display ip routing-table Destinations : 14 Routes : 14 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0...
Page 108
Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 1.1.1.1/32 OSPF 168.1.1.2 GE1/0/2 2.2.2.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 168.1.1.0/24 Direct 0 168.1.1.1 GE1/0/2...
Page 109
167.1.1.0/24 169.1.1.2 GE1/0/2 169.1.1.0/24 Direct 0 169.1.1.1 GE1/0/2 169.1.1.0/32 Direct 0 169.1.1.1 GE1/0/2 169.1.1.1/32 Direct 0 127.0.0.1 InLoop0 169.1.1.255/32 Direct 0 169.1.1.1 GE1/0/2 192.168.1.0/24 169.1.1.2 GE1/0/2 192.168.3.0/24 Direct 0 192.168.3.2 GE1/0/1 192.168.3.0/32 Direct 0 192.168.3.2 GE1/0/1 192.168.3.2/32 Direct 0 127.0.0.1 InLoop0 192.168.3.255/32 Direct 0...
Input priority value lp-dot1p map lp-dscp map Table 9 Default port priority-local priority map Port priority Local precedence Appendix C Introduction to packet precedences IP precedence and DSCP values As shown in Figure 30, the ToS field in the IP header contains 8 bits. The first 3 bits (0 to 2) represent IP precedence from 0 to 7.
Figure 31 An Ethernet frame with an 802.1Q tag header 802.1Q header Destination Source Length FCS(CRC- Data Address Address /Type TPID 6 bytes 6 bytes 4 bytes 2 bytes 46~1500 bytes 4 bytes Figure 32 shows the format of the 802.1Q tag header. The Priority field in the 802.1Q tag header is called 802.1p priority, because its use is defined in IEEE 802.1p.
Configuring MPLS QoS Overview MPLS uses 3 bits, called EXP bits, to carry class-of-service information to provide support for DiffServ. MPLS QoS identifies different traffic flows with different EXP bits and implements differentiated services. MPLS QoS can guarantee low delay and low packet loss ratio for critical service traffic, such as voice and video traffic.
Configuration prerequisites Before configuring MPLS QoS, complete basic MPLS configuration. For more information about basic MPLS configurations, see MPLS Configuration Guide. Configuring MPLS CAR A CAR policy for traffic entering an MPLS network performs the following operations: • Limits the transmission rate to avoid network congestion. •...
Step Command Remarks By default, no match criteria are configured. Configure match criteria for if-match mpls-exp the traffic class. exp-value&<1-8> The match criteria apply only to MPLS packets. Return to system view. quit Create a traffic behavior and By default, no traffic behaviors traffic behavior behavior-name enter traffic behavior view.
Figure 34 Network diagram GE1/0/1 GE1/0/2 PE 1 PE 2 GE1/0/1 GE1/0/1 Loop0 Loop0 AS 100 GE1/0/2 GE1/0/2 100M 100M GE1/0/1 GE1/0/1 CE 1 CE 2 VPN 1 VPN 1 AS 65410 AS 65420 Table 13 Interfaces and IP address assignment Device Interface IP address...
Page 124
[PE1-behavior-exp2] remark mpls-exp 2 [PE1-behavior-exp2] quit [PE1] traffic behavior exp3 [PE1-behavior-exp3] remark mpls-exp 3 [PE1-behavior-exp3] quit [PE1] traffic behavior exp4 [PE1-behavior-exp4] remark mpls-exp 4 [PE1-behavior-exp4] quit # Create QoS policy REMARK, and associate the behaviors with the classes in the QoS policy to mark different classes of packets with different EXP values.
Configuring FR QoS On an FR interface, you can use generic QoS services to perform traffic shaping, traffic policing, congestion management, and congestion avoidance. You can also use FR-specific QoS mechanisms, including FR traffic shaping (FRTS), FR traffic policing (FRTP), FR congestion management, FR discard eligibility (DE) rule list, and FR queuing management.
64 kbps when no congestion occurs. Even if congestion occurs in the network, Router B can still transmit packets at the rate of 32 kbps. Figure 36 FRTS implementation Data flow direction 64 kbps 128 kbps Ser2/1/1 Ser2/1/1 Frame Relay network Router B Router A...
For efficiency, the FRTS introduces the concept of dynamic Tc (Tc=packet size/CIR ALLOW). The Tc can be dynamic adjusted depending on the transmitted packet size. The device allocates the required tokens to the current packets waiting for transmission within the latest Tc regardless of the packet size (smaller than 1500 bytes).
Figure 39 FR queuing PVC queuing Interface queuing The device schedules packets by using PVC queuing before the device schedules them by using interface queuing. PVC queuing takes effect only when FRTS is enabled. FR interface queuing The following queuing mechanisms are available on FR interfaces: •...
Feature and hardware compatibility The following matrix shows the feature and hardware compatibility: Hardware FR QoS compatibility MSR954 (JH296A/JH297A/JH298A/JH299A/JH373A) MSR958 (JH300A/JH301A) MSR1002-4/1003-8S MSR2003 MSR2004-24/2004-48 MSR3012/3024/3044/3064 MSR4060/4080 FR QoS configuration task list Tasks at a glance (Required.) Creating and configuring an FR class (Optional.) Configuring FRTS (Optional.)
Step Command Remarks Enter system view. system-view Create an FR class and fr class class-name By default, no FR classes exist. enter FR class view. Return to system view. quit • Method Associate the FR class with an FR interface: a.
Step Command Remarks (Optional.) Set the CBS for cbs [ inbound | outbound ] The default setting is 56000 bits. the FR class. committed-burst-size (Optional.) Set the CIR for cir committed-information-rate The default setting is 56000 bps. the FR class. (Optional.) cir allow [ inbound | outbound ] The default setting is 56000 bps.
Configuring FR queuing Configuring PVC queuing as FIFO, PQ, CQ, WFQ, or RTPQ Step Command Remarks Enter system view. system-view Enter FR class view. fr class class-name • Configure FIFO: fifo queue-length queue-length • Configure pql pql-index • By default, FIFO is used, and the Configure queue length is 75 packets.
Step Command Remarks 12. Apply the QoS policy to apply policy policy-name By default, no QoS policy is applied to the FR class. outbound an FR class. Configuring interface queuing as PVC PQ By default, an FR interface uses FIFO queuing. You can configure an FR interface to use PVC PQ. To configure PVC PQ: Step Command...
Step Command Remarks By default, no DE rule list is applied to an FR PVC. Up to 10 DE rule lists can Apply the DE rule list to an fr de del list-number dlci dlci-number be applied on a device. A FR PVC of the interface.
FRTS configuration example Network requirements As shown in Figure • The maximum rate of Serial 2/1/1 on Router A is 64 kbps. • Router B sends packets to Router A at 128 kbps. Configure FRTS on the outgoing interface Serial 2/1/1 of Router B to limit its transmission rate to an average of 64 kbps.
Configuring time ranges You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them. If a time range does not exist, the service based on the time range does not take effect.
Page 139
Figure 41 Network diagram Server Host A GE1/0/1 GE1/0/2 192.168.1.2/24 Device A 192.168.0.100/24 Host B 192.168.1.3/24 Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 2015 to the end of the year. <DeviceA>...
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HP Passport set up with relevant entitlements.
Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Support Center...
Page 144
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 145
Index rule numbering, Numerics time range configuration, 136, 136 time range display, QoS packet 802.1p priority, types, action ACL packet filtering default action, absolute time range (ACL), 136, 136 ACL packet filtering default action accelerating hardware-count, ACL acceleration enable, advanced ACL access control type, list.
Page 158
QoS policy application (management interface ACL packet filtering logging+SNMP notifications, control plane), QoS policy application (PW), trusted QoS policy application (user profile), QoS trusted port packet priority, type QoS policy configuration, QoS policy definition, ACL advanced, ACL auto match order sort, QoS policy interface application, ACL basic, QoS policy-based traffic rate statistics...
Page 159
QoS CM WRED DSCP value limits+drop probability denominator, QoS CM WRED exponent, QoS CM WRED IP precedence value limits+drop probability denominator, zone ACL packet filter configuration (zone pair-based), ACL packet filtering application (zone pair),...