S600-E系列交换机 典型配置案例
配置基于VLAN限速示例
流分类简介
除了ACL之外,MQC配置中的流分类定义了大量的二三层匹配规则,如VLAN ID、802.1p优先级、DSCP优先级、源MAC、目的MAC等,设备可以通过配置不同的流分类规则将报文进行分类,并配置限速、统计或者镜像等流行为,以实现不同的策略。
本例就是在流分类中匹配不同的VLAN ID,并对符合规则的报文分别配置不同的限速带宽,以达到对不同的业务流量分配不同带宽的目的。
组网需求
Switch通过接口GE0/0/2与路由器互连,企业可经由Switch和路由器访问网络,如图11-5所示。
语音业务对应的VLAN ID为120,视频业务对应的VLAN ID为110,数据业务对应的VLAN ID为100。
在Switch上需要对不同业务的报文分别进行流量监管,以将流量限制在一个合理的范围之内,并保证各业务的带宽需求。
不同业务对于服务质量的需求不同,语音业务对服务质量要求最高,视频业务次之,数据业务要求最低,所以在Switch中还需要重标记不同业务报文的DSCP优先级,以便于路由器按照报文的不同优先级分别进行处理,保证各种业务的服务质量。
具体配置需求如表11-1所示。
配置思路
采用如下的思路配置MQC实现流量监管:
- 创建VLAN,并配置各接口,使企业能够通过Switch访问网络。
- 在Switch上配置基于VLAN ID进行流分类的匹配规则。
- 在Switch上配置流行为,对报文进行流量监管并且重标记报文的DSCP优先级。
- 在Switch上配置流量监管策略,绑定已配置的流行为和流分类,并应用到Switch与SwitchA连接的接口上。
操作步骤
- 创建VLAN并配置各接口
# 在Switch上创建VLAN 100、110、120。
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 110 120
# 将接口GE0/0/1、GE0/0/2的接入类型分别配置为trunk,并分别将接口GE0/0/1和GE0/0/2加入VLAN 100、VLAN 110、VLAN 120。
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 110 120 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type trunk [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 110 120 [Switch-GigabitEthernet0/0/2] quit
- 配置流分类
# 在Switch上创建流分类c1~c3,对不同业务流按照其VLAN ID进行分类。
[Switch] traffic classifier c1 operator and [Switch-classifier-c1] if-match vlan-id 120 //匹配VLAN ID为120的报文 [Switch-classifier-c1] quit [Switch] traffic classifier c2 operator and [Switch-classifier-c2] if-match vlan-id 110 //匹配VLAN ID为110的报文 [Switch-classifier-c2] quit [Switch] traffic classifier c3 operator and [Switch-classifier-c3] if-match vlan-id 100 //匹配VLAN ID为100的报文 [Switch-classifier-c3] quit
- 配置流量监管行为
# 在Switch上创建流行为b1~b3,对不同业务流进行流量监管以及重标记优先级,并配置流量统计功能。
[Switch] traffic behavior b1 [Switch-behavior-b1] car cir 2000 pir 10000 green pass //对VLAN ID为120的报文限速为2000kbit/s [Switch-behavior-b1] remark dscp 46 //对VLAN ID为120的报文重标记其DSCP优先级为46 [Switch-behavior-b1] statistic enable //配置流量统计功能 [Switch-behavior-b1] quit [Switch] traffic behavior b2 [Switch-behavior-b2] car cir 4000 pir 10000 green pass [Switch-behavior-b2] remark dscp 30 [Switch-behavior-b2] statistic enable [Switch-behavior-b2] quit [Switch] traffic behavior b3 [Switch-behavior-b3] car cir 4000 pir 10000 green pass [Switch-behavior-b3] remark dscp 14 [Switch-behavior-b3] statistic enable [Switch-behavior-b3] quit
- 配置流量监管策略并应用到接口上
# 在Switch上创建流策略p1,将流分类和对应的流行为进行绑定并将流策略应用到接口GE0/0/1入方向上,对报文进行流量监管和重标记。
[Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] classifier c2 behavior b2 [Switch-trafficpolicy-p1] classifier c3 behavior b3 [Switch-trafficpolicy-p1] quit [Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] traffic-policy p1 inbound [Switch-GigabitEthernet0/0/1] quit
- 验证配置结果
# 查看流分类的配置信息。
[Switch] display traffic classifier user-defined User Defined Classifier Information: Classifier: c2 Operator: AND Rule(s) : if-match vlan-id 110 Classifier: c3 Operator: AND Rule(s) : if-match vlan-id 100 Classifier: c1 Operator: AND Rule(s) : if-match vlan-id 120 Total classifier number is 3
# 查看流策略的配置信息,以流策略p1为例。
[Switch] display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Classifier: c2 Operator: AND Behavior: b2 Committed Access Rate: CIR 4000 (Kbps), CBS 500000 (Byte) PIR 10000 (Kbps), PBS 1250000 (Byte) Green Action : pass Yellow Action : pass Red Action : discard Remark: Remark DSCP af33 Statistic: enable Classifier: c3 Operator: AND Behavior: b3 Committed Access Rate: CIR 4000 (Kbps), CBS 500000 (Byte) PIR 10000 (Kbps), PBS 1250000 (Byte) Green Action : pass Yellow Action : pass Red Action : discard Remark: Remark DSCP af13 Statistic: enable Classifier: c1 Operator: AND Behavior: b1 Committed Access Rate: CIR 2000 (Kbps), CBS 250000 (Byte) PIR 10000 (Kbps), PBS 1250000 (Byte) Green Action : pass Yellow Action : pass Red Action : discard Remark: Remark DSCP ef Statistic: enable
# 查看在接口上应用的流策略信息。以接口GE0/0/1上的语音业务报文为例,分别以2000kbit/s和11000kbit/s的速率向接口GE0/0/1输入报文流,报文流的VLAN为120,然后使用命令display traffic policy statistics interface gigabitethernet 0/0/1 inbound verbose classifier-base class c1查看接口上流策略统计信息。如果配置成功,以2000kbit/s输入报文流时,报文将全部被正常转发,丢弃报文信息为0;以11000kbit/s的速率输入报文流时,接口通过的报文速率为10000kbit/s,丢弃报文信息不为0,表示报文转发速率被限制在10000kbit/s。
[Switch] display traffic policy statistics interface gigabitethernet 0/0/1 inbound verbose classifier-base class c1 Interface: GigabitEthernet0/0/1 Traffic policy inbound: p1 Rule number: 3 Current status: success Statistics interval: 300 --------------------------------------------------------------------- Board : 0 --------------------------------------------------------------------- Matched | Packets: 49,491 | Bytes: - | Rate(pps): 0 | Rate(bps): - --------------------------------------------------------------------- Passed | Packets: 40,971 | Bytes: - | Rate(pps): 0 | Rate(bps): - --------------------------------------------------------------------- Dropped | Packets: 8,520 | Bytes: - | Rate(pps): 0 | Rate(bps): - --------------------------------------------------------------------- Filter | Packets: 0 | Bytes: - --------------------------------------------------------------------- Car | Packets: 8,520 | Bytes: - ---------------------------------------------------------------------
配置文件
Switch的配置文件
# sysname Switch # vlan batch 100 110 120 # traffic classifier c1 operator and if-match vlan-id 120 traffic classifier c2 operator and if-match vlan-id 110 traffic classifier c3 operator and if-match vlan-id 100 # traffic behavior b1 car cir 2000 pir 10000 cbs 250000 pbs 1250000 green pass yellow pass red discard remark dscp ef statistic enable traffic behavior b2 car cir 4000 pir 10000 cbs 500000 pbs 1250000 green pass yellow pass red discard remark dscp af33 statistic enable traffic behavior b3 car cir 4000 pir 10000 cbs 500000 pbs 1250000 green pass yellow pass red discard remark dscp af13 statistic enable # traffic policy p1 classifier c1 behavior b1 classifier c2 behavior b2 classifier c3 behavior b3 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 110 120 traffic-policy p1 inbound # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 110 120 # return