H3C S5820X Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. s5820x series
  6. Configuration manual
H3C S5820X Series Configuration Manual

H3C S5820X Series Configuration Manual

Acl and qos
Hide thumbs Also See for S5820X Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Configuration Manual
H3C S5820X&S5800 Series Ethernet Switches
ACL and QoS
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W103-20100716
Product Version: Release 1110

Advertisement

Table of Contents
loading

Related Manuals for H3C S5820X Series

Summary of Contents for H3C S5820X Series

  • Page 1 H3C S5820X&S5800 Series Ethernet Switches ACL and QoS Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W103-20100716 Product Version: Release 1110...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 Preface The H3C S5800&S5820X documentation set includes 11 configuration guides, which describe the software features for the S5800&S5820X Series Ethernet Switches and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Description Means reader be careful. Improper operation may cause data loss or damage to equipment. Means a complementary description. About the H3C S5820X&S5800 Documentation Set The H3C S5800&S5820X documentation set also includes: Category Documents Purposes Marketing brochures Describe product specifications and benefits.
  • Page 5 Interface Cards User available for the products. Manual Describes the benefits, features, hardware H3C OAP Cards User specifications, installation, and removal of the OAP Manual cards available for the products. H3C Low End Series...
  • Page 6 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 7: Table Of Contents

    Table of Contents 1 ACL Configuration·····································································································································1-1 ACL Overview ·········································································································································1-1 Application of ACLs on the Switch ··································································································1-1 ACL Classification ···························································································································1-2 ACL Numbering and Naming ··········································································································1-3 Match Order·····································································································································1-3 ACL Rule Numbering Step ··············································································································1-4 Implementing Time-Based ACL Rules ····························································································1-5 IPv4 Fragments Filtering with ACLs ································································································1-5 ACL Configuration Task List ···················································································································1-5 Configuring an ACL·································································································································1-6 Creating a Time Range ···················································································································1-6...
  • Page 8 4 Priority Mapping Configuration················································································································4-1 Priority Mapping Overview ······················································································································4-1 Introduction to Priority Mapping·······································································································4-1 Priority Mapping Tables···················································································································4-1 Priority Trust Mode on a Port ··········································································································4-2 Priority Mapping Procedure·············································································································4-2 Priority Mapping Configuration Tasks ·····································································································4-3 Configuring Priority Mapping···················································································································4-4 Configuring a Priority Mapping Table ······························································································4-4 Configuring the Priority Trust Mode on a Port·················································································4-4 Configuring the Port Priority of a Port······························································································4-5 Displaying and Maintaining Priority Mapping··························································································4-5 Priority Mapping Configuration Examples·······························································································4-5...
  • Page 9 WRED Configuration Approach·······································································································7-2 Introduction to WRED Parameters ··································································································7-2 Configuring WRED on an Interface·········································································································7-2 Configuration Procedure··················································································································7-2 Configuration Example ····················································································································7-3 Displaying and Maintaining WRED ·········································································································7-3 8 Traffic Filtering Configuration··················································································································8-1 Traffic Filtering Overview ························································································································8-1 Configuring Traffic Filtering·····················································································································8-1 Traffic Filtering Configuration Example···································································································8-2 Traffic Filtering Configuration Example ···························································································8-2 9 Priority Marking Configuration·················································································································9-1 Priority Marking Overview ·······················································································································9-1 Configuring Priority Marking····················································································································9-1...
  • Page 10 Data Buffer Configuration Approaches··························································································13-3 Using the Burst Function to Configure the Data Buffer Setup·······················································13-3 Manually Configuring the Data Buffer Setup ·················································································13-4 14 Appendix A Default Priority Mapping Tables ·····················································································14-1 Priority Mapping Tables ························································································································14-1 15 Appendix B Introduction to Packet Precedences ··············································································15-1 IP Precedence and DSCP Values ········································································································15-1 802.1p Priority ·······································································································································15-2 16 Index ·······················································································································································16-1...

  • Page 11: Acl Configuration

    ACL Configuration This chapter includes these sections: ACL Overview ACL Configuration Task List Configuring an ACL Creating a Time Range Configuring a Basic ACL Configuring an Advanced ACL Configuring an Ethernet Frame Header ACL Copying an ACL Applying an ACL for Packet Filtering Displaying and Maintaining ACLs ACL Configuration Examples Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document.

  • Page 12: Acl Classification

    Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL is applied to an Ethernet interface or VLAN interface for packet filtering or is referenced by a QoS policy for traffic classification. Note that when an ACL is referenced to implement QoS, the actions defined in the ACL rules, deny or permit, do not take effect;...

  • Page 13: Acl Numbering And Naming

    ACL Numbering and Naming Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a number for identification, and in addition, you can also assign the ACL a name for the ease of identification.

  • Page 14: Acl Rule Numbering Step

    ACL category Depth-first rule sorting procedures A rule configured with a specific protocol is prior to a rule with the protocol type set to IP. IP represents any protocol over IPv6. A rule configured with a longer prefix for the source IPv6 address has a higher priority.

  • Page 15: Implementing Time-Based Acl Rules

    Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2, 4, 6 and 8. Likewise, after you restore the default step, ACL rules are renumbered in the default step.

  • Page 16: Configuring An Acl

    Task Remarks Creating a Time Range Optional Configuring an IPv6 basic ACL Required Configuring an IPv6 Advanced ACL Configure at least one task Configuring an Ethernet Frame Header ACL Copying an IPv6 ACL Optional Applying an IPv6 ACL for Packet Filtering Optional Configuring an ACL Creating a Time Range...
  • Page 17 To do… Use the command… Remarks Required By default, no ACL exists. IPv4 basic ACLs are numbered in acl number acl-number [ name Create an IPv4 basic ACL and the range 2000 to 2999. acl-name ] [ match-order { auto | enter its view You can use the acl name config } ]...
  • Page 18 You can modify the rule order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command, but only when the ACL does not contain any rules. Configuring an IPv6 basic ACL Follow these steps to configure an IPv6 basic ACL: To do…...

  • Page 19: Configuring An Advanced Acl

    You can only modify the existing rules of an ACL that uses the rule order of config. When modifying a rule of such an ACL, you may choose to change just some of the settings, in which case the other settings remain the same. You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing rule in the ACL.
  • Page 20 To do… Use the command… Remarks Optional Set the rule numbering step step step-value 5 by default. Required By default, an IPv4 advanced ACL rule [ rule-id ] { deny | permit } does not contain any rule. protocol [ { established | { ack To create or edit multiple rules, ack-value | fin fin-value | psh repeat this step.
  • Page 21 You can modify the rule order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command, but only when the ACL does not contain any rules. Configuring an IPv6 Advanced ACL IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6 address, protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number, TCP/UDP destination port number, ICMP message type, and ICMP message code.
  • Page 22 To do… Use the command… Remarks Required By default IPv6 advanced ACL does not contain any rule. rule [ rule-id ] { deny | permit } protocol [ { established | { ack ack-value | fin To create or edit multiple rules, fin-value | psh psh-value | rst rst-value | repeat this step.

  • Page 23: Configuring An Ethernet Frame Header Acl

    Configuring an Ethernet Frame Header ACL Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type. Follow these steps to configure an Ethernet frame header ACL: To do…...

  • Page 24: Copying An Acl

    You can only modify the existing rules of an ACL that uses the rule order of config. When modifying a rule of such an ACL, you may choose to change just some of the settings, in which case the other settings remain the same. You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing rule in the ACL.

  • Page 25: Applying An Acl For Packet Filtering

    Applying an ACL for Packet Filtering You can apply an ACL to filter incoming or outgoing IPv4 or IPv6 packets. You can edit the rules in an applied ACL, such as add, remove, and modify rules, and the edited rules take effect immediately.

  • Page 26: Displaying And Maintaining Acls

    To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface view or interface interface-type — VLAN interface view interface-number Required packet-filter ipv6 { acl6-number | Apply an IPv6 ACL to the interface name acl6-name } { inbound | By default, no IPv6 ACL is applied to filter IPv6 packets outbound }...

  • Page 27: Acl Configuration Examples

    ACL Configuration Examples IPv4 ACL Application Configuration Example Network requirements As shown in Figure 1-1, apply an ACL to the inbound direction of interface GigabitEthernet 1/0/1 on Device A so that everyday from 8:00 to 18:00, the interface allows only packets sourced from Host A to pass.
  • Page 28 Figure 1-2 Network diagram for applying an IPv6 ACL to an interface for packet filtering Configuration procedure # Create a time range from 08:00 to 18:00 everyday. <DeviceA> system-view [DeviceA] time-range study 8:0 to 18:0 daily # Create IPv4 ACL 2009, and configure two rules for the ACL. One permits packets sourced from Host A with the IP address 1001::2 and the other denies packets sourced from any other host during the time range study.

  • Page 29: Qos Overview

    QoS Overview This chapter includes these sections: Introduction to QoS QoS Service Models QoS Techniques Overview Introduction to QoS In data communications, Quality of Service (QoS) is the ability of a network to provide differentiated service guarantees for diverse traffic in terms of bandwidth, delay, jitter, and drop rate. Network resources are always scarce.

  • Page 30: Diffserv Model

    The IntServ model demands high storage and processing capabilities, because it requires that all nodes along the transmission path maintain resource state information for each flow. The model is suitable for small-sized or edge networks, but not large-sized networks, for example, the core layer of the Internet, where billions of flows are present.

  • Page 31: Qos Processing Flow In A Device

    Congestion management provides a resource scheduling policy to determine the packet forwarding sequence when congestion occurs. Congestion management usually applies to the outgoing traffic of a port. Congestion avoidance monitors the network resource usage and is usually applied to the outgoing traffic of a port.

  • Page 32: Qos Configuration Approaches

    QoS Configuration Approaches This chapter includes these sections: QoS Configuration Approach Overview Configuring a QoS Policy QoS Configuration Approach Overview Two approaches are available to configure QoS: Non-Policy Approach Policy Approach. Some features support both approaches, but some support only one. Non-Policy Approach In non-policy approach, you configure QoS service parameters directly without using a QoS policy.

  • Page 33: Defining A Class

    Figure 3-1 QoS policy configuration procedure Define a class Define a behavior Define a policy Apply the policy Apply the Apply the Apply the Apply the policy to policy to a policy policy to an online VLAN globally interface users Defining a Class To define a class, specify its name and then configure the match criteria in class view.
  • Page 34 match-criteria: Match criterion. Table 3-1 shows the available criteria. Table 3-1 The keyword and argument combinations for the match-criteria argument Keyword and argument combination Description Matches an ACL The acl-number argument ranges from 2000 to 5999 for an IPv4 ACL, and 2000 to 3999 or 10000 to 42767 for an IPv6 ACL.
  • Page 35 Keyword and argument combination Description Matches the VLAN IDs of ISP networks. The vlan-id-list is a list of up to 8 VLAN IDs. The vlan-id1 service-vlan-id { vlan-id-list | vlan-id1 to vlan-id2 } to vlan-id2 specifies a VLAN ID range, where the vlan-id1 must be smaller than the vlan-id2.

  • Page 36: Defining A Traffic Behavior

    Defining a Traffic Behavior A traffic behavior is a set of QoS actions (such as traffic filtering, shaping, policing, priority marking) to take on a class of traffic. To define a traffic behavior, first create it and then configure QoS actions such as priority marking and traffic redirecting in traffic behavior view.

  • Page 37: Applying The Qos Policy

    If an ACL is referenced by a QoS policy for defining traffic match criteria, packets matching the ACL are organized as a class and the behavior defined in the QoS policy applies to the class, regardless of whether the match mode of the if-match clause is deny or permit. In a QoS policy with multiple class-to-traffic-behavior associations, we recommend you not to configure any other action in a traffic behavior if any of the following actions is configured in the traffic behavior: creating an outer VLAN tag, setting customer network VLAN ID, or setting service...
  • Page 38 To do… Use the command… Remarks Enter Use either command interface interface-type Enter interface Settings in interface view take interface-number interface view effect on the current interface. view or port Settings in port group view take Enter port group view port-group manual port-group-name effect on all ports in the port group.
  • Page 39 To do… Use the command… Remarks Required Use the inbound keyword to apply the QoS policy to the traffic qos apply policy policy-name Apply the QoS policy received by the online users. Use { inbound | outbound } the outbound keyword to apply the QoS policy to the traffic sent by the online users.

  • Page 40: Displaying And Maintaining Qos Policies

    Follow these steps to apply the QoS policy globally: To do… Use the command… Remarks Enter system view — system-view qos apply policy policy-name Apply the QoS policy globally Required global { inbound | outbound } A QoS policy containing any of the nest, remark customer-vlan-id, and remark service-vlan-id actions cannot be applied globally.

  • Page 41: Priority Mapping Configuration

    Priority Mapping Configuration This chapter includes these sections: Priority Mapping Overview Priority Mapping Configuration Tasks Configuring Priority Mapping Displaying and Maintaining Priority Mapping Priority Mapping Configuration Examples Priority Mapping Overview Introduction to Priority Mapping The priorities of a packet determine its transmission priority. There are two types of priority: priorities carried in packets and priorities locally assigned for scheduling only.

  • Page 42: Priority Trust Mode On A Port

    There are three priority trust modes on H3C S5820X and S5800 series switches: dot1p: Uses the 802.1p priority carried in packets for priority mapping.

  • Page 43: Priority Mapping Configuration Tasks

    Figure 4-1 Priority mapping procedure for an Ethernet packet Receive a packet on a port Which priority is 802.1p trusted on the Port priority in packets port? Use the port priority as the Use the port priority DSCP 802.1p priority for Is the packet as the 802.1p priority in packets...

  • Page 44: Configuring Priority Mapping

    Task Remarks Configuring a Priority Mapping Table Optional Configuring the Priority Trust Mode on a Port Optional Configuring the Port Priority of a Port Optional Configuring Priority Mapping Configuring a Priority Mapping Table Follow these steps to configure an uncolored priority mapping table: To do…...

  • Page 45: Configuring The Port Priority Of A Port

    Configuring the Port Priority of a Port You can change the port priority of a port used for priority mapping. For the priority mapping procedure, Figure 4-1. Follow these steps to configure the port priority of a port for priority mapping: To do…...
  • Page 46 Network requirements As shown in Figure 4-2, the enterprise network of a company interconnects all departments through Device. The network is described as follows: The marketing department connects to GigabitEthernet 1/0/1 of Device, which sets the 802.1p priority of traffic from the marketing department to 3. The R&D department connects to GigabitEthernet 1/0/2 of Device, which sets the 802.1p priority of traffic from the R&D department to 4.
  • Page 47 Figure 4-2 Network diagram for priority mapping table and priority marking configuration Internet Host Host Server Server GE1/0/5 GE1/0/2 GE1/0/3 Management department R&D department GE1/0/4 GE1/0/1 Device Host Server Public servers Marketing department Configuration procedure Configure the port priority for ports # Set the port priority of interface GigabitEthernet 1/0/1 to 3.
  • Page 48 # Mark the HTTP traffic of the management department, marketing department, and R&D department to the Internet with 802.1p priorities 4, 5, and 3 respectively. Use the priority mapping table configured above to map the 802.1p priorities to local precedence values 6, 4, and 2 respectively for differentiated traffic treatment.

  • Page 49: Traffic Policing, Traffic Shaping, And Line Rate Overview

    Traffic Policing, Traffic Shaping, and Line Rate Configuration This chapter includes these sections: Traffic Policing, Traffic Shaping, and Line Rate Overview Configuring Traffic Policing Configuring GTS Configuring the Line Rate Displaying and Maintaining Traffic Policing, GTS, and Line Rate Traffic Policing, Traffic Shaping, and Line Rate Overview Without limits on user traffic, a network can be overwhelmed very easily.

  • Page 50: Traffic Policing

    Each arriving packet is evaluated. In each evaluation, if the number of tokens in the bucket is enough, the traffic conforms to the specification and the tokens for forwarding the packet are taken away; if the number of tokens in the bucket is not enough, the traffic is excessive. Complicated evaluation You can set two token buckets, bucket C and bucket E, to evaluate traffic in a more complicated environment for more flexible policing.

  • Page 51: Traffic Shaping

    Figure 5-1 Schematic diagram for traffic policing Tokens are put into the bucket at the set rate Packets to be sent through this interface Packets sent Packet classification Token bucket Packets dropped Traffic policing is widely used to police traffic entering the networks of internet service providers (ISPs). It classifies the policed traffic and takes pre-defined policing actions on each packet depending on the evaluation result: Forwards the traffic if the evaluation result is “conforming.”...

  • Page 52: Line Rate

    Figure 5-2 Schematic diagram for GTS Tokens are put into the bucket at the set rate Packets to be sent through this interface Packets sent Packet classification Token bucket Queue Packets dropped For example, in Figure 5-3, Switch A sends packets to Switch B. Switch B performs traffic policing on packets from Switch A and drops packets exceeding the limit.

  • Page 53: Configuring Traffic Policing

    enough tokens in the token bucket, packets can be forwarded. Otherwise, packets are put into QoS queues for congestion management. Thus, the traffic passing the physical interface is controlled. Figure 5-4 Line rate implementation In the token bucket approach to traffic control, bursty traffic can be transmitted so long as enough tokens are available in the token bucket;...

  • Page 54: Configuration Example

    To do… Use the command… Remarks car cir committed-information-rate [ cbs committed-burst-size [ ebs Required excess-burst-size ] ] [ pir Configure a traffic policing For more information about peak-information-rate ] [ green action ] action hierarchical CAR, see [ red action ] [ yellow action ] Hierarchical CAR.

  • Page 55: Configuring Gts

    [Sysname-GigabitEthernet1/0/1] qos apply policy http inbound Configuring GTS Configuration Procedure On the H3C S5820X and S5800 series switches, traffic shaping is implemented as queue-based GTS, which configures GTS parameters for packets in a certain queue. Follow these steps to configure queue-based GTS: To do…...

  • Page 56: Configuration Example

    To do… Use the command… Remarks Enter system view system-view — Enter Use either command Enter interface interface interface-type interface-number Settings in interface view take effect interface view on the current interface. Settings in view or port port group view take effect on all Enter port group view port-group manual port-group-name...

  • Page 57: Congestion Management Configuration

    Congestion Management Configuration This chapter includes these sections: Congestion Management Overview Congestion Management Configuration Approaches Configuring Congestion Management Displaying and Maintaining Congestion Management Congestion Management Overview Causes, Impacts, and Countermeasures of Congestion Network congestion is a major factor contributed to service quality degrading on a traditional network. Congestion is a situation where the forwarding rate decreases due to insufficient resources, resulting in extra delay.

  • Page 58: Congestion Management Techniques

    Congestion Management Techniques Congestion management uses queuing and scheduling algorithms to classify and sort traffic leaving a port. Each queuing algorithm addresses a particular network traffic problem, and has a different impact on bandwidth resource assignment, delay, and jitter. Queue scheduling processes packets by priority, and preferentially forwards high-priority packets. The following section describes Strict Priority (SP) queuing, Weighted Fair Queuing (WFQ), Weighted Round Robin (WRR) queuing, and SP+WRR queuing.
  • Page 59 Figure 6-3 Schematic diagram for WRR queuing Queue 0 Weight 1 Packets to be sent through this port Queue 1 Weight 2 Sent packets Interface …… Queue N-2 Weight N-1 Queue Sending queue Packet scheduling classification Queue N-1 Weight N Assume there are eight output queues on a port.

  • Page 60: Congestion Management Configuration Approaches

    Additionally, WFQ can work with the minimum guaranteed bandwidth mechanism. You can configure a minimum guaranteed bandwidth for each WFQ queue, so that each WFQ queue is guaranteed of the bandwidth when congestion occurs. The assignable bandwidth (total bandwidth – the sum of the minimum guaranteed bandwidth for each queue) is allocated to queues based on queue priority.

  • Page 61: Configuring Wrr Queuing

    To do… Use the command… Remarks Enter system view system-view — Enter Use either command interface interface-type Enter interface Settings in interface view take effect on interface-number interface view the current interface. Settings in port view or port group view take effect on all ports in the Enter port port-group manual group view...

  • Page 62: Configuring Wfq Queuing

    Configuration example Network requirements Enable WRR queuing on interface GigabitEthernet 1/0/1. Assign queues 0 through 7 to the WRR group, weighted as 1, 2, 4, 6, 8, 10, 12, and 14. Configuration procedure # Enter system view. <Sysname> system-view # Configure WRR queuing on GigabitEthernet 1/0/1. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qos wrr [Sysname-GigabitEthernet1/0/1] qos wrr 0 group 1 byte-count 1...

  • Page 63: Configuring Sp+Wrr Queuing

    Enable WFQ on interface GigabitEthernet 1/0/1, and set the weights of queues 0 through 7 to 1, 2, 4, 6, 8, 10, 12, and 14 respectively. Set the minimum guaranteed bandwidth of queue 0 to 128 kbps. Configuration procedure # Enter system view. <Sysname>...

  • Page 64: Configuration Example

    To do… Use the command… Remarks Required qos wrr queue-id group By default, all the ports use the WRR Configure WRR queuing group-id byte-count queuing, and the weight values assigned schedule-value to queue 0 through queue 7 are 1, 2, 3, 4, 5, 9, 13, and 15.

  • Page 65: Congestion Avoidance Configuration

    Congestion Avoidance Configuration This chapter includes these sections: Congestion Avoidance Overview Introduction to WRED Configuration Configuring WRED on an Interface Displaying and Maintaining WRED Congestion Avoidance Overview Avoiding congestion before it occurs to deteriorate network performance is a proactive approach to improving network performance.

  • Page 66: Introduction To Wred Configuration

    Introduction to WRED Configuration WRED Configuration Approach On an S5820X or S5800 series switch, WRED is implemented with WRED tables. WRED tables are created globally in system view and then applied to interfaces. Introduction to WRED Parameters Determine the following parameters before configuring WRED: The upper threshold and lower threshold: When the average queue size is smaller than the lower threshold, no packet is dropped.

  • Page 67: Configuration Example

    Configuration Example Network requirements Create a WRED table, and set the following parameters for red packets (with drop precedence 2) in queue 1: upper threshold to 100, lower threshold to 30, and drop probability to 50%. Then apply the WRED table to interface GigabitEthernet 1/0/1. Configuration procedure # Enter system view.

  • Page 68: Traffic Filtering Configuration

    Traffic Filtering Configuration This chapter includes these sections: Traffic Filtering Overview Configuring Traffic Filtering Traffic Filtering Configuration Example Traffic Filtering Overview You can filter in or filter out a class of traffic by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status.

  • Page 69: Traffic Filtering Configuration Example

    To do… Use the command… Remarks Return to system view quit — Create a policy and enter policy qos policy policy-name — view Associate the class with the classifier tcl-name behavior traffic behavior in the QoS — behavior-name policy Return to system view quit —...
  • Page 70 <DeviceA> system-view [DeviceA] acl number 3000 [DeviceA-acl-basic-3000] rule 0 permit tcp source-port eq 21 [DeviceA-acl-basic-3000] quit # Create a class named classifier_1, and use ACL 3000 as the match criterion in the class. [DeviceA] traffic classifier classifier_1 [DeviceA-classifier-classifier_1] if-match acl 3000 [DeviceA-classifier-classifier_1] quit # Create a behavior named behavior_1, and configure the traffic filtering action for the behavior to drop packets.

  • Page 71: Priority Marking Configuration

    Priority Marking Configuration This chapter includes these sections: Priority Marking Overview Configuring Priority Marking Priority Marking Configuration Example Priority Marking Overview Priority marking can be used together with priority mapping. For more information, see Priority Mapping Configuration. Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a class of IP traffic and thus change its transmission priority in the network.
  • Page 72 To do… Use the command… Remarks Set the 802.1p priority for packets or configure the remark dot1p { 8021p | Optional inner-to-outer tag priority customer-dot1p-trust } copying function Optional Set the drop precedence for remark drop-precedence Applicable to only the outgoing packets drop-precedence-value traffic...

  • Page 73: Priority Marking Configuration Example

    Table 9-1 shows the support for priority marking actions in the inbound and outbound directions. Table 9-1 Support for priority marking actions in the inbound and outbound directions Action Inbound Outbound Marking 802.1p priority Supported Supported Marking DSCP precedence Supported Supported Marking IP precedence Not supported...
  • Page 74 Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets with destination IP address 192.168.0.1. <Device> system-view [Device] acl number 3000 [Device-acl-adv-3000] rule permit ip destination 192.168.0.1 0 [Device-acl-adv-3000] quit # Create advanced ACL 3001, and configure a rule to match packets with destination IP address 192.168.0.2.

  • Page 75: Qos-Local-Id Marking Configuration Example

    [Device-qospolicy-policy_server] classifier classifier_mserver behavior behavior_mserver [Device-qospolicy-policy_server] classifier classifier_fserver behavior behavior_fserver [Device-qospolicy-policy_server] quit # Apply the policy named policy_server to the incoming traffic of interface GigabitEthernet 1/0/1. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] qos apply policy policy_server inbound [Device-GigabitEthernet1/0/1] quit QoS-Local-ID Marking Configuration Example QoS-local-ID marking mainly re-organizes packets of multiple classes into one class, so that you can perform a uniform set of actions on these packets as a class.
  • Page 76 [Sysname] qos policy car_policy [Sysname-qospolicy-car_policy] classifier class_a behavior behavior_a [Sysname-qospolicy-car_policy] classifier class_b behavior behavior_b Apply the QoS policy car_policy to the interface, and you can satisfy the network requirements.

  • Page 77: Traffic Redirecting Configuration

    Traffic Redirecting Configuration This chapter includes these sections: Traffic Redirecting Overview Configuring Traffic Redirecting Traffic Redirecting Overview Traffic redirecting redirects the packets that match the specific match criteria to a certain location for processing. Currently, the following traffic redirecting actions are supported: Redirecting traffic to the CPU: redirects packets which require processing by CPU to the CPU.
  • Page 78 To do… Use the command… Remarks Associate the class with the classifier tcl-name behavior traffic behavior in the QoS — behavior-name policy Return to system view — quit Applying the QoS policy to an To an interface interface Apply the —...

  • Page 79: Global Car Configuration

    CAR actions are created in system view and each can be referenced to police multiple traffic flows as a whole. Global CAR provides two types of CAR actions: aggregation CAR and hierarchical CAR. The S5800 series switches support aggregation CAR and hierarchical CAR; the S5820X series switches support only aggregation CAR. Aggregation CAR An aggregation CAR action is created globally and can be directly applied to interfaces or referenced in the traffic behaviors associated with different traffic classes to police multiple traffic flows as a whole.

  • Page 80: Configuring Global Car

    By using the two modes appropriately, you can improve bandwidth usage. Suppose there are two flows: a low priority data flow and a high priority, bursty video flow. Their total traffic rate cannot exceed 4096 kbps and the video flow must be guaranteed of at least 2048 kbps bandwidth.

  • Page 81: Referencing A Hierarchical Car In A Traffic Behavior

    To do… Use the command… Remarks Display information about display traffic behavior user-defined the configured traffic [ behavior-name ] Optional behavior Available in any view Display information about display qos car name [ car-name ] the aggregation CAR Referencing a Hierarchical CAR in a Traffic Behavior Configuration prerequisites You have determined the parameters in the hierarchical CAR.

  • Page 82: Displaying And Maintaining Global Car

    To do… Use the command… Remarks Available in any view Display the configuration and statistics for the specified display qos car name [ car-name ] hierarchical CAR Displaying and Maintaining Global CAR To do… Use the command… Remarks Required Display the statistics for the display qos car name specified global CAR [ car-name ]...

  • Page 83: And-Mode Hierarchical Car Configuration Example

    Configuration procedure # Configure an aggregation CAR according to the rate limit requirements. <Sysname> system-view [Sysname] qos car aggcar-1 aggregative cir 2560 cbs 20000 red discard # Create class 1 to match traffic of VLAN 10. Create behavior 1, and reference the aggregation CAR in the behavior.
  • Page 84 Figure 11-2 Network diagram for AND-mode hierarchical CAR configuration Configuration procedure # Configure a hierarchical CAR action according to the rate limit requirements. <Device> system-view [Device] qos car http hierarchy cir 256 red discard # Configure ACL 3000 to match HTTP packets. [Device] acl number 3000 [Device-acl-basic-3000] rule permit tcp destination-port eq 80 [Device-acl-basic-3000] quit...

  • Page 85: Or-Mode Hierarchical Car Configuration Example

    OR-Mode Hierarchical CAR Configuration Example Network requirements As shown in Figure 11-3, configure rate limiting for video traffic received from 192.168.0.2 and 192.168.0.3 on GigabitEthernet 1/0/1. Set the CIR to 256 kbps for both video streams according to their regular average rates. To guarantee that occasional large bursts can pass through, configure hierarchical CAR to limit the video traffic rate to 640 kbps, and drop the exceeding traffic.
  • Page 86 [Device-classifier-2] quit [Device] traffic behavior 2 [Device-behavior-2] car cir 256 hierarchy-car video mode or [Device-behavior-2] quit # Create a QoS policy named video, and associate class 1 with traffic behavior 1 and class 2 with behavior 2 in the QoS policy. [Device] qos policy video [Device-qospolicy-video] classifier 1 behavior 1 [Device-qospolicy-video] classifier 2 behavior 2...

  • Page 87: Class-Based Accounting Configuration

    Class-Based Accounting Configuration This chapter includes these sections: Class-Based Accounting Overview Configuring Class-Based Accounting Displaying and Maintaining Class-Based Accounting Class-Based Accounting Configuration Example Class-Based Accounting Overview Class-based accounting collects statistics (in packets or bytes) on a per-class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address.

  • Page 88: Displaying And Maintaining Class-Based Accounting

    To do… Use the command… Remarks Return to system view quit — Applying the QoS policy to an To an interface interface Apply the — To a VLAN Applying the QoS policy to a VLAN policy Applying the QoS policy globally Globally Displaying and Maintaining Class-Based Accounting After completing the configuration above, you can verify the configuration with the display qos policy...
  • Page 89 # Create a policy named policy, and associate class classifier_1 with behavior behavior_1 in the policy. [DeviceA] qos policy policy [DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1 [DeviceA-qospolicy-policy] quit # Apply the policy named policy to the incoming traffic of interface GigabitEthernet 1/0/1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] qos apply policy policy inbound [DeviceA-GigabitEthernet1/0/1] quit...

  • Page 90: Data Buffer Configuration

    Set independently, the packet resource and the cell resource work simultaneously to regulate data buffering. A packet can be buffered only when both resources are adequate. On the S5820X series switches, the data buffer is used through allocating only cell resources. Data Buffer Allocation To handle bursty traffic flexibly, the S5820X &...

  • Page 91: How The Shared Resource Is Used

    Both the cell resources and the packet resources are allocated as described below, but you can configure different allocation schemes for them. Figure 13-1 Buffer resource allocation on the S5820X and the S5800 series switches The dedicated buffer is allocated as follows: On a per-port basis: the switch automatically divides the dedicated resource among all ports evenly, as illustrated by the vertical lines in Figure...

  • Page 92: Configuring The Data Buffer

    queue 0 to use up to 6% of the shared resource space in the cell resource when its dedicated cell resource becomes full. How ports use the shared resource When all queues of a port are congested because the dedicated cell resource or packet resource space of the port becomes full, the port can use a certain portion of the shared resource.

  • Page 93: Manually Configuring The Data Buffer Setup

    To do… Use the command… Remarks Enter system view system-view — Required Enable the burst function burst-mode enable Disabled by default Manually Configuring the Data Buffer Setup Data buffer configuration is complicated and significantly impacts the forwarding performance of a device.
  • Page 94 The S5820X series switches do not support the packet resource. Configuring the minimum guaranteed resource size for a queue Follow these steps to configure the minimum guaranteed resource size for a queue: To do…...
  • Page 95 Configure the maximum shared buffer egress [ slot slot-number ] The S5820X series switches do not packet resource size for a queue packet queue queue-id shared support the packet resource.
  • Page 96 To do… Use the command… Remarks Enter system view system-view — Apply the data buffer settings Required buffer apply 13-7...

  • Page 97: Appendix A Default Priority Mapping Tables

    Appendix A Default Priority Mapping Tables Priority Mapping Tables Table 14-1 The default dot1p-lp and dot1p-dp priority mapping tables Input priority value dot1p-lp mapping dot1p-dp mapping 802.1p priority (dot1p) Local precedence (lp) Drop precedence (dp) Table 14-2 The default dscp-dp and dscp-dot1p priority mapping tables Input priority value dscp-dp mapping dscp-dot1p mapping...
  • Page 98 For the default dscp-dscp mappings, an input value yields an equal target value. 14-2...

  • Page 99: Appendix B Introduction To Packet Precedences

    Appendix B Introduction to Packet Precedences IP Precedence and DSCP Values Figure 15-1 ToS and DS fields As shown in Figure 15-1, the ToS field of the IP header contains eight bits, and the first three bits (0 to 2) represent IP precedence from 0 to 7. According to RFC 2474, the ToS field of the IP header is redefined as the differentiated services (DS) field, where a DSCP value is represented by the first six bits (0 to 5) and ranges from 0 to 63.

  • Page 100: 802.1P Priority

    DSCP value (decimal) DSCP value (binary) Description 001100 af12 001110 af13 010010 af21 010100 af22 010110 af23 011010 af31 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p Priority 802.1p priority lies in the Layer 2 header and applies to scenarios where Layer 3 header analysis is not needed and QoS must be assured at Layer 2.
  • Page 101 As shown in Figure 15-2, the 4-byte 802.1Q tag header comprises the tag protocol identifier (TPID, two bytes in length), whose value is 0x8100, and the tag control information (TCI, two bytes in length). Figure 15-3 presents the format of the 802.1Q tag header. The Priority field in the 802.1Q tag header is called the 802.1p priority, because its use is defined in IEEE 802.1p.

  • Page 102: Index

    Index Data Buffer Configuration Approaches 13-3 Data Buffer 13-1 ACL Classification Defining a Class ACL Numbering and Naming Defining a Policy Aggregation CAR Configuration Example Defining a Traffic Behavior 11-4 DiffServ Model Aggregation CAR 11-1 Displaying and Maintaining QoS Policies Application of ACLs on the Switch Applying an ACL for Packet Filtering 1-15...
  • Page 103 Priority Mapping Table and Priority Marking Configuration Example Priority Mapping Tables Priority Marking Configuration Example Priority Trust Mode on a Port QoS Processing Flow in a Device QoS-Local-ID Marking Configuration Example Referencing a Hierarchical CAR in a Traffic Behavior 11-3 Referencing an Aggregation CAR in a Traffic Behavior 11-2...

This manual is also suitable for:

S5800 series

Table of Contents