AR3260配置基于IP的限速部分不生效

发布时间:  2015-05-16 浏览次数:  183 下载次数:  0
问题描述

客户使用一台AR3260作为出口网络路由器,在内网接口上配置了基于IP的流量限速,配置完成后发现部分IP的限速是生效的,而部分又不生效,客户的关键配置如下:

interface GigabitEthernet0/0/0
description to WiFi-S7703-G22
ip address 10.9.9.1 255.255.255.240
qos car inbound source-ip-address range 192.168.16.1 to 192.168.17.254 per-address cir 256 pir 1000 cbs 12500 pbs 125000 green pass yellow pass red discard
qos car inbound source-ip-address range 192.168.12.1 to 192.168.13.254 per-address cir 256 pir 1000 cbs 125000 pbs 1250000 green pass yellow pass red discard
qos car inbound source-ip-address range 192.168.14.1 to 192.168.15.254 per-address cir 256 pir 1000 cbs 12500 pbs 125000 green pass yellow pass red discard
qos car inbound source-ip-address range 192.168.20.1 to 192.168.21.254 per-address cir 256 pir 1000 cbs 12500 pbs 125000 green pass yellow pass red discard
qos car inbound source-ip-address range 192.168.18.1 to 192.168.19.254 per-address cir 256 pir 1000 cbs 12500 pbs 50000 green pass yellow pass red discard
qos car inbound source-ip-address range 192.168.22.1 to 192.168.23.254 per-address cir 256 cbs 48128 pbs 80128 green pass yellow pass red discard
qos car outbound destination-ip-address range 192.168.18.1 to 192.168.19.254 per-address cir 1000 pir 40000 cbs 12500 pbs 500000 green pass yellow pass red discard
qos car outbound destination-ip-address range 192.168.16.1 to 192.168.17.254 per-address cir 1000 pir 40000 cbs 12500 pbs 500000 green pass yellow pass red discard
qos car outbound destination-ip-address range 192.168.12.1 to 192.168.13.254 per-address cir 1000 pir 40000 cbs 12500 pbs 500000 green pass yellow pass red discard
qos car outbound destination-ip-address range 192.168.22.1 to 192.168.23.254 per-address cir 1000 pir 40000 cbs 12500 pbs 500000 green pass yellow pass red discard
qos car outbound destination-ip-address range 192.168.14.1 to 192.168.15.254 per-address cir 1000 pir 40000 cbs 12500 pbs 500000 green pass yellow pass red discard
qos car outbound destination-ip-address range 192.168.20.1 to 192.168.21.254 per-address cir 1000 pir 40000 cbs 125000 pbs 500000 green pass yellow pass red discard

处理过程

1. 首先检查客户的限速是否配置正确。确认是在局域网内网接口上配置的限速,是NAT转换前进行限速,上传是针对源IP进行限速而下载是基于目的IP进行限速;

2. 指导客户重新配置一行,结果出现如下的提示信息:

Error:Add rule failed, slot 15, policy ?ip       3I, class ?ip       3Ic0a81001c0a811fe, behavior ?ip       3Ic0a81001c0a811fe, on interface GigabitEthernet0/0/0.

3. 分析客户的配置发现在内网接口上参加限速的IP太多,一共是12个C类地址段,检查是否超过了资源的使用情况,在设备上查看相关表项结果如下:

[Huawei]display acl resource
Slot: 15                
---------------------------------------------------------------------
  Type               Total    Reserved     Remaining  Configured    
---------------------------------------------------------------------
  ACL                  2048      N/A         0        2048          
  Meter                4096      N/A         4096       0

  Counter              2048      N/A         4096       0     
---------------------------------------------------------------------
  以上说明ACL 的资源已经使用完,因而超过的IP地址限速不生效。

根因
客户配置进行IP限速的主机数太多导致导致系统资源不够,最终IP限速不生效。
解决方案

根据客户的网络规模建议客户将限速放在防火墙上进行限速。

END