background image

By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility 
of inserting rules in an ACL. This feature is important for a config order ACL, where ACL rules are 
matched in ascending order of rule ID.  

Automatic rule numbering and renumbering 

The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step 
to the current highest rule ID, starting with 0. 

For example, if the numbering step is 5 (the default), and there are five ACL rules numbered 0, 5, 9, 
10, and 12, the newly defined rule is numbered 15. If the ACL does not contain any rule, the first rule 
is numbered 0.  

Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five 
rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be 
renumbered 0, 2, 4, 6, and 8.  

Implementing time-based ACL rules 

You can implement ACL rules based on the time of day by applying a time range to them. A 
time-based ACL rule only takes effect in any time periods specified by the time range.  

The following basic types of time range are available: 

 

Periodic time range

—Recurs periodically on a day or days of the week. 

 

Absolute time range

—Represents only a period of time and does not recur. 

You can specify a time range in ACL rules before or after you create it. However, the rules using the 
time range take effect only after you define the time range. 

IPv4 fragments filtering with ACLs 

Traditional packet filtering matches only first fragments of packets, and allows all subsequent 
non-first fragments to pass through. Attackers can fabricate non-first fragments to attack networks.  

To avoid the risks, the ACL implementation of Hewlett Packard Enterprise does the following: 

 

Filters all fragments by default, including non-first fragments. 

 

Allows for matching criteria modification, for example, filters non-first fragments only. 

Configuration task list 

 

Task Remarks 

Configuring a time range 

Optional. 

Applicable to IPv4 and IPv6. 

Configuring a basic ACL 

Required. 

Configure at least one task. 

Basic ACLs and advanced ACLs are applicable to 
IPv4 and IPv6. 

Configuring an advanced ACL 

Configuring an Ethernet frame header ACL 

Copying an ACL 

Optional. 

Applicable to IPv4 and IPv6. 

Summary of Contents for FlexNetwork 6600

Page 1: ...HPE FlexNetwork 6600 HSR6600 Routers ACL and QoS Configuration Guide Part number 5998 1491R Software version A6600_HSR6602 CMW520 R3303P25 Document version 6W105 20151231 ...

Page 2: ...nd 12 212 Commercial Computer Software Computer Software Documentation and Technical Data for Commercial Items are licensed to the U S Government under vendor s standard commercial license Links to third party websites take you outside the Hewlett Packard Enterprise website Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise ...

Page 3: ...tion examples 10 IPv4 advanced ACL configuration examples 10 IPv6 advanced ACL configuration example 12 QoS overview 15 QoS service models 15 Best effort service model 15 IntServ model 15 DiffServ model 15 QoS techniques overview 15 Deploying QoS in a network 16 QoS processing flow in a device 16 QoS configuration approaches 18 QoS configuration approach overview 18 MQC approach 18 Non MQC approac...

Page 4: ...acts and countermeasures of congestion 42 Congestion management policies 42 Congestion management technique comparison 47 Configuring the FIFO queue size 49 Configuration example 50 Configuring PQ 50 Configuration restrictions and guidelines 50 Configuration procedure 50 PQ configuration example 51 Configuring CQ 52 CQ configuration example 52 Configuring WFQ 53 WFQ configuration example 53 Config...

Page 5: ...splaying and maintaining WRED 81 WRED configuration example 82 Network requirements 82 Configuration procedure 82 Configuring traffic filtering 85 Configuration procedure 85 Traffic filtering configuration example 86 Network requirements 86 Configuration procedure 86 Configuring priority marking 87 Configuration procedure 87 Priority marking configuration example 88 Network requirements 88 Configu...

Page 6: ...dix 114 Appendix A Acronyms 114 Appendix B Default priority mapping tables 115 Appendix C Introduction to packet precedences 116 IP precedence and DSCP values 116 802 1p priority 117 EXP values 118 Configuring MPLS QoS 119 Overview 119 Configuring MPLS CAR 119 Configuring MPLS priority marking 120 Configuring MPLS congestion management 121 Configuration prerequisites 121 Configure MPLS PQ 121 Conf...

Page 7: ...e for HQoS through nesting QoS policies 146 Network requirements 146 Configuration procedures 146 Configuration example for implementing hierarchical CAR through nesting QoS policies 148 Network requirements 148 Configuration procedures 149 Configuration example for implementing HQoS in an MPLS network through nesting QoS policies 150 Network requirements 150 Configuration procedures 150 Configura...

Page 8: ...d naming ACLs Each ACL category has a unique range of ACL numbers You can assign the ACL a name for ease of identification After creating an ACL with a name you cannot rename it or delete its name For an IPv4 basic or advanced ACLs its ACL number and name must be unique in IPv4 and for an IPv6 basic or advanced ACL its ACL number and name must be unique in IPv6 Match order The rules in an ACL are ...

Page 9: ...resented in dotted decimal notation In contrast to a network mask the 0 bits in a wildcard mask represent do care bits and the 1 bits represent don t care bits If the do care bits in an IP address are identical to the do care bits in an IP address criterion the IP address matches the criterion All don t care bits are ignored The 0s and 1s in a wildcard mask can be noncontiguous For example 0 255 0...

Page 10: ...ny time periods specified by the time range The following basic types of time range are available Periodic time range Recurs periodically on a day or days of the week Absolute time range Represents only a period of time and does not recur You can specify a time range in ACL rules before or after you create it However the rules using the time range take effect only after you define the time range I...

Page 11: ...time2 date2 from time1 date1 to time2 date2 to time2 date2 By default no time range exists Repeat this command with the same time range name to create multiple statements for a time range Configuring a basic ACL Configuring an IPv4 basic ACL IPv4 basic ACLs match packets based only on source IP addresses To configure an IPv4 basic ACL Step Command Remarks 1 Enter system view system view N A 2 Crea...

Page 12: ...r acl6 number name acl6 name match order auto config By default no ACL exists IPv6 basic ACLs are numbered in the range of 2000 to 2999 You can use the acl ipv6 name acl6 name command to enter the view of a named ACL 3 Configure a description for the IPv6 basic ACL description text Optional By default an IPv6 basic ACL has no ACL description 4 Set the rule numbering step step step value Optional T...

Page 13: ...ACL description text Optional By default an IPv4 advanced ACL has no ACL description 4 Set the rule numbering step step step value Optional The default setting is 5 5 Create or edit a rule rule rule id deny permit protocol ack ack value fin fin value psh psh value rst rst value syn syn value urg urg value established counting destination dest addr dest wildcard any destination port operator port1 ...

Page 14: ...t an IPv6 advanced ACL has no ACL description 4 Set the rule numbering step step step value Optional The default setting is 5 5 Create or edit a rule rule rule id deny permit protocol ack ack value fin fin value psh psh value rst rst value syn syn value urg urg value established counting destination dest address dest prefix dest address dest prefix any destination port operator port1 port2 dscp ds...

Page 15: ...or the Ethernet frame header ACL description text Optional By default an Ethernet frame header ACL has no ACL description 4 Set the rule numbering step step step value Optional The default setting is 5 5 Create or edit a rule rule rule id deny permit cos vlan pri counting dest mac dest address dest mask lsap lsap type lsap type mask type protocol type protocol type mask source mac source address s...

Page 16: ...eeds up ACL lookup The acceleration effect increases with the number of ACL rules ACL acceleration uses memory To achieve the best trade off between memory and ACL processing performance Hewlett Packard Enterprise recommends enabling ACL acceleration for large ACLs for example ACLs containing more than 50 rules For example when you use a large ACL for a session based service you can enable ACL acc...

Page 17: ...d status of one or all time ranges display time range time range name all begin exclude include regular expression Available in any view Clear statistics for one or all IPv4 basic IPv4 advanced and Ethernet frame header ACLs reset acl counter acl number all name acl name Available in user view Clear statistics for one or all IPv6 basic and advanced ACLs reset acl ipv6 counter acl6 number all name ...

Page 18: ... work RouterA acl adv 3000 rule deny ip source any destination 192 168 0 100 0 RouterA acl adv 3000 quit Enable IPv4 firewall and apply IPv4 advanced ACL 3000 to filter outgoing packets on interface GigabitEthernet 1 0 1 RouterA firewall enable RouterA interface gigabitethernet 1 0 1 RouterA GigabitEthernet1 0 1 firewall packet filter 3000 outbound RouterA GigabitEthernet1 0 1 quit Verifying the c...

Page 19: ... during working hours RouterA display acl 3000 Advanced ACL 3000 named none 3 rules ACL s step is 5 rule 0 permit ip source 192 168 1 0 0 0 0 255 destination 192 168 0 100 0 rule 5 permit ip source 192 168 2 0 0 0 0 255 destination 192 168 0 100 0 time range work 4 times matched Active rule 10 deny ip destination 192 168 0 100 0 4 times matched The output shows rule 5 is active Rule 5 and rule 10 ...

Page 20: ...tion 1000 100 128 time range work RouterA acl6 adv 3000 rule deny ipv6 source any destination 1000 100 128 RouterA acl6 adv 3000 quit Enable IPv6 firewall and apply IPv6 advanced ACL 3000 to filter outgoing IPv6 packets on interface GigabitEthernet 1 0 1 RouterA firewall ipv6 enable RouterA interface gigabitethernet 1 0 1 RouterA GigabitEthernet1 0 1 firewall packet filter ipv6 3000 outbound Verif...

Page 21: ...hable Ping statistics for 1000 100 Packets Sent 4 Received 0 Lost 4 100 loss The output shows the database server cannot be pinged Display configuration and match statistics for IPv6 advanced ACL 3000 on Device A during working hours RouterA display acl ipv6 3000 Advanced IPv6 ACL 3000 named none 3 rules ACL s step is 5 rule 0 permit ipv6 source 1001 16 destination 1000 100 128 rule 5 permit ipv6 ...

Page 22: ...ommodate diverse QoS requirements This service model provides the most granularly differentiated QoS by identifying and guaranteeing definite QoS for each data flow In the IntServ model an application must request service from the network before it sends data IntServ signals the service request with the Resource Reservation Protocol RSVP All nodes receiving the request reserve resources as request...

Page 23: ...rops Traffic shaping usually applies to the outgoing traffic of a port Congestion management Provides a resource scheduling policy to determine the packet forwarding sequence when congestion occurs Congestion management usually applies to the outgoing traffic of a port Congestion avoidance Monitors the network resource usage and is usually applied to the outgoing traffic of a port When congestion ...

Page 24: ...ce Tokens Drop Other proce ssing Token bucket CAR Remark Toekn Classify the traffic Classification Packets to be sent out the interface Drop Other proces sing Drop Queuing Enqueue Queue0 Queue1 Queue2 Queue N Dequeue Transmit Queues Token bucket Traffic policing Traffic shaping Congestion avoidance CAR GTS WRED Congestion management ...

Page 25: ...fic and it uses the AND or OR operator If the operator is AND a packet must match all the criteria to match the class If the operator is OR a packet matches the class if it matches any of the criteria in the class A traffic behavior defines a set of QoS actions to take on packets such as priority marking and redirect By associating a traffic behavior with a class in a QoS policy you apply the spec...

Page 26: ...tem defined classes include The default class default class Matches the default traffic DSCP based predefined classes ef af1 af2 af3 af4 Matches IP DSCP value ef af1 af2 af3 af4 respectively IP precedence based predefined classes ip prec0 ip prec1 ip prec7 Matches IP precedence value 0 1 7 respectively MPLS EXP based predefined classes mpls exp0 mpls exp1 mpls exp7 Matches MPLS EXP value 0 1 7 res...

Page 27: ...d Uses the weighted random early detection WRED drop policy For more information about these system defined behaviors see Configuring congestion management To define a traffic behavior Step Command 1 Enter system view system view 2 Create a traffic behavior and enter traffic behavior view traffic behavior behavior name 3 Configure actions in the traffic behavior See the subsequent chapters dependi...

Page 28: ...gure generic traffic shaping GTS in the parent policy and make sure that the GTS bandwidth configured in the parent policy is equal to or greater than the CBQ bandwidth configured in the child policy If GTS bandwidth in the parent policy is configured in percentage the CBQ bandwidth in the child policy must be also configured in percentage If it is configured as an absolute number the CBQ bandwidt...

Page 29: ...on maintenance The most common local packets include link maintenance routing IS IS BGP RIP and OSPF for example LDP and SSH packets On some cards QoS policies can be applied but cannot take effect due to limited system resources In this case you can adjust related parameters for example reducing the number of queues according to system prompt and then apply a QoS policy again To apply the QoS pol...

Page 30: ...tive Applying the QoS policy to a VLAN You can apply a QoS policy to a VLAN to regulate traffic of the VLAN When you apply the QoS policy to a VLAN follow these guidelines QoS policies cannot be applied to dynamic VLANs such as VLANs created by GVRP When you apply a QoS policy to VLANs the QoS policy is applied to the specified VLANs on all interface cards If the hardware resources of an interface...

Page 31: ...e mode Display traffic behavior configurations display traffic behavior system defined user defined behavior name begin exclude include regular expression Available in any view Display traffic class configurations display traffic classifier system defined user defined classifier name begin exclude include regular expression Available in any view Clear the statistics of the QoS policy applied to a ...

Page 32: ...y These priorities include the following types Local precedence Local precedence is used for queuing A local precedence value corresponds to an output queue A packet with higher local precedence is assigned to a higher priority output queue to be preferentially scheduled Drop precedence Drop precedence is used for making packet drop decisions Packets with the highest drop precedence are dropped pr...

Page 33: ...ping table To configure a priority mapping table Step Command Remarks 1 Enter system view system view N A 2 Enter priority mapping table view qos map table dot1p dp dot1p lp dscp dot1p dscp dp dscp dscp For the DSCP to drop mapping table the router does not support mapping DSCP values to drop precedence 1 3 Configure the priority mapping table import import value list export export value Newly con...

Page 34: ...nterfaces To change the port priority of an interface Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter interface view interface interface type interface number Enter port group view port group manual port group name Use one of the commands Settings in interface view take effect on the current interface Settings in port group view take effect ...

Page 35: ...rnet1 0 1 qos trust dscp RouterC GigabitEthernet1 0 1 quit RouterC interface gigabitethernet 1 0 2 RouterC GigabitEthernet1 0 2 qos trust dscp RouterC GigabitEthernet1 0 2 quit 2 Method 2 Configure Router C to trust port priority Assign port priorities to GigabitEthernet 1 0 1 and GigabitEthernet 1 0 2 Make sure that the priority of GigabitEthernet 1 0 1 is higher than GigabitEthernet 1 0 2 and no...

Page 36: ...of Router which sets the 802 1p priority of traffic from the management department to 5 Configure port priority 802 1p to local mapping table and priority marking to implement the plan as described in Table 3 Table 3 Configuration plan Traffic destination Traffic priority order Queuing plan Traffic source Output queue Queue priority Public servers R D department management department marketing dep...

Page 37: ...outer GigabitEthernet1 0 3 qos priority 5 Router GigabitEthernet1 0 3 quit 2 Configure the priority mapping table Configure the 802 1p to local mapping table to map 802 1p priority values 3 4 and 5 to local precedence values 2 6 and 4 This guarantees the R D department management department and marketing department decreased priorities to access the public server Router qos map table dot1p lp Rout...

Page 38: ...s in the bucket is enough for forwarding the packets the traffic conforms to the specification and is called conforming traffic Otherwise the traffic does not conform to the specification and is called excess traffic A token bucket has the following configurable parameters Mean rate at which tokens are put into the bucket The permitted average rate of traffic It is usually set to the committed inf...

Page 39: ... to prevent aggressive use of network resources by a certain application For example you can limit bandwidth for HTTP packets to less than 50 of the total If the traffic of a certain session exceeds the limit traffic policing can drop the packets or reset the IP precedence of the packets Figure 9 shows an example of policing outbound traffic on an interface Figure 9 Traffic policing Traffic polici...

Page 40: ...n enough tokens are in the token bucket the buffered packets are sent at an even rate Traffic shaping can result in additional delay and traffic policing does not Figure 10 GTS For example in Figure 11 Router B performs traffic policing on packets from Router A and drops packets exceeding the limit To avoid packet loss you can perform traffic shaping on the outgoing interface of Router A so packet...

Page 41: ...until efficient tokens are generated in the token bucket It restricts the traffic rate to the rate for generating tokens Rate limit controls the total rate of all packets on a physical interface It is easier to use than traffic policing in controlling the total traffic rate on a physical interface Configuration task list Task Remarks Configuring traffic policing Configuring traffic policing by usi...

Page 42: ...tion red action yellow action The pir peak information rate and yellow action options are supported only on SAP modules operating in bridge mode For a QoS policy implemented in hardware if you set the CIR or PIR to a value that is not an integral multiple of 64 the system automatically converts the value into the nearest integral multiple of 64 that is greater than the value For example if you set...

Page 43: ...n rate cbs committed burst size ebs excess burst size green action red action N A Configuring ACL based traffic policing Step Command 1 Enter system view system view 2 Configure an ACL See Configuring ACLs 3 Enter interface view interface interface type interface number 4 Configure an ACL based CAR policy on the interface qos car inbound outbound acl ipv6 acl number cir committed information rate ...

Page 44: ...te a policy and enter policy view qos policy policy name N A 9 Associate the class with the traffic behavior in the QoS policy classifier classifier name behavior behavior name N A 10 Return to system view quit N A 11 Apply the QoS policy Applying the QoS policy to an interface or PVC Applying the QoS policy to a VLAN Choose one of the application destinations as needed Configuring GTS by using th...

Page 45: ...tion rate cbs committed burst size ebs excess burst size queue length queue length N A Configuring GTS for all traffic Step Command 1 Enter system view system view 2 Enter interface view interface interface type interface number 3 Configure GTS on the interface qos gts any cir committed information rate cbs committed burst size ebs excess burst size queue length queue length Configuring the rate l...

Page 46: ...play qos carl carl index begin exclude include regular expression Available in any view Display the CAR information on the specified interface display qos car interface interface type interface number begin exclude include regular expression Available in any view Display interface GTS configuration information display qos gts interface interface type interface number begin exclude include regular ...

Page 47: ...ding rate on GigabitEthernet 1 0 2 of Router B to 1000 kbps and the excess packets are dropped Figure 13 Network diagram Configuration procedure 1 Configure Router A Configure GTS on GigabitEthernet 1 0 3 shaping the packets when the sending rate exceeds 500 kbps to decrease the packet loss rate of GigabitEthernet 1 0 1 of Router B RouterA system view RouterA interface gigabitethernet 1 0 3 Router...

Page 48: ...k requirements As shown in Figure 14 limit the rate of packets entering GigabitEthernet 1 0 2 of the Router as follows perform per IP address rate limiting for traffic sourced from Host A through Host Z which are on the network segment 2 1 1 1 through 2 1 1 100 with the per IP address rate limit being 500 bps and make traffic from all IP addresses on the network segment share the remaining bandwid...

Page 49: ...avoidable in switched networks or multiuser application environments To improve the service performance of your network take measures to manage and control it One major issue that congestion management deals with is defining a resource dispatching policy to prioritize packets for forwarding when congestion occurs Congestion management policies Queuing is a common congestion management technique It...

Page 50: ...e forwarding of critical traffic use other queue scheduling mechanisms where multiple queues can be configured Within each queue however FIFO is still used By default FIFO queuing is used on interfaces PQ Figure 17 Priority queuing PQ Priority queuing is designed for mission critical applications The key feature of mission critical applications is they require preferential service to reduce the re...

Page 51: ... define traffic classification rules and assign a percentage of interface PVC bandwidth for each customer queue By default packets are assigned to queue 1 During a cycle of queue scheduling CQ first empties the system queue Then it schedules the 16 queues in a round robin way it sends a certain number of packets based on the percentage of interface bandwidth assigned for each queue out of each que...

Page 52: ...of traffic protocol type TCP or UDP source destination port numbers source destination IP addresses IP precedence bits in the ToS field and so on and try to provide as many queues as possible so that each traffic flow can be put into these queues to balance the delay of every traffic flow on a whole When dequeuing packets WFQ assigns the outgoing interface bandwidth to each traffic flow by precede...

Page 53: ...he packets of all priority classes are assigned to the same priority queue Bandwidth restriction on each class of packets is checked before the packets are enqueued During the dequeuing operation packets in the priority queue are transmitted first Packets in other queues are scheduled by using WFQ To reduce the delay of the other queues except the priority queue LLQ assigns the maximum available b...

Page 54: ...vice data transmission Congestion management technique comparison Breaking through the single congestion management policy of FIFO for traditional IP devices the device provides all the congestion management techniques described above to offer powerful QoS capabilities meeting different QoS requirements of different applications Table 4 Congestion management technique comparison Type Number of que...

Page 55: ...ns Bandwidth reassignment to increase bandwidth for each class when packets of certain classes are not present Need to configure low processing speed WFQ Configurable Easy to configure Bandwidth guarantee for packets from cooperative interactive sources such as TCP packets Reduced jitter Reduced delay for interactive applications with a small amount of data Bandwidth assignment based on traffic pr...

Page 56: ...overheads are large If the burst traffic is too heavy increase the queue length to make queue scheduling more accurate Configuring the FIFO queue size This feature is not supported on SAP modules operating in bridge mode FIFO is the default queue scheduling mechanism for an interface or PVC and the FIFO queue size is configurable To configure the FIFO queue size Step Command Remarks 1 Enter system...

Page 57: ...s PQ applies to all physical interfaces except interfaces using the X 25 or LAPB protocol at the data link layer You must enable the rate limit function for the queuing function to take effect on these interfaces tunnel interfaces subinterfaces Layer 3 aggregate interfaces HDLC link bundle interfaces RPR logical interfaces and VT interfaces configured with PPPoE PPPoA or PPPoEoA Configuration proc...

Page 58: ...cal packets from Server are transmitted preferentially when congestion occurs in the network Figure 22 Network diagram Configuration procedure Configure Router A Configure ACLs to match the packets from Server and Host A respectively RouterA acl number 2001 RouterA acl basic 2001 rule permit source 1 1 1 1 0 0 0 0 RouterA acl number 2002 RouterA acl basic 2002 rule permit source 1 1 1 2 0 0 0 0 Co...

Page 59: ...Specify the default queue qos cql cql index default queue queue number Optional This command specifies the queue to which unmatched packets are assigned 4 Set the length of a queue qos cql cql index queue queue number queue length queue length Optional 5 Configure the bytes sent from a queue during a cycle of round robin queue scheduling qos cql cql index queue queue number serving byte count Opti...

Page 60: ...Q related parameters If WFQ is configured for the interface the qos wfq command can modify the WFQ related parameters To configure WFQ Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Configure WFQ qos wfq dscp precedence queue length max queue length queue number total queue number By default FIFO applies 4 Display int...

Page 61: ...ively Predefined traffic behaviors The system predefines some traffic behaviors and defines QoS features for them ef Assigns a class of packets to the EF queue and assigns 20 of the available interface PVC bandwidth to the class of packets af Assigns a class of packets to the AF queue and assigns 20 of the available interface PVC bandwidth to the class of packets be Defines no features be flow bas...

Page 62: ...onfigure AF and the minimum guaranteed bandwidth Step Command Remarks 1 Enter system view system view N A 2 Create a traffic behavior and enter traffic behavior view traffic behavior behavior name The specified behavior name cannot be the name of any system defined behavior 3 Configure AF and the minimum guaranteed bandwidth queue af bandwidth bandwidth pct percentage N A Configuring EF and the ma...

Page 63: ... enter traffic behavior view traffic behavior behavior name The specified traffic behavior name cannot be the name of any system defined behavior 3 Set the maximum queue size queue length queue length N A Check that the queue af command or the queue wfq command has been configured before you configure the queue length command Executing the undo queue af command or the undo queue wfq command cancel...

Page 64: ...e DSCP based WRED has been enabled with the wred dscp command Disabling WRED also removes the wred dscp command configuration Removing the queue af or queue wfq command configuration also removes the WRED related parameters To configure the lower limit upper limit and drop probability denominator for a DSCP value in WRED Step Command Remarks 1 Enter system view system view N A 2 Create a traffic b...

Page 65: ...cy policy name N A 3 Associate a traffic behavior with a class in the policy classifier classifier name behavior behavior name classifier name Class name It must be the name of an existing system defined or user defined class behavior name Name of a behavior It must be the name of an existing system defined or user defined behavior Applying the QoS policy Use the qos apply policy command to apply ...

Page 66: ...e qos max bandwidth command so do the AF and EF queues synchronized to the sub channel interfaces for example VA interfaces or B channels Sub channel interface bandwidth is ignored Because the QoS configurations of the primary channel interface and the sub channel interfaces are the same prompts are output only for the primary channel interface If the qos max bandwidth command is not configured AF...

Page 67: ...um interface available bandwidth Enter system view Sysname system view Enter interface view Sysname interface gigabitethernet 1 0 1 Configure the maximum available bandwidth on interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 qos max bandwidth 60 Setting the maximum reserved bandwidth as a percentage of available bandwidth The maximum reserved bandwidth is set on a per interface basis ...

Page 68: ...ession Available in any view Display interface or PVC CBQ configuration information display qos cbq interface interface type interface number pvc pvc name vpi vci vpi vci begin exclude include regular expression Available in any view CBQ configuration example Network requirements As shown in Figure 23 configure a QoS policy to meet the following requirements Traffic from Router C is classified int...

Page 69: ... pct 5 RouterA behavior af21_behav quit Define a traffic behavior and enable EF and set a maximum bandwidth percentage of 30 both bandwidth and delay are guaranteed for EF traffic in the traffic behavior RouterA traffic behavior ef_behav RouterA behavior ef_behav queue ef bandwidth pct 30 RouterA behavior ef_behav quit Define a QoS policy and associate the configured traffic behaviors with classes...

Page 70: ...ximum reserved bandwidth is configured as 70 of the available bandwidth Configuration procedure Enter system view Sysname system view Enter interface view Sysname interface serial 1 1 1 Configure the maximum reserved bandwidth as 70 of the available bandwidth on Serial 1 1 1 Sysname Serial1 1 1 qos reserved bandwidth pct 70 Configure RTP priority queuing on interface Serial 1 1 1 the start port nu...

Page 71: ...interface serial 1 1 1 Set the number of QoS tokens to 1 and re enable the interface to make the configuration take effect Sysname Serial1 1 1 qos qmtoken 1 Sysname Serial1 1 1 shutdown Sysname Serial1 1 1 undo shutdown Configuring packet information pre extraction On a logical interface such as a tunnel RPR logical Layer 3 aggregate or HDLC link bundle interface if the interface has processed the...

Page 72: ...n about tunnel interfaces see Layer 3 IP Services Configuration Guide For more information about RPR logical interfaces see High Availability Configuration Guide For more information about Layer 3 aggregate interfaces see Layer 2 LAN Switching Configuration Guide For more information about HDLC link bundle interfaces see Layer 2 WAN Configuration Guide Configuration example Network requirements En...

Page 73: ...lti user application environments To improve the service performance of your network take proper measures to address the congestion issues The key to congestion management is how to define a dispatching policy for resources to decide the order of forwarding packets when congestion occurs Congestion management techniques Congestion management uses queuing and scheduling algorithms to classify and s...

Page 74: ...s and transmitted when the high priority queues are empty The disadvantage of SP queuing is that packets in the lower priority queues cannot be transmitted if packets exist in the higher priority queues This might cause lower priority traffic to starve to death The router supports basic SP queuing which contains multiple queues with each queue corresponding to a different priority These queues are...

Page 75: ...nner Group based WRR queuing All the queues are scheduled by WRR You can divide the output queue to WRR priority queue group 1 and WRR priority queue group 2 Round robin queue scheduling is performed for group 1 first If group 1 is empty round robin queue scheduling is performed for group 2 WRR queuing with the maximum delay Assures that packets in the highest priority queue are transmitted within...

Page 76: ...ches To manage hardware congestion you can do the following Configure queue scheduling for each queue in interface view or port group view as described in Configuring per queue hardware congestion management Configure queue scheduling in a QoS policy as described in Configuring CBQ Complete the following tasks to achieve hardware congestion management Task Remarks Configuring per queue hardware co...

Page 77: ...the default WRR scheduling value and are assigned to the default WRR priority group Configuration procedure Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter interface view interface interface type interface number Enter port group view port group manual port group name Settings in interface view take effect on the current interface Settings i...

Page 78: ...clude regular expression Optional Available in any view Configuration example 1 Network requirements Enable WRR queuing on interface GigabitEthernet 1 0 1 Assign queue 0 and queue 1 to the SP group Assign queue 2 queue 3 and queue 4 to WRR group 1 with the weight of 1 5 and 10 respectively Assign queue 5 and queue 6 to WRR group 2 with the weight of 20 and 10 respectively 2 Configuration procedure...

Page 79: ...l Available in any view Configuration example 1 Network requirements Configure WFQ queues on an interface and assign the scheduling weight 1 5 10 20 and 10 to queue 1 queue 3 queue 4 queue 5 and queue 6 respectively 2 Configuration procedure Enter system view Sysname system view Configure WFQ queues on GigabitEthernet 1 0 1 Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 qos w...

Page 80: ...ny system defined behavior 3 Configure AF and the minimum guaranteed bandwidth queue af bandwidth bandwidth N A You can apply this traffic behavior only to the outgoing traffic of an interface or ATM PVC Configuring EF and the maximum bandwidth Step Command Remarks 1 Enter system view system view N A 2 Create a traffic behavior and enter traffic behavior view traffic behavior behavior name The spe...

Page 81: ...icy including the WRED traffic behavior is applied to an interface the previous interface level WRED configuration gets invalid Defining a QoS policy To associate a traffic behavior with a specific class in policy view Step Command Remarks 1 Enter system view system view N A 2 Create a policy and enter policy view qos policy policy name N A 3 Associate a traffic behavior with a class in the policy...

Page 82: ...behavior configuration information display traffic behavior system defined user defined behavior name begin exclude include regular expression Available in any view Display QoS policy configuration information display qos policy system defined user defined policy name classifier classifier name begin exclude include regular expression Available in any view Display interface PVC QoS policy configur...

Page 83: ...s if match dscp ef RouterA classifier ef_class quit Define two traffic behaviors Enable AF and set the minimum guaranteed bandwidth to 500 kbps in each traffic behavior RouterA traffic behavior af11_behav RouterA behavior af11_behav queue af bandwidth 500 RouterA behavior af11_behav quit RouterA traffic behavior af21_behav RouterA behavior af21_behav queue af bandwidth 500 RouterA behavior af21_be...

Page 84: ... QoS policy to the outgoing traffic of ATM PVC ATM 1 0 RouterA interface 2 1 1 RouterA atm2 1 1 ip address 1 1 1 1 255 255 255 0 RouterA atm2 1 1 pvc qostest 0 40 RouterA atm pvc atm2 1 1 0 40 qostest qos apply policy dscp outbound When congestion occurs Router A will forward EF traffic preferentially ...

Page 85: ...ng rates always exist The RED or WRED algorithm sets an upper threshold and lower threshold for each queue and processes the packets in a queue as follows When the queue size is shorter than the lower threshold no packet is dropped When the queue size reaches the upper threshold all subsequent packets are dropped When the queue size is between the lower threshold and the upper threshold the receiv...

Page 86: ...ameters before configuring WRED The upper threshold and lower threshold When the average queue size is smaller than the lower threshold no packet is dropped When the average queue size is between the lower threshold and the upper threshold the packets are dropped at random The longer the queue is the higher the drop probability is When the average queue size exceeds the upper threshold subsequent ...

Page 87: ...WRED on interface GigabitEthernet 1 0 1 Set the following parameters for packets with IP precedence 3 lower threshold 20 upper threshold 40 and drop probability denominator 15 Set the exponential factor for the average queue size calculation to 6 Configuration procedure Enter system view Sysname system view Enter interface view Sysname interface gigabitethernet 1 0 1 Enable IP precedence based WRE...

Page 88: ...l port group name Settings in interface view take effect on the current interface Settings in port group view take effect on all ports in the port group 5 Apply the WRED table to the interface or port group qos wred apply table name A queue based WRED table is available on only Layer 2 ports 6 Display the configuration of a WRED table or all WRED tables display qos wred table table name begin excl...

Page 89: ...going interface Serial 2 1 1 congestion might occur on Serial 2 1 1 Perform configurations to meet the following requirements 1 Critical traffic from Server and Telephone is transmitted preferentially when congestion occurs in the network 2 Certain bandwidth is guaranteed for traffic from Host A and Host B to reduce traffic delay 3 When congestion deteriorates packets are dropped based on preceden...

Page 90: ...traffic behavior behavior3 Router behavior behavior3 remark ip precedence 3 Router behavior behavior3 quit Router traffic behavior behavior4 Router behavior behavior4 remark ip precedence 2 Router behavior behavior4 quit Router qos policy aa Router qospolicy aa classifier class1 behavior behavior1 Router qospolicy aa classifier class2 behavior behavior2 Router qospolicy aa classifier class3 behavi...

Page 91: ...er Serial2 1 1 qos wred ip precedence 3 low limit 10 high limit 180 discard probability 15 Router Serial2 1 1 qos wred ip precedence 2 low limit 10 high limit 180 discard probability 15 Router Serial2 1 1 quit ...

Page 92: ...fic behavior behavior name N A 6 Configure the traffic filtering action filter deny permit deny Drops packets permit Permits packets to pass through 7 Return to system view quit N A 8 Create a policy and enter policy view qos policy policy name N A 9 Associate the class with the traffic behavior in the QoS policy classifier classifier name behavior behavior name N A 10 Return to system view quit N...

Page 93: ...terion in the class Router traffic classifier classifier_1 Router classifier classifier_1 if match acl 3000 Router classifier classifier_1 quit Create a behavior named behavior_1 and configure the traffic filtering action to drop packets Router traffic behavior behavior_1 Router behavior behavior_1 filter deny Router behavior behavior_1 quit Create a policy named policy and associate class classif...

Page 94: ...ackets remark dscp dscp value Optional 7 Set the 802 1p priority for packets or configure the inner to outer tag priority copying function remark dot1p 8021p Optional 8 Set the IP precedence for packets remark ip precedence ip precedence value Optional 9 Set the local precedence for packets remark local precedence local precedence Optional 10 Set the QoS local ID for packets remark qos local id lo...

Page 95: ...v 3000 rule permit ip destination 192 168 0 1 0 Router acl adv 3000 quit Create advanced ACL 3001 and configure a rule to match packets with destination IP address 192 168 0 2 Router acl number 3001 Router acl adv 3001 rule permit ip destination 192 168 0 2 0 Router acl adv 3001 quit Create advanced ACL 3002 and configure a rule to match packets with destination IP address 192 168 0 3 Router acl n...

Page 96: ...ing the DSCP value to 24 Router traffic behavior behavior_mserver Router behavior behavior_mserver remark dscp 24 Router behavior behavior_mserver quit Create a behavior named behavior_fserver and configure the action of setting the DSCP value to 16 Router traffic behavior behavior_fserver Router behavior behavior_fserver remark dscp 16 Router behavior behavior_fserver quit Create a policy named p...

Page 97: ...c to an interface are mutually exclusive with each other in the same traffic behavior You can use the display traffic behavior system defined user defined behavior name begin exclude include regular expression command to view the traffic redirecting configuration Configuration procedure To configure traffic redirecting Step Command Remarks 1 Enter system view system view N A 2 Create a class and e...

Page 98: ...GigabitEthernet 1 0 3 Other packets received on GigabitEthernet 1 0 1 of Router A are forwarded out of GigabitEthernet 1 0 4 Figure 33 Network diagram Configuration procedure Create basic ACL 2000 and configure a rule to match packets with source IP address 2 1 1 1 RouterA system view RouterA acl number 2000 RouterA acl basic 2000 rule permit source 2 1 1 1 0 RouterA acl basic 2000 quit Create bas...

Page 99: ...ffic to interface GigabitEthernet 1 0 3 RouterA traffic behavior behavior_2 RouterA behavior behavior_2 redirect interface GigabitEthernet 1 0 3 RouterA behavior behavior_2 quit Create a behavior named behavior_3 and configure the action of redirecting traffic to interface GigabitEthernet 1 0 4 RouterA traffic behavior behavior_3 RouterA behavior behavior_3 redirect interface gigabitethernent 1 0 ...

Page 100: ... configuration guaranteeing key applications high priority treatment and protecting customer investment Configuring DAR for P2P traffic recognition DAR uses a mtd P2P signature file for P2P traffic identification It compares the content of every incoming packet with the signature file If a match is found DAR processes the packet as a P2P packet Loading the P2P signature file To identify P2P traffi...

Page 101: ...n dar enable By default P2P traffic recognition is disabled Configuring protocol match criteria To apply QoS policies to data streams to set packet priority or allocate bandwidth for example use DAR to classify the data streams first To configure protocol match criteria Step Command Remarks 1 Enter system view system view N A 2 Enter class view traffic classifier classifier name operator and or N ...

Page 102: ...reset dar protocol statistic protocol protocol name interface interface type interface number all Available in user view Blocking P2P downloading configuration example Network requirements As shown in Figure 34 configure the router to prevent BT clients or eMule eDonkey clients on the PCs from downloading files from the Internet Figure 34 Network diagram Configuration procedure Load the P2P signat...

Page 103: ... classifier bt behavior deny Router qospolicy p2p quit Enable P2P traffic recognition on GigabitEthernet 1 1 and apply the QoS policy to the incoming traffic of GigabitEthernet 1 0 1 Router interface gigabitethernet 1 1 Router GigabitEthernet1 1 dar enable Router GigabitEthernet1 1 qos apply policy p2p inbound Run the BT client and the eMule eDonkey client on a connected PC and start to download f...

Page 104: ...tem view quit N A 5 Create a behavior and enter behavior view traffic behavior behavior name N A 6 Configure the accounting action accounting Optional The router supports packet based accounting 7 Return to system view quit N A 8 Create a policy and enter policy view qos policy policy name N A 9 Associate the class with the traffic behavior in the QoS policy classifier classifier name behavior beh...

Page 105: ...er classifier classifier_1 quit Create a behavior named behavior_1 and configure the traffic accounting action Router traffic behavior behavior_1 Router behavior behavior_1 accounting Router behavior behavior_1 quit Create a policy named policy and associate class classifier_1 with behavior behavior_1 in the policy Router qos policy policy Router qospolicy policy classifier classifier_1 behavior b...

Page 106: ...99 Rule s If match acl 2000 Behavior behavior_1 Accounting Enable 28529 Packets ...

Page 107: ...s a routing policy to set route attributes for BGP routes before advertising them The BGP receiver uses a routing policy to match routes based on these route attributes and sets IP precedence and QoS local ID for the matching routes 1 Compares the routes with the incoming route policy based on their BGP AS path prefix or community attributes 2 Applies the IP precedence and QoS local ID to the matc...

Page 108: ...e information see Layer 3 IP Routing Configuration Guide and Layer 3 IP Routing Command Reference Configuring a routing policy Configure a routing policy to match the route attributes set by the route sender and set the IP precedence QoS local ID or both for the matching routes For more information see Layer 3 IP Routing Configuration Guide and Layer 3 IP Routing Command Reference Enabling QPPB on...

Page 109: ...s As shown in Figure 36 all routers run BGP Configure QPPB so that Router B can receive routes set IP precedence and QoS local IDs according to the routing policy and use the QoS policy to limit the traffic rate to 512 kbps Figure 36 Network diagram Configuration procedure 1 Configure IP addresses for each interface Details not shown 2 Configure Router A Configure a BGP connection to Router B and ...

Page 110: ... 512 green pass red discard RouterB behavior qppb quit RouterB qos policy qppb RouterB qospolicy qppb classifier qppb behavior qppb RouterB qospolicy qppb quit Apply QoS policy qppb to incoming traffic on interface Serial 2 1 1 RouterB interface serial 2 1 1 RouterB Serial2 1 1 qos apply policy qppb inbound RouterB Serial2 1 1 quit 4 Verify the configuration Check whether the related route on Rout...

Page 111: ...s 0 Bytes Red 0 Packets 0 Bytes QPPB configuration example in an MPLS L3VPN Network requirements As shown in Figure 37 all routers run BGP Configure QPPB so that Router C can receive routes set the QPPB QoS local IDs and use the QoS policy to limit the traffic rate to 2 Mbps in each direction Figure 37 Network diagram Device Interface IP address Device Interface IP address Router A GE1 0 1 192 168...

Page 112: ...ily vpn instance vpn1 RouterB bgp vpn1 peer 167 1 1 2 as number 100 RouterB bgp vpn1 quit RouterB bgp ipv4 family vpnv4 RouterB bgp af vpnv4 peer 2 2 2 2 enable RouterB bgp af vpnv4 quit RouterB bgp quit Configure MPLS RouterB mpls lsr id 1 1 1 1 RouterB mpls RouterB mpls quit RouterB mpls ldp RouterB mpls ldp quit Configure OSPF RouterB ospf RouterB ospf 1 area 0 RouterB ospf 1 area 0 0 0 0 netwo...

Page 113: ...uit RouterC bgp ipv4 family vpnv4 RouterC bgp af vpnv4 peer 1 1 1 1 enable RouterC bgp af vpnv4 peer 1 1 1 1 route policy qppb import RouterC bgp af vpnv4 quit RouterC bgp quit Configure a routing policy RouterC route policy qppb permit node 0 RouterC route policy apply qos local id 1023 RouterC route policy quit Configure MPLS RouterC mpls lsr id 2 2 2 2 RouterC mpls RouterC mpls quit RouterC mpl...

Page 114: ...net1 0 1 qos apply policy qppb inbound RouterC GigabitEthernet1 0 1 qos apply policy qppb outbound 5 Configure Router D Configure a BGP connection RouterD system view RouterD bgp 300 RouterD bgp peer 169 1 1 2 as number 200 RouterD bgp import direct RouterD bgp quit 6 Verify the configuration Check whether the related routes on Router A take effect RouterA display ip routing table Routing Tables P...

Page 115: ... 32 Direct 0 0 127 0 0 1 InLoop0 168 1 1 0 24 Direct 0 0 168 1 1 1 S2 1 1 168 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 RouterC display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations 6 Routes 6 Destination Mask Proto Pre Cost NextHop Interface 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 169 1 1 0 24 Direct 0 0 169 1 1 2 GE1 0 1 169 1 1 2 32 D...

Page 116: ...l id 1023 Behavior qppb Committed Access Rate CIR 2000 kbps CBS 125000 byte EBS 0 byte Green Action pass Red Action discard Green 0 Packets 0 Bytes Red 0 Packets 0 Bytes Direction Outbound Policy qppb Classifier default class Matched 0 Packets 0 Bytes 5 minute statistics Forwarded 0 0 pps bps Dropped 0 0 pps bps Rule s If match any Behavior be none Classifier Matched 0 Packets 0 Bytes 5 minute sta...

Page 117: ...gp 1000 RouterA bgp ipv6 family RouterA bgp af ipv6 peer 168 2 as number 2000 RouterA bgp af ipv6 network 1 64 RouterA bgp af ipv6 quit RouterA bgp quit 3 Configure Router B Configure BGP RouterB system view RouterB bgp 2000 RouterB bgp ipv6 family RouterB bgp af ipv6 peer 168 1 as number 1000 RouterB bgp af ipv6 peer 168 1 route policy qppb import RouterB bgp af ipv6 network 2 64 RouterB bgp af i...

Page 118: ...he related routes on Router A take effect RouterA display ipv6 routing table Routing Table Destinations 7 Routes 7 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 1 64 Protocol Direct NextHop 1 1 Preference 0 Interface GE1 0 1 Cost 0 Destination 1 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2 64 Protocol BGP4 NextH...

Page 119: ...extHop 168 2 Preference 0 Interface S2 1 1 Cost 0 Destination 168 2 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 Display the QoS policy configuration information of GigabitEthernet 1 0 1 on Router B RouterB display qos policy interface gigabitethernet 1 0 1 Interface GigabitEthernet1 0 1 Directio...

Page 120: ...0 0 pps bps Dropped 0 0 pps bps Operator AND Rule s If match ip precedence 4 Behavior qppb Committed Access Rate CIR 512 kbps CBS 125000 byte EBS 0 byte Green Action pass Red Action discard Green 0 Packets 0 Bytes Red 0 Packets 0 Bytes ...

Page 121: ...Data Center Bridging Exchange Protocol DiffServ Differentiated Service DoS Denial of Service DSCP Differentiated Services Code Point EBS Excess Burst Size EF Expedited Forwarding FIFO First in First out FQ Fair Queuing GTS Generic Traffic Shaping IntServ Integrated Service ISP Internet Service Provider LLQ Low Latency Queuing LSP Label Switched Path P2P Peer to Peer MPLS Multiprotocol Label Switch...

Page 122: ... default dscp dscp priority mapping table an input value yields a target value equal to it Table 6 Default dot1p lp and dot1p dp priority mapping tables Input priority value dot1p lp mapping dot1p dp mapping 802 1p priority dot1p Local precedence lp Drop precedence dp 0 2 0 1 0 0 2 1 0 3 3 0 4 4 0 5 5 0 6 6 0 7 7 0 Table 7 Default dscp dp and dscp dot1p priority mapping tables Input priority value...

Page 123: ...dence from 0 to 7 According to RFC 2474 the ToS field in the IPv4 header or the Traffic Classes field in the IPv6 header is redefined as the DS field where a DSCP value is represented by the first 6 bits 0 to 5 and is in the range of 0 to 63 The remaining 2 bits 6 and 7 are reserved Table 8 IP precedence IP precedence decimal IP precedence binary Description 0 000 Routine 1 001 priority 2 010 imme...

Page 124: ...ader and applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2 Figure 40 An Ethernet frame with an 802 1Q tag header As shown in Figure 40 the 4 byte 802 1Q tag header consists of the TPID 2 bytes in length whose value is 0x8100 and the TCI 2 bytes in length Figure 41 shows the format of the 802 1Q tag header The Priority field in the 802 1Q tag header...

Page 125: ...best effort 1 001 background 2 010 spare 3 011 excellent effort 4 100 controlled load 5 101 video 6 110 voice 7 111 network management EXP values The EXP field is in MPLS labels for MPLS QoS purposes Figure 42 MPLS label structure As shown in Figure 42 the EXP field is 3 bits long and is in the range of 0 to 7 ...

Page 126: ... marking for each class of packets When a PE labels a packet it maps the IP precedence to the EXP field of the label In this way the class information carried in the IP header is carried in the label Differentiated dispatching such as PQ WFQ or CBQ is performed between a P device and a PE according to the EXP field to provide differentiated QoS for labeled traffic on an LSP The EXP field in an MPL...

Page 127: ...ic MPLS configurations For more information about basic MPLS configurations see MPLS Configuration Guide To configure MPLS priority marking Step Command Remarks 1 Enter system view system view N A 2 Create a traffic class and enter traffic class view traffic classifier classifier name operator and or The classifier name argument cannot be the name of any system defined traffic class The default op...

Page 128: ...Q and CQ for MPLS Configuration prerequisites Complete basic MPLS configurations For more information about basic MPLS configurations see MPLS Configuration Guide Configure MPLS PQ Step Command 1 Enter system view system view 2 Configure a PQ list qos pql pql index protocol mpls exp exp value list queue bottom middle normal top 3 Enter interface view interface interface type interface number 4 App...

Page 129: ...1 on PE 1 and set the EXP field value for an MPLS packet according to the DSCP attribute of the MPLS packets On the device P classify traffic on the basis of the EXP field and configure flow based CBQ guarantee 10 of the bandwidth for traffic with an EXP value of 1 guarantee 20 of the bandwidth for traffic with an EXP value of 2 guarantee 30 of the bandwidth for traffic with an EXP value of 3 and ...

Page 130: ...ehavior exp4 remark mpls exp 4 PE1 behavior exp4 quit Create QoS policy REMARK and associate the behaviors with the classes in the QoS policy to mark different classes of packets with different EXP values PE1 qos policy REMARK PE1 qospolicy REMARK classifier af11 behavior exp1 PE1 qospolicy REMARK classifier af21 behavior exp2 PE1 qospolicy REMARK classifier af31 behavior exp3 PE1 qospolicy REMARK...

Page 131: ...e 20 of the bandwidth for traffic with an EXP value of 2 guarantee 30 of the bandwidth for traffic with an EXP value of 3 and guarantee a low delay and 40 of the bandwidth for traffic with an EXP value of 4 P qos policy QUEUE P qospolicy QUEUE classifier EXP1 behavior AF11 P qospolicy QUEUE classifier EXP2 behavior AF21 P qospolicy QUEUE classifier EXP3 behavior AF31 P qospolicy QUEUE classifier E...

Page 132: ... transmitting traffic of the CBS size is guaranteed by the FR network EBS Maximum traffic that can exceed CBS on an FR VC within the interval of Tc When congestion occurs in the network the traffic of EBS is dropped first Transmitting traffic of the EBS size is not guaranteed by the FR network FRTS The functionality of FRTS Frame relay traffic shaping FRTS limits the outgoing traffic rate and smoo...

Page 133: ...e token bucket the packets are taken out of the FR class queue for transmission In this way you can control the traffic of a certain class of packets Tokens are in the unit of bits The FR protocol provisioned related parameters correspond to the FRTS parameters as follows The sum of CBS and EBS equals the token bucket size CIR ALLOW defines the number of tokens put into the token bucket per second...

Page 134: ...om the DTE side When the traffic is smaller than CBS the packets can be transmitted and the device does not process the packets When the traffic is larger than CBS and smaller than EBS CBS the packets can be transmitted However as for those packets of the traffic exceeding CBS the device sets the DE flag bits in the FR packet headers to 1 When the traffic is larger than CBS EBS the device transmit...

Page 135: ...ag bits set to 1 are dropped first when congestion occurs in the network DE rule lists are applied on the FR PVCs of a device with each DE rule list containing multiple DE rules If a packet transmitted over the PVC matches the rules in the DE rule list its DE flag bit is set to 1 The packet is dropped first when congestion occurs in the network FR QoS configuration task list Task Remarks Creating ...

Page 136: ... DLCI Method 2 Map the FR class to an DLCI c Enter FR interface view interface interface type interface number d Enter FR PVC view fr dlci dlci number e Map the FR class to the DLCI fr class class name In FR class view you can configure QoS parameters for QoS services such as FRTS FR traffic policing FR congestion management and FR queuing For more information about the parameter configurations se...

Page 137: ...5 for traffic with the BECN flag Configuring FR traffic policing Configuration restrictions and guidelines FR traffic policing is applied to the interfaces receiving FR packets and can only be applied to the DCE of an FR network You can use the cbs ebs and cir allow commands to set both inbound and outbound parameters for FR PVCs However only inbound parameters take effect for FR traffic policing ...

Page 138: ...ment on the FR interface fr congestion threshold de ecn queue percentage By default FR congestion management is disabled for an FR interface Configuring FR congestion management for an FR PVC The device determines whether congestion has occurred based on the percentage of the current FR PVC queue length to the total interface queue length If the percentage exceeds the set congestion threshold the ...

Page 139: ...s applied to an FR PVC Up to 10 DE rule lists can be applied to a device and a DE rule list can be configured with up to 100 DE rules Configuring FR PVC queuing With FRTS enabled on an FR interface each FR PVC of the interface is configured with an independent queuing mechanism Configuration restrictions and guidelines By default FR PVCs use FIFO queuing With congestion management enabled an FR in...

Page 140: ...ted and can be received by the remote end When pinging the remote end on the local end you can get response from the remote end If the local MFR interface is connected to a normal FR interface a serial interface with FR encapsulation enabled FRF 12 fragmentation does not work at the local end and packets are sent out from the local end without being fragmented however FRF 12 fragmentation takes ef...

Page 141: ...quirements As shown in Figure 50 the router connects to the FR network through Serial 2 0 1 Its average transmit rate is 96 kbps maximum transmit rate is 128 kbps and minimum transmit rate is 32 kbps Configure FRTS on the router to adjust 20 of the BECN flagged traffic every time Figure 50 Network diagram Configuration procedure Create FR class 96k and configure its FRTS parameters Router fr class...

Page 142: ...al 2 0 1 RouterA interface serial 2 0 1 RouterA Serial2 0 1 link protocol fr RouterA Serial2 0 1 ip address 10 1 1 2 255 0 0 0 RouterA Serial2 0 1 fr traffic shaping Create DLCI 16 and associate the FR class test1 with DLCI 16 RouterA Serial2 0 1 fr dlci 16 Apply the FR class test1 to DLCI 16 RouterA fr dlci Serial2 0 1 16 fr class test1 2 Configure Router B Create FR class test1 enable FR fragmen...

Page 143: ...ugh nesting QoS policies as follows Configure traffic classes to identify different types of packets Configure traffic behaviors with the corresponding actions to be performed for different classes of packets Associate classes with behaviors in a QoS policy and apply the QoS policy typically to an interface When packets pass an interface with the QoS policy applied packets are classified into mult...

Page 144: ...interfaces to send packets out different interfaces Implementing HQoS through interface level hierarchical CAR CAR rate limits the specific traffic flows CAR polices the rate of traffic entering the network and uses the token bucket to color the packets processed by CAR The token bucket size is committed burst size CBS excess burst size EBS The system puts tokens into the token bucket at the rate ...

Page 145: ...dwidth red The action for green and red packets is using the next CAR policy so the red packets continue to be processed by using the level 2 CAR policy In the level 2 CAR policy red packets are forwarded until all green packets are forwarded In this way the specific packets are prioritized Additionally compared with the level 1 CAR policy the level 2 CAR policy sets higher bandwidth for low prior...

Page 146: ...139 Figure 53 Implementing HQoS through interface level hierarchical CAR ...

Page 147: ...140 ...

Page 148: ...nce based pre defined traffic classes ip prec0 ip prec1 ip prec7 Matches IP precedence value 0 1 7 respectively MPLS EXP based pre defined traffic classes mpls exp0 mpls exp1 mpls exp7 Matches MPLS EXP value 0 1 7 respectively To define a traffic class Step Command Remarks 1 Enter system view system view N A 2 Create a traffic class and enter class view traffic classifier classifier name operator ...

Page 149: ...and so on Defining a policy Configuring parent QoS policy You associate a behavior with a class in a QoS policy to perform the actions defined in the behavior for the class of packets The system provides a pre defined QoS policy named default It includes the associations between predefined classes and predefined traffic behaviors Class ef with behavior ef Classes af1 through af4 with behavior af C...

Page 150: ...s successfully follow these guidelines The support for QoS policy nesting depends on your device model If class based queuing CBQ is configured in the child QoS policy configure generic traffic shaping GTS in the parent QoS policy and make sure that the GTS bandwidth configured in the parent QoS policy is equal to or greater than the CBQ bandwidth configured in the child QoS policy If GTS bandwidt...

Page 151: ...de link maintenance routing IS IS BGP and OSPF for example RIP LDP and SSH packets Implementing HQoS through interface level hierarchical CAR Configuring CAR list based traffic policing Step Command Remarks 1 Enter system view system view N A 2 Configure a committed access rate CAR list qos carl carl index precedence precedence value mac mac address mpls exp mpls exp value dscp dscp list destinati...

Page 152: ...size ebs excess burst size pir peak information rate green action red action N A 5 Display the CAR information on the specified interface display qos car interface interface type interface number begin exclude include regular expression Available in any view Configuring traffic policing for all traffic Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interf...

Page 153: ...rries only data traffic Configure HQoS through nesting QoS policies to Guarantee 15 Mbps of bandwidth and limit the bandwidth to 15 Mbps for the traffic from department A to department D and guarantee 25 Mbps of bandwidth and limit the bandwidth to 25 Mbps for the traffic from department B to department D Guarantee 1 5 Mbps of bandwidth for the voice traffic from department A to department D and 2...

Page 154: ...ehavior Bson queue ef bandwidth 2500 Router behavior Bson quit Associate the configured traffic behavior with the corresponding traffic class in each child policy Router qos policy Ason Router qospolicy Ason classifier Ason behavior Ason Router qospolicy Ason qos policy Bson Router qospolicy Bson classifier Bson behavior Bson Router qospolicy Bson quit Configure traffic behaviors for the parent Qo...

Page 155: ... for the packets from users and tags the packets with a VLAN ID assigned to the building which is 1 for building A 2 for building B and 3 for building C The QinQ packets are sent to subinterfaces GigabitEthernet 2 0 0 1 GigabitEthernet 2 0 0 2 and GigabitEthernet 2 0 0 3 of the router The router performs QinQ termination for the packets and accesses the Internet through a 300 Mbps Ethernet interfa...

Page 156: ...stination port eq 80 Router acl adv 3001 http quit Configure a traffic class for the father QoS policy to match the traffic accessing the external network Router traffic classifier A Router classifier A if match acl 3000 Router classifier A quit Configure a class for the child QoS policy to match the traffic accessing non HTTP services Router traffic classifier http Router classifier http if match...

Page 157: ...s 100 Mbps of bandwidth for PE Site X Site X and site Y each have two types of traffic voice traffic with IP precedence value being 7 and data traffic with IP precedence values being not 7 The voice traffic has higher priority than the data traffic Department A and B are important departments so bandwidth must be guaranteed for them The services of department C are unimportant Configure HQoS throu...

Page 158: ... policy which is to be applied to the public network interface to match local QoS ID 1 and 2 respectively Router traffic classifier publicvpnA Router classifier publicvpnA if match qos local id 1 Router classifier publicvpnA quit Router traffic classifier publicvpnB Router classifier publicvpnB if match qos local id 2 Router classifier publicvpnB quit Configure a class for the child QoS policy to ...

Page 159: ...y to the outgoing packets of interface GigabitEthernet 2 1 3 Router interface GigabitEthernet 2 1 3 Router GigabitEthernet2 1 3 qos max bandwidth 100000 Router GigabitEthernet2 1 3 qos reserved bandwidth pct 100 Router GigabitEthernet2 1 3 qos lr outbound cir 100000 Router GigabitEthernet2 1 3 qos apply policy publicvpn outbound Configuration example for reserving and sharing bandwidth through int...

Page 160: ...168 0 0 0 0 0 255 precedence 7 Router acl adv 3000 Avoice quit Router acl number 3001 name Avideo Router acl adv 3001 Avideo rule 0 permit ip source 192 168 0 0 0 0 0 255 precedence 6 Router acl adv 3001 Avideo quit Router acl number 3002 name Adata Router acl adv 3002 Adata rule 0 permit ip source 192 168 0 0 0 0 0 255 precedence 0 Router acl adv 3002 Adata quit Router acl number 3003 name Bvoice...

Page 161: ...s departments A and B The agency in site Y has one department C Site X and site Y are connected through a service provider WAN Site X uses an 6600 HSR6600 router to connect to site Y through a 100 Mbps Ethernet link provided by the service provider Department A is on network segment 192 168 0 0 24 and has 100 employees whose IP addresses are 192 168 0 2 through 192 168 0 101 Department B is on net...

Page 162: ...f bandwidth for the video traffic reserve 300 kbps of bandwidth for each employee of department A and reserve 200 kbps of bandwidth for each employee of department B Limit the bandwidth to 100 Mbps for all the traffic between site X and site Y Router interface GigabitEthernet 2 0 0 Router GigabitEthernet2 0 0 qos car inbound acl 3000 cir 10000 green continue red continue Router GigabitEthernet2 0 ...

Page 163: ...rfaces according to the network diagram and configure the default gateway address as 10 0 0 2 on the router Site X so that the packets are transmitted over the primary link by default Details not shown Configure ACL 3000 and ACL 3001 to match video traffic and non video traffic respectively Router system view Router acl number 3000 name video Router acl adv 3000 video rule 0 permit udp destination...

Page 164: ...ence 7 over the secondary link and apply the policy to interface GigabitEthernet 2 1 0 Router policy based route backup node 1 New sequence of this list Router pbr backup 1 if match acl 3002 Router pbr backup 1 apply ip address next hop 11 0 0 2 Router pbr backup 1 quit Router interface GigabitEthernet 2 1 0 Router GigabitEthernet2 1 0 ip policy based route backup Limit the rate to 100 Mbps on int...

Page 165: ...ast one x y Asterisk marked square brackets enclose optional syntax choices separated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field nam...

Page 166: ... Represents an access controller a unified wired WLAN module or the access controller engine on a unified wired WLAN switch Represents an access point Represents a wireless terminator unit Represents a wireless terminator Represents a mesh access point Represents omnidirectional signals Represents directional signals Represents a security product such as a firewall UTM multiservice security gatewa...

Page 167: ...s provide a mechanism for accessing software updates through the product interface Review your product documentation to identify the recommended software update method To download product updates go to either of the following Hewlett Packard Enterprise Support Center Get connected with updates page www hpe com support e updates Software Depot website www hpe com support softwaredepot To view and u...

Page 168: ...r self repair CSR programs allow you to repair your product If a CSR part needs to be replaced it will be shipped directly to you so that you can install it at your convenience Some parts do not qualify for CSR Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR For more information about CSR contact your local service provider or ...

Page 169: ...number edition and publication date located on the front cover of the document For online help content include the product name product version help edition and publication date located on the legal notices page ...

Page 170: ...3 QoS policy to a VLAN 23 QoS policy to interface 102 QoS policy to interface or PVC 22 QoS policy to online user 22 WRED table 80 81 automatic rule numbering ACL 3 B bandwidth QoS configuration 15 basic ACL 1 behavior QoS traffic behavior definition 55 best effort service model QoS 15 BGP QPPB configuration 100 102 102 104 110 C CAR MPLS configuration 119 MPLS QoS configuration 119 CAR list QoS C...

Page 171: ...nagement 121 MPLS CQ 121 MPLS PQ 121 MPLS priority marking 120 MPLS QoS 119 122 P2P protocol group 93 packet information pre extraction 64 65 packet resequencing 39 parent policy 142 per queue hardware congestion management 69 policy traffic policing 35 PQ 50 51 priority mapping 25 25 priority marking 28 87 88 protocol match criteria 94 QoS 15 QoS ACL based traffic policing 36 QoS policy 18 QoS po...

Page 172: ... traffic behavior 55 QoS traffic class 54 traffic behavior QoS 20 traffic class 141 deploying QoS in network 16 device hardware congestion management configuration 66 per queue hardware congestion management configuration 69 QoS policy application 22 DiffServ model QoS 15 displaying ACL 10 CBQ 61 class based accounting 97 DAR 95 FR QoS 133 GTS 39 priority mapping 27 QoS policies 23 rate limit 39 t...

Page 173: ...lligent load sharing through interface level hierarchical CAR 155 implementing per IP bandwidth reservation and sharing through interface level hierarchical CAR 154 reserving and sharing bandwidth through interface level hierarchical CAR 152 I IBGP QPPB configuration 100 102 102 104 110 implementing HQoS on 6600 HSR6600 HSR6800 136 HQoS through interface level hierarchical CAR 137 144 HQoS through...

Page 174: ... MPLS CAR configuration 119 MPLS congestion management configuration 121 MPLS CQ configuration 121 MPLS PQ configuration 121 MPLS priority marking configuration 120 MPLS QoS configuration 122 priority mapping user priority 25 QoS ACL based GTS configuration 37 QoS all traffic GTS configuration 38 QoS deployment 16 QoS GTS configuration 37 QoS policy application 58 QoS policy definition 58 QoS queu...

Page 175: ...ion 142 per queue hardware congestion management 69 PIR traffic evaluation 31 policing traffic QoS 32 35 39 policy applying QoS 22 applying QoS to a VLAN 23 applying QoS to interface 102 applying QoS to online user 22 defining 142 defining QoS 20 MPLS CAR configuration 119 MPLS congestion management configuration 121 MPLS CQ configuration 121 MPLS PQ configuration 121 QoS application 58 QoS applic...

Page 176: ... 134 configuring FR queuing 132 configuring FR traffic policing 130 configuring FRTS 129 134 configuring GTS 36 37 39 configuring hierarchical CAR through nesting QoS policies 148 configuring HQoS through nesting QoS policies 146 configuring HQoS through nesting QoS policies in MPLS network 150 configuring IPv4 advanced ACL 6 configuring IPv4 basic ACL 4 configuring IPv6 advanced ACL 7 configuring...

Page 177: ...ierarchical CAR 154 loading P2P signature file 93 maintaining ACL 10 maintaining DAR 95 maintaining priority mapping 27 maintaining QoS policies 23 reserving and sharing bandwidth through interface level hierarchical CAR 152 PVC QoS policy application 22 Q QoS ACL based GTS configuration 37 ACL based traffic policing configuration 36 AF and the minimum guaranteed bandwidth configuration 55 all tra...

Page 178: ... 65 packet resequencing configuration 39 per queue hardware congestion management configuration 69 policy application 58 policy application to interface or PVC 22 policy definition 58 policy nesting configuration 21 PQ 43 PQ configuration 50 51 priority mapping configuration 25 priority mapping table 25 priority mapping user priority 25 queue based GTS configuration 38 RTP priority queuing 47 RTP ...

Page 179: ... time based rules 3 configuring advanced ACL 6 configuring Ethernet frame header ACL 8 configuring time range ACL 4 congestion avoidance configuration 78 congestion management configuration 42 congestion management techniques 66 copying ACL 8 T table changing interface port priority 27 configuring priority mapping 26 configuring priority trust mode 28 configuring with priority marking 29 priority ...

Page 180: ...oute sender configuration 101 rate limit 33 redirection configuration 90 91 WRED and queuing relationship 79 traffic class defining 141 traffic congestion avoidance configuration 78 management configuration 42 management techniques 66 traffic filtering configuration 86 traffic policing aggregate CAR configuration 30 complicated evaluation 31 configuration 31 35 39 displaying 39 evaluation 31 FR tr...

Reviews: