hit counter code
HP 6125XLG Configuration Manual
HP 6125XLG Configuration Manual

HP 6125XLG Configuration Manual

Blade switch acl and qos configuration guide
Table of Contents

Advertisement

HP 6125XLG Blade Switch
ACL and QoS

Configuration Guide

Part number: 5998-3722
Software version: Release 2306
Document version: 6W100-20130912

Advertisement

Table of Contents
loading

Summary of Contents for HP 6125XLG

  • Page 1: Configuration Guide

    HP 6125XLG Blade Switch ACL and QoS Configuration Guide Part number: 5998-3722 Software version: Release 2306 Document version: 6W100-20130912...
  • Page 2 HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
  • Page 3: Table Of Contents

    Contents Configuring ACLs ························································································································································· 1   Overview ············································································································································································ 1   Applications on the switch ······································································································································ 1   ACL categories ························································································································································· 1   Numbering and naming ACLs ································································································································ 1   Match order ······························································································································································ 2   Rule numbering ························································································································································· 3   Fragments filtering with ACLs ·································································································································· 3  ...
  • Page 4 Configuring priority mapping ··································································································································· 24   Overview ········································································································································································· 24   Introduction to priorities ········································································································································ 24   Priority maps ·························································································································································· 24   Priority trust mode on a port ································································································································· 25   Priority mapping process ······································································································································ 26   Priority mapping configuration tasks ··························································································································· 27  ...
  • Page 5 Tail drop ································································································································································· 52   RED and WRED ····················································································································································· 52   ECN ········································································································································································ 53   Configuring and applying a WRED table ··················································································································· 53   Displaying and maintaining WRED ····························································································································· 54   WRED configuration example ······································································································································ 55   Network requirements ··········································································································································· 55  ...
  • Page 6 Applying data buffer configuration ····················································································································· 83   Displaying and maintaining data buffers ···················································································································· 84   Configuring time ranges ············································································································································ 85   Configuration procedure ··············································································································································· 85   Displaying and maintaining time ranges····················································································································· 85   Time range configuration example ······························································································································ 85   Appendix ····································································································································································...
  • Page 7: Configuring Acls

    Configuring ACLs Overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs"...
  • Page 8: Match Order

    For an IPv4 basic or advanced ACLs, its ACL number and name must be unique in IPv4. For an IPv6 basic or advanced ACL, its ACL number and name must be unique in IPv6. Match order The rules in an ACL are sorted in a specific order. When a packet matches a rule, the device stops the match process and performs the action defined in the rule.
  • Page 9: Rule Numbering

    Rule numbering ACL rules can be manually numbered or automatically numbered. This section describes how automatic ACL rule numbering works. Rule numbering step If you do not assign an ID to the rule you are creating, the system automatically assigns it a rule ID. The rule numbering step sets the increment by which the system automatically numbers rules.
  • Page 10: Configuring A Basic Acl

    Tasks at a glance (Optional.) Configuring packet filtering with ACLs Configuring a basic ACL This section describes procedures for configuring IPv4 and IPv6 basic ACLs. Configuring an IPv4 basic ACL IPv4 basic ACLs match packets based only on source IP addresses. To configure an IPv4 basic ACL: Step Command...
  • Page 11: Configuring An Advanced Acl

    Step Command Remarks Enter system view. system-view By default, no ACL exists. IPv6 basic ACLs are numbered in acl ipv6 number acl-number Create an IPv6 basic ACL the range of 2000 to 2999. [ name acl-name ] [ match-order view and enter its view. You can use the acl ipv6 name { auto | config } ] acl-name command to enter the...
  • Page 12: Configuring An Ipv6 Advanced Acl

    Step Command Remarks By default, no ACL exists. IPv4 advanced ACLs are acl number acl-number [ name numbered in the range of 3000 to Create an IPv4 advanced ACL acl-name ] [ match-order { auto | 3999. and enter its view. config } ] You can use the acl name acl-name command to enter the view of a...
  • Page 13 Step Command Remarks By default, no ACL exists. IPv6 advanced ACLs are Create an IPv6 numbered in the range of 3000 to acl ipv6 number acl-number [ name advanced ACL and 3999. acl-name ] [ match-order { auto | config } ] enter its view.
  • Page 14: Configuring An Ethernet Frame Header Acl

    Step Command Remarks By default, IPv6 advanced ACL does not contain any rule. The logging keyword takes effect only when the module (for example, packet filtering) that uses the ACL supports logging. If an IPv6 advanced ACL is for QoS traffic classification: •...
  • Page 15: Copying An Acl

    Step Command Remarks Enter system view. system-view By default, no ACL exists. Ethernet frame header ACLs are Create an Ethernet frame acl number acl-number [ name numbered in the range of 4000 to header ACL and enter its acl-name ] [ match-order { auto | 4999.
  • Page 16: Configuring Packet Filtering With Acls

    Configuring packet filtering with ACLs This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets on the specified interface. Applying an ACL to an interface for packet filtering Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.
  • Page 17: Acl Configuration Example

    Task Command display acl [ ipv6 ] { acl-number | all | name Display ACL configuration and match statistics. acl-name } display packet-filter { interface [ interface-type Display whether an ACL has been successfully applied interface-number ] [ inbound | outbound ] | { interface to an interface for packet filtering).
  • Page 18: Configuration Procedure

    Figure 1 Network diagram Financial database server 192.168.0.100/24 TGE 1/0/1 Device A Financial department Marketing department President s office 192.168.2.0/24 192.168.3.0/24 192.168.1.0/24 Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. <DeviceA> system-view [DeviceA] time-range work 08:00 to 18:00 working-day # Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL.
  • Page 19 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms The output shows that the database server can be pinged.
  • Page 20: Qos Overview

    QoS overview In data communications, Quality of Service (QoS) is a network's ability to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. Network resources are scarce. The contention for resources requires that QoS prioritize important traffic flows over trivial ones.
  • Page 21: Qos Techniques Overview

    All QoS techniques in this document are based on the DiffServ model. QoS techniques overview The QoS techniques include traffic classification, traffic policing, traffic shaping, rate limit, congestion management, and congestion avoidance. The following section briefly introduces these QoS techniques. Deploying QoS in a network Figure 2 Position of the QoS techniques in a network As shown in...
  • Page 22: Configuring A Qos Policy

    Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy.
  • Page 23: Defining A Traffic Class

    Defining a traffic class Configuration guidelines If a class that uses the AND operator has multiple if-match acl, if-match acl ipv6, if-match customer-vlan-id or if-match service-vlan-id clauses, a packet that matches any of the clauses matches the class. To successfully execute the traffic behavior associated with a traffic class that uses the AND operator, define only one if-match clause for any of the following match criteria and input only one value for any of the following list arguments, for example, the 8021p-list argument: customer-dot1p 8021p-list...
  • Page 24 Table 2 Available match criteria Option Description Matches an ACL. The acl-number argument is in the range of 2000 to 3999 for an IPv4 ACL, 2000 to 3999 for an IPv6 ACL, and 4000 to 4999 for an Ethernet frame acl [ ipv6 ] { acl-number | name header ACL.
  • Page 25: Defining A Traffic Behavior

    Option Description Matches the service provider VLAN IDs (SVLANs). The vlan-id-list argument is in the format of vlan-id-list = { vlan-id | vlan-id1 to vlan-id2 }&<1-10>, where the vlan-id, vlan-id1, and vlan-id2 arguments service-vlan-id vlan-id-list represent the VLAN IDs and each are in the range of 1 to 4094, vlan-id1 must be no greater than vlan-id2, and &<1-10>...
  • Page 26: Applying The Qos Policy

    Step Command Remarks By default, a traffic class is not associated with a traffic behavior. Repeat this step to create more class-behavior associations. Associate a traffic class with a If a class-behavior association has traffic behavior to create a classifier classifier-name behavior the mode dcbx keyword, it applies class-behavior association in behavior-name [ mode dcbx ]...
  • Page 27: Applying The Qos Policy To A Vlan

    Step Command Remarks Apply the QoS policy to qos apply policy policy-name { inbound | By default, no QoS policy the interface. outbound } is applied to an interface. Applying the QoS policy to a VLAN IMPORTANT: QoS policies cannot be applied to dynamic VLANs. You can apply a QoS policy to a VLAN to regulate traffic of the VLAN.
  • Page 28: Displaying And Maintaining Qos Policies

    To address this problem, apply a QoS policy to the control plane to take QoS actions, such as traffic accounting or rate limiting, on inbound traffic. This makes sure the control plane can correctly receive, transmit, and process packets. Configuration guidelines •...
  • Page 29 Task Command Display information about the pre-defined display qos policy control-plane pre-defined [ slot slot-number ] QoS policy applied to the control plane. Clear the statistics of the QoS policy reset qos vlan-policy [ vlan vlan-id ] [ inbound | outbound ] applied in a certain direction of a VLAN.
  • Page 30: Configuring Priority Mapping

    Configuring priority mapping Overview When a packet arrives, depending on your configuration, a device assigns a set of QoS priority parameters to the packet based on either a certain priority field carried in the packet or the port priority of the incoming port. This process is called "priority mapping." During this process, the device can modify the priority of the packet according to the priority mapping rules.
  • Page 31: Priority Trust Mode On A Port

    Priority trust mode on a port The priority trust mode on a port determines which priority is used for priority mapping table lookup. Port priority was introduced to use for priority mapping in addition to the priority fields carried in packets. The Switch Series provides the following priority trust modes: •...
  • Page 32: Priority Mapping Process

    Table 5 Priority mapping results of not trusting packet priority (when the default dot1p-lp priority mapping table is used) Port priority Local precedence Queue ID 0 (default) The priority mapping process varies with the priority trust modes. For more information, see the subsequent section.
  • Page 33: Priority Mapping Configuration Tasks

    Figure 4 Priority mapping process for an Ethernet packet Receive a packet on a port Does the packet match conditions for local precedence or drop precedence marking? Mark it with local precedence or drop precedence 802.1p in Which priority is Port priority packets trusted on the port?
  • Page 34: Configuring A Priority Map

    Tasks at a glance (Required.) Perform one of the following tasks: • Configuring a port to trust packet priority for priority mapping • Changing the port priority of an interface Configuring a priority map Step Command Remarks Enter system view. system-view Enter priority map qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p|...
  • Page 35: Changing The Port Priority Of An Interface

    Step Command Remarks • Configure the interface to trust the DSCP precedence. qos trust dscp • Configure the interface to trust Use one of these commands. Configure the trusted the 802.1p priority of received By default, an interface does not trust any packet priority type.
  • Page 36: Port Priority Configuration Example

    Port priority configuration example Network requirements As shown in Figure 5, Device A is connected to Ten-GigabitEthernet 1/1/5 of Device C, Device B is connected to Ten-GigabitEthernet 1/1/6 of Device C, and the packets from Device A and Device B to Device C are not VLAN tagged.
  • Page 37 The marketing department connects to Ten-GigabitEthernet 1/1/5 of Device, which sets the 802.1p • priority of traffic from the marketing department to 3. The R&D department connects to Ten-GigabitEthernet 1/1/6 of Device, which sets the 802.1p • priority of traffic from the R&D department to 4. The management department connects to Ten-GigabitEthernet 1/1/7 of Device, which sets the •...
  • Page 38: Configuration Procedure

    Configuration procedure Enable trusting port priority: # Set the port priority of Ten-GigabitEthernet 1/1/5 to 3. <Device> system-view [Device] interface ten-gigabitethernet 1/1/5 [Device-Ten-GigabitEthernet1/1/5] qos priority 3 [Device-Ten-GigabitEthernet1/1/5] quit # Set the port priority of Ten-GigabitEthernet 1/1/6 to 4. [Device] interface ten-gigabitethernet 1/1/6 [Device-Ten-GigabitEthernet1/1/6] qos priority 4 [Device-Ten-GigabitEthernet1/1/6] quit # Set the port priority of Ten-GigabitEthernet 1/1/7 to 5.
  • Page 39 [Device] interface ten-gigabitethernet 1/1/7 [Device-Ten-GigabitEthernet1/1/7] qos apply policy admin inbound # Configure a priority marking policy for the marketing department, and apply the policy to the incoming traffic of Ten-GigabitEthernet 1/1/5. [Device] traffic behavior market [Device-behavior-market] remark dot1p 5 [Device-behavior-market] quit [Device] qos policy market [Device-qospolicy-market] classifier http behavior market [Device-qospolicy-market] quit...
  • Page 40: Configuring Traffic Policing, Gts, And Rate Limit

    Configuring traffic policing, GTS, and rate limit Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic.
  • Page 41: Traffic Policing

    CBS is implemented with bucket C, and EBS with bucket E. When only the CIR is used for traffic evaluation, packets are measured against the following bucket scenarios: If bucket C has enough tokens, packets are colored green. • If bucket C does not have enough tokens but bucket E has enough tokens, packets are colored •...
  • Page 42: Gts

    Forwarding the packet with its precedence re-marked if the evaluation result is "conforming." • Priorities that can be re-marked include 802.1p priority, DSCP precedence, and local precedence. GTS supports shaping the outbound traffic. GTS limits the outbound traffic rate by buffering exceeding traffic.
  • Page 43: Rate Limit

    Rate limit Rate limit supports controlling the rate of inbound or outbound traffic. The outbound traffic is taken for example. The rate limit of a physical interface specifies the maximum rate for sending or receiving packets (including critical packets). Rate limit also uses token buckets for traffic control. When rate limit is configured on an interface, a token bucket handles all packets to be sent through the interface for rate limiting.
  • Page 44: Configuring Gts

    Step Command Remarks Return to system view. quit Create a traffic By default, no traffic behavior is behavior and enter traffic behavior behavior-name configured. traffic behavior view. car cir committed-information-rate [ cbs committed-burst-size [ ebs Configure a traffic By default, no traffic policing action is excess-burst-size ] ] [ pir policing action.
  • Page 45: Configuring The Rate Limit

    Configuring the rate limit The rate limit of a physical interface specifies the maximum rate of incoming packets or outgoing packets. To configure the rate limit: Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number qos lr { inbound | outbound } cir Configure the rate limit By default, rate limit is not committed-information-rate [ cbs...
  • Page 46: Configuration Procedures

    Limit the rate of traffic from Server to 102400 kbps: Transmit the conforming traffic, mark the excess • traffic with DSCP value 0, and then transmit the traffic. Limit the rate of traffic from Host A to 25600 kbps: Transmit the conforming traffic, and drop the •...
  • Page 47 [DeviceA-behavior-server] quit # Create a behavior named host and configure the CAR action for the behavior as follows: Set the CIR to 25600 kbps. [DeviceA] traffic behavior host [DeviceA-behavior-host] car cir 25600 [DeviceA-behavior-host] quit # Create a QoS policy named car and associate class server with behavior server and class host with behavior host.
  • Page 48 [DeviceB] qos policy car_outbound [DeviceB-qospolicy-car_outbound] classifier http behavior car_outbound [DeviceB-qospolicy-car_outbound] quit # Apply the QoS policy car_inbound to the incoming traffic of port Ten-GigabitEthernet 1/1/5. [DeviceB] interface Ten-GigabitEthernet 1/1/5 [DeviceB-Ten-GigabitEthernet1/1/5] qos apply policy car_inbound inbound # Apply the QoS policy car_outbound to the outgoing traffic of port Ten-GigabitEthernet 1/1/6. [DeviceB] interface Ten-GigabitEthernet 1/1/6 [DeviceB-Ten-GigabitEthernet1/1/6] qos apply policy car_outbound outbound...
  • Page 49: Configuring Congestion Management

    Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Impacts and countermeasures Figure 12 shows two typical congestion scenarios.
  • Page 50 Figure 13 SP queuing Figure 13, SP queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in descending priority order. SP queuing schedules the eight queues in the descending order of priority. SP queuing sends packets in the queue with the highest priority first.
  • Page 51 Assume a port provides eight output queues. WRR assigns each queue a weight value (represented by w7, w6, w5, w4, w3, w2, w1, or w0) to decide the proportion of resources assigned to the queue. The switch implements the weight of a queue by scheduling a certain number of bytes (byte-count WRR) or packets (packet-based WRR) for that queue.
  • Page 52: Configuration Approaches And Task List

    queue in a WFQ group and then the traffic beyond the minimum guaranteed bandwidths for the queues in the WFQ group according to the configured weights. The two WFQ groups are scheduled at a 1:1 ratio. Configuration approaches and task list Tasks at a glance (Required.) Perform one of the following tasks to configure per-queue congestion management: •...
  • Page 53: Configuration Example

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number (Optional.) Enable The default queuing algorithm on an qos wrr { byte-count | weight } WRR queuing. interface is byte-count WRR queuing. Select an approach according to the WRR queuing type.
  • Page 54: Configuration Example

    Step Command Remarks The default queuing algorithm on an Enable WFQ queuing. qos wfq { byte-count | weight } interface is WRR queuing. Select weight or byte-count according to the WFQ type (byte-count or qos wfq queue-id group { 1 | packet-based) you have enabled.
  • Page 55: Configuring Sp+Wrr Queuing

    Configuring SP+WRR queuing Configuration procedure To configure SP+WRR queuing: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable WRR queuing on the qos wrr { byte-count | By default, all ports use WRR queuing. port. weight } Assign a queue to the SP qos wrr queue-id group...
  • Page 56: Configuring Sp+Wfq Queuing

    Configuring SP+WFQ queuing To guarantee successful WFQ configuration, make sure that the scheduling weight type (byte-count or packet-based) is the same as the WFQ queuing type (byte-count or packet-based) when you configure the scheduling weight for a WFQ queue. Configuration procedure To configure SP+WFQ queuing: Step Command...
  • Page 57: Displaying And Maintaining Congestion Management

    <Sysname> system-view # Configure SP+WFQ queuing on Ten-GigabitEthernet 1/1/5. [Sysname] interface ten-gigabitEthernet 1/0/1 [Sysname-Ten-GigabitEthernet1/1/5] qos wfq weight [Sysname-Ten-GigabitEthernet1/1/5] qos wfq 0 group sp [Sysname-Ten-GigabitEthernet1/1/5] qos wfq 1 group sp [Sysname-Ten-GigabitEthernet1/1/5] qos wfq 2 group sp [Sysname-Ten-GigabitEthernet1/1/5] qos wfq 3 group sp [Sysname-Ten-GigabitEthernet1/1/5] qos wfq 4 group 1 weight 1 [Sysname-Ten-GigabitEthernet1/1/5] qos bandwidth queue 4 min 128000 [Sysname-Ten-GigabitEthernet1/1/5] qos wfq 5 group 1 weight 2...
  • Page 58: Configuring Congestion Avoidance

    Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance actively monitors network resources (such as queues and memory buffers), and drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, it cooperates with the flow control mechanism (such as TCP flow control) at the source end to regulate the network traffic size.
  • Page 59: Ecn

    By dropping packets, WRED alleviates the influence of congestion on the network. However, the network resources for transmitting packets from the sender to the device which drops the packets are wasted. When congestion occurs, it is a better idea to inform the sender of the congestion status and have the sender proactively slow down the packet sending rate or decrease the window size of packets.
  • Page 60: Displaying And Maintaining Wred

    Upper threshold and lower threshold—When the average queue size is smaller than the lower • threshold, no packet is dropped. When the average queue size is between the lower threshold and the upper threshold, the packets are dropped based on the user-configured drop probability. When the average queue size exceeds the upper threshold, subsequent packets are dropped.
  • Page 61: Wred Configuration Example

    Task Command Display configuration information about a display qos wred table [ name table-name ] [ slot WRED table or all WRED tables. slot-number ] WRED configuration example Network requirements Apply a WRED table to interface Ten-GigabitEthernet 1/1/6, so that the packets are dropped as follows when congestion occurs: To use better effort to forward higher-priority traffic, configure a lower drop probability for a queue •...
  • Page 62 [Sysname-Ten-GigabitEthernet1/1/6] qos wred apply queue-table1 [Sysname-Ten-GigabitEthernet1/1/6] quit...
  • Page 63: Configuring Traffic Filtering

    Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status. Configuration procedure To configure traffic filtering: Step Command...
  • Page 64: Configuration Example

    Configuration example Network requirements As shown in Figure 16, configure traffic filtering to filter the packets with port 21 as the source port and received on Ten-GigabitEthernet 1/1/5. Figure 16 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21. <DeviceA>...
  • Page 65: Configuring Priority Marking

    Configuring priority marking Overview Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a traffic class of IP packets to control the forwarding of these packets.
  • Page 66: Configuring Color-Based Priority Marking

    Configuring color-based priority marking This section describes how to configure color-based priority marking. Configuring priority marking based on colors obtained through traffic policing After traffic policing evaluates and colors packets, the device can mark traffic with various priority values (including DSCP values, 802.1p priority values, and local precedence values) by color. Configure priority marking by using either of the following methods: Configuring the priority marking actions by color in the traffic policing action •...
  • Page 67 Step Command Remarks Use one or more of the commands. • Set the DSCP value for packets: By default, no priority remark [ green | red | yellow ] dscp marking action is dscp-value configured. • Set the 802.1p priority for packets or The switch supports local configure the inner-to-outer tag priority QoS IDs in the range of 1...
  • Page 68: Configuration Examples

    Configuration examples Remarking local precedence configuration example Network requirements As shown in Figure 17, configure priority marking on Device to meet the following requirements: Traffic source Destination Processing priority Host A, B Data server High Host A, B Mail server Medium Host A, B File server...
  • Page 69 [Device] traffic classifier classifier_dbserver [Device-classifier-classifier_dbserver] if-match acl 3000 [Device-classifier-classifier_dbserver] quit # Create a traffic class named classifier_mserver, and use ACL 3001 as the match criterion in the traffic class. [Device] traffic classifier classifier_mserver [Device-classifier-classifier_mserver] if-match acl 3001 [Device-classifier-classifier_mserver] quit # Create a traffic class named classifier_fserver, and use ACL 3002 as the match criterion in the traffic class.
  • Page 70: Remarking Local Qos Id Configuration Example

    Remarking local QoS ID configuration example Local QoS ID marking allows you to mark the same local QoS ID for packets of multiple classes and configure a new class to match the local QoS ID to group these packets into the new class. With this feature, you can perform QoS actions for the old classes respectively and perform other QoS actions for the new class.
  • Page 71 # Configure IPv4 basic ACL 2002 to match the outgoing traffic of the R&D department. [SwitchA] acl number 2002 [SwitchA-acl-basic-2002] rule permit source 192.168.2.0 0.0.0.255 [SwitchA-acl-basic-2002] quit # Create class admin, and use ACL 2001 as the match criterion. [SwitchA] traffic classifier admin [SwitchA-classifier-admin] if-match acl 2001 [SwitchA-classifier-admin] quit # Create class rd, and use ACL 2002 as the match criterion.
  • Page 72 [SwitchA-classifier-marketing_car] if-match qos-local-id 100 [SwitchA-classifier-marketing_car] quit # Create behavior marketing_car, and configure traffic policing to limit the traffic rate to 204800 kbps. [SwitchA] traffic behavior marketing_car [SwitchA-behavior-marketing_car] car cir 204800 [SwitchA-behavior-marketing_car] quit # In QoS policy car, associate class marketing with behavior remark_local_id to mark the outgoing traffic of the marketing department with local QoS ID 100.
  • Page 73: Configuring Nesting

    Configuring nesting Nesting adds a VLAN tag to the matching packets, to allow the VLAN-tagged packets to pass through the corresponding VLAN. For example, you can add an outer VLAN tag to packets from a customer network to a service provider network. This allows the packets to pass through the service provider network by carrying a VLAN tag assigned by the service provider.
  • Page 74: Nesting Configuration Example

    Nesting configuration example Network requirements As shown in Figure 19, Site 1 and Site 2 in VPN A are two branches of a company, and they use VLAN 5 to transmit traffic. Because Site 1 and Site 2 are located in different areas, the two sites use the VPN access service of a service provider.
  • Page 75 [PE1-Ten-GigabitEthernet1/1/5] port hybrid vlan 100 untagged # Apply QoS policy test to the incoming traffic of the downlink port Ten-GigabitEthernet 1/1/5. [PE1-Ten-GigabitEthernet1/1/5] qos apply policy test inbound [PE1-Ten-GigabitEthernet1/1/5] quit # Configure the uplink port Ten-GigabitEthernet 1/1/6 as a trunk port, and assign it to VLAN 100. [PE1] interface ten-gigabitethernet 1/1/6 [PE1-Ten-GigabitEthernet1/1/6] port link-type trunk [PE1-Ten-GigabitEthernet1/1/6] port trunk permit vlan 100...
  • Page 76: Configuring Traffic Redirecting

    Configuring traffic redirecting Traffic redirecting is the action of redirecting the packets matching the specific match criteria to a certain location for processing. The following redirect actions are supported: Redirecting traffic to the CPU—Redirects packets that require processing by the CPU to the CPU. •...
  • Page 77: Configuration Example

    Step Command Remarks Create a QoS policy and By default, no QoS policy qos policy policy-name enter QoS policy view. exists. By default, no Associate the traffic class classifier classifier-name behavior class-behavior with the traffic behavior in behavior-name association is configured the QoS policy.
  • Page 78: Configuration Procedure

    Figure 20 Network diagram Configuration procedure # Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1. <DeviceA> system-view [DeviceA] acl number 2000 [DeviceA-acl-basic-2000] rule permit source 2.1.1.1 0 [DeviceA-acl-basic-2000] quit # Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2. [DeviceA] acl number 2001 [DeviceA-acl-basic-2001] rule permit source 2.1.1.2 0 [DeviceA-acl-basic-2001] quit...
  • Page 79 [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound...
  • Page 80: Configuring Aggregate Car

    Configuring aggregate CAR An aggregate CAR action is created globally and can be directly applied to interfaces or referenced in the traffic behaviors associated with different traffic classes to police multiple traffic flows as a whole. The total rate of the traffic flows must conform to the traffic policing specifications set in the aggregate CAR action.
  • Page 81: Configuration Procedure

    Figure 21 Network diagram Configuration procedure # Configure an aggregate CAR according to the rate limit requirements. <Device> system-view [Device] qos car aggcar-1 aggregative cir 2560 cbs 20000 red discard # Create class 1 to match traffic of VLAN 10. Create behavior 1 and reference the aggregate CAR in the behavior.
  • Page 82 [Device] interface ten-gigabitethernet 1/1/5 [Device-Ten-GigabitEthernet1/1/5]qos apply policy car inbound...
  • Page 83: Configuring Class-Based Accounting

    Configuring class-based accounting Class-based accounting collects statistics (in packets or bytes) on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing the statistics, you can determine whether anomalies have occurred and what action to take. Configuration procedure To configure class-based accounting: Step...
  • Page 84: Configuration Example

    Step Command Remarks • display qos policy control-plane slot slot-number [ inbound | outbound ] • display qos policy global [ slot slot-number ] [ inbound | outbound ] Display traffic accounting • display qos policy interface Available in any view. configuration.
  • Page 85 # Apply the QoS policy policy to the incoming traffic of Ten-GigabitEthernet 1/1/5. [DeviceA] interface ten-gigabitethernet 1/1/5 [DeviceA-Ten-GigabitEthernet1/1/5] qos apply policy policy inbound [DeviceA-Ten-GigabitEthernet1/1/5] quit # Display traffic statistics to verify the configuration. [DeviceA] display qos policy interface ten-gigabitethernet 1/1/5 Interface: Ten-GigabitEthernet1/1/5 Direction: Inbound Policy: policy...
  • Page 86: Configuring Data Buffers

    Configuring data buffers Data buffers temporarily store packets to avoid packet loss. Figure 23 shows the structure of egress buffers. The switch stores outgoing packets in the egress buffer when congestion occurs. Figure 23 Data buffer structure Fixed area Cell resources Shared area Egress buffer Fixed area...
  • Page 87: Configuration Task List

    Figure 24 Share area and fixed area Configuration task list You can configure data buffers either automatically by enabling the Burst function or manually. If you have configured data buffers in one way, delete the configuration before using the other way. Otherwise, the new configuration does not take effect.
  • Page 88: Configuring Data Buffers Manually

    Configuring data buffers manually CAUTION: Do not manually change data buffer settings in normal cases to avoid impact to the system. If large buffer spaces are needed, use the Burst function. When you manually configure data buffers, flow control and priority-based flow control (PFC) might fail to operate correctly.
  • Page 89: Setting The Fixed-Area Ratio For A Queue

    Value of ratio-value Effective value 8 to 16 17 to 29 30 to 42 43 to 60 61 to 76 77 to 86 89 to 100 Setting the fixed-area ratio for a queue By default, all queues have an equal share of the fixed area. This task allows you to change the fixed-area ratio for a specific queue.
  • Page 90: Displaying And Maintaining Data Buffers

    Displaying and maintaining data buffers Execute display commands in any view. Task Command Display data buffer configuration. display buffer [ slot slot-number ] [ queue [ queue-id ] ]...
  • Page 91: Configuring Time Ranges

    Configuring time ranges You can implement a service based on the time of the day by apply a time range to it. A time-based service only takes effect in any time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them.
  • Page 92 Figure 25 Network diagram Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 201 1 to the end of the year. <DeviceA> system-view [DeviceA] time-range work 08:00 to 18:00 working-day from 00:00 6/1/2011 to 24:00 12/31/2011 # Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit only packets from 192.168.1.2/32 during the time range work.
  • Page 93: Appendix

    Appendix Appendix A Default priority maps For the default dscp-dscp priority map, an input value yields a target value equal to it. Table 8 Default dot1p-lp and dot1p-dp priority maps Input priority value dot1p-lp map dot1p-dp map dot1p Table 9 Default dscp-dp and dscp-dot1p priority maps Input priority value dscp-dp map dscp-dot1p map...
  • Page 94: Appendix B Introduction To Packet Precedences

    Appendix B Introduction to packet precedences IP precedence and DSCP values Figure 26 ToS and DS fields Bits: Bits: Preced Type of DS-Field DSCP IPv4 ToS ence Service (for IPv4,ToS byte octet,and for IPv6,Traffic Class octet ) Must Class Selector Currently RFC 1349 codepoints...
  • Page 95: 802.1P Priority

    DSCP value (decimal) DSCP value (binary) Description 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header and applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2.
  • Page 96 Table 12 Description on 802.1p priority 802.1p priority (decimal) 802.1p priority (binary) Description best-effort background spare excellent-effort controlled-load video voice network-management...
  • Page 97: Support And Other Resources

    Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • Technical support registration number (if applicable) • • Product serial numbers Error messages •...
  • Page 98: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 99 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
  • Page 100: Index

    Index Numerics traffic policing, Appendix A (Default priority maps), 802.1p Appendix B (Packet precedence), priority marking configuration, applications on switch, 802.1p priority applying drop precedence, ACL packet filtering to interface, data buffer configuration, absolute time range configuration, 85, 85, QoS congestion avoidance queue-based WRED table, advanced configuration, QoS policy,...
  • Page 101 changing QoS port priority, QoS priority mapping interface port priority, QoS priority mapping, 24, classifying QoS priority mapping map, QoS traffic class definition, QoS priority mapping table+priority marking, common CAR QoS priority mapping trusted port packet priority, priority marking configuration, QoS priority marking, 59, traffic policing, QoS rate limit, 34, 39,...
  • Page 102 queue (setting fixed-area ratio), configuration, queue (setting maximum shared-area ratio), evaluating shared-area ratio configuration, QoS traffic, default action QoS traffic with token bucket, ACL packet filtering, evaluating traffic with token bucket, defining Explicit Congestion Notification. Use QoS policy, QoS traffic behavior, filtering QoS traffic class, QoS traffic filtering configuration, 57,...
  • Page 103 ACL IPv4 basic configuration, ACL IPv4 basic configuration, ACL naming, ACL IPv6 advanced configuration, ACL numbering, ACL IPv6 basic configuration, ACL packet filtering configuration, ACL packet filtering configuration, IPv6 ACL packet filtering default action, ACL copying, ACL packet filtering interface application, ACL IPv6 advanced configuration, ACL packet filtering log interval, ACL IPv6 basic configuration,...
  • Page 104 network management QoS nesting configuration, 67, ACL configuration, 1, QoS OR-mode hierarchical CAR configuration, data buffer configuration, 80, 81, QoS overview, local precedence remarking, QoS policy configuration, local QoS ID remarking, QoS port priority configuration, QoS congestion avoidance configuration, QoS priority mapping configuration, 24, QoS congestion avoidance WRED QoS priority mapping table+priority marking configuration,...
  • Page 105 QoS priority mapping interface port priority, configuring ACLs, 3, QoS trusted port packet priority, configuring advanced ACLs, precedence configuring basic ACLs, QoS priority mapping configuration, 24, configuring color-based priority marking, QoS priority mapping local precedence, configuring data buffer shared-area ratio, QoS priority mapping table+priority marking configuring data buffers, configuration,...
  • Page 106 configuring QoS traffic shaping, congestion avoidance WRED configuration, configuring time range, 85, congestion avoidance WRED queue-based table, copying an ACL, congestion management, defining QoS policy, congestion management configuration, 43, defining QoS traffic behavior, congestion management SP queuing, defining QoS traffic class, congestion management SP queuing displaying ACLs, configuration,...
  • Page 107 policy VLAN application, QoS congestion avoidance WRED, port priority configuration, QoS congestion avoidance WRED configuration, priority mapping configuration, 24, QoS congestion management SP queuing, priority mapping drop priority, QoS congestion management SP queuing priority mapping interface port priority, configuration, priority mapping local precedence, QoS congestion management SP+WFQ queuing priority mapping map, configuration,...
  • Page 108 ACL naming, token bucket ACL numbering, QoS complicated traffic evaluation, QoS traffic evaluation, QoS traffic forwarding, security token bucket mechanism ACL configuration, 1, traffic policing, service traffic QoS best-effort service model, ACL basic configuration, QoS congestion avoidance configuration, ACL configuration, 1, QoS congestion management configuration, local precedence remarking, QoS DiffServ service model,...
  • Page 109 QoS port priority configuration, QoS priority map, configuration, QoS priority mapping interface port priority, WFQ queuing QoS priority mapping map configuration, bandwidth, QoS priority mapping process, WRED QoS priority mapping table+priority marking configuration, configuration, congestion avoidance with ECN, QoS priority mapping trusted port packet queue-based WRED table, priority, WRR queuing...

Table of Contents