HP FlexFabric 5700 Switch Series
ACL and QoS
Part number: 5998-6661
Software version: Release 2416
Document version: 6W100-20150130

Advertising

   Also See for HP FlexFabric 5700 series

   Summary of Contents for HP FlexFabric 5700 series

  • Page 1: Configuration Guide

    HP FlexFabric 5700 Switch Series ACL and QoS Configuration Guide Part number: 5998-6661 Software version: Release 2416 Document version: 6W100-20150130...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring ACLs ························································································································································· 1   Overview ············································································································································································ 1   Applications on the switch ······································································································································ 1   ACL categories ························································································································································· 1   Numbering and naming ACLs ································································································································ 2   Match order ······························································································································································ 2   Rule numbering ························································································································································· 3   Fragments filtering with ACLs ·································································································································· 3  ...

  • Page 4: Table Of Contents

    Applying the QoS policy to a control plane ······································································································ 23   Applying the QoS policy to a user profile ·········································································································· 24   Displaying and maintaining QoS policies ·················································································································· 24   Configuring priority mapping ··································································································································· 26   Overview ········································································································································································· 26   Introduction to priorities ········································································································································...

  • Page 5: Table Of Contents

    Configuring congestion avoidance ··························································································································· 58   Overview ········································································································································································· 58   Tail drop ································································································································································· 58   RED and WRED ····················································································································································· 58   ECN ········································································································································································ 59   Configuring and applying a WRED table ··················································································································· 59   Configuration procedure ······································································································································ 60   Configuration example ········································································································································· 60  ...

  • Page 6: Table Of Contents

      Basic QCN configuration example ··················································································································· 102   MultiCND QCN configuration example ··········································································································· 105   Support and other resources ·································································································································· 111   Contacting HP ······························································································································································ 111   Subscription service ············································································································································ 111   Related information ······················································································································································ 111   Documents ···························································································································································· 111  ...

  • Page 7: Configuring Acls, Acl Categories

    Configuring ACLs Overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs"...

  • Page 8: Match Order

    Numbering and naming ACLs Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a number. In addition, you can assign the ACL a name for ease of identification. After creating an ACL with a name, you cannot rename it or delete its name.

  • Page 9: Rule Numbering

    Traditional packet filtering matches only first fragments of packets, and allows all subsequent non-first fragments to pass through. Attackers can fabricate non-first fragments to attack networks. To avoid the risks, the HP ACL implementation does the following: Filters all fragments by default, including non-first fragments.

  • Page 10: Configuration Task List

    Configuration task list Tasks at a glance (Required.) Perform at least one of the following tasks: • Configuring a basic ACL Configuring an IPv4 basic ACL Configuring an IPv6 basic ACL • Configuring an advanced ACL Configuring an IPv4 advanced ACL Configuring an IPv6 advanced ACL •...

  • Page 11: Configuring An Ipv6 Basic Acl

    Step Command Remarks (Optional.) Add or edit a rule By default, no rule comments are rule rule-id comment text comment. configured. Configuring an IPv6 basic ACL IPv6 basic ACLs match packets based only on source IP addresses. To configure an IPv6 basic ACL: Step Command Remarks...

  • Page 12: Configuring An Ipv4 Advanced Acl

    Configuring an IPv4 advanced ACL IPv4 advanced ACLs match packets based on the following criteria: • Source IP addresses. Destination IP addresses. • Packet priorities. • Protocol numbers. • Other protocol header information, such as TCP/UDP source and destination port numbers, TCP •...

  • Page 13: Configuring An Ipv6 Advanced Acl

    Configuring an IPv6 advanced ACL IPv6 advanced ACLs match packets based on the following criteria: • Source IPv6 addresses. Destination IPv6 addresses. • Packet priorities. • Protocol numbers. • Other protocol header fields such as the TCP/UDP source port number, TCP/UDP destination port •...

  • Page 14: Configuring An Ethernet Frame Header Acl

    Step Command Remarks rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | By default, IPv6 advanced ACL does not contain any rst rst-value | syn syn-value | rule.

  • Page 15: Configuring A User-defined Acl

    Step Command Remarks By default, no ACL exists. Ethernet frame header ACLs are Create an Ethernet frame acl number acl-number [ name numbered in the range of 4000 to header ACL and enter its acl-name ] [ match-order { auto | 4999.

  • Page 16: Copying An Acl

    Step Command Remarks By default, a user-defined ACL rule deny permit does not contain any rule. [ rule-id ] { rule-string rule-mask A user-defined ACL cannot be used Create or edit a rule. counting offset }&<1-8> ] [ for outbound QoS traffic time-range classification or outbound packet time-range-name ] *...

  • Page 17: Filtering Logs

    Applying an ACL to an interface for packet filtering Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, an interface does not packet-filter [ ipv6 ] { acl-number | filter packets. Apply an ACL to the interface name acl-name } { inbound | to filter packets.

  • Page 18: Acl Configuration Example

    Setting the packet filtering default action Step Command Remarks Enter system view. system-view By default, the packet filter permits Set the packet filtering default packet-filter default deny packets that do not match any ACL action to deny. rule to pass. Displaying and maintaining ACLs Execute display commands in any view and reset commands in user view.

  • Page 19: Configuration Procedure

    Permit access from the Financial department to the database server only during working hours (from • 8:00 to 18:00) on working days. Deny access from any other department to the database server. • Figure 1 Network diagram Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. <DeviceA>...

  • Page 20

    Pinging 192.168.0.100 with 32 bytes of data: Reply from 192.168.0.100: bytes=32 time=1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms The output shows that the database server can be pinged.

  • Page 21: Qos Overview

    QoS overview In data communications, Quality of Service (QoS) provides differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. Network resources are limited. When configuring a QoS scheme, you must consider the characteristics of different applications.

  • Page 22: Qos Techniques Overview

    QoS techniques overview The QoS techniques include the following features: • Traffic classification. Traffic policing. • Traffic shaping. • Rate limit. • Congestion management. • • Congestion avoidance. The following section briefly introduces these QoS techniques. All QoS techniques in this document are based on the DiffServ model. Deploying QoS in a network Figure 2 Position of the QoS techniques in a network As shown in...

  • Page 23

    Congestion avoidance—Monitors the network resource usage. It is usually applied to the outgoing • traffic of a port. When congestion worsens, congestion avoidance reduces the queue length by dropping packets.

  • Page 24: Configuring A Qos Policy

    Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy.

  • Page 25: Configuration Guidelines

    Defining a traffic class Configuration guidelines When you configure a traffic class, follow these restrictions and guidelines: If the traffic class includes the customer-vlan-id match criterion, a QoS policy that contains the • traffic class can be applied only to interfaces. If the traffic class includes both the control-plane protocol or control-plane protocol-group criterion •...

  • Page 26: Defining A Traffic Behavior

    Option Description Matches control plane protocols. control-plane protocol The protocol-name&<1-8> argument specifies a space-separated list of up to protocol-name&<1-8> eight system-defined control plane protocols. Matches a control plane protocol group. control-plane protocol-group The protocol-group-name argument can be critical, important, management, protocol-group-name monitor, normal, or redirect.

  • Page 27: Applying The Qos Policy

    To define a traffic behavior: Step Command Remarks Enter system view. system-view Create a traffic behavior and By default, no traffic behavior is traffic behavior behavior-name enter traffic behavior view. configured. See the subsequent chapters, depending on the purpose of the Configure actions in the traffic By default, no action is configured traffic behavior: traffic policing,...

  • Page 28: Applying The Qos Policy To An Interface, Applying The Qos Policy To A Vlan

    You can modify traffic classes, traffic behaviors, and class-behavior associations in a QoS policy even after it is applied. If a traffic class uses an ACL for traffic classification, you can delete or modify the ACL (such as add rules to, delete rules from, and modify rules of the ACL). QoS policies applied to an interface, a VLAN, and globally are in descending order of priority.

  • Page 29: Applying The Qos Policy Globally

    Step Command Remarks Enter system view. system-view Apply the QoS policy to qos vlan-policy policy-name vlan By default, no QoS policy is applied VLANs. vlan-id-list { inbound | outbound } to a VLAN. Applying the QoS policy globally You can apply a QoS policy globally to the inbound or outbound direction of all ports. To apply the QoS policy globally: Step Command...

  • Page 30: Displaying And Maintaining Qos Policies

    Configuration procedure To apply the QoS policy to a control plane: Step Command Remarks Enter system view. system-view Enter control plane view. control-plane slot slot-number By default, no QoS policy Apply the QoS policy to qos apply policy policy-name inbound is applied to a control the control plane.

  • Page 31

    display traffic behavior user-defined [ behavior-name ] [ slot Display traffic behavior configuration. slot-number ] Display QoS and ACL resource usage. display qos-acl resource [ slot slot-number ] display qos policy user-defined [ policy-name [ classifier Display QoS policy configuration. classifier-name ] ] [ slot slot-number ] Display QoS policy configuration on the display qos policy interface [ interface-type interface-number ]...

  • Page 32: Configuring Priority Mapping

    Configuring priority mapping Overview When a packet arrives, a device assigns a set of QoS priority parameters to the packet based on either a priority field carried in the packet or the port priority of the incoming port. This process is called priority mapping.

  • Page 33: Priority Trust Mode On A Port

    The default priority maps (as shown in "Appendix A Default priority maps") are available for priority mapping. They are adequate in most cases. If a default priority map cannot meet your requirements, you can modify the priority map as required. Priority trust mode on a port The priority trust mode on a port determines which priority is used for priority mapping table lookup.

  • Page 34: Priority Mapping Process

    Using the port priority as the 802.1p priority for priority mapping. The port priority is user • configurable. Table 5 Priority mapping results of not trusting packet priority (when the default dot1p-lp priority mapping table is used) Port priority Local precedence Queue ID 0 (default) The priority mapping process varies with priority trust mode.

  • Page 35: Priority Mapping Configuration Tasks

    Figure 4 Priority mapping process for an Ethernet packet Receive a packet on a port Should the packet be marked with local precedence or drop priority? Mark it with local precedence or drop priority Which priority is 802.1p in packets Port priority trusted on the port? Use port priority as...

  • Page 36: Configuring A Priority Map

    Tasks at a glance (Required.) Perform one of the following tasks: • Configuring an interface to trust packet priority for priority mapping • Changing the port priority of an interface Configuring a priority map Step Command Remarks Enter system view. system-view Enter priority map qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p |...

  • Page 37: Displaying And Maintaining Priority Mapping

    • Configure the interface to trust the DSCP precedence. qos trust dscp • Configure the interface to trust Use one of these commands. Configure the trusted the 802.1p priority of received By default, an interface does not trust any packet priority type. packets.

  • Page 38

    Figure 5 Network diagram Switch A Internet Server XGE1/0/3 Switch C Switch B Configuration procedure # Assign port priority to Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. Make sure the following requirements are met: The port priority of Ten-GigabitEthernet 1/0/1 is higher than that of Ten-GigabitEthernet 1/0/2. •...

  • Page 39

    Table 6 Configuration plan Queuing plan Traffic Traffic priority order destination Traffic source Output queue Queue priority R&D department High R&D department > Management Management Public servers Medium department > Marketing department department Marketing department R&D department Management department > Marketing Management Internet High...

  • Page 40

    [Switch] interface ten-gigabitethernet 1/0/2 [Switch-Ten-GigabitEthernet1/0/2] qos priority 4 [Switch-Ten-GigabitEthernet1/0/2] quit # Set the port priority of Ten-GigabitEthernet 1/0/3 to 5. [Switch] interface ten-gigabitethernet 1/0/3 [Switch-Ten-GigabitEthernet1/0/3] qos priority 5 [Switch-Ten-GigabitEthernet1/0/3] quit Configure the 802.1p-to-local mapping table to map 802.1p priority values 3, 4, and 5 to local precedence values 2, 6, and 4.

  • Page 41

    [Switch-Ten-GigabitEthernet1/0/1] qos apply policy market inbound # Configure a priority marking policy for the R&D department, and apply the policy to the incoming traffic of Ten-GigabitEthernet 1/0/2. [Switch] traffic behavior rd [Switch-behavior-rd] remark dot1p 3 [Switch-behavior-rd] quit [Switch] qos policy rd [Switch-qospolicy-rd] classifier http behavior rd [Switch-qospolicy-rd] quit [Switch] interface ten-gigabitethernet 1/0/2...

  • Page 42: Traffic Evaluation And Token Buckets

    Configuring traffic policing, GTS, and rate limit Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic.

  • Page 43: Traffic Policing

    Otherwise, the packet is colored red. • Single rate three color—Uses two token buckets and the following parameters: CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or forwarding rate allowed by bucket C. CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward.

  • Page 44

    Figure 7 Traffic policing Traffic policing is widely used in policing traffic entering the ISP networks. It can classify the policed traffic and take predefined policing actions on each packet depending on the evaluation result as follows: Forwarding the packet if the evaluation result is "conforming." •...

  • Page 45: Rate Limit

    Figure 8 GTS For example, in Figure 9, Switch B performs traffic policing on packets from Switch A and drops packets exceeding the limit. To avoid packet loss, you can perform GTS on the outgoing interface of Switch A so that packets exceeding the limit are cached in Switch A.

  • Page 46: Configuring Traffic Policing

    Figure 10 Rate limit implementation The token bucket mechanism limits traffic rate when accommodating bursts. It allows bursty traffic to be transmitted if enough tokens are available. If tokens are scarce, packets cannot be transmitted until efficient tokens are generated in the token bucket. It restricts the traffic rate to the rate for generating tokens.

  • Page 47: Configuring Gts

    Step Command Remarks car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action | red action | yellow action ] * Use either of the commands. Configure a traffic car cir committed-information-rate [ cbs By default, no traffic policing action is policing action.

  • Page 48: Configuring The Rate Limit

    Configuring the rate limit The rate limit of a physical interface specifies the maximum rate of incoming packets or outgoing packets. To configure the rate limit: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type interface-number view. qos lr { inbound | outbound } cir Configure the rate limit By default, rate limit is not...

  • Page 49: Configuration Procedures

    Limit the outgoing HTTP traffic (traffic accessing the Internet) rate of Ten-GigabitEthernet 1/0/2 to • 102400 kbps and drop the excess traffic. Figure 11 Network diagram Server Internet Host A Switch B XGE1/0/2 XGE1/0/1 1.1.1.1/8 Ethernet 1.1.1.2/8 Host B XGE1/0/1 XGE1/0/3 Switch A XGE1/0/2...

  • Page 50

    [SwitchA] qos policy car [SwitchA-qospolicy-car] classifier server behavior server [SwitchA-qospolicy-car] classifier host behavior host [SwitchA-qospolicy-car] quit # Apply QoS policy car to the incoming traffic of port Ten-GigabitEthernet 1/0/1. [SwitchA] interface Ten-GigabitEthernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy car inbound Configure Switch B: # Configure advanced ACL 3001 to match HTTP traffic.

  • Page 51

    [SwitchB-Ten-GigabitEthernet1/0/2] qos apply policy car_outbound outbound...

  • Page 52: Configuring Congestion Management

    Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 12 shows two typical congestion scenarios.

  • Page 53: Wrr Queuing

    Figure 13 SP queuing Figure 13, SP queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in descending priority order. SP queuing schedules the eight queues in descending order of priority. SP queuing sends packets in the queue with the highest priority first.

  • Page 54

    Figure 14 WRR queuing Queue 0 Weight 1 Packets to be sent through this port Queue 1 Weight 2 Sent packets Interface …… Queue N-2 Weight N-1 Queue Sending queue Packet scheduling classification Queue N-1 Weight N Assume a port provides eight output queues. WRR assigns each queue a weight value (represented by w7, w6, w5, w4, w3, w2, w1, or w0) to decide the proportion of resources assigned to the queue.

  • Page 55: Wfq Queuing

    WFQ queuing Figure 15 WFQ queuing Queue 0 Weight 1 Packets to be sent through this port Queue 1 Weight 2 Sent packets Interface …… Queue N-2 Weight N-1 Queue Sending queue Packet scheduling classification Queue N-1 Weight N WFQ is similar to WRR. The difference is that WFQ enables you to set guaranteed bandwidth that a WFQ queue can get during congestion.

  • Page 56: Configuring Queuing, Configuring Sp Queuing

    Congestion management configuration task list Tasks at a glance Remarks (Required.) Configuring queuing • Configuring SP queuing • Configuring WRR queuing Perform one of the tasks. • Configuring WFQ queuing • Configuring SP+WRR queuing • Configuring SP+WFQ queuing (Optional.) Configuring queue scheduling profiles (Optional.) Setting the queue aging time Configuring queuing...

  • Page 57: Configuring Wfq Queuing

    Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view. interface-number Enable byte-count or packet-based WRR qos wrr { byte-count | weight } By default, byte-count WRR queuing is used. queuing. Select weight or byte-count according to the Assign a queue to a type (byte-count or packet-based) of WRR you WRR group, and...

  • Page 58: Configuring Sp+wrr Queuing

    Select weight or byte-count according to the type (byte-count or Assign a queue to a WFQ group, qos wfq queue-id group { 1 | packet-based) of WFQ you have and configure scheduling 2 } { byte-count | weight } enabled. parameters for the queue.

  • Page 59: Configuring Sp+wfq Queuing

    Step Command Remarks Enter system view. system-view interface interface-type Enter Ethernet interface view. interface-number Enable byte-count or qos wrr { byte-count | By default, all ports use WRR queuing. packet-based WRR queuing. weight } Assign a queue to the SP qos wrr queue-id group By default, all the queues of a WRR-enabled group.

  • Page 60

    Step Command Remarks interface interface-type Enter Ethernet interface view. interface-number Enable byte-count or The default queuing algorithm on an packet-based WFQ qos wfq [ byte-count | weight ] interface is WRR. queuing. By default, all the queues of a Assign a queue to the SP qos wfq queue-id group sp WFQ-enabled port are in WFQ group group.

  • Page 61: Displaying And Maintaining Queuing

    Displaying and maintaining queuing Execute display commands in any view. Task Command display qos queue sp interface [ interface-type Display SP queuing configuration. interface-number ] display qos queue wrr interface [ interface-type Display WRR queuing configuration. interface-number ] display qos queue wfq interface [ interface-type Display WFQ queuing configuration.

  • Page 62: Configuring A Queue Scheduling Profile

    Queues 1 and 2 in WRR group 2 are scheduled according to their weights when all other queues • are empty. Configuring a queue scheduling profile You can modify the scheduling parameters in a queue scheduling profile already applied to an interface. The modification takes effect immediately.

  • Page 63: Queue Scheduling Profile Configuration Example

    Queue scheduling profile configuration example Network requirements Configure a queue scheduling profile on interface Ten-GigabitEthernet 1/0/1 to meet the following requirements: Queue 7 has the highest priority, and its packets are sent preferentially. • Queue 4, queue 5, and queue 6 in WRR group 1 are scheduled according to their weights, which •...

  • Page 64: Configuring Congestion Avoidance, Tail Drop

    Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance: • Actively monitors network resources (such as queues and memory buffers). Drops packets when congestion is expected to occur or deteriorate. •...

  • Page 65: Configuring And Applying A Wred Table

    By dropping packets, WRED alleviates the influence of congestion on the network. However, the network resources for transmitting packets from the sender to the device which drops the packets are wasted. When congestion occurs, it is a better idea to inform the sender of the congestion status and have the sender proactively slow down the packet sending rate or decrease the window size of packets.

  • Page 66

    Upper limit and lower limit—When the average queue size is smaller than the lower limit, packets • are not dropped. When the average queue size is between the lower limit and the upper limit, the packets are dropped based on the user-configured drop probability. When the average queue size exceeds the upper limit, subsequent packets are dropped.

  • Page 67: Displaying And Maintaining Wred

    In queue 0, set the drop probability to 25%, 50%, and 75% for green, yellow, and red packets, respectively. In queue 3, set the drop probability to 5%, 10%, and 25% for green, yellow, and red packets, respectively. In queue 7, set the drop probability to 1%, 5%, and 10% for green, yellow, and red packets, respectively.

  • Page 68: Configuring Traffic Filtering

    Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from an IP address according to network status. Configuration procedure To configure traffic filtering: Step Command...

  • Page 69: Configuration Example

    Step Command Remarks (Optional.) Display the display traffic behavior user-defined traffic filtering Available in any view. [ behavior-name ] configuration. Configuration example Network requirements As shown in Figure 17, configure traffic filtering on Ten-GigabitEthernet 1/0/1 to deny the incoming packets with port 21 as the source port. Figure 17 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21.

  • Page 70: Configuring Priority Marking

    Configuring priority marking Overview Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a traffic class of IP packets to control the forwarding of these packets.

  • Page 71: Configuring Color-based Priority Marking

    Configuring color-based priority marking Configuring priority marking based on colors obtained through traffic policing After traffic policing evaluates and colors packets, the switch can mark traffic with various priority values (including DSCP values, 802.1p priority values, and local precedence values) by color. Configure priority marking by using either of the following methods: Configuring the priority marking actions by color in the traffic policing action.

  • Page 72: Priority Marking Configuration Examples

    Step Command Remarks By default, no priority • Set the DSCP value for packets: marking action is remark [ green | red | yellow ] dscp configured. dscp-value The switch supports local • Set the 802.1p priority for packets or QoS IDs in the range of 1 configure the inner-to-outer tag priority to 3999.

  • Page 73

    Traffic source Destination Processing priority Host A, B Data server High Host A, B Mail server Medium Host A, B File server Figure 18 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets with destination IP address 192.168.0.1.

  • Page 74: Local Qos Id Marking Configuration Example

    [Switch-classifier-classifier_mserver] quit # Create a traffic class named classifier_fserver, and use ACL 3002 as the match criterion in the traffic class. [Switch] traffic classifier classifier_fserver [Switch-classifier-classifier_fserver] if-match acl 3002 [Switch-classifier-classifier_fserver] quit # Create a traffic behavior named behavior_dbserver, and configure the action of setting the local precedence value to 4.

  • Page 75: Configuration Considerations

    Figure 19 Network diagram IP network Switch A XGE1/0/1 Management Marketing Marketing R&D department department department 1 department 2 192.168.2.0/24 192.168.1.0/24 192.168.3.0/24 192.168.4.0/24 Configuration considerations Configure two classes to match the traffic from the Management department and the R&D • department, respectively, and then configure traffic policing behaviors for the two classes.

  • Page 76

    [SwitchA-classifier-rd] if-match acl 2002 [SwitchA-classifier-rd] quit # Create traffic behavior car_admin_rd, and configure traffic policing to limit the traffic rate to 102400 kbps. [SwitchA] traffic behavior car_admin_rd [SwitchA-behavior-car_admin_rd] car cir 102400 [SwitchA-behavior-car_admin_rd] quit # Create QoS policy car, and associate classes admin and rd with behavior car_admin_rd. [SwitchA] qos policy car [SwitchA-qospolicy-car] classifier admin behavior car_admin_rd [SwitchA-qospolicy-car] classifier rd behavior car_admin_rd...

  • Page 77

    # In QoS policy car, associate class marketing_car with behavior marketing_car to limit the traffic rate of traffic with local QoS ID 100. [SwitchA-qospolicy-car] classifier marketing_car behavior marketing_car [SwitchA-qospolicy-car] quit # Apply QoS policy car to the incoming traffic of Ten-GigabitEthernet1/0/1. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy car inbound...

  • Page 78: Configuring Nesting

    Configuring nesting Nesting adds a VLAN tag to the matching packets to allow the VLAN-tagged packets to pass through the corresponding VLAN. For example, you can add an outer VLAN tag to packets from a customer network to a service provider network. This allows the packets to pass through the service provider network by carrying a VLAN tag assigned by the service provider.

  • Page 79

    Step Command Remarks Choose one of the • Applying the QoS policy to an interface application destinations as needed. Apply the QoS policy. • Applying the QoS policy to a VLAN • Applying the QoS policy globally By default, a QoS policy is not applied.

  • Page 80

    # Create a QoS policy named test, and associate class test with behavior test in the QoS policy. [PE1] qos policy test [PE1-qospolicy-test] classifier test behavior test [PE1-qospolicy-test] quit # Configure the downlink port Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign the port to VLAN 100 as an untagged member.

  • Page 81: Configuring Traffic Redirecting

    Configuring traffic redirecting Traffic redirecting redirects packets matching the specified match criteria to a location for processing. The following redirect actions are supported: Redirecting traffic to the CPU—Redirects packets that require processing by the CPU to the CPU. • Redirecting traffic to an interface—Redirects packets that require processing by an interface to the •...

  • Page 82

    Step Command Remarks Create a QoS policy and By default, no QoS policy qos policy policy-name enter QoS policy view. exists. By default, no Associate the traffic class classifier classifier-name behavior class-behavior with the traffic behavior in behavior-name [ insert-before association is configured the QoS policy.

  • Page 83

    Figure 21 Network diagram XGE1/0/2 XGE1/0/2 VLAN 200 VLAN 200 Vlan-int200 Vlan-int200 200.1.1.1/24 200.1.1.2/24 XGE1/0/1 XGE1/0/1 XGE1/0/3 XGE1/0/3 Switch A Switch B VLAN 201 VLAN 201 Vlan-int201 Vlan-int201 201.1.1.1/24 201.1.1.2/24 Configuration procedure # Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1. <SwitchA>...

  • Page 84

    [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound...

  • Page 85: Configuring Aggregate Car

    Configuring aggregate CAR An aggregate CAR action is created globally and can be directly applied to interfaces or used in the traffic behaviors associated with different traffic classes to police multiple traffic flows as a whole. The total rate of the traffic flows must conform to the traffic policing specifications set in the aggregate CAR action.

  • Page 86

    Figure 22 Network diagram Internet Switch XGE1/0/1 VLAN 10 VLAN 100 Configuration procedure # Configure an aggregate CAR according to the rate limit requirements. <Switch> system-view [Switch] qos car aggcar-1 aggregative cir 2560 cbs 20480 red discard # Create class 1 to match traffic of VLAN 10. Create behavior 1 and use the aggregate CAR in the behavior.

  • Page 87

    # Apply the QoS policy to the incoming traffic of Ten-GigabitEthernet 1/0/1. [Switch] interface ten-gigabitethernet 1/0/1 [Switch-Ten-GigabitEthernet1/0/1]qos apply policy car inbound...

  • Page 88: Configuring Class-based Accounting

    Configuring class-based accounting Class-based accounting collects statistics (in packets or bytes) on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing the statistics, you can determine whether anomalies have occurred and what action to take. Configuration procedure To configure class-based accounting: Step...

  • Page 89

    Step Command Remarks • display qos policy control-plane slot slot-number • display qos policy global [ slot slot-number ] [ inbound | outbound ] Display traffic accounting • display qos policy interface Available in any view. configuration. [ interface-type interface-number ] [ inbound | outbound ] •...

  • Page 90

    [Switch] interface Ten-GigabitEthernet 1/0/1 [Switch-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound [Switch-Ten-GigabitEthernet1/0/1] quit # Display traffic statistics to verify the configuration. [Switch] display qos policy interface Ten-GigabitEthernet 1/0/1 Interface: Ten-GigabitEthernet1/0/1 Direction: Inbound Policy: policy Classifier: classifier_1 Operator: AND Rule(s) : If-match acl 2000 Behavior: behavior_1 Accounting enable: 28529 (Packets)

  • Page 91: Appendixes

    Appendixes Appendix A Default priority maps For the default dscp-dscp priority maps, an input value yields a target value equal to it. Table 7 Default dot1p-lp and dot1p-dp priority maps Input priority value dot1p-lp map dot1p-dp map dot1p Table 8 Default dscp-dp and dscp-dot1p priority maps Input priority value dscp-dp map dscp-dot1p map...

  • Page 92: Ip Precedence And Dscp Values

    Appendix B Introduction to packet precedences IP precedence and DSCP values Figure 24 ToS and DS fields Bits: Bits: Preced Type of DS-Field DSCP IPv4 ToS ence Service (for IPv4,ToS byte octet,and for IPv6,Traffic Class octet ) Must Class Selector Currently RFC 1349 codepoints...

  • Page 93: P Priority

    DSCP value (decimal) DSCP value (binary) Description 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header. It applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2.

  • Page 94

    Table 11 Description on 802.1p priority 802.1p priority (decimal) 802.1p priority (binary) Description best-effort background spare excellent-effort controlled-load video voice network-management...

  • Page 95: Configuring Time Ranges

    Configuring time ranges You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them.

  • Page 96

    Figure 27 Network diagram Server Host A XGE1/0/1 XGE1/0/2 192.168.1.2/24 Device A 192.168.0.100/24 Host B 192.168.1.3/24 Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 201 1 to the end of the year. <DeviceA>...

  • Page 97: Configuring Data Buffers

    Configuring data buffers An interface stores outgoing packets in the egress buffer when congestion occurs. An egress buffer uses the following types of resources: Cell resources—Store packets. The buffer uses cell resources based on packet sizes. Suppose a cell • resource provides 208 bytes.

  • Page 98: Enabling The Burst Function

    If you have configured data buffers in one way, delete the configuration before using the other way. Otherwise, the new configuration does not take effect. To configure the data buffer, perform the following tasks: Tasks at a glance Perform one of the following tasks: •...

  • Page 99: Configuring The Total Shared-area Ratio

    Configuring the total shared-area ratio Each type of resources of a buffer, packet or cell, has a fixed size. After you set the total shared-area ratio for a type of resources, the rest is automatically assigned to the fixed area. To configure the total shared-area ratio: Step Command...

  • Page 100: Setting The Fixed-area Ratio For A Queue

    Setting the fixed-area ratio for a queue By default, all queues have an equal share of the fixed area. This task allows you to change the fixed-area ratio for a queue. The unconfigured queues equally share the remaining part. The fixed-area space for a queue cannot be used by other queues. It is also called the minimum guaranteed buffer.

  • Page 101: Basic Concepts

    Configuring QCN Quantized Congestion Notification (QCN) is an end-to-end congestion notification mechanism that can reduce packet loss and delay in Layer 2 networks by actively sending reverse notifications. As part of data center standards, QCN is primarily used in data center networks. Basic concepts Reaction point (RP)—A source end host that supports QCN.

  • Page 102: Cnm Format

    Figure 29 Data flow format CNM format When a CP detects the congestion state by sampling frames, it sends CNMs to the RPs. The CP constructs a CNM as follows: Uses the source MAC address of the sampled frame as the destination MAC address. •...

  • Page 103: How Qcn Works

    Figure 31 CNM PDU format Octet Length Version 4 bits ReservedV 1, 2 6 bits Quantized Feedback 6 bits Congestion Point Identifier (CPID) cnmQOffset cnmQDelta Encapsulated priority Encapsulated destination MAC address Encapsulated MSDU length – Encapsulated MSDU How QCN works Figure 32 shows how QCN works.

  • Page 104: Qcn Algorithm

    QCN algorithm The QCN algorithm includes the CP algorithm and the RP algorithm. CP algorithm The CP measures the queue size by periodically sampling frames and computes the congestion state based on the sampling result. As shown in Figure 33, the CP algorithm includes the following parameters: •...

  • Page 105: Protocols And Standards

    A CND is a set of RPs and CPs enabled with QCN for a CNPV. CNDs are identified based on CNPVs. Devices enabled with QCN for a CNPV are assigned to the corresponding CND. A CNPV-based CND prevents traffic from outside the CND from entering the CND. If a frame from outside the CND includes the CNPV, the 802.1p priority value of the frame is mapped to a configured alternate priority value.

  • Page 106: Configuration Prerequisites

    QCN configuration task list Tasks at a glance (Required.) Enabling QCN globally Configuring CND settings • (Required.) Configuring global CND settings • (Optional.) Configuring CND settings for an interface (Optional.) Configuring congestion detection parameters Enabling QCN globally QCN settings take effect only after you enable QCN globally. Configuration prerequisites Before you enable QCN globally, enable LLDP.

  • Page 107: Configuring Global Cnd Settings

    Configuring global CND settings Perform this task to assign a switch to a CND identified by the specified CNPV. After you assign a switch to a CND, the switch can detect congestion for packets within the CND. You can assign a switch to multiple CNDs by specifying multiple CNPVs for the switch. For example, a switch can be assigned to CND 1, CND 2, and CND 3 and have an alternate priority of 0 in all three CNDs.

  • Page 108: Configuring Congestion Detection Parameters

    Configuring congestion detection parameters Perform this task to detect congestion for packets in a CND. You configure congestion detection parameters in a profile. Before you configure congestion detection parameters, you must assign the switch to the CND. To configure congestion detection parameters: Step Command Remarks...

  • Page 109

    Figure 34 Network diagram IP network XGE1/0/2 CND 1 Switch B XGE1/0/1 XGE1/0/3 XGE1/0/2 XGE1/0/2 XGE1/0/1 XGE1/0/1 Switch A Switch C RP 1 RP 2 Configuration procedure Configure Switch A: # Create VLAN 100, and assign Ten-GigabitEthernet 1/0/1 to the VLAN. <SwitchA>...

  • Page 110

    Configure Switch B: # Create VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] quit # Configure the following interfaces as trunk ports, and assign all of them to VLAN 100: Ten-GigabitEthernet 1/0/1. Ten-GigabitEthernet 1/0/2. Ten-GigabitEthernet 1/0/3. [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk [SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [SwitchB-Ten-GigabitEthernet1/0/1] quit...

  • Page 111: Multicnd Qcn Configuration Example

    [SwitchA] display qcn interface Interface: Ten-GigabitEthernet1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior Interface: Ten-GigabitEthernet1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior # Display the CND settings for interfaces on Switch B. [SwitchB] display qcn interface Interface: Ten-GigabitEthernet1/0/1 CNPV Mode Defense-mode Alternate ---------------------------------------------------...

  • Page 112

    Configure QCN for CNPV 1 to meet the following requirements: • Switch A, Switch B, and Switch C detect congestion for traffic with 802.1p priority 1. Switch A and Switch B do not detect congestion for traffic with 802.1p priority 5. •...

  • Page 113

    [SwitchA-Ten-GigabitEthernet1/0/2] quit # Enable QCN globally. [SwitchA] qcn enable # Assign the switch to the CND with CNPV 1, and configure all interfaces to negotiate the defense mode and alternate priority by using LLDP. [SwitchA] qcn priority 1 auto Configure Switch B in the same way Switch A is configured. (Details not shown.) Configure Switch C: # Create VLAN 100 and VLAN 200.

  • Page 114

    [SwitchC-Ten-GigabitEthernet1/0/1] quit [SwitchC] interface ten-gigabitethernet 1/0/2 [SwitchC-Ten-GigabitEthernet1/0/2] lldp tlv-enable dot1-tlv congestion-notification [SwitchC-Ten-GigabitEthernet1/0/2] quit [SwitchC] interface ten-gigabitethernet 1/0/3 [SwitchC-Ten-GigabitEthernet1/0/3] lldp tlv-enable dot1-tlv congestion-notification [SwitchC-Ten-GigabitEthernet1/0/3] quit [SwitchC] interface ten-gigabitethernet 1/0/4 [SwitchC-Ten-GigabitEthernet1/0/4] lldp tlv-enable dot1-tlv congestion-notification [SwitchC-Ten-GigabitEthernet1/0/4] quit # Enable QCN globally. [SwitchC] qcn enable # Assign the switch to the CNDs with CNPV 1 and CNPV 5.

  • Page 115

    Interface: Ten-GigabitEthernet1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior Interface: Ten-GigabitEthernet1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior # Display the CND settings for interfaces on Switch B. [SwitchB] display qcn interface Interface: Ten-GigabitEthernet1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior Interface: Ten-GigabitEthernet1/0/2 CNPV...

  • Page 116

    Interface: Ten-GigabitEthernet1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready Interface: Ten-GigabitEthernet1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready # Display the CND settings for interfaces on Switch E. [SwitchE] display qcn interface Interface: Ten-GigabitEthernet1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready Interface: Ten-GigabitEthernet1/0/2 CNPV...

  • Page 117: Support And Other Resources, Subscription Service, Related Information

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 118: Command Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 119

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 120: Index

    Index Numerics time range configuration, 89, time range display, user-defined configuration, QoS packet 802.1p priority, advanced ACL 802.1p category, priority marking configuration, naming, QCN CND, numbering, QCN CND priority mapping, aggregate CAR 802.1p priority configuration, 79, 79, drop precedence, priority marking configuration, algorithm absolute time range (ACL), 89, QCN algorithm,...

  • Page 121

    bandwidth committed access rate. Use QoS overview, common CAR QoS policy configuration, priority marking configuration, basic ACL configuring category, ACL, 1, 4, configuration, ACL (advanced), behavior ACL (basic), QoS traffic behavior definition, ACL (Ethernet frame header), best-effort QoS service model, ACL (user-defined), buffer ACL packet filtering,...

  • Page 122

    QoS congestion management SP+WRR Domain. Use queuing, Message. Use QoS congestion management WFQ control plane queuing, QoS policy application, QoS congestion management WRR QoS policy application (control plane), queuing, copying QoS data buffer total shared-area ratio, ACL, QoS global CAR, QoS GTS, 36, data QoS nesting, 72,...

  • Page 123

    QoS policy application (user profile), data buffer configuration, 91, QoS policy application (VLAN), QoS data buffer max queue ratio, QoS policy interface application, format DiffServ QoS service model, QCN CNM format, displaying QCN data flow format, ACL, QCN message, data buffer, forwarding QCN, ACL configuration, 1, 4,...

  • Page 124

    ACL configuration (IPv4 basic), QCN CND defense interior, ACL naming, QCN CND defense interiorReady, ACL numbering, modular QoS. Use ACL packet filtering configuration, IPv6 QoS GTS, ACL configuration (IPv6 advanced), MQC QoS ACL configuration (IPv6 basic), traffic policing, ACL naming, multi-CND QCN, ACL numbering, ACL packet filtering configuration,...

  • Page 125

    QoS congestion management SP+WRR QoS priority marking configuration, queuing configuration, QoS service models, QoS congestion management WFQ QoS techniques, queuing, time range configuration, 89, QoS congestion management WRR non-modular QoS. Use non-MQC queuing, non-MQC QoS data buffer fixed-area max queue ratio, QoS GTS, QoS data buffer shared-area max queue QoS traffic policing,...

  • Page 126

    QoS priority marking configuration, 64, marking. See priority marking QoS rate limit, QCN CND priority mapping, QoS traffic evaluation, QoS packet 802.1p priority, QoS traffic filtering configuration, 62, QoS packet IP precedence and DSCP values, QoS traffic policing, priority mapping QoS traffic redirection configuration, 75, configuration, 26, QoS trusted port packet priority,...

  • Page 127

    configuring color-based priority marking, configuring QoS priority mapping priority trust mode, configuring data buffer, configuring QoS priority mapping table+priority configuring data buffers manually, marking, configuring local precedence marking, configuring QoS priority mapping trusted port configuring multi-CND QCN, packet priority, configuring priority marking based on colors configuring QoS priority marking, 64, obtained through mapping drop configuring QoS rate limit,...

  • Page 128

    profile congestion avoidance WRED display, QoS policy application (user profile), congestion avoidance WRED queue-based table, protocols and standards congestion avoidance+ECN, QCN, congestion management configuration, 46, congestion management queue scheduling profile, 55, 57, algorithm, congestion management queuing, algorithm (CP), congestion management SP queuing, 46, algorithm (RP), congestion management SP+WFQ queuing basic concepts,...

  • Page 129

    policy application (VLAN), traffic evaluation, policy configuration, traffic evaluation with token bucket, 36, policy definition, traffic filtering configuration, 62, policy display, traffic policing, 37, 40, policy interface application, traffic policing configuration, policy maintain, traffic policing display, priority mapping configuration, 26, traffic redirection configuration, 75, priority mapping display, QoS policy...

  • Page 130

    ACL configuration (advanced), QoS models, ACL configuration (basic), QoS nesting configuration, 72, ACL configuration (Ethernet frame header), QoS overview, ACL configuration (user-defined), QoS policy configuration, QoS congestion management configuration, QoS priority marking configuration, 64, QoS GTS configuration, QoS techniques, QoS priority mapping configuration, 26, QoS traffic filtering configuration, 62, QoS priority mapping priority trust mode, setting...

  • Page 131

    time range configuration, 89, QoS policy application (control plane), time range QoS policy application (global), configuration, 89, QoS policy application (user profile), display, QoS policy application (VLAN), token bucket QoS policy configuration, QoS complicated traffic evaluation, QoS policy definition, QoS traffic evaluation, 36, QoS policy interface application, QoS traffic forwarding, QoS priority map,...

  • Page 132

    ACL packet filtering applicable scope (VLAN interface), QoS nesting configuration, 72, QoS policy application, QoS policy application (VLAN), ACL switch applications, weighted random early detection. Use WRED WFQ queuing bandwidth, configuration, WRED configuration, congestion avoidance+ECN, display, queue-based WRED table, WRR queuing basic queuing, configuration, group-based queuing,...

Comments to this Manuals

Symbols: 0
Latest comments: