H3C S5820X Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. s5820x series
  6. Configuration manual

H3C S5820X Series Configuration Manual

Acl and qos
Hide thumbs Also See for S5820X Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Configuration Manual
H3C S5820X&S5800 Switch Series
ACL and QoS Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 1211
Document version: 6W100-20110415

Advertisement

Table of Contents
loading

Related Manuals for H3C S5820X Series

Summary of Contents for H3C S5820X Series

  • Page 1 H3C S5820X&S5800 Switch Series ACL and QoS Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 1211 Document version: 6W100-20110415...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 Preface The H3C S5800&S5820X documentation set includes 12 configuration guides, which describe the software features for the S5800&S5820X Switch Series and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Added features: Configuring byte-count WRR and packet-based Congestion management Added features: Setting the WRED exponent for average queue Congestion avoidance length calculation Traffic filtering — Added features: • Priority marking Setting the drop precedence for packets • Configuring color-based priority marking Added features: Configuring the action to take upon the failure of a Traffic redirecting redirect attempt...
  • Page 5 Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. About the H3C S5800&S5820X documentation set The H3C S5800&S5820X documentation set includes: Category...
  • Page 6 Interface Cards User available for the products. Manual Describes the benefits, features, hardware H3C OAP Cards User specifications, installation, and removal of the OAP Manual cards available for the products. H3C Low End Series...
  • Page 7 Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...
  • Page 8 We appreciate your comments.

  • Page 9: Table Of Contents

    Contents ACL configuration ························································································································································ 1 ACL overview ····································································································································································1 ACL applications on the switch·······························································································································1 ACL categories ·························································································································································2 ACL numbering and naming ···································································································································2 Match order ······························································································································································2 ACL rule numbering ·················································································································································3 Implementing time-based ACL rules························································································································4 IPv4 fragment filtering with ACLs····························································································································4 ACL configuration task list················································································································································4 Configuring an ACL··························································································································································4 Configuring a time range ········································································································································4 Configuring a basic ACL ·········································································································································5...
  • Page 10 Priority mapping procedure ································································································································· 29 Priority mapping configuration task list ······················································································································· 31 Configuring priority mapping ······································································································································· 32 Configuring a priority mapping table ················································································································· 32 Configuring a port to trust packet priority for priority mapping ······································································ 32 Changing the port priority of an interface·········································································································· 33 Displaying and maintaining priority mapping············································································································...
  • Page 11 Configuration procedure ······································································································································ 58 Priority marking configuration···································································································································59 Priority marking overview·············································································································································· 59 Color-based priority marking configuration ················································································································ 59 Packet coloring methods······································································································································· 59 Color-based priority marking configuration ······································································································· 60 Configuring priority marking ········································································································································ 60 Priority marking configuration examples ····················································································································· 63 Priority marking configuration example·············································································································· 63 QoS-local-ID marking configuration example ····································································································...
  • Page 12 Nesting a forwarding group ································································································································ 91 Configuring a scheduler policy ···································································································································· 92 Configuration guidelines ······································································································································ 92 Configuration procedure ······································································································································ 93 Instantiating a forwarding group·································································································································· 93 Instantiation modes ··············································································································································· 93 Configuration guidelines ······································································································································ 93 Configuration procedure ······································································································································ 94 Applying a scheduler policy to a port ························································································································· 95 HQoS-capable ports on the S5800 Switch Series ····························································································...

  • Page 13: Acl Configuration

    ACL configuration This chapter includes these sections: ACL overview • ACL configuration task list • Configuring an ACL • Configuring a time range • Configuring a basic ACL • • Configuring an advanced ACL Configuring an Ethernet frame header ACL •...

  • Page 14: Acl Categories

    ACL categories Category ACL number IP version Match criteria IPv4 Source IPv4 address Basic ACLs 2000 to 2999 IPv6 Source IPv6 address Source IPv4 address, destination IPv4 address, IPv4 protocols over IPv4, and other Layer 3 and Layer 4 header fields Advanced ACLs 3000 to 3999 Source IPv6 address, destination IPv6 address,...

  • Page 15: Acl Rule Numbering

    ACL category Sequence of tie breakers VPN instance Specific protocol type rather than IP (IP represents any protocol over IP) More 0s in the source IP address wildcard mask IPv4 advanced ACL More 0s in the destination IP address wildcard Narrower TCP/UDP service port number range Smaller ID Longer prefix for the source IP address (a longer prefix means a narrower IP...

  • Page 16: Implementing Time-Based Acl Rules

    Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2, 4, 6 and 8.

  • Page 17: Configuring A Basic Acl

    To do… Use the command… Remarks Required time-range time-range-name By default, no time range exists. { start-time to end-time days [ from Repeat this command with the Configure a time range time1 date1 ] [ to time2 date2 ] | same time range name to create from time1 date1 [ to time2 date2 ] multiple statements for a time...
  • Page 18 To do… Use the command… Remarks Required By default, an IPv4 basic ACL does not contain any rule. To create or edit multiple rules, rule [ rule-id ] { deny | permit } repeat this step. [ counting | fragment | logging | source { sour-addr sour-wildcard | If the ACL is for QoS traffic Create or edit a rule...

  • Page 19: Configuring An Advanced Acl

    To do… Use the command… Remarks Required By default, an IPv6 basic ACL does not contain any rule. rule [ rule-id ] { deny | permit } To create or edit multiple rules, [ counting | fragment | logging | repeat this step.
  • Page 20 To do… Use the command… Remarks Optional Set the rule numbering step step step-value 5 by default. Required By default, an IPv4 advanced ACL rule [ rule-id ] { deny | permit } does not contain any rule. protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst To create or edit multiple rules, rst-value | syn syn-value | urg...

  • Page 21: Configuring An Ethernet Frame Header Acl

    To do… Use the command… Remarks Optional Configure a description for the description text By default, an IPv6 advanced IPv6 advanced ACL ACL has no ACL description. Optional Set the rule numbering step step step-value 5 by default. Required By default IPv6 advanced ACL rule [ rule-id ] { deny | permit } protocol does not contain any rule.

  • Page 22: Configuring A Start Or End Remark

    To do… Use the command… Remarks Required By default, no ACL exists. Ethernet frame header ACLs are acl number acl-number [ name numbered in the range 4000 to Create an Ethernet frame header acl-name ] [ match-order { auto | 4999.

  • Page 23: Copying An Acl

    To do… Use the command… Remarks acl [ ipv6 ] number acl-number Enter ACL view [ name acl-name ] [ match-order — { auto | config } ] Required Configure the start or end remark rule [ rule-id ] remark text By default, no remarks exist.

  • Page 24: Displaying And Maintaining Acls

    NOTE: ACLs on VLAN interfaces filter only packets forwarded at Layer 3. • The packet filter does not support ACLs that have a vpn-instance criterion. • Applying an IPv4 ACL for Packet Filtering Follow these steps to apply an IPv4 ACL for packets filtering: To do…...

  • Page 25: Acl Configuration Examples

    To do... Use the command… Remarks display acl resource [ slot slot-number ] [ | Display the usage of ACL resources { begin | exclude | include } Available in any view regular-expression ] display packet-filter { { all | interface interface-type interface-number } [ inbound | Display the application status of outbound ] | interface vlan-interface...

  • Page 26: Ipv6 Acl Application Configuration Example

    [DeviceA-acl-basic-2009] rule deny source any time-range study logging [DeviceA-acl-basic-2009] quit # Apply IPv4 ACL 2009 to filter incoming packets on GigabitEthernet 1/0/1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] packet-filter 2009 inbound [DeviceA-GigabitEthernet1/0/1] quit # Enable the device to generate and output IPv4 packet filtering logs at 10-minute intervals. [DeviceA] acl logging frequence 10 # Configure the device to output informational log messages to the console.
  • Page 27 [DeviceA] info-center source default channel 0 log level informational...

  • Page 28: Qos Overview

    QoS overview This chapter includes these sections: Introduction to QoS • QoS service models • QoS techniques overview • Introduction to QoS In data communications, Quality of Service (QoS) is the ability of a network to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate. Network resources are scarce.

  • Page 29: Diffserv Model

    The IntServ model demands high storage and processing capabilities because it requires all nodes along the transmission path to maintain resource state information for each flow. The model is suitable for small-sized or edge networks, but not large-sized networks, for example, the core layer of the Internet, where billions of flows are present.

  • Page 30: Qos Processing Flow In A Device

    Traffic shaping proactively adapts the output rate of traffic to the network resources available on the • downstream device to eliminate packet drops. Traffic shaping usually applies to the outgoing traffic of a port. • Congestion management provides a resource scheduling policy to determine the packet forwarding sequence when congestion occurs.

  • Page 31: Qos Configuration Approaches

    QoS configuration approaches NOTE: The configurations performed in interface view in this chapter are applicable to Ethernet interfaces working in Layer 3 (route) mode. For more information about the operating modes of an Ethernet interface, see the Layer 2—LAN Switching Configuration Guide This chapter includes these sections: QoS configuration approach overview •...

  • Page 32: Defining A Class

    Figure 5 QoS policy configuration procedure Define a class Define a behavior Define a policy Apply the policy Apply the Apply the Apply the Apply the policy to Apply the policy to policy to a policy policy to an online VLAN globally control...
  • Page 33 match-criteria Table 2 The keyword and argument combinations for the argument Keyword and argument combination Description Matches an ACL. The acl-number argument ranges from 2000 to 4999 for an IPv4 acl [ ipv6 ] { acl-number | name ACL, and 2000 to 3999 for an IPv6 ACL. acl-name } The acl-name argument is a case-insensitive string of 1 to 32 characters, which must start with an English letter from a to z or A...

  • Page 34: Defining A Traffic Behavior

    NOTE: Suppose the logical relationship between match criteria is and. When using the if-match command to define match criteria, be aware of the following guidelines: If multiple match criteria with the acl or acl ipv6 keyword specified are defined in a class, the actual •...

  • Page 35: Applying The Qos Policy

    Follow these steps to associate a class with a behavior in a policy: To do… Use the command… Remarks Enter system view system-view — Create a policy and enter policy qos policy policy-name Required view Required classifier tcl-name behavior Associate a class with a behavior behavior-name [ mode { dcbx | Repeat this step to create more in the policy...
  • Page 36 Applying the QoS policy to an interface A policy can be applied to multiple interfaces, but only one policy can be applied in one direction (inbound or outbound) of an interface. Follow these steps to apply the QoS policy to an interface: To do…...
  • Page 37 NOTE: If a user profile is active, the QoS policy applied to it cannot be configured or removed, except ACLs • referenced in the QoS policy. However, when the users of the user profile are online, the referenced ACLs cannot be modified either. The QoS policies applied in user profile view support only the remark, car, and filter actions.

  • Page 38: Displaying And Maintaining Qos Policies

    Follow these steps to apply the QoS policy to the control plane: To do… Use the command… Remarks Enter system view system-view — Enter control plane view control-plane slot slot-number Required Apply the QoS policy to the qos apply policy policy-name inbound Required control plane CAUTION:...
  • Page 39 To do… Use the command… Remarks Display information about display qos policy control-plane pre-defined pre-defined QoS policies applied [ slot slot-number ] [ | { begin | exclude | Available in any view to a control plane include } regular-expression ] reset qos vlan-policy [ vlan vlan-id ] [ inbound | Available in user Clear VLAN QoS policy statistics...

  • Page 40: Priority Mapping Configuration

    Priority mapping configuration NOTE: The configurations performed in interface view in this chapter are applicable to Ethernet interfaces working in Layer 3 (route) mode. For more information about the operating modes of an Ethernet interface, see the Layer 2—LAN Switching Configuration Guide This chapter includes these sections: Priority mapping overview •...

  • Page 41: Priority Mapping Tables

    The priority trust mode on a port decides which priority is used for priority mapping table lookup. Port priority was introduced so that you can use it for priority mapping in addition to priority fields carried in packets. The H3C S5800 Switch Series and S5820X Switch Series provide the following priority trust modes: dot1p: Uses the 802.1p priority carried in packets for priority mapping.
  • Page 42 Figure 6 Priority mapping procedure for an Ethernet packet Receive a packet on a port Which priority is 802.1p trusted on the Port priority in packets port? Use the port priority as the Use the port priority DSCP 802.1p priority for Is the packet as the 802.1p priority in packets...

  • Page 43: Priority Mapping Configuration Task List

    You can modify priority mappings by modifying priority mapping tables, priority trust mode on a port, and port priority. H3C recommends that you plan QoS throughout the network before making QoS configuration. Complete the following task to configure priority mapping:...

  • Page 44: Configuring Priority Mapping

    Configuring priority mapping Configuring a priority mapping table Follow these steps to configure an uncolored priority mapping table: To do… Use the command… Remarks Enter system view system-view — qos map-table { dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p Enter priority mapping table view Required | dscp-dp | dscp-dscp | exp-dot1p | exp-dp }...

  • Page 45: Changing The Port Priority Of An Interface

    Changing the port priority of an interface Follow these steps to change the port priority of an interface: To do… Use the command… Remarks Enter system view system-view — Enter Use either command interface interface-type Enter interface Settings in interface view take effect on interface-number interface view...

  • Page 46: Priority Mapping Table And Priority Marking Configuration Example

    Figure 8 Network diagram for priority trust mode configuration Configuration procedure # Assign port priority to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. Make sure that the priority of GigabitEthernet 1/0/1 is higher than that of GigabitEthernet 1/0/2, and no trusted packet priority type is configured on GigabitEthernet 1/0/1 or GigabitEthernet 1/0/2.
  • Page 47 Table 3 Configuration plan Queuing plan Traffic Traffic priority order Output Queue destination Traffic source queue priority R&D department High R&D department > management Management Public servers department > marketing Medium department department Marketing department R&D department Management department > Internet through Management marketing department >...
  • Page 48 [Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] qos priority 4 [Device-GigabitEthernet1/0/2] quit # Set the port priority of GigabitEthernet 1/0/3 to 5. [Device] interface gigabitethernet 1/0/3 [Device-GigabitEthernet1/3] qos priority 5 [Device-GigabitEthernet1/3] quit Configure the priority mapping table # Configure the 802.1p-to-local priority mapping table to map 802.1p priority values 3, 4, and 5 to local precedence values 2, 6, and 4.
  • Page 49 [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] qos apply policy market inbound # Configure a priority marking policy for the R&D department, and apply the policy to the incoming traffic of GigabitEthernet 1/0/2. [Device] traffic behavior rd [Device-behavior-rd] remark dot1p 3 [Device-behavior-rd] quit [Device] qos policy rd [Device-qospolicy-rd] classifier http behavior rd [Device-qospolicy-rd] quit...

  • Page 50: Traffic Policing, Traffic Shaping, And Line Rate Configuration

    Traffic policing, traffic shaping, and line rate configuration NOTE: The configurations performed in interface view in this chapter are applicable to Ethernet interfaces working in Layer 3 (route) mode. For more information about the operating modes of an Ethernet interface, see the Layer 2—LAN Switching Configuration Guide This chapter includes these sections: Traffic policing, traffic shaping, and line rate overview...

  • Page 51: Traffic Policing

    A token bucket has the following configurable parameters: • Mean rate at which tokens are put into the bucket, which is the permitted average rate of traffic. It is usually set to the committed information rate (CIR). Burst size or the capacity of the token bucket. It is the maximum traffic size permitted in each burst. •...

  • Page 52: Traffic Shaping

    Figure 10 Schematic diagram for traffic policing Tokens are put into the bucket at the set rate Packets to be sent through this interface Packets sent Packet classification Token bucket Queue Packets dropped Traffic policing is widely used in policing traffic entering the networks of internet service providers (ISPs). Traffic policing can classify the policed traffic, and take pre-defined policing actions on each packet depending on the evaluation result following these rules: Forwarding the packet if the evaluation result is “conforming.”...

  • Page 53: Line Rate

    Figure 11 Schematic diagram for GTS Tokens are put into the bucket at the set rate Packets to be sent through this interface Packets sent Packet classification Token bucket Queue Packets dropped For example, in Figure 12, Switch A sends packets to Switch B. Switch B performs traffic policing on packets from Switch A and drops packets exceeding the limit.

  • Page 54: Configuring Traffic Policing

    Figure 13 Line rate implementation In the token bucket approach for traffic control, bursty traffic can be transmitted if enough tokens are available in the token bucket; if tokens are inadequate, packets cannot be transmitted until the required number of tokens are generated in the token bucket. The token bucket approach limits the traffic rate to the rate for generating tokens, and allows bursty traffic.

  • Page 55: Configuring Gts

    LSW1FC4P0 interface card. Configuring GTS On the H3C S5800 Switch Series and S5820X Switch Series, traffic shaping is implemented as queue-based GTS, which allows you to configure GTS parameters for packets of a certain queue. Follow these steps to configure queue-based GTS: To do…...

  • Page 56: Displaying And Maintaining Traffic Policing, Gts, And Line Rate

    To do… Use the command… Remarks Enter system view system-view — Enter Use either command Enter interface interface interface-type interface-number Settings in interface view take effect interface view on the current interface; settings in view or port port group view take effect on all Enter port group view port-group manual port-group-name...

  • Page 57: Congestion Management Configuration

    Congestion management configuration NOTE: The configurations performed in interface view in this chapter are applicable to Ethernet interfaces working in Layer 3 (route) mode. For more information about the operating modes of an Ethernet interface, see the Layer 2—LAN Switching Configuration Guide This chapter includes these sections: Congestion management overview •...

  • Page 58: Congestion Management Techniques

    Congestion management techniques Congestion management uses queuing and scheduling algorithms to classify and sort traffic leaving a port. Each queuing algorithm addresses a particular network traffic problem, and has a different impact on bandwidth resource assignment, delay, and jitter. Queue scheduling processes packets by their priorities, preferentially forwarding high-priority packets. This section describes in detail Strict Priority (SP) queuing, Weighted Fair Queuing (WFQ), Weighted Round Robin (WRR) queuing, and SP+WRR queuing.
  • Page 59 Figure 16 Schematic diagram for WRR queuing Queue 0 Weight 1 Packets to be sent through this port Queue 1 Weight 2 Sent packets Interface …… Queue N-2 Weight N-1 Queue Sending queue Packet scheduling classification Queue N-1 Weight N In contrast to SP, WRR queuing schedules queues in a round-robin way to guarantee each queue certain service time in each scheduling cycle.

  • Page 60: Configuring Sp Queuing

    You can configure minimum guaranteed bandwidth for each WFQ queue to assure each WFQ queue of the specified bandwidth when congestion occurs. The assignable bandwidth (assignable bandwidth = total bandwidth – the sum of the minimum guaranteed bandwidth for each queue) is allocated to queues based on queue priority.

  • Page 61: Configuration Example

    To do… Use the command… Remarks display qos sp interface Optional Display SP queuing [ interface-type interface-number ] configuration [ | { begin | exclude | include } Available in any view regular-expression ] Configuration example Network requirements Configure GigabitEthernet 1/0/1 to use SP queuing. Configuration procedure # Enter system view <Sysname>...

  • Page 62: Configuration Example

    Configuration example Network requirements Enable byte-count WRR on port GigabitEthernet 1/0/1. • Assign queues 0 through 7 to the WRR group, with their weights being 1, 2, 4, 6, 8, 10, 12, and • Configuration procedure # Enter system view. <Sysname>...

  • Page 63: Configuration Example

    Configuration example Network requirements Enable WFQ on GigabitEthernet 1/0/1, and set the weights of queues 0 through 7 to 1, 2, 4, 6, • 8, 10, 12, and 14, respectively. Set the minimum guaranteed bandwidth of queue 0 to 128 kbps. •...

  • Page 64: Configuration Example

    To do… Use the command… Remarks For a qos wrr queue-id group 1 Select an approach according to the byte-count Configure the byte-count schedule-value WRR queuing type. WRR queue scheduling By default, byte-count WRR is used, and weight for a For a the weights of queues 0 through 7 are 1, qos wrr queue-id group 1...

  • Page 65: Congestion Avoidance

    Congestion avoidance NOTE: The configurations performed in interface view in this chapter are applicable to Ethernet interfaces working in Layer 3 (route) mode. For more information about the operating modes of an Ethernet interface, see the Layer 2—LAN Switching Configuration Guide This chapter includes these sections: Congestion avoidance overview •...

  • Page 66: Introduction To Wred Configuration

    When the queue length is shorter than the lower threshold, no packet is dropped; • • When the queue length reaches the upper threshold, all subsequent packets are dropped; When the queue length is between the lower threshold and the upper threshold, the received •...

  • Page 67: Configuration Procedure

    Configuration procedure Follow these steps to configure WRED: To do… Use the command… Remarks Enter system view system-view — Create a WRED table qos wred queue table table-name — Set the WRED exponent for Optional queue queue-id weighting-constant average queue length exponent 9 by default calculation...

  • Page 68: Displaying And Maintaining Wred

    Displaying and maintaining WRED To do… Use the command… Remarks Display WRED configuration display qos wred interface [ interface-type Available in any information on the interface or all interface-number ] [ | { begin | exclude | include } view interfaces regular-expression ] Display configuration information...

  • Page 69: Traffic Filtering Configuration

    Traffic filtering configuration This chapter includes these sections: Traffic filtering overview • Configuring traffic filtering • Traffic filtering configuration example • Traffic filtering overview You can filter in or filter out a class of traffic by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status.

  • Page 70: Traffic Filtering Configuration Example

    To do… Use the command… Remarks display traffic behavior user-defined Optional Display the traffic filtering [ behavior-name ] [ | { begin | exclude | configuration Available in any view include } regular-expression ] NOTE: With filter deny configured for a traffic behavior, the other actions (except class-based accounting) in the traffic behavior do not take effect.

  • Page 71: Priority Marking Configuration

    Priority marking configuration This chapter includes these sections: Priority marking overview • Color-based priority marking configuration • Configuring priority marking • Priority marking configuration examples • Priority marking overview NOTE: Priority marking can be used together with priority mapping. For more information, see the chapter “Priority mapping configuration.”...

  • Page 72: Color-Based Priority Marking Configuration

    NOTE: An S5800&S5820X switch supports coloring packets by using either of the following two traffic policing functions, common CAR and aggregation CAR. For more information about common CAR and aggregation CAR, see the chapter “Traffic policing, traffic shaping, and line rate configuration” and the chapter “Global CAR configuration”.
  • Page 73 To do… Use the command… Remarks Create a class and enter class traffic classifier tcl-name [ operator { and | — view or } ] Configure match criteria if-match match-criteria — Return to system view quit — Create a behavior and enter traffic behavior behavior-name —...
  • Page 74 To do… Use the command… Remarks Optional The QoS-local-ID is used for identifying services and has only local significance. By Set the QoS-local ID for packets remark qos-local-id local-id-value marking different classes of traffic with the same QoS local ID, you can re-classify them to apply a uniform set of QoS actions on them.

  • Page 75: Priority Marking Configuration Examples

    Priority marking configuration examples Priority marking configuration example Network requirements As shown in Figure 19, the enterprise network of a company interconnects hosts with servers through Device. The network is described as follows: Host A and Host B are connected to GigabitEthernet 1/0/1 of Device. •...
  • Page 76 [Device-acl-adv-3002] rule permit ip destination 192.168.0.3 0 [Device-acl-adv-3002] quit # Create a class named classifier_dbserver, and reference ACL 3000 in the class. [Device] traffic classifier classifier_dbserver [Device-classifier-classifier_dbserver] if-match acl 3000 [Device-classifier-classifier_dbserver] quit # Create a class named classifier_mserver, and reference ACL 3001 in the class. [Device] traffic classifier classifier_mserver [Device-classifier-classifier_mserver] if-match acl 3001 [Device-classifier-classifier_mserver] quit...

  • Page 77: Qos-Local-Id Marking Configuration Example

    QoS-local-ID marking configuration example QoS-local-ID marking is mainly used for re-classifying packets of multiple classes to perform a uniform set of actions on them as a re-classified class. Consider the case of limiting the total rate of packets with source MAC address 0001-0001-0001 and packets with source IP address 1.1.1.1 to 128 kbps.

  • Page 78: Example For Configuring Priority Marking Based On Colors Obtained Through Traffic Policing

    Example for configuring priority marking based on colors obtained through traffic policing Network requirements As shown in Figure 20, Switch serves as an edge device of the MPLS domain, and connects to an IPv4 network through port GigabitEthernet 1/0/1. Switch encapsulates traffic entering the MPLS domain with MPLS labels.
  • Page 79 # Create QoS policy policy1, and associate class class1 with behavior behavior1 in the QoS policy. [Sysname] qos policy policy1 [Sysname-qospolicy-policy1] classifier class1 behavior behavior1 [Sysname-qospolicy-policy1] quit # Apply QoS policy policy1 to the incoming traffic of port GigabitEthernet 1/0/1. [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qos apply policy policy1 inbound...

  • Page 80: Traffic Redirecting Configuration

    Traffic redirecting configuration This chapter includes these sections: Traffic redirecting overview • Configuring traffic redirecting • Traffic redirecting overview Traffic redirecting redirects the packets matching the specific match criteria to a certain location for processing. The following redirecting actions are supported: Redirecting traffic to the CPU: redirects packets that require processing by the CPU to the CPU.
  • Page 81 To do… Use the command… Remarks Return to system view quit — To an interface Applying the QoS policy to an interface — To a VLAN Applying the QoS policy to a VLAN — Apply the Globally Applying the QoS policy globally —...

  • Page 82: Global Car Configuration

    Global CAR configuration This chapter includes these sections: Global CAR overview • Configuring aggregation CAR • Configuring hierarchical CAR • Displaying and maintaining global CAR configuration • Global CAR configuration examples • Global CAR overview Global committed access rate (CAR) polices traffic flows globally. It adds flexibility to common CAR where traffic policing is performed only on a per-class or per-interface basis.

  • Page 83: Configuring Aggregation Car

    In a bandwidth oversubscription scenario, where the bandwidth of an uplink port is lower than the total traffic rate of its downlink ports for example, you can use hierarchical CAR to limit the total rate of the traffic from the downlink ports while allowing each downlink port to forward traffic at the maximum rate when the other ports are idle.

  • Page 84: Configuring Hierarchical Car

    Configuring hierarchical CAR Follow these steps to configure hierarchical CAR: To do… Use the command… Remarks Enter system view system-view — qos car car-name hierarchy cir Configure a hierarchical CAR committed-information-rate [ cbs Required action committed-burst-size ] Enter behavior view traffic behavior behavior-name Required car name car-name hierarchy-car...

  • Page 85: Global Car Configuration Examples

    Global CAR configuration examples Aggregation CAR configuration example Network requirements As shown in Figure 21, configure an aggregation CAR to rate-limit the traffic of VLAN 10 and VLAN 100 received on GigabitEthernet 1/0/1 using these parameters: CIR is 256 kbps, CBS is 2000 bytes, and the action for red packets is discard.

  • Page 86: And-Mode Hierarchical Car Configuration Example

    [Sysname-behavior-2] car name aggcar-1 [Sysname-behavior-2] quit # Create QoS policy car, associate class 1 with behavior 1, and associate class 2 with behavior 2. [Sysname] qos policy car [Sysname-qospolicy-car] classifier 1 behavior 1 [Sysname-qospolicy-car] classifier 2 behavior 2 [Sysname-qospolicy-car] quit # Apply the QoS policy to the incoming traffic of GigabitEthernet 1/0/1.

  • Page 87: Or-Mode Hierarchical Car Configuration Example

    # Create class 1, and use ACL 3000 as the match criterion in the class; create behavior 1, configure the common CAR action in the behavior, and reference the hierarchical CAR, with the collaborating mode being AND. [Device] traffic classifier 1 [Device-classifier-1] if-match acl 3000 [Device-classifier-1] quit [Device] traffic behavior 1...
  • Page 88 <Device> system-view [Device] qos car video hierarchy cir 640 red discard # Create class 1, and use ACL 2000 as the match criterion to match packets sourced from 192.168.0.2 in the class; create behavior 1, configure a common CAR action, and reference hierarchical CAR named video, with the collaborating mode being OR.

  • Page 89: Class-Based Accounting Configuration

    Class-based accounting configuration This chapter includes these sections: Class-based accounting overview • Configuring class-based accounting • Displaying and maintaining traffic accounting • Class-based accounting configuration example • Class-based accounting overview Class-based accounting collects statistics on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address.

  • Page 90: Displaying And Maintaining Traffic Accounting

    To do… Use the command… Remarks To an interface Applying the QoS policy to an interface — To a VLAN Applying the QoS policy to a VLAN — Apply the Globally Applying the QoS policy globally — QoS policy To the control Applying the QoS policy to the control —...
  • Page 91 [DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1 [DeviceA-qospolicy-policy] quit # Apply the policy named policy to the incoming traffic of GigabitEthernet 1/0/1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] qos apply policy policy inbound [DeviceA-GigabitEthernet1/0/1] quit # Display traffic statistics to verify the configuration. [DeviceA] display qos policy interface gigabitethernet 1/0/1 Interface: GigabitEthernet1/0/1 Direction: Inbound...

  • Page 92: Data Buffer Configuration

    Data buffer configuration This chapter includes these sections: Introduction to the data buffer • Configuring the data buffer • Introduction to the data buffer Data buffer The S5800 Switch Series and the 5820X Switch Series provide the data buffer to buffer packets to be sent out ports to avoid packet loss when bursty traffic causes congestion.

  • Page 93: How The Shared Resource Is Used

    Figure 25 Buffer resource allocation on the S5800 Switch Series and the S5820X Switch Series Total-shared Queue0 Queue1 Queue2 Queue3 Queue4 Queue5 Queue6 Queue7 …… Port1 Port2 Port3 The dedicated buffer is allocated following these rules: On a per-port basis: as illustrated by the vertical lines in Figure 25, the switch automatically divides •...

  • Page 94: Configuring The Data Buffer

    H3C does not recommend modifying the data buffer parameters unless you are sure that your device will benefit from the change. If a larger buffer is needed, H3C recommends that you enable the burst function to allocate the buffer automatically.
  • Page 95 Manual data buffer configuration task list Perform the following tasks to manually configure the data buffer setup: Task Remarks Configuring the shared resource size All these tasks are optional. If any of Configuring the minimum guaranteed resource size for a queue them is performed, you must apply the Configuring the maximum shared resource size for a queue configuration to have it take effect.
  • Page 96 NOTE: Modifying the minimum guaranteed resource size for a queue can affect those of the other queues, • because the dedicated resource of a port is shared by eight queues. The system will automatically allocate the remaining dedicated resource space among all queues that are not manually assigned a minimum guaranteed resource space.
  • Page 97 To do… Use the command… Remarks Enter system view system-view — Apply the data buffer settings buffer apply Required...

  • Page 98: Hqos Configuration

    HQoS configuration This chapter includes these sections: Prerequisites • Overview • HQoS configuration task list • Displaying and maintaining HQoS • HQoS configuration example • NOTE: Hierarchical QoS (HQoS) is available on the S5800 Switch Series but not the S5820X Switch Series. Prerequisites Before reading this chapter, see the ACL and QoS Configuration Guide to get familiar with: •...
  • Page 99 Figure 26 How HQoS works FG A (lp=0) Packets from VLAN1 through VLAN20 to be sent out the port FG B (lp=1) Packets to be sent Classifier Port …… FG G (lp=6) Scheduler FG H (lp=7) FG I_1 (VLAN 1) FG I FG I_2 (VLAN 2) ……...

  • Page 100: Hqos Concepts

    NOTE: The S5800 Switch Series supports only one parent forwarding group on a port. A parent group can nest • up to 16 child forwarding groups. You can schedule HQoS forwarding groups together with QoS queues. In this example, you can also •...

  • Page 101: Hqos Configuration Task List

    Forwarding profile A forwarding profile comprises a set of traffic control actions, including the queue scheduling algorithm, scheduling weight, and traffic shaping parameters. You can associate a forwarding profile with a forwarding group to set the scheduling priority and bandwidth resources for the forwarding group. Scheduler policy A scheduler policy is a set of forwarding group and forwarding profile associations.

  • Page 102: Configuring A Forwarding Profile

    Configuring a forwarding profile A forwarding file comprises the following contents: A queue scheduling method for its associated forwarding groups. Available scheduling algorithms • include SP and WRR. Optionally, traffic shaping parameters and minimum guaranteed bandwidth. These parameters • limit the traffic forwarding rate within a certain range for each forwarding group associated with the forwarding profile.

  • Page 103: Configuring A Forwarding Group

    NOTE: The WRR queue scheduling algorithm configured in a forwarding profile schedules packets in the unit of • bytes. The WRR scheduling weight has the same meaning as that for a generic WRR queue. The HQoS forwarding groups can be scheduled together with generic WRR queues with byte-based weights. WRR directly uses the weights of the HQoS forwarding groups for scheduling packets.

  • Page 104: Configuring A Scheduler Policy

    NOTE: The S5800 Switch Series supports only one parent group on a port. A parent group can nest up to 16 child forwarding groups. Follow these steps to nest a forwarding group: To do… Use the command… Remarks Enter system view system-view —...

  • Page 105: Configuration Procedure

    Configuration procedure Follow these steps to configure a scheduler policy: To do… Use the command… Remarks Enter system view system-view — Create a scheduler policy or enter qos scheduler-policy the view of an exiting scheduler Required sp-name [ id sp-id ] policy Required Repeat this step to nest multiple...

  • Page 106: Configuration Procedure

    Configuration items (right) Scheduling Instantiation Match criteria Remarks Forwarding layer mode group type (below) Forwarding groups that have no The local precedence values children Layer 1 Match mode Local precedence must be unique within the (Childless scheduler policy. forwarding groups) Instantiate the parent forwarding group before its child groups.

  • Page 107: Applying A Scheduler Policy To A Port

    Applying a scheduler policy to a port To use a scheduler policy to control traffic on a port, you must apply the scheduler policy to the port. On the S5800 Switch Series, only some ports support HQoS. HQoS-capable ports on the S5800 Switch Series Switch model HQoS-capable ports •...

  • Page 108: Copying A Forwarding Group

    NOTE: In a scheduler policy that has been applied to a port, you can modify or replace the forwarding profile associated with a forwarding group, but you cannot add or remove forwarding groups. To add or remove forwarding groups, or change the instantiation rules, remove the scheduler policy from the port first. Copying a forwarding group You can copy a forwarding group (the source forwarding group) to create multiple destination forwarding groups, which are automatically numbered.

  • Page 109: Hqos Configuration Example

    To do… Use the command… Remarks display qos scheduler-policy name Display scheduler [ sp-name ] [ | { begin | exclude | Available in any view policy information include } regular-expression ] display qos scheduler-policy interface Display scheduler [ interface-type interface-number policy information on a Available in any view [ outbound ] ] [ | { begin | exclude |...
  • Page 110 Figure 28 A service VLAN-mode metropolitan area network Switch Switch Switch Personal users Service VLANs Switch 100 to 299 Switch Core XGE1/0/25 CIR=100Mbps Min=50Mbps Service VLANs 501 to 506 Service VLANs 501 to 503 Switch Switch Business user A Switch Service VLANs 504 to 506 Business user B...
  • Page 111 Figure 29 HQoS structure Scheduler policy GTS CIR=100 weight 1 weight 2 weight 1 weight 2 weight 3 weight 3 Min=30M Min=20M Min=50M Web1 VPN1 Web2 VPN2 VoD1 VoD2 VoIP1 VoIP2 Business Layer 1 lp=0 lp=1 Lp=2 lp=3 lp=4 lp=5 lp=6 lp=7 weight 2...
  • Page 112 TIP: You need to configure only one forwarding profile for each business users because you can associate a forwarding profile with multiple forwarding groups. [Sysname] qos forwarding-profile A [Sysname-hqos-fp-A] wrr weight 2 [Sysname-hqos-fp-A] quit [Sysname] qos forwarding-profile B [Sysname-hqos-fp-B] wrr weight 1 [Sysname-hqos-fp-B] quit Create a parent forwarding group for the business users, nest the child forwarding groups in the parent forwarding group, and then configure forwarding profiles for the child forwarding groups.
  • Page 113 TIP: Except that you must configure two forwarding profiles that use different minimum guaranteed bandwidth settings for VoIP traffic, you need to configure only one forwarding profile for each type of other traffic. [Sysname] qos forwarding-profile VoIP1 [Sysname-hqos-fp-VoIP1] sp [Sysname-hqos-fp-VoIP1] bandwidth 30720 [Sysname-hqos-fp-VoIP1] quit [Sysname] qos forwarding-profile VoIP2 [Sysname-hqos-fp-VoIP2] sp...
  • Page 114 At layer 2 of the scheduler policy, configure instantiation rules for the six child forwarding groups for the business users. [Sysname-hqos-sp-hqos] layer 2 [Sysname-hqos-sp-hqos-layer2] forwarding-group A1 match service-vlan-id 501 [Sysname-hqos-sp-hqos-layer2] forwarding-group A2 match service-vlan-id 502 [Sysname-hqos-sp-hqos-layer2] forwarding-group A3 match service-vlan-id 503 [Sysname-hqos-sp-hqos-layer2] forwarding-group B1 match service-vlan-id 504 [Sysname-hqos-sp-hqos-layer2] forwarding-group B2 match service-vlan-id 505 [Sysname-hqos-sp-hqos-layer2] forwarding-group B3 match service-vlan-id 506...

  • Page 115: Appendix A Default Priority Mapping Tables

    Appendix A Default priority mapping tables NOTE: For the default dot1p-exp, dscp-dscp, and exp-dot1p priority mapping tables, an input value yields a target value equal to it. Table 6 Default dot1p-lp and dot1p-dp priority mapping tables Input priority value dot1p-lp mapping dot1p-dp mapping Local precedence 802.1p priority (dot1p)
  • Page 116 Input priority value exp-dp mapping...

  • Page 117: Appendix B Introduction To Packet Precedences

    Appendix B Introduction to packet precedences IP precedence and DSCP values Figure 30 ToS and DS fields As shown in Figure 30, the ToS field in the IP header contains eight bits. The first three bits (0 to 2) represent IP precedence from 0 to 7. According to RFC 2474, the ToS field is redefined as the differentiated services (DS) field, where a DSCP value is represented by the first six bits (0 to 5) and is in the range 0 to 63.

  • Page 118: 802.1P Priority

    DSCP value (decimal) DSCP value (binary) Description 011010 af31 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header and applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2.

  • Page 119: Exp Values

    Table 11 Description on 802.1p priority 802.1p priority (decimal) 802.1p priority (binary) Description best-effort background spare excellent-effort controlled-load video voice network-management EXP values The EXP field is in MPLS labels for MPLS QoS purposes. Figure 33 MPLS label structure As shown in Figure 33, the EXP field is 3 bits long and ranges from 0 to 7.

  • Page 120: Index

    Index A C D E G H I O P Q T Displaying and maintaining global CAR configuration,72 ACL configuration examples,13 Displaying and maintaining HQoS,96 ACL configuration task list,4 Displaying and maintaining priority mapping,33 overview,1 Displaying and maintaining traffic accounting,78 Applying a scheduler policy to a port,95 Displaying and maintaining traffic policing, GTS, and...
  • Page 121 Traffic policing, traffic shaping, and line rate overview,38 Traffic filtering configuration example,58 Traffic redirecting overview,68 Traffic filtering overview,57...

This manual is also suitable for:

S5800 series

Table of Contents