Hewlett Packard Enterprise FlexFabric 5940 Series Configuration Manual
  1. Manuals
  2. Brands
  3. Hewlett Packard Enterprise Manuals
  4. Switch
  5. FlexFabric 5940 Series
  6. Configuration manual

Hewlett Packard Enterprise FlexFabric 5940 Series Configuration Manual

Acl and qos
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
HPE FlexFabric 5940 Switch Series
ACL and QoS Configuration Guide
Part number: 5200-1002b
Software version: Release 25xx
Document version: 6W102-20170830

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexFabric 5940 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Hewlett Packard Enterprise FlexFabric 5940 Series

Summary of Contents for Hewlett Packard Enterprise FlexFabric 5940 Series

  • Page 1 HPE FlexFabric 5940 Switch Series ACL and QoS Configuration Guide Part number: 5200-1002b Software version: Release 25xx Document version: 6W102-20170830...
  • Page 2 Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the...

  • Page 3: Table Of Contents

    Contents Configuring ACLs ············································································· 1   Overview ·································································································································· 1   ACL types ·························································································································· 1   Numbering and naming ACLs ································································································ 1   Match order ························································································································ 1   Rule numbering ·················································································································· 2   Fragment filtering with ACLs ·································································································· 3   Configuration restrictions and guidelines ························································································· 3  ...
  • Page 4 Configuring an interface to trust packet priority for priority mapping ····················································· 26   Changing the port priority of an interface ······················································································· 26   Displaying and maintaining priority mapping ·················································································· 27   Priority mapping configuration examples ······················································································· 27   Port priority configuration example ························································································ 27  ...
  • Page 5 Configuring nesting ········································································· 63   Configuration procedure ············································································································ 63   Configuration example ·············································································································· 63   Network requirements ········································································································ 63   Configuration procedure ····································································································· 64   Configuring traffic redirecting ···························································· 66   Configuration procedure ············································································································ 66   Configuration example ·············································································································· 67  ...
  • Page 6   Conventions ························································································································· 102   Network topology icons ··········································································································· 103   Support and other resources ·························································· 104   Accessing Hewlett Packard Enterprise Support ············································································ 104   Accessing updates ················································································································· 104   Websites ······················································································································· 105   Customer self repair ········································································································· 105  ...

  • Page 7: Configuring Acls

    Configuring ACLs Overview An access control list (ACL) is a set of rules for identifying traffic based on criteria such as source IP address, destination IP address, and port number. The rules are also called permit or deny statements. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs"...

  • Page 8: Rule Numbering

    • auto—Sorts ACL rules in depth-first order. Depth-first ordering makes sure any subset of a rule is always matched before the rule. Table 1 lists the sequence of tie breakers that depth-first ordering uses to sort rules for each type of ACL. Table 1 Sort ACL rules in depth-first order ACL type Sequence of tie breakers...

  • Page 9: Fragment Filtering With Acls

    Automatic rule numbering and renumbering The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step to the current highest rule ID, starting with 0. For example, if the step is 5, and there are five rules numbered 0, 5, 9, 10, and 12, the newly defined rule is numbered 15.

  • Page 10: Configuration Task List

    Configuration task list Tasks at a glance (Required.) Configure ACLs according to the characteristics of the packets to be matched: • Configuring a basic ACL Configuring an IPv4 basic ACL Configuring an IPv6 basic ACL • Configuring an advanced ACL Configuring an IPv4 advanced ACL Configuring an IPv6 advanced ACL •...

  • Page 11: Configuring An Ipv6 Basic Acl

    Step Command Remarks By default, no IPv4 basic ACL rules exist. The logging keyword takes effect only when the module (for example, packet filtering) that uses the ACL supports logging. If an IPv4 basic ACL is used for QoS traffic classification or packet filtering in a VXLAN network, the rule [ rule-id ] { deny | permit } ACL matches packets as follows:...

  • Page 12: Configuring An Advanced Acl

    Step Command Remarks rule [ rule-id ] { deny | permit } [ counting | fragment | logging | By default, no IPv6 basic ACL routing [ type routing-type ] | rules exist. source { source-address The logging keyword takes effect Create or edit a rule.

  • Page 13: Configuring An Ipv6 Advanced Acl

    Step Command Remarks By default, no IPv4 advanced ACL rules exist. The logging keyword takes effect only when the module (for rule [ rule-id ] { deny | permit } example, packet filtering) that protocol [ { { ack ack-value | fin uses the ACL supports logging.

  • Page 14: Configuring A Layer 2 Acl

    Step Command Remarks By default, no ACLs exist. The value range for a numbered IPv6 advanced ACL is 3000 to 3999. Use the acl ipv6 advanced acl ipv6 advanced { acl-number | Create an IPv6 advanced acl-number command to enter the name acl-name } [ match-order ACL and enter its view.

  • Page 15: Configuring A User-Defined Acl

    Step Command Remarks Enter system view. system-view By default, no ACLs exist. The value range for a numbered Layer 2 ACL is 4000 to 4999. acl mac { acl-number | name Use the acl mac acl-number Create a Layer 2 ACL and acl-name } [ match-order { auto | command to enter the view of a enter its view.

  • Page 16: Copying An Acl

    Step Command Remarks rule [ rule-id ] { deny | permit } [ { l2 rule-string rule-mask By default, no user-defined ACL Create or edit a rule. offset }&<1-8> ] [ counting | rules exist. time-range time-range-name ] * (Optional.) Add or edit a rule By default, no rule comment is rule rule-id comment text comment.

  • Page 17: Configuring The Applicable Scope Of Packet Filtering On A Vlan Interface

    Step Command Remarks By default, an interface does not filter packets. To the same direction of an interface, you can apply a packet-filter [ ipv6 | mac | maximum of four ACLs: one IPv4 Apply an ACL to the interface user-defined ] { acl-number | ACL, one IPv6 ACL, one Layer 2 to filter packets.

  • Page 18: Setting The Packet Filtering Default Action

    Step Command Remarks The default setting is 0 minutes. Set the interval for outputting acl { logging | trap } interval By default, the device does not packet filtering logs or generate log entries or SNMP interval notifications. notifications for packet filtering. Setting the packet filtering default action Step Command...

  • Page 19: Acl Configuration Examples

    ACL configuration examples Interface-based packet filter configuration example Network requirements A company interconnects its departments through the device. Configure a packet filter to: • Permit access from the President's office at any time to the financial database server. • Permit access from the Finance department to the database server only during working hours (from 8:00 to 18:00) on working days.
  • Page 20 [Device-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Verify that a PC in the Finance department can ping the database server during working hours. (All PCs in this example use Windows XP). C:\> ping 192.168.0.100 Pinging 192.168.0.100 with 32 bytes of data: Reply from 192.168.0.100: bytes=32 time=1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255...

  • Page 21: Qos Overview

    QoS overview In data communications, Quality of Service (QoS) provides differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. QoS manages network resources and prioritizes traffic to balance system resources. The following section describes typical QoS service models and widely used QoS techniques.

  • Page 22: Deploying Qos In A Network

    The following section briefly introduces these QoS techniques. All QoS techniques in this document are based on the DiffServ model. Deploying QoS in a network Figure 2 Position of the QoS techniques in a network As shown in Figure 2, traffic classification, traffic shaping, traffic policing, congestion management, and congestion avoidance mainly implement the following functions: •...
  • Page 23 Figure 3 QoS processing flow...

  • Page 24: Configuring A Qos Policy

    Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy.

  • Page 25: Defining A Traffic Class

    Defining a traffic class Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name By default, no traffic classes exist. enter traffic class view. [ operator { and | or } ] By default, no match criterion is configured.

  • Page 26: Applying The Qos Policy

    Applying the QoS policy You can apply a QoS policy to the following destinations: • Interface—The QoS policy takes effect on the traffic sent or received on the interface. • VLAN—The QoS policy takes effect on the traffic sent or received on all ports in the VLAN. •...

  • Page 27: Applying The Qos Policy To Vlans

    Step Command Remarks By default, no QoS policy is applied to an interface. You cannot apply a QoS Apply the QoS policy to qos apply policy policy-name { inbound | policy to the outbound the interface. outbound } direction of a Layer 2 aggregate interface, Layer 3 aggregate interface, or VSI interface.

  • Page 28: Applying The Qos Policy To A User Profile

    • Data plane—The units at the data plane are responsible for receiving, transmitting, and switching (forwarding) packets, such as various dedicated forwarding chips. They deliver super processing speeds and throughput. • Control plane—The units at the control plane are processing units running most routing and switching protocols.

  • Page 29: Displaying And Maintaining Qos Policies

    Step Command Remarks Enter system view. system-view The configuration made in user profile view Enter user profile view. takes effect only after it is successfully issued user-profile profile-name to the driver. By default, no QoS policy is applied to a user profile.

  • Page 30: Configuring Priority Mapping

    Configuring priority mapping Both Layer 2 and Layer 3 Ethernet interfaces support priority mapping. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

  • Page 31: Priority Mapping Configuration Tasks

    Priority mapping configuration tasks You can configure priority mapping by using any of the following methods: • Configuring priority trust mode—In this method, you can configure an interface to look up a trusted priority type (802.1p, for example) in incoming packets in the priority maps. Then, the system maps the trusted priority to the target priority types and values.

  • Page 32: Configuring An Interface To Trust Packet Priority For Priority Mapping

    Configuring an interface to trust packet priority for priority mapping You can configure the device to trust a particular priority field carried in packets for priority mapping on interfaces or globally. When you configure the trusted packet priority type on an interface, use the following available keywords: •...

  • Page 33: Displaying And Maintaining Priority Mapping

    Step Command Remarks By default, the port priority is 0, and the DSCP value of packets is not modified. When no priority trust mode is configured for an interface, the interface uses the port priority as the Set the port priority of the 802.1p priority for priority qos priority [ dscp ] priority-value interface.

  • Page 34: Priority Mapping Table And Priority Marking Configuration Example

    Figure 5 Network diagram Configuration procedure # Assign port priority to Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. Make sure the priority of Ten-GigabitEthernet 1/0/1 is higher than that of Ten-GigabitEthernet 1/0/2. <DeviceC> system-view [DeviceC] interface ten-gigabitethernet 1/0/1 [DeviceC-Ten-GigabitEthernet1/0/1] qos priority 3 [DeviceC-Ten-GigabitEthernet1/0/1] quit [DeviceC] interface ten-gigabitethernet 1/0/2 [DeviceC-Ten-GigabitEthernet1/0/2] qos priority 1...
  • Page 35 Queuing plan Traffic Traffic priority order Output Queue destination Traffic source queue priority R&D department Management department > Marketing Management Internet High department > R&D department department Marketing department Medium Figure 6 Network diagram Internet Host Host Server Server Management department R&D department Device Data server...
  • Page 36 Configure the 802.1p-to-local mapping table to map 802.1p priority values 3, 4, and 5 to local precedence values 2, 6, and 4. This guarantees the R&D department, Management department, and Marketing department decreased priorities to access the public servers. [Device] qos map-table dot1p-lp [Device-maptbl-dot1p-lp] import 3 export 2 [Device-maptbl-dot1p-lp] import 4 export 6 [Device-maptbl-dot1p-lp] import 5 export 4...
  • Page 37 # Create a QoS policy named rd, and associate traffic class http with traffic behavior rd in QoS policy rd. [Device] qos policy rd [Device-qospolicy-rd] classifier http behavior rd [Device-qospolicy-rd] quit # Apply QoS policy rd to the inbound direction of Ten-GigabitEthernet 1/0/2. [Device] interface ten-gigabitethernet 1/0/2 [Device-Ten-GigabitEthernet1/0/2] qos apply policy rd inbound...

  • Page 38: Configuring Traffic Policing, Gts, And Rate Limit

    Configuring traffic policing, GTS, and rate limit Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic. Traffic policing, Generic Traffic Shaping (GTS), and rate limit control the traffic rate and resource usage according to traffic specifications.

  • Page 39: Traffic Policing

    CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or forwarding rate allowed by bucket C. CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward. EBS—Size of bucket E minus size of bucket C, which specifies the transient burst of traffic that bucket E can forward.

  • Page 40: Gts

    Figure 7 Traffic policing Traffic policing is widely used in policing traffic entering the ISP networks. It can classify the policed traffic and take predefined policing actions on each packet depending on the evaluation result: • Forwarding the packet if the evaluation result is "conforming." •...

  • Page 41: Rate Limit

    Figure 8 GTS For example, in Figure 9, Device B performs traffic policing on packets from Device A and drops packets exceeding the limit. To avoid packet loss, you can perform GTS on the outgoing interface of Device A so that packets exceeding the limit are cached in Device A. Once resources are released, GTS takes out the cached packets and sends them out.

  • Page 42: Configuration Restrictions And Guidelines

    Figure 10 Rate limit implementation The token bucket mechanism limits traffic rate when accommodating bursts. It allows bursty traffic to be transmitted if enough tokens are available. If tokens are scarce, packets cannot be transmitted until efficient tokens are generated in the token bucket. It restricts the traffic rate to the rate for generating tokens.

  • Page 43: Configuring Gts By Using The Non-Mqc Approach

    Step Command Remarks By default, no match criterion is configured. Configure a match if-match match-criteria For more information about the criterion. if-match command, see ACL and QoS Command Reference. Return to system quit view. Create a traffic behavior and enter By default, no traffic behaviors exist.

  • Page 44: Configuring The Rate Limit For An Interface

    Step Command Remarks qos gts queue queue-id cir Configure GTS for a By default, GTS is not configured committed-information-rate [ cbs queue. on an interface. committed-burst-size ] Configuring the rate limit for an interface The rate limit for an interface specifies the maximum rate of incoming or outgoing packets on the interface.

  • Page 45: Configuration Procedure

    Perform traffic control for the packets that Ten-GigabitEthernet 1/0/1 of Device A receives from the server and Host A using the following guidelines: • Limit the rate of packets from the server to 10240 kbps. When the traffic rate is below 10240 kbps, the traffic is forwarded.
  • Page 46 [DeviceA-behavior-server] quit # Create a traffic behavior named host, and configure a traffic policing action (CIR 2560 kbps). [DeviceA] traffic behavior host [DeviceA-behavior-host] car cir 2560 [DeviceA-behavior-host] quit # Create a QoS policy named car, and associate traffic classes server and host with traffic behaviors server and host in QoS policy car, respectively.
  • Page 47 # Apply QoS policy car_inbound to the inbound direction of Ten-GigabitEthernet 1/0/1. [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] qos apply policy car_inbound inbound # Apply QoS policy car_outbound to the outbound direction of Ten-GigabitEthernet 1/0/2. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] qos apply policy car_outbound outbound...

  • Page 48: Configuring Congestion Management

    Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 12 shows two typical congestion scenarios.

  • Page 49: Wrr Queuing

    Figure 13 SP queuing Figure 13, SP queuing classifies eight queues on an interface into eight classes, numbered 7 to 0 in descending priority order. SP queuing schedules the eight queues in the descending order of priority. SP queuing sends packets in the queue with the highest priority first.

  • Page 50: Wfq Queuing

    Assume an interface provides eight output queues. WRR assigns each queue a weight value (represented by w7, w6, w5, w4, w3, w2, w1, or w0). The weight value of a queue decides the proportion of resources assigned to the queue. On a 100 Mbps interface, you can set the weight values to 50, 30, 10, 10, 50, 30, 10, and 10 for w7 through w0.

  • Page 51: Configuring Per-Queue Congestion Management

    • Configure queue scheduling for each queue in interface view, as described in "Configuring per-queue congestion management." • Configure a queue scheduling profile, as described in "Configuring a queue scheduling profile." Both Layer 2 and Layer 3 Ethernet interfaces support the congestion management feature. The term "interface"...

  • Page 52: Configuring Wfq Queuing

    Step Command Remarks By default, queues 0 through 7 are in WRR Assign a queue to a group 1 and have a weight of 1, 2, 3, 4, 5, 9, WRR group, and qos wrr queue-id group 1 13, and 15, respectively. configure scheduling { byte-count | weight } Select byte-count or weight according to...

  • Page 53: Configuring Sp+Wfq Queuing

    Step Command Remarks By default, all queues on an interface are in WRR group 1, and the scheduling values of Assign a queue to the queues 0 through 7 are 1, 2, 3, 4, 5, 9, 13, qos wrr queue-id group WRR group, and configure and 15, respectively.

  • Page 54: Configuring A Queue Scheduling Profile

    Step Command Remarks By default, all queues on a WFQ-enabled interface are in WFQ Assign a queue to the WFQ group 1 and have a scheduling value of qos wfq queue-id group 1 group, and configure a { byte-count | weight } scheduling weight for the schedule-value Select byte-count or weight according...

  • Page 55: Configuration Restrictions And Guidelines

    Figure 16 Queue scheduling profile configured with both SP and WRR • Queue 7 has the highest priority. Its packets are sent preferentially. • Queue 6 has the second highest priority. Packets in queue 6 are sent when queue 7 is empty. •...

  • Page 56: Queue Scheduling Profile Configuration Example

    Step Command Remarks The default setting is 0 kbps. (Optional.) Set the minimum bandwidth queue queue-id min You can configure this guaranteed bandwidth for a bandwidth-value command only for a WFQ queue. queue. Return to system view. quit interface interface-type Enter interface view.

  • Page 57: Displaying And Maintaining Congestion Management

    Displaying and maintaining congestion management Execute display commands in any view and reset commands in user view. Task Command display qos queue sp interface [ interface-type Display SP queuing configuration. interface-number ] display qos queue wrr interface [ interface-type Display WRR queuing configuration. interface-number ] display qos queue wfq interface [ interface-type Display WFQ queuing configuration.

  • Page 58: Configuring Congestion Avoidance

    Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance: • Actively monitors network resources (such as queues and memory buffers). • Drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, congestion avoidance cooperates with the flow control mechanism at the source end to regulate the network traffic size.

  • Page 59: Relationship Between Wred And Queuing Mechanisms

    • Drop probability. Relationship between WRED and queuing mechanisms Figure 17 Relationship between WRED and queuing mechanisms Queue 1 weight 1 WRED drop Packets to be sent through this interface Packets sent Queue 2 weight 2 Interface …… …… Queue N-1 weight N-1 Classify Schedule Sending queue...

  • Page 60: Configuring And Applying A Queue-Based Wred Table

    In actual applications, the following packets are considered as packets that an ECN-capable endpoint transmits: • Packets with ECT set to 1 and CE set to 0. • Packets with ECT set to 0 and CE set to 1. After you enable ECN on a device, congestion management processes packets as follows: •...

  • Page 61: Configuration Procedure

    Configuration procedure By using a queue-based WRED table, WRED randomly drops packets during congestion based on the queues that hold packets. To configure and apply a queue-based WRED table: Step Command Remarks Enter system view. system-view Create a WRED table qos wred queue table table-name and enter its view.

  • Page 62: Displaying And Maintaining Wred

    [Sysname-wred-table-queue-table1] queue 0 drop-level 1 low-limit 128 high-limit 512 discard-probability 50 [Sysname-wred-table-queue-table1] queue 0 drop-level 2 low-limit 128 high-limit 512 discard-probability 75 [Sysname-wred-table-queue-table1] queue 3 drop-level 0 low-limit 256 high-limit 640 discard-probability 5 [Sysname-wred-table-queue-table1] queue 3 drop-level 1 low-limit 256 high-limit 640 discard-probability 10 [Sysname-wred-table-queue-table1] queue 3 drop-level 2 low-limit 256 high-limit 640 discard-probability 25...

  • Page 63: Configuring Traffic Filtering

    Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from an IP address according to network status. Configuration procedure To configure traffic filtering: Step Command...

  • Page 64: Configuration Procedure

    Figure 18 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is not 21. <Device> system-view [Device] acl advanced 3000 [Device-acl-ipv4-adv-3000] rule 0 permit tcp source-port neq 21 [Device-acl-ipv4-adv-3000] quit # Create a traffic class named classifier_1, and use ACL 3000 as the match criterion in the traffic class.

  • Page 65: Configuring Priority Marking

    Configuring priority marking Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a class of IP packets to control the forwarding of these packets.

  • Page 66: Configuration Example

    Step Command Remarks • Set the DSCP value for packets: remark [ green | red | yellow ] dscp dscp-value • Set the 802.1p priority for packets or configure the inner-to-outer tag priority copying feature: remark [ green | red | yellow ] dot1p dot1p-value remark dot1p customer-dot1p-trust Use one of the...

  • Page 67: Configuration Procedure

    Traffic source Destination Processing priority Host A, B Mail server Medium Host A, B File server Figure 19 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets with destination IP address 192.168.0.1. <Device> system-view [Device] acl advanced 3000 [Device-acl-ipv4-adv-3000] rule permit ip destination 192.168.0.1 0 [Device-acl-ipv4-adv-3000] quit...
  • Page 68 # Create a traffic class named classifier_fserver, and use ACL 3002 as the match criterion in the traffic class. [Device] traffic classifier classifier_fserver [Device-classifier-classifier_fserver] if-match acl 3002 [Device-classifier-classifier_fserver] quit # Create a traffic behavior named behavior_dbserver, and configure the action of setting the local precedence value to 4.

  • Page 69: Configuring Nesting

    Configuring nesting Nesting adds a VLAN tag to the matching packets to allow the VLAN-tagged packets to pass through the corresponding VLAN. For example, you can add an outer VLAN tag to packets from a customer network to a service provider network. This allows the packets to pass through the service provider network by carrying a VLAN tag assigned by the service provider.

  • Page 70: Configuration Procedure

    • Site 1 and Site 2 in VPN A are two branches of a company. They use VLAN 5 to transmit traffic. • Because Site 1 and Site 2 are located in different areas, the two sites use the VPN access service of a service provider.
  • Page 71 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-Ten-GigabitEthernet1/0/2] quit Configuring PE 2 Configure PE 2 in the same way PE 1 is configured.

  • Page 72: Configuring Traffic Redirecting

    Configuring traffic redirecting Traffic redirecting redirects packets matching the specified match criteria to a location for processing. You can redirect packets to an interface or the CPU. Configuration procedure To configure traffic redirecting: Step Command Remarks Enter system view. system-view Create a traffic class and By default, no traffic classes traffic classifier classifier-name...

  • Page 73: Configuration Example

    Step Command Remarks Choose one of the application destinations as needed. • Applying the QoS policy to an interface By default, no QoS policy is applied. • Applying the QoS policy to VLANs • If a QoS policy applied to a user Applying the QoS policy globally 11.

  • Page 74: Configuration Procedure

    Configuration procedure # Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1. <DeviceA> system-view [DeviceA] acl basic 2000 [DeviceA-acl-ipv4-basic-2000] rule permit source 2.1.1.1 0 [DeviceA-acl-ipv4-basic-2000] quit # Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2. [DeviceA] acl basic 2001 [DeviceA-acl-ipv4-basic-2001] rule permit source 2.1.1.2 0 [DeviceA-acl-ipv4-basic-2001] quit...

  • Page 75: Configuring Global Car

    Configuring global CAR Overview Global committed access rate (CAR) is an approach to policing traffic flows globally. It adds flexibility to common CAR where traffic policing is performed only on a per-traffic class or per-interface basis. In this approach, CAR actions are created in system view and each can be used to police multiple traffic flows as a whole.

  • Page 76: Configuring Aggregate Car By Using The Mqc Approach

    • Use a hierarchical CAR action to limit their total traffic rate to 192 kbps. • Use the hierarchical CAR action for both flow 1 and flow 2 in AND mode. When flow 1 is not present, flow 2 is transmitted at the maximum rate, 128 kbps. When both flows are present, the total rate of the two flows cannot exceed 192 kbps.

  • Page 77: Configuring Class-Based Accounting

    Configuring class-based accounting Class-based accounting collects statistics (in packets or bytes) on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing the statistics, you can determine whether anomalies have occurred and what action to take.

  • Page 78: Configuration Example

    Step Command Remarks • display qos policy control-plane slot slot-number • display qos policy global [ slot slot-number ] [ inbound | outbound ] • display qos policy interface [ interface-type interface-number ] 12. Display traffic accounting [ inbound | outbound ] Available in any view.
  • Page 79 [Device-qospolicy-policy] classifier classifier_1 behavior behavior_1 [Device-qospolicy-policy] quit # Apply QoS policy policy to the incoming traffic of Ten-GigabitEthernet 1/0/1. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound [Device-Ten-GigabitEthernet1/0/1] quit # Display traffic statistics to verify the configuration. [Device] display qos policy interface ten-gigabitethernet 1/0/1 Interface: Ten-GigabitEthernet1/0/1 Direction: Inbound Policy: policy...

  • Page 80: Appendixes

    Appendixes Appendix A Acronym Table 3 Appendix A Acronym Acronym Full spelling Best Effort Committed Access Rate Committed Burst Size Congestion Experienced Committed Information Rate DiffServ Differentiated Service DSCP Differentiated Services Code Point Excess Burst Size Explicit Congestion Notification FIFO First in First out Generic Traffic Shaping IntServ...

  • Page 81: Appendix C Introduction To Packet Precedence

    Table 4 Default dot1p-lp and dot1p-dp priority maps Input priority dot1p-lp map dot1p-dp map value dot1p Table 5 Default dscp-dp and dscp-dot1p priority maps Input priority dscp-lp map dscp-dp map value dscp 0 to 7 8 to 15 16 to 23 24 to 31 32 to 39 40 to 47...
  • Page 82 As shown in Figure 23, the ToS field in the IP header contains 8 bits. The first 3 bits (0 to 2) represent IP precedence from 0 to 7. According to RFC 2474, the ToS field is redefined as the differentiated services (DS) field.

  • Page 83: 802.1P Priority

    802.1p priority 802.1p priority lies in the Layer 2 header. It applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2. Figure 24 An Ethernet frame with an 802.1Q tag header As shown in Figure 24, the 4-byte 802.1Q tag header contains the 2-byte tag protocol identifier (TPID)
  • Page 84 Figure 26 MPLS label structure...

  • Page 85: Configuring Time Ranges

    Configuring time ranges You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them. If a time range does not exist, the service based on the time range does not take effect.
  • Page 86 Figure 27 Network diagram Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 2015 to the end of the year. <DeviceA> system-view [DeviceA] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2015 to 24:00 12/31/2015 # Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit packets only from 192.168.1.2/32 during the time range work.

  • Page 87: Configuring Data Buffers

    Configuring data buffers Data buffers temporarily store packets to avoid packet loss. The switch has an ingress buffer and an egress buffer. Figure 28 shows the structure of ingress and egress buffers. An interface stores outgoing packets in the egress buffer when congestion occurs, and stores incoming packets in the ingress buffer when the CPU is busy.

  • Page 88: Configuration Task List

    Figure 29 Fixed area and shared area Shared area Queue 0 Queue 1 Queue 2 Queue 3 Fixed area Queue 4 Queue 5 Queue 6 Queue 7 Port 1 Port 2 Port 3 Port 4 … Configuration task list You can configure data buffers either automatically by enabling the Burst feature or manually. If you have configured data buffers in one way, delete the configuration before using the other way.

  • Page 89: Configuring Data Buffers Manually

    Configuring data buffers manually CAUTION: To avoid impact to the system, do not manually change data buffer settings to avoid impact to the system. If large buffer spaces are needed, use the Burst feature. The switch supports configuring only cell resources. Setting the total shared-area ratio After you set the total shared-area ratio for cell resources, the rest is automatically assigned to the fixed area.

  • Page 90: Applying Data Buffer Configuration

    Applying data buffer configuration Perform this task to apply the data buffer configuration. You cannot directly modify the applied configuration. To modify the configuration, you must cancel the application, reconfigure data buffers, and reapply the configuration. To apply data buffer configuration: Step Command Enter system view.
  • Page 91 [Switch] burst-mode enable...

  • Page 92: Configuring Qcn

    Configuring QCN Quantized Congestion Notification (QCN) is an end-to-end congestion notification mechanism that can reduce packet loss and delay in Layer 2 networks by actively sending reverse notifications. QCN is primarily used in data center networks. Basic concepts • Reaction point (RP)—A source end host that supports QCN. •...

  • Page 93: Cnm Format

    CNM format When a CP detects the congestion state by sampling frames, it sends CNMs to the RPs. The CP constructs a CNM as follows: • Uses the source MAC address of the sampled frame as the destination MAC address. •...

  • Page 94: How Qcn Works

    Figure 33 CNM PDU format Octet Length Version 4 bits ReservedV 1, 2 6 bits Quantized Feedback 6 bits Congestion Point Identifier (CPID) cnmQOffset cnmQDelta Encapsulated priority Encapsulated destination MAC address Encapsulated MSDU length – Encapsulated MSDU How QCN works Figure 34 shows how QCN works.

  • Page 95: Qcn Algorithm

    QCN algorithm The QCN algorithm includes the CP algorithm and the RP algorithm. CP algorithm The CP measures the queue size by periodically sampling frames and computes the congestion state based on the sampling result. As shown in Figure 35, the CP algorithm includes the following parameters: •...

  • Page 96: Cnd

    A CND is a set of RPs and CPs enabled with QCN for a CNPV. CNDs are identified based on CNPVs. Devices enabled with QCN for a CNPV are assigned to the corresponding CND. A CNPV-based CND prevents traffic from outside the CND from entering the CND. If a frame from outside the CND includes the CNPV, the 802.1p priority value of the frame is mapped to a configured alternate priority value.

  • Page 97: Enabling Qcn

    Tasks at a glance Configuring CND settings • (Required.) Configuring global CND settings • (Optional.) Configuring CND settings for an interface (Optional.) Configuring congestion detection parameters Enabling QCN QCN settings take effect only after you enable QCN. Configuration prerequisites Before you enable QCN, enable LLDP. For more information about LLDP, see Layer 2—LAN Switching Configuration Guide.

  • Page 98: Configuring Cnd Settings For An Interface

    dot1p CNPV Alternate priority To configure global CND settings: Step Command Remarks Enter system view. system-view qcn priority priority { admin Configure global CND [ defense-mode { disabled | edge | By default, a device does not settings. interior | interior-ready } alternate belong to any CND.

  • Page 99: Displaying And Maintaining Qcn

    Step Command Remarks By default, no user-created profiles exist. The system automatically creates the qcn profile profile-id set-point Create a profile. default profile (profile 0), which has a length-value weight weight-value desired queue length of 26000 bytes and a weight value of 1. You cannot modify the default profile.
  • Page 100 Figure 36 Network diagram IP network XGE1/0/2 CND 1 Switch B XGE1/0/1 XGE1/0/3 XGE1/0/2 XGE1/0/2 XGE1/0/1 XGE1/0/1 Switch A Switch C RP 1 RP 2 Configuration procedure Configure Switch A: # Create VLAN 100, and assign Ten-GigabitEthernet 1/0/1 to the VLAN. <SwitchA>...
  • Page 101 <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] quit # Configure the following interfaces as trunk ports, and assign all of them to VLAN 100: Ten-GigabitEthernet 1/0/1. Ten-GigabitEthernet 1/0/2. Ten-GigabitEthernet 1/0/3. [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk [SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [SwitchB-Ten-GigabitEthernet1/0/1] quit [SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk...

  • Page 102: Multicnd Qcn Configuration Example

    comp interior-ready Interface: XGE1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready # Display the CND settings for interfaces on Switch B. [SwitchB] display qcn interface Interface: XGE1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready Interface: XGE1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- admin edge...
  • Page 103 • Switch C, Switch D, and Switch E detect congestion for traffic with 802.1p priority 5. • Switch D and Switch E do not detect congestion for traffic with 802.1p priority 1. Figure 37 Network diagram CND 1 Switch A Switch B XGE1/0/1 XGE1/0/1...
  • Page 104 Configure Switch B in the same way Switch A is configured. (Details not shown.) Configure Switch C: # Create VLAN 100 and VLAN 200. <SwitchC> system-view [SwitchC] vlan 100 [SwitchC-vlan100] quit [SwitchC] vlan 200 [SwitchC-vlan200] quit # Configure the following interfaces as trunk ports, and assign all of them to VLAN 100 and VLAN 200: Ten-GigabitEthernet 1/0/1.
  • Page 105 [SwitchC-Ten-GigabitEthernet1/0/4] lldp tlv-enable dot1-tlv congestion-notification [SwitchC-Ten-GigabitEthernet1/0/4] quit # Enable QCN. [SwitchC] qcn enable # Assign the switch to the CNDs with CNPV 1 and CNPV 5. [SwitchC] qcn priority 1 auto [SwitchC] qcn priority 5 admin defense-mode interior-ready alternate 4 # Configure the CND defense mode edge and alternate value 4 for Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2.
  • Page 106 # Display the CND settings for interfaces on Switch B. [SwitchB] display qcn interface Interface: XGE1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready Interface: XGE1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready # Display the CND settings for interfaces on Switch C. [SwitchC] display qcn interface Interface: XGE1/0/1 CNPV...
  • Page 107 [SwitchE] display qcn interface Interface: XGE1/0/1 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready Interface: XGE1/0/2 CNPV Mode Defense-mode Alternate --------------------------------------------------- comp interior-ready...

  • Page 108: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values. Italic Square brackets enclose syntax choices (keywords or arguments) that are optional.

  • Page 109: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 110: Support And Other Resources

    Software Depot website: www.hpe.com/support/softwaredepot • To view and update your entitlements, and to link your contracts, Care Packs, and warranties with your profile, go to the Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center.

  • Page 111: Websites

    Customer self repair Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience.
  • Page 112 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 113: Index

    Index MQC approach, Numerics QoS global CAR, algorithm QoS packet 802.1p priority, QCN algorithm, 802.1p QCN algorithm (CP), QCN CND, QCN algorithm (RP), QCN CND priority mapping, QCN CND, Appendix A QoS acronyms, absolute time range (ACL), 79, 79 Appendix B access control QoS default priority maps, list.
  • Page 114 QCN CND settings (global), aggregate CAR, QCN CND settings (interface), aggregate CAR (MQC approach), QoS aggregate CAR (MQC approach), global CAR configuration, QoS CA, global CAR display, QoS CA queue-based WRED table, 54, 55 global CAR maintain, QoS class-based accounting, 71, 72 hierarchical CAR, QoS CM,...
  • Page 115 queue scheduling profile, 48, 49, 50 ACL packet filtering logging+SNMP notifications, queue scheduling profile configuration restrictions, QoS CM (per-queue), SP queuing, 42, 45 QoS CM configuration, WFQ queuing, 44, 46 QoS policy application (control plane), WRR queuing, 43, 45 QoS policy application (global), Congestion Notification QoS policy application (interface), Domain.
  • Page 116 QCN CNM format, ACL packet filtering configuration, QCN data flow format, QCN message, Layer 2 forwarding ACL configuration, ACL configuration, 1, 4, 13 ACL type, ACL configuration (advanced), multi-CND QCN configuration, ACL configuration (basic), QCN basic configuration, ACL configuration (Layer 2), QCN configuration, 86, 90, 93 ACL configuration (user-defined),...
  • Page 117 QoS configuration, 63, 63 QoS nesting configuration, 63, 63 network QoS non-MQC, ACL configuration (advanced), QoS non-MQC GTS, ACL configuration (basic), QoS policy application, ACL configuration (Layer 2), QoS policy configuration, ACL configuration (user-defined), QoS policy definition, ACL copy, QoS priority mapping configuration, 24, 25 ACL packet filter configuration QoS priority mapping drop priority,...
  • Page 118 QoS application (control plane), QoS application (global), packet QoS application (interface), data buffer burst enable, QoS application (user profile), data buffer burst feature, QoS application (VLAN), data buffer configuration, 81, 82 QoS definition, multi-CND QCN configuration, QoS MQC, QCN basic configuration, QoS non-MQC, QCN configuration, 86, 90, 93...
  • Page 119 configuring ACL, configuring QoS priority mapping trusted port packet priority, configuring ACL (advanced), configuring QoS priority marking, 59, 60 configuring ACL (basic), configuring QoS rate limit, configuring ACL (IPv4 advanced), configuring QoS traffic filtering, 57, 57 configuring ACL (IPv4 basic), configuring QoS traffic redirection, 66, 66, 67 configuring ACL (IPv6 advanced),...
  • Page 120 CNM format, congestion management SP+WRR queuing configuration, configuration, 86, 90, 93 data buffer burst enable, data flow format, data buffer burst feature, display, data buffer configuration, 81, 82 enabling, data buffer configuration (manual), how it works, data buffer configuration application, maintain, data buffer display, message format,...
  • Page 121 priority mapping user priority, QoS congestion management SP+WFQ queuing configuration, priority marking configuration, 59, 60 QoS congestion management SP+WRR queuing QCN algorithm, configuration, QCN basic concepts, QCN basic configuration, QCN CND, random early detection. Use RED QCN CND congestion detection rate limiting parameter, QoS rate limit,...
  • Page 122 ACL configuration (IPv6 basic), QoS CA tail drop, ACL configuration (Layer 2), time range ACL configuration (user-defined), configuration, 79, 79 service display, QoS best-effort service model, token bucket QoS CA configuration, QoS complicated traffic evaluation, QoS CM configuration, QoS traffic evaluation, 32, 32 QoS DiffServ service model, QoS traffic forwarding,...
  • Page 123 QoS policy application (global), VLAN QoS policy application (interface), ACL packet filtering applicable scope (VLAN interface), QoS policy application (user profile), QoS nesting configuration, 63, 63 QoS policy application (VLAN), QoS policy application, QoS policy configuration, QoS policy application (VLAN), QoS policy definition, QoS priority map, QoS priority mapping configuration,...

Table of Contents