S6724 两个traffic policy 策略同时应用第一个不生效

发布时间:  2016-10-26 浏览次数:  602 下载次数:  0
问题描述
S6724 V200R003C00SPC300S6724  两个traffic policy 策略同时应用第一个不生效
处理过程


1、 尝试将创建的两个classifier 和behavior 分开,仅调用一个 deny  ICMP 的。 可以正常匹配且被drop 掉,策略生效;

2、 当将在该一个classifier 和behavior对的情况再增加一个 QOS 的classifier 和behavior对,再应用到vlan 同方向, deny ICMP 的policy不生效;

3、 尝试调整traffic policy的 match-Oder, V2R3 版本默认为auto,调整为 config 的顺序匹配方式,ICMP 的classifier 和behavior对依旧不生效;


------------------------------------------以下是单独调用------------------------------------------

[6700]dis traffic policy statistics vlan 10 outbound

Vlan: 10
Traffic policy outbound: ICMP
Rule number: 1
Current status: OK!
Statistics interval: 300
---------------------------------------------------------------------
Board : 0
---------------------------------------------------------------------
Matched          |      Packets:                            94
                  |      Bytes:                           8,011
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Dropped        |      Packets:                            94
                  |      Bytes:                           8,011
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0

---------------------------------------------------------------------
     Filter       |      Packets:                            94
                  |      Bytes:                           8,011
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------


将traffic policy 的match-order 调整为CONFIG 依旧不生效。
----------------------------------------------交换机配置如下------------------------------------------
acl number 3000
rule 10 permit icmp icmp-type ttl-exceeded

traffic classifier qos operator and
if-match any
traffic classifier ICMP operator and
if-match acl 3000

traffic behavior qos
car cir 1000000 pir 1000000 cbs 125000000 pbs 125000000 green pass yellow pass red discard
statistic enable
traffic behavior ICMP
deny
statistic enable

traffic policy qos match-order config
classifier ICMP behavior ICMP
classifier qos behavior qos

vlan 10
traffic-policy qos outbound
--------------------------------------------以下是组合使用------------------------------------------
[6700]dis traffic policy  statistics vlan 10 outbound

Vlan: 10
Traffic policy outbound: qos
Rule number: 2
Current status: OK!
Statistics interval: 300
---------------------------------------------------------------------
Board : 0
---------------------------------------------------------------------
Matched          |      Packets:                       772,050
                  |      Bytes:                     835,665,441
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Passed         |      Packets:                       772,050
                  |      Bytes:                     835,665,441
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0

---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------


根因

traffic policy 在当前的版本中调用config后
Config模式对outbound方向的流策略不生效。
此顺序由流分类配置的先后顺序决定。
此外,配置该参数需要消耗系统更多ACL资源。

 

解决方案
将if-match any修改成if-match protocol ip,这样ACL下发在同一个分组,可以保证按照配置生效。
建议与总结
 在进行调整流策略的配置时,建议确认下当前的版本对应的traffic policy的配置匹配调整,在后续版本如V2R8的版本中,traffic policy 里面的config已经调整为由流分类与流行为绑定的先后顺序决定。 因此配置时建议确认下版本信息,以及实现的需求后再做配置。

END