The S3700 provides the following traffic behaviors based on complex traffic classification:
l
Deny/Permit
The permit/deny action is the simplest traffic control action. The S3700 controls network
traffic by forwarding or discarding packets.
l
Re-marking
Re-marking refers to the action taken to set the precedence field in a packet. Packets carry
different precedence fields on various networks. For example, packets carry the 802.1p
field in a VLAN and the DSCP field on an IP network. Therefore, the S3700 is required to
mark precedence fields of packets based on the network type.
Generally, a device at the border of a network needs to re-mark the precedence fields of
incoming packets. The device at the core of a network provides corresponding QoS services
based on precedence fields marked by the border device, or it re-marks the precedence
fields based on its configuration rule.
l
Redirection
This traffic control action redirects packets to the CPU, the specified interface or the
specified next hop address. The S3700 does not forward packets based on the destination
IP address. The S3700 can specify a maximum of four next hops.
By using redirection, you can implement policy-based routing (PBR). The policy-based
route is a static route. When the next hop is unavailable, the S3700 forwards packets based
on the original forwarding path.
The S3700 can redirect only incoming packets.
l
Traffic policing
This traffic control action limits the volume of traffic and the resources used by the traffic
to monitor the traffic rate. By using traffic policing, the S3700 can discard, and re-mark
the colors and CoS of packets whose rate exceeds the rate limit.
Here, traffic policing based on traffic classification is implemented. For details about traffic
policing, see
2 Traffic Policing and Traffic Shaping Configuration
.
l
Flow mirroring
This traffic control action copies the specified data packets to a specified destination to
detect and troubleshoot faults on a network.
For details about flow mirroring, see Mirroring in the
S3700HI Ethernet Switches
Configuration Guide - Device Management
.
l
Traffic statistics
This traffic control action collects data packets matching defined complex traffic
classification rules on the S3700.
l
Disabling MAC address learning
After MAC address learning is disabled, the S3700 does not learn source MAC addresses
of the packets matching traffic classification rules.
On a stable network where MAC addresses of packets seldom change, disabling MAC
address learning can reduce the size of the MAC address table and improve device
performance. Unauthorized users may change MAC addresses frequently to attack a
network. To prevent MAC address overflow and protect the network from such attacks,
disable MAC address learning.
S3700HI Ethernet Switches
Configuration Guide - QoS
1 Class-based QoS Configuration
Issue 01 (2012-03-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4