HP 5920 & 5900 Switch Series
ACL and QoS
Part number: 5998-2897
Software version: Release2207
Document version: 6W100-20121130

Advertising

   Summary of Contents for HP 5920

  • Page 1: Configuration Guide

    HP 5920 & 5900 Switch Series ACL and QoS Configuration Guide Part number: 5998-2897 Software version: Release2207 Document version: 6W100-20121130...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring ACLs ························································································································································· 1   Overview ············································································································································································ 1   Applications on the switch ······································································································································ 1   ACL categories ························································································································································· 1   Numbering and Naming ACLs ······························································································································· 1   Match order ······························································································································································ 2   Rule numbering ························································································································································· 3   Fragments filtering with ACLs ·································································································································· 3  ...

  • Page 4: Table Of Contents

    Displaying and maintaining QoS policies ·················································································································· 22   Configuring priority mapping ··································································································································· 24   Overview ········································································································································································· 24   Introduction to priorities ········································································································································ 24   Priority maps ·························································································································································· 24   Priority trust mode on a port ································································································································· 25   Priority mapping procedure ································································································································· 26  ...

  • Page 5: Table Of Contents

    Configuring congestion avoidance ··························································································································· 52   Overview ········································································································································································· 52   Tail drop ································································································································································· 52   RED and WRED ····················································································································································· 52   ECN ········································································································································································ 52   Configuring and applying a WRED table ··················································································································· 53   Displaying and maintaining WRED ····························································································································· 54  ...

  • Page 6: Table Of Contents

      IP precedence and DSCP values ·························································································································· 85   802.1p priority ······················································································································································ 86   Support and other resources ····································································································································· 88   Contacting HP ································································································································································ 88   Subscription service ·············································································································································· 88   Related information ························································································································································ 88   Documents ······························································································································································ 88  ...

  • Page 7: Configuring Acls

    Configuring ACLs Overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs"...

  • Page 8: Match Order

    Match order The rules in an ACL are sorted in a specific order. When a packet matches a rule, the device stops the match process and performs the action defined in the rule. If an ACL contains overlapping or conflicting rules, the matching result and action to take depend on the rule order.

  • Page 9: Rule Numbering

    Traditional packet filtering matches only first fragments of packets, and allows all subsequent non-first fragments to pass through. Attackers can fabricate non-first fragments to attack networks. To avoid the risks, the HP ACL implementation does the follows: • Filters all fragments by default, including non-first fragments.

  • Page 10: Configuring A Basic Acl

    Tasks at a glance (Optional.) Copying an ACL (Optional.) Configuring packet filtering with ACLs Configuring a basic ACL This section describes procedures for configuring IPv4 and IPv6 basic ACLs. Configuring an IPv4 basic ACL IPv4 basic ACLs match packets based only on source IP addresses. To configure an IPv4 basic ACL: Step Command...

  • Page 11: Configuring An Advanced Acl

    Step Command Remarks Enter system view. system-view By default, no ACL exists. IPv6 basic ACLs are numbered in acl ipv6 number acl-number Create an IPv6 basic ACL the range of 2000 to 2999. [ name acl-name ] [ match-order view and enter its view. You can use the acl ipv6 name { auto | config } ] acl-name command to enter the...

  • Page 12: Configuring An Ipv6 Advanced Acl

    Step Command Remarks By default, no ACL exists. IPv4 advanced ACLs are acl number acl-number [ name numbered in the range of 3000 to Create an IPv4 advanced ACL acl-name ] [ match-order { auto | 3999. and enter its view. config } ] You can use the acl name acl-name command to enter the view of a...

  • Page 13: Configuring An Ethernet Frame Header Acl

    Step Command Remarks By default, no ACL exists. IPv6 advanced ACLs are acl ipv6 number acl-number numbered in the range of 3000 to Create an IPv6 advanced ACL [ name acl-name ] [ match-order 3999. and enter its view. { auto | config } ] You can use the acl ipv6 name acl-name command to enter the view of a named ACL.

  • Page 14: Copying An Acl

    Step Command Remarks By default, no ACL exists. Ethernet frame header ACLs are Create an Ethernet frame acl number acl-number [ name numbered in the range of 4000 to header ACL and enter its acl-name ] [ match-order { auto | 4999.

  • Page 15: Configuring Packet Filtering With Acls

    Configuring packet filtering with ACLs This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets on the specified interface. Applying an ACL to an interface for packet filtering Step Command Remarks Enter system view. system-view Enter Ethernet interface view interface interface-type...

  • Page 16: Acl Configuration Example

    Task Command display acl [ ipv6 ] { acl-number | all | name Display ACL configuration and match statistics. acl-name } display packet-filter { interface [ interface-type Display whether an ACL has been successfully applied interface-number ] [ inbound | outbound ] | { interface to an interface for packet filtering).

  • Page 17: Configuration Procedure

    Figure 1 Network diagram Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. <DeviceA> system-view [DeviceA] time-range work 08:00 to 18:00 working-day # Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits access from the President's office to the financial database server, one rule permits access from the Financial department to the database server during working hours, and one rule denies access from any other department to the database server.

  • Page 18

    Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms The output shows that the database server can be pinged.

  • Page 19: Qos Overview

    QoS overview In data communications, Quality of Service (QoS) is a network's ability to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. Network resources are scarce. The contention for resources requires that QoS prioritize important traffic flows over trivial ones.

  • Page 20: Qos Techniques Overview

    QoS techniques overview The QoS techniques include traffic classification, traffic policing, traffic shaping, line rate, congestion management, and congestion avoidance. The following section briefly introduces these QoS techniques. Deploying QoS in a network Figure 2 Position of the QoS techniques in a network As shown in Figure 2, traffic classification, traffic shaping, traffic policing, congestion management, and...

  • Page 21

    Figure 3 QoS processing flow  ...

  • Page 22: Configuring A Qos Policy

    Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the line rate feature to set a rate limit on an interface without using a QoS policy.

  • Page 23: Defining A Traffic Class

    Defining a traffic class Configuration guidelines If a class that uses the AND operator has multiple if-match acl, if-match acl ipv6, if-match customer-vlan-id or if-match service-vlan-id clauses, a packet that matches any of the clauses matches the class. To successfully execute the traffic behavior associated with a traffic class that uses the AND operator, define only one if-match clause for any of the following match criteria and input only one value for any of the following list arguments, for example, the 8021p-list argument: customer-dot1p 8021p-list...

  • Page 24

    Table 2 Available match criteria Option Description Matches an ACL. The acl-number argument is in the range of 2000 to 3999 for an IPv4 ACL, 2000 to 3999 for an IPv6 ACL, and 4000 to 4999 for an Ethernet frame acl [ ipv6 ] { acl-number | name header ACL.

  • Page 25: Defining A Traffic Behavior

    Option Description Matches the service provider VLAN IDs (SVLANs). The vlan-id-list argument is in the format of vlan-id-list = { vlan-id | vlan-id1 to vlan-id2 }&<1-10>, where the vlan-id, vlan-id1, and vlan-id2 arguments service-vlan-id vlan-id-list represent the VLAN IDs and each are in the range of 1 to 4094, vlan-id1 must be no greater than vlan-id2, and &<1-10>...

  • Page 26: Applying The Qos Policy

    By default, a traffic class is not associated with a traffic behavior. Repeat this step to create more class-behavior associations. Associate a traffic class with a If a class-behavior association has traffic behavior to create a classifier classifier-name behavior the mode dcbx keyword, it applies class-behavior association in behavior-name [ mode dcbx ] only to the Data Center Bridging...

  • Page 27: Applying The Qos Policy To A Vlan

    Applying the QoS policy to a VLAN You can apply a QoS policy to a VLAN to regulate traffic of the VLAN. Configuration restrictions and guidelines QoS policies cannot be applied to dynamic VLANs. Configuration procedure To apply the QoS policy to a VLAN: Step Command Remarks...

  • Page 28: Displaying And Maintaining Qos Policies

    protocol group type to identify the type of packets sent to the control plane. You can reference protocol types or protocol group types in if-match commands in traffic class view for traffic classification and then re-configure traffic behaviors for these traffic classes as required. You can use the display qos policy control-plane pre-defined command to display them.

  • Page 29

    Clear the statistics for a QoS policy reset qos policy global [ inbound | outbound ] applied globally. Clear the statistics for the QoS policy reset qos policy control-plane slot slot-number [ inbound | applied to a control plane. outbound ]...

  • Page 30: Configuring Priority Mapping

    Configuring priority mapping Overview When a packet arrives, depending on your configuration, a device assigns a set of QoS priority parameters to the packet based on either a certain priority field carried in the packet or the port priority of the incoming port. This process is called "priority mapping." During this process, the device can modify the priority of the packet according to the priority mapping rules.

  • Page 31: Priority Trust Mode On A Port

    Priority trust mode on a port The priority trust mode on a port determines which priority is used for priority mapping table lookup. Port priority was introduced to use for priority mapping in addition to the priority fields carried in packets. The Switch Series provides the following priority trust modes: Using the 802.1p priority carried in packets for priority mapping.

  • Page 32: Priority Mapping Procedure

    Table 5 Priority mapping results of not trusting packet priority (when the default dot1p-lp priority mapping table is used) Local precedence Queue ID Port priority 0 (default) The priority mapping procedure varies with the priority trust modes. For more information, see the subsequent section.

  • Page 33: Priority Mapping Configuration Tasks

    Figure 5 Priority mapping procedure for an Ethernet packet Receive a packet on a port Does the packet match conditions for local precedence or drop precedence marking? Mark it with local precedence or drop precedence 802.1p in Which priority is Port priority packets trusted on the port?

  • Page 34: Configuring A Priority Map

    Configuring a priority map Configuring priority maps Step Command Remarks Enter system view. system-view Enter priority map qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p| view. dscp-dp | dscp-dscp } By default, the default priority maps are used. For more information, see Configure mappings "Appendix."...

  • Page 35: Changing The Port Priority Of An Interface

    Changing the port priority of an interface If an interface does not trust any packet priority, the device uses its port priority to look for the set of priority parameters for the incoming packets. By changing port priority, you can prioritize traffic received on different interfaces.

  • Page 36

    Figure 6 Network diagram Device A Internet Server XGE1/0/3 Device C Device B Configuration procedure # Assign port priority to Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. Make sure that the priority of Ten-GigabitEthernet 1/0/1 is higher than that of Ten-GigabitEthernet 1/0/2, and that no trusted packet priority type is configured on Ten-GigabitEthernet 1/0/1 or Ten-GigabitEthernet 1/0/2.

  • Page 37

    Queuing plan Traffic Traffic priority order destination Traffic source Output queue Queue priority management Management Medium department > marketing department department Marketing department R&D department Management department > marketing Management Internet High department > R&D department department Marketing department Medium Figure 7 Network diagram Configuration procedure Enable trusting port priority:...

  • Page 38

    [Device] interface ten-gigabitethernet 1/0/3 [Device-Ten-GigabitEthernet1/0/3] qos priority 5 [Device-Ten-GigabitEthernet1/0/3] quit Configure the priority mapping table: # Configure the 802.1p-to-local mapping table to map 802.1p priority values 3, 4, and 5 to local precedence values 2, 6, and 4. This guarantees the R&D department, management department, and marketing department decreased priorities to access the public server.

  • Page 39

    [Device] traffic behavior rd [Device-behavior-rd] remark dot1p 3 [Device-behavior-rd] quit [Device] qos policy rd [Device-qospolicy-rd] classifier http behavior rd [Device-qospolicy-rd] quit [Device] interface ten-gigabitethernet 1/0/2 [Device-Ten-GigabitEthernet1/0/2] qos apply policy rd inbound...

  • Page 40: Configuring Traffic Policing, Gts, And Line Rate

    Configuring traffic policing, GTS, and line rate Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic.

  • Page 41: Traffic Policing

    CBS is implemented with bucket C, and EBS with bucket E. When only the CIR is used for traffic evaluation, packets are measured against the following bucket scenarios: If bucket C has enough tokens, packets are colored green. • If bucket C does not have enough tokens but bucket E has enough tokens, packets are colored •...

  • Page 42: Line Rate

    Forwarding the packet with its precedence re-marked if the evaluation result is "conforming." • Priorities that can be re-marked include 802.1p priority, DSCP precedence, and local precedence. GTS supports shaping the outbound traffic. GTS limits the outbound traffic rate by buffering exceeding traffic.

  • Page 43: Configuring Traffic Policing

    The line rate of a physical interface specifies the maximum rate for sending or receiving packets (including critical packets). Line rate also uses token buckets for traffic control. With line rate configured on an interface, all packets to be sent through the interface are handled by the token bucket at line rate. If enough tokens are in the token bucket, packets can be forwarded.

  • Page 44: Configuring Gts

    Step Command Remarks car cir committed-information-rate [ cbs committed-burst-size [ ebs Configure a traffic By default, no traffic policing action is excess-burst-size ] ] [ pir policing action. configured. peak-information-rate ] [ green action | red action | yellow action ] * Return to system view.

  • Page 45: Displaying And Maintaining Traffic Policing, Gts, And Line Rate

    Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number qos lr { inbound | outbound } cir Configure the line rate By default, line rate is not committed-information-rate [ cbs for the interface. configured on an interface. committed-burst-size ] Displaying and maintaining traffic policing, GTS, and line rate...

  • Page 46: Configuration Procedures

    Limit the outgoing HTTP traffic (traffic accessing the Internet) rate of Ten-GigabitEthernet 1/0/2 to • 102400 kbps and drop the excess traffic. Figure 12 Network diagram Configuration procedures Configure Device A: # Configure ACL 2001 and ACL 2002 to match traffic from Server and Host A, respectively. <DeviceA>...

  • Page 47

    [DeviceA-qospolicy-car] classifier server behavior server [DeviceA-qospolicy-car] classifier host behavior host [DeviceA-qospolicy-car] quit # Apply QoS policy car to the incoming traffic of port Ten-GigabitEthernet 1/0/1. [DeviceA] interface Ten-GigabitEthernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] qos apply policy car inbound Configure Device B: # Configure advanced ACL 3001 to match HTTP traffic. <DeviceB>...

  • Page 49: Configuring Congestion Management

    Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Impacts and countermeasures Figure 13 shows two typical congestion scenarios.

  • Page 50

    Figure 14 SP queuing Figure 14, SP queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in descending priority order. SP queuing schedules the eight queues in the descending order of priority. SP queuing sends packets in the queue with the highest priority first.

  • Page 51

    Assume a port provides eight output queues. WRR assigns each queue a weight value (represented by w7, w6, w5, w4, w3, w2, w1, or w0) to decide the proportion of resources assigned to the queue. The switch implements the weight of a queue by scheduling a certain number of bytes (byte-count WRR) or packets (packet-based WRR) for that queue.

  • Page 52: Configuration Approaches And Task List

    queue in a WFQ group and then the traffic beyond the minimum guaranteed bandwidths for the queues in the WFQ group according to the configured weights. The two WFQ groups are scheduled at a 1:1 ratio. Configuration approaches and task list To achieve congestion management, perform the following tasks: Tasks at a glance (Required.) Perform one of the following tasks to configure per-queue congestion management:...

  • Page 53: Configuration Example

    interface interface-type Enter interface view. interface-number The default queuing algorithm on an Enable WRR queuing. qos wrr { byte-count | weight } interface is byte-count WRR queuing. Select an approach according to the WRR queuing type. qos wrr queue-id group { 1 | 2 } Configure a WRR { byte-count | weight } By default, all queues are in group 1, and...

  • Page 54

    Select weight or byte-count according to the WFQ type (byte-count or qos wfq queue-id group { 1 | packet-based) you have enabled. Configure a WFQ queue. 2 } { byte-count | weight } schedule-value By default, all queues are in WFQ group 1 and have a weight of 1.

  • Page 55

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable WRR queuing on the qos wrr { byte-count | By default, all ports use WRR queuing. port. weight } Assign a queue to the SP qos wrr queue-id group By default, all the queues of a WRR-enabled queue scheduling group.

  • Page 56

    Configuration procedure Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable byte-count or The default queuing algorithm on an packet-based WFQ qos wfq [ byte-count | weight ] interface is WRR. queuing. By default, all the queues of a Assign a queue to the SP qos wfq queue-id group sp WFQ-enabled port are in WFQ group...

  • Page 57: Displaying And Maintaining Congestion Management

    [Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 5 min 128000 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 6 group 2 weight 1 [Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 6 min 128000 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 7 group 2 weight 3 [Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 7 min 128000 Displaying and maintaining congestion management Execute display commands in any view.

  • Page 58: Configuring Congestion Avoidance

    Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance actively monitors network resources (such as queues and memory buffers), and drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, it cooperates with the flow control mechanism (such as TCP flow control) at the source end to regulate the network traffic size.

  • Page 59: Configuring And Applying A Wred Table

    sender proactively slow down the packet sending rate or decrease the window size of packets. This better utilizes the network resources. RFC 2482 defined an end-to-end congestion notification mechanism named Explicit Congestion Notification (ECN). ECN uses the DS field in the IP header to mark the congestion status along the packet transmission path.

  • Page 60: Displaying And Maintaining Wred

    Exponent used for average queue size calculation—The bigger the exponent is, the less sensitive • the average queue size is to real-time queue size changes. The average queue size is calculated using the formula: average queue size = previous average queue size × (1-2 ) + current queue size ×...

  • Page 61

    To use better effort to forward higher-priority traffic, configure a lower drop probability for a queue • with a greater queue number. Set different drop parameters for queue 0, queue 3, and queue 7. Drop packets according to their colors. In queue 0, set the drop probability to 25%, 50%, and 75% •...

  • Page 62: Configuring Traffic Filtering

    Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status. Configuration procedure To configure traffic filtering: Step Command...

  • Page 63

    Configuration example Network requirements As shown in Figure 17, configure traffic filtering to filter the packets with port 21 as the source port and received on Ten-GigabitEthernet 1/0/1. Figure 17 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21. <DeviceA>...

  • Page 64: Configuring Priority Marking

    Configuring priority marking Overview Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a traffic class of IP packets to control the forwarding of these packets.

  • Page 65

    Configuring priority marking based on colors obtained through traffic policing After traffic policing evaluates and colors packets, the device can mark traffic with various priority values (including DSCP values, 802.1p priority values, and local precedence values) by color. Configure priority marking by using either of the following methods: •...

  • Page 66

    Step Command Remarks Use one or more of the commands. • Set the DSCP value for packets: By default, no priority remark [ green | red | yellow ] dscp marking action is dscp-value configured. • Set the 802.1p priority for packets or The switch supports local configure the inner-to-outer tag priority QoS IDs in the range of 1...

  • Page 67: Configuration Examples

    Configuration examples Remarking local precedence configuration example Network requirements As shown in Figure 18, configure priority marking on Device to satisfy the following requirements: Traffic source Destination Processing priority Host A, B Data server High Host A, B Mail server Medium Host A, B File server...

  • Page 68: Remarking Local Qos Id Configuration Example

    [Device] traffic classifier classifier_dbserver [Device-classifier-classifier_dbserver] if-match acl 3000 [Device-classifier-classifier_dbserver] quit # Create a traffic class named classifier_mserver, and use ACL 3001 as the match criterion in the traffic class. [Device] traffic classifier classifier_mserver [Device-classifier-classifier_mserver] if-match acl 3001 [Device-classifier-classifier_mserver] quit # Create a traffic class named classifier_fserver, and use ACL 3002 as the match criterion in the traffic class.

  • Page 69: Network Requirements

    feature, you can perform QoS actions for the old classes respectively and perform other QoS actions for the new class. In this way, you can perform layers of QoS actions for the specific packets. Network requirements As shown in Figure 19, configure local QoS ID marking and traffic policing to limit the outgoing traffic of the administration department and the R&D department to 102400 kbps, respectively, and limit the outgoing traffic of the marketing department (containing two sub-departments) to 204800 kbps.

  • Page 70

    # Create class admin, and use ACL 2001 as the match criterion. [SwitchA] traffic classifier admin [SwitchA-classifier-admin] if-match acl 2001 [SwitchA-classifier-admin] quit # Create class rd, and use ACL 2002 as the match criterion. [SwitchA] traffic classifier rd [SwitchA-classifier-rd] if-match acl 2002 [SwitchA-classifier-rd] quit # Create traffic behavior car_admin_rd, and configure traffic policing to limit the traffic rate to 102400 kbps.

  • Page 71

    [SwitchA] traffic behavior marketing_car [SwitchA-behavior-marketing_car] car cir 204800 [SwitchA-behavior-marketing_car] quit # In QoS policy car, associate class marketing with behavior remark_local_id to mark the outgoing traffic of the marketing department with local QoS ID 100. [SwitchA] qos policy car [SwitchA-qospolicy-car] classifier marketing behavior remark_local_id # In QoS policy car, associate class marketing_car with behavior marketing_car to limit the traffic rate of traffic with local QoS ID 100.

  • Page 72: Configuring Nesting

    Configuring nesting Nesting adds a VLAN tag to the matching packets, to allow the VLAN-tagged packets to pass through the corresponding VLAN. For example, you can add an outer VLAN tag to packets from a customer network to a service provider network. This allows the packets to pass through the service provider network by carrying a VLAN tag assigned by the service provider.

  • Page 73: Nesting Configuration Example

    Nesting configuration example Network requirements As shown in Figure 20, Site 1 and Site 2 in VPN A are two branches of a company, and they use VLAN 5 to transmit traffic. Because Site 1 and Site 2 are located in different areas, the two sites use the VPN access service of a service provider.

  • Page 74

    # Apply QoS policy test to the incoming traffic of the downlink port Ten-GigabitEthernet 1/0/1. [PE1-Ten-GigabitEthernet1/0/1] qos apply policy test inbound [PE1-Ten-GigabitEthernet1/0/1] quit # Configure the uplink port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100...

  • Page 75: Configuring Traffic Redirecting

    Configuring traffic redirecting Traffic redirecting is the action of redirecting the packets matching the specific match criteria to a certain location for processing. The following redirect actions are supported: Redirecting traffic to the CPU—Redirects packets that require processing by the CPU to the CPU. •...

  • Page 76

    Step Command Remarks By default, no Associate the traffic class classifier classifier-name behavior class-behavior with the traffic behavior in behavior-name association is configured the QoS policy. for a QoS policy. Return to system view. quit • Applying the QoS policy to an interface Choose one of the •...

  • Page 77

    Configuration procedure # Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1. <DeviceA> system-view [DeviceA] acl number 2000 [DeviceA-acl-basic-2000] rule permit source 2.1.1.1 0 [DeviceA-acl-basic-2000] quit # Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2. [DeviceA] acl number 2001 [DeviceA-acl-basic-2001] rule permit source 2.1.1.2 0 [DeviceA-acl-basic-2001] quit...

  • Page 78: Configuring Aggregate Car

    Configuring aggregate CAR Aggregate CAR overview An aggregate CAR action is created globally and can be directly applied to interfaces or referenced in the traffic behaviors associated with different traffic classes to police multiple traffic flows as a whole. The total rate of the traffic flows must conform to the traffic policing specifications set in the aggregate CAR action.

  • Page 79

    Figure 22 Network diagram Configuration procedure # Configure an aggregate CAR according to the rate limit requirements. <Device> system-view [Device] qos car aggcar-1 aggregative cir 2560 cbs 20000 red discard # Create class 1 to match traffic of VLAN 10. Create behavior 1 and reference the aggregate CAR in the behavior.

  • Page 80

    [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1]qos apply policy car inbound...

  • Page 81: Configuring Class-based Accounting

    Configuring class-based accounting Class-based accounting collects statistics (in packets or bytes) on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing the statistics, you can determine whether anomalies have occurred and what action to take. Configuration procedure Step Command...

  • Page 82

    Step Command Remarks • display qos policy control-plane slot slot-number [ inbound | outbound ] • display qos policy global [ slot slot-number ] [ inbound | outbound ] Display traffic accounting • display qos policy interface Available in any view. configuration.

  • Page 83

    [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound [DeviceA-Ten-GigabitEthernet1/0/1] quit # Display traffic statistics to verify the configuration. [DeviceA] display qos policy interface ten-gigabitethernet 1/0/1 Interface: Ten-GigabitEthernet1/0/1 Direction: Inbound Policy: policy Classifier: classifier_1 Operator: AND Rule(s) : If-match acl 2000 Behavior: behavior_1 Accounting Enable: 28529 (Packets)

  • Page 84: Configuring Data Buffers

    Configuring data buffers Data buffers temporarily store packets to avoid packet loss.Figure 24 shows the structure of egress buffers. The switch stores outgoing packets in the egress buffer when congestion occurs. Figure 24 Data buffer structure Fixed area Cell resources Shared area Egress buffer Fixed area...

  • Page 85: Configuration Task List

    Figure 25 Share area and fixed area Configuration task list You can configure data buffers either automatically by enabling the Burst function or manually. If you have configured data buffers in one way, delete the configuration before using the other way. Otherwise, the new configuration does not take effect.

  • Page 86: Configuring Data Buffers Manually

    Configuring data buffers manually CAUTION: Do not manually change data buffer settings in normal cases to avoid impact to the system. If large buffer spaces are needed, use the Burst function. The switch only supports configuring cell resources. Configuring the total shared-area ratio Cell resources of a buffer have a fixed size.

  • Page 87: Setting The Fixed-area Ratio For A Queue

    ratio-value Value of Effective value 77 to 86 89 to 100 Setting the fixed-area ratio for a queue By default, all queues have an equal share of the fixed area. This task allows you to change the fixed-area ratio for a specific queue. The other queues equally share the remaining part. The fixed-area space for a queue cannot be used by other queues.

  • Page 88: Configuring Time Ranges

    Configuring time ranges You can implement a service based on the time of the day by apply a time range to it. A time-based service only takes effect in any time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them.

  • Page 89: Verifying The Configuration

    Figure 26 Network diagram Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 201 1 to the end of the year. <DeviceA> system-view [DeviceA] time-range work 08:00 to 18:00 working-day from 00:00 6/1/2011 to 24:00 12/31/2011 # Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit only packets from 192.168.1.2/32 during the time range work.

  • Page 90: Appendix

    Appendix Appendix A Default priority maps For the default dscp-dscp priority map, an input value yields a target value equal to it. Table 8 Default dot1p-lp and dot1p-dp priority maps Input priority value dot1p-lp map dot1p-dp map dot1p Table 9 Default dscp-dp and dscp-dot1p priority maps Input priority value dscp-dp map dscp-dot1p map...

  • Page 91: Appendix B Introduction To Packet Precedences

    Appendix B Introduction to packet precedences IP precedence and DSCP values Figure 27 ToS and DS fields Bits: Bits: Preced Type of DSCP IPv4 ToS DS-Field ence Service (for IPv4,ToS byte octet,and for IPv6,Traffic Class octet ) Must Class Selector Currently RFC 1349 codepoints...

  • Page 92: P Priority

    DSCP value (decimal) DSCP value (binary) Description 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header and applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2.

  • Page 93

    Table 12 Description on 802.1p priority 802.1p priority (decimal) 802.1p priority (binary) Description best-effort background spare excellent-effort controlled-load video voice network-management...

  • Page 94: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 95: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 96

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 97: Index

    Index 802.1p category, 1 priority marking configuration, 59 naming, 1 802.1p priority numbering, 1 drop precedence, 58 aggregate CAR absolute time range configuration, 82 common CAR, 58 configuration, 72 advanced configuration, 5 priority marking configuration, 59 automatic rule numbering, 3 traffic policing, 58 automatic rule renumbering, 3 applications on switch, 1...

  • Page 98

    ACL Ethernet frame header, 1 local precedence remarking, 61 local QoS ID remarking, 62 ACL user-defined, 1 cell resource nesting, 66, 67 applying data buffer configuration, 81 priority map, 28 data buffer burst function, 79 priority mapping, 24, 27 data buffer configuration, 78, 79 priority mapping table and priority marking, 30 data buffer fixed-area ratio for queue, 81 priority mapping trusted port packet priority, 28...

  • Page 99

    configuration, 43, 46 GTS, 39 line rate, 39 WFQ queuing, 45 WRR queuing, 44 priority mapping, 29 control plane QoS policies, 22 QoS policy application, 20 traffic policing, 39 QoS policy application to control plane, 21 WRED, 54 copying an ACL, 8 displaying ACLs, 9 data buffer displaying time range, 82...

  • Page 100

    green packet ACL packet filtering configuration, 9 copying an ACL, 8 drop precedence, 58 naming ACLs, 1 displaying, 39 numbering ACLs, 1 non-MQC configuration, 38 line rate, 36 hardware congestion management displaying, 39 SP queuing, 43 QoS line rate configuration, 38 SP queuing configuration, 46 local precedence, 24 techniques, 43...

  • Page 101

    ACL packet fragment filtering, 3 network management ACL advanced configuration, 5 ACL switch applications, 1 aggregate CAR configuration, 72 ACL basic configuration, 4 congestion management techniques, 43 ACL configuration, 1, 3, 10 copying an ACL, 8 ACL Ethernet frame header configuration, 7 data buffer burst function, 79 ACL IPv4 advanced configuration, 5 data buffer fixed-area ratio for queue, 81...

  • Page 102

    QoS traffic policing configuration, 37 ACL IPv4 advanced configuration, 5 ACL IPv4 basic configuration, 4 numbering ACL autmoatic rule numbering, 3 ACL IPv6 advanced configuration, 6 ACL autmoatic rule renumbering, 3 ACL IPv6 basic configuration, 4 ACL rule numbering step, 3 ACL log generation and output interval, 9 ACLs, 1 ACL switch applications, 1...

  • Page 103

    priority mapping configuring data buffers manually, 80 configuring Ethernet frame header ACLs, 7 configuration, 24, 27 displaying, 29 configuring GTS, 38 drop priority, 24 configuring IPv4 advanced ACLs, 5 interface port priority, 29 configuring IPv4 basic ACLs, 4 local precedence, 24 configuring IPv6 advanced ACLs, 6 map configuration, 28 configuring IPv6 basic ACLs, 4...

  • Page 104

    defining QoS traffic class, 17 configuring nesting, 66 congestion avoidance, 14 displaying ACLs, 9 displaying congestion management, 51 congestion avoidance configuration, 52 displaying data buffer, 81 congestion avoidance tail drop, 52 displaying GTS, 39 congestion management, 14 displaying line rate, 39 congestion management configuration, 43, 46 displaying QoS policies, 22 congestion management techniques, 43...

  • Page 105

    priority mapping local precedence, 24 data buffer configuration, 78, 79 data buffer fixed-area ratio, 81 priority mapping table and priority marking configuration, 30 data buffer manual configuration, 80 priority mapping trusted port packet priority data buffer max shared-area ratio, 80 configuration, 28 data buffer shared-area ratio configuration, 80 priority mapping user priority, 24...

  • Page 106

    ACL automatic rule numbering, 3 tail drop, 52 ACL automatic rule renumbering, 3 ACL config match order sort, 2 congestion avoidance tail drop, 52 ACL match order, 2 RED congestion avoidance, 52 ACL naming, 1 WRED congestion avoidance, 52 ACL numbering, 1 Telnet ACL numbering step, 3 ACL switch applications, 1...

  • Page 107

    local QoS ID remarking, 62 QoS traffic classification, 14 QoS traffic evaluation, 34 nesting configuration, 66, 67 policing configuration, 39 QoS traffic policing, 14, 35 priority map configuration, 28 QoS traffic policing configuration, 34, 37, 39 priority mapping drop priority, 24 QoS traffic shaping, 14 priority mapping interface port priority, 29 redirection configuration, 69...

  • Page 108

    configuration, 54 WRR queuing, 44 displaying, 54 configuration, 46 ECN and congestion avoidance, 52 yellow packet queue-based WRED table application, 53 drop precedence, 58 queue-based WRED table configuration, 53...

This manual also for:

5900

Comments to this Manuals

Symbols: 0
Latest comments: