No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Traffic generated by iperf tool can't be matched by ACL of NE20E

Publication Date:  2018-01-31 Views:  349 Downloads:  14
Issue Description


The customer's network topology:

On NE20E, ACL and traffic policy are configured to match UDP ports 5060 and 6000. UDP port 5060 is for voice and to be remarked as EF, UDP 6000 is for data and to be remarked as AF21.
The detail configuration on NE20E is as below:
#
acl name QOS-DATA advance
 rule 5 permit udp destination-port eq 6000
 rule 10 permit tcp destination-port eq 6000
#
acl name QOS-VOIX advance
 rule 5 permit udp destination-port eq 5060
 rule 10 permit tcp destination-port eq 5060
#
traffic classifier VOIX-TEST operator or
 if-match acl name QOS-VOIX
#
traffic classifier c-DATA-TEST operator or
 if-match acl name QOS-DATA
#
traffic classifier c-OTHERS operator or
 if-match any
#
traffic behavior b-VOIX-TEST
 remark dscp ef
#
traffic behavior b-DATA-TEST
 remark dscp af21
#
traffic behavior b-PERMIT
#
traffic policy t-TEST
 share-mode
 statistics enable
 classifier VOIX-TEST behavior b-VOIX-TEST precedence 1
 classifier c-DATA-TEST behavior b-DATA-TEST precedence 2
 classifier c-OTHERS behavior b-PERMIT precedence 3
#
interface GigabitEthernet0/3/8
 description AXIONE TRANSIT IP
 undo shutdown
 ip address 85.14.150.78 255.255.255.252
 traffic-policy t-TEST inbound
 trust upstream default
 dcn
#
Use traffic generation tool “iperf” on PC to generate 5Mbps traffic with UDP port 5060 to GE0/3/8 of NE20E router, only about 1Mbps traffic was matched and remarked as EF, the other traffic are not matched.
 
<NE20E>display traffic policy statistics interface g0/3/8 inbound verbose rule-based
Info: The statistics is shared because the policy is shared.
Interface: GigabitEthernet0/3/8
Traffic policy inbound: t-TEST
Traffic policy applied at 2018-01-04 16:00:11
Statistics enabled at 2018-01-05 09:20:32
Statistics last cleared: 2018-01-05 11:32:42
Rule number: 10 IPv4, 0 IPv6
Current status: OK!

Classifier: VOIX-TEST operator or
 if-match acl name QOS-VOIX
 rule 5 permit udp destination-port eq 5060
    235,620,912 bytes, 155,630 packets
    Last 30 seconds rate 77 pps, 925,760 bps
 rule 10 permit tcp destination-port eq 5060
    2,334 bytes, 28 packets
    Last 30 seconds rate 0 pps, 0 bps

Classifier: c-DATA-TEST operator or
 if-match acl name QOS-DATA
 rule 5 permit udp destination-port eq 6000
    171,946,554 bytes, 113,572 packets
    Last 30 seconds rate 0 pps, 0 bps
 rule 10 permit tcp destination-port eq 6000
    1,343 bytes, 17 packets
    Last 30 seconds rate 0 pps, 0 bps

Classifier: c-OTHERS operator or
 if-match any
    2,080,021,506 bytes, 1,616,002 packets
    Last 30 seconds rate 460 pps, 4,730,952 bps

Alarm Information

No alarm.

Handling Process

1) Check the configuration is normal.
2) Capture the packet on the inbound direction of GE0/3/8 of NE20E router, found the UDP traffic is fragmented by with one first fragment without offset and the rest 6 fragments with offset.
3) According to UDP packet fragment principle, only the first fragment contains the UDP port information and will be matched and the reset 6 fragments don’t contain the UDP port information so they won’t be matched.
4) Checking the command of iperf tool on PC is as below:
C:\Users\agungor\Desktop\iperf-3.1.3-win64>iperf3.exe -c 192.168.10.2 -u -p 5060 -b 5M -t 300
Connecting to host 192.168.10.2, port 5060
[  4] local 85.14.150.77 port 60190 connected to 192.168.10.2 port 5060
[ ID] Interval           Transfer     Bandwidth       Total Datagrams
[  4]   0.00-1.00   sec   592 KBytes  4.85 Mbits/sec  74
[  4]   1.00-2.01   sec   640 KBytes  5.17 Mbits/sec  80
[  4]   2.01-3.02   sec   608 KBytes  4.98 Mbits/sec  76
5) The MTU for Ethernet port of PC is 1500, doubt the big packets were generating by iperf tool and were fragmented by Ethernet port of PC. Searching the command of iperf tool on google, found there is one parameter “-l” can be used: “Setting the iPerf buffer (-l)”.
By adding the parameter “-l 1000” in the command of iperf tool to generate 1000-byte length traffic with UDP port 5060, all 5Mbps traffic are matched on NE20E router.
C:\Users\agungor\Desktop\iperf-3.1.3-win64>iperf3.exe -c 192.168.10.2 -u -p 5060 -b 5M -t 300 -l 1000
Root Cause

The iperf tool generates big packet larger than the MTU for Ethernet port of PC , the packets are fragmented, which caused the fragmented traffic can’t be matched by UDP port 5060 rule on NE20E router.

Solution
By adding the parameter “-l 1000” in the command of iperf tool to generate 1000-byte length traffic.

END