No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Traffic Policing

Configuring Traffic Policing

MQC can be used to implement traffic policing that limits the rate of packets matching rules. To limit the rate of packets matching rules and all traffic, configure MQC to implement hierarchical traffic policing.

Pre-configuration Tasks

Before configuring traffic policing, complete the following tasks:

  • Configuring link layer attributes of interfaces to ensure that the interfaces work properly

Configuring MQC to Implement Traffic Policing

Context

To control traffic of a type in the inbound or outbound direction on an interface, configure MQC-based traffic policing. MQC-based traffic policing can implement differentiate services using complex traffic classification. A traffic policy can be applied to different interfaces. When the receive or transmit rate of packets matching traffic classification rules exceeds the rate limit, the packets are discarded.

Procedure
  1. Configure a traffic classifier.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      traffic classifier classifier-name [ type { and | or } ]

      A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.

      and indicates that rules are ANDed with each other.
      • If a traffic classifier contains ACL rules, packets match the traffic classifier only when the packets match one ACL rule and all the non-ACL rules.

      • If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

      or indicates that rules are ORed with each other. Packets match a traffic classifier as long as packets match one rule of the traffic classifier.

      By default, the relationship between rules in a traffic classifier is OR.

    3. Run the following commands as required.

      Matching Rule

      Command

      Remarks

      Inner VLAN IDs in QinQ packets

      if-match inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

      -

      802.1p priority in VLAN packets

      if-match 8021p 8021p-value &<1-8>

      Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of 802.1p priorities, the packet that matches one 802.1p priority matches the traffic classifier.

      Inner 802.1p priority in QinQ packets

      if-match inner-8021p 8021p-value &<1-8>

      -

      Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

      if-match vlan start-vlan-id [ to end-vlan-id ] [ inner-vlan inner-vlan-id ] or if-match vlan vlan-id [ inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ] ]

      -

      Drop packet

      if-match discard

      -

      Double tags in QinQ packets

      if-match double-tag

      -

      Destination MAC address

      if-match destination-mac mac-address [ mac-address-mask ]

      -

      Source MAC address

      if-match source-mac mac-address [ mac-address-mask ]

      -

      Protocol type field encapsulated in the Ethernet frame header

      if-match l2-protocol { arp | ip | rarp | protocol-value }

      -

      All packets

      if-match any

      -

      DSCP priority in IP packets

      if-match [ ipv6 ] dscp dscp-value &<1-8>

      • Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of DSCP priorities, the packet that matches one DSCP priority matches the traffic classifier.

      • If the relationship between rules in a traffic classifier is AND, the if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

      IP precedence in IP packets

      if-match ip-precedence ip-precedence-value &<1-8>

      • The if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

      • Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of IP priorities, the packet that matches one IP priority matches the traffic classifier.

      SYN Flag in the TCP packet header

      if-match tcp-flag { tcp-flag-value | { ack | fin | psh | rst | syn | urg }* }

      -

      Outbound interface

      if-match outbound-interface interface-type interface-number

      The traffic policy containing this matching rule cannot be applied to the outbound direction.

      ACL rule

      if-match acl { acl-number | acl-name }

      NOTE:

      When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.

      Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if an ACL defines many rules, the packet that matches a single ACL rule matches the ACL.

      ACL6 rule

      if-match ipv6 acl { acl-number | acl-name }

      NOTE:

      When an ACL6 is used to define a traffic classification rule, it is recommended that the ACL6 be configured first.

      -

    4. Run:

      commit

      The configuration is committed.

    5. Run:

      quit

      The traffic classifier view is quitted.

  2. Configure a traffic behavior.
    1. Run:

      traffic behavior behavior-name

      A traffic behavior is created and the traffic behavior view is displayed.

    2. Run:

      car cir cir-value [ kbps | mbps | gbps ] [ pir pir-value [ kbps | mbps | gbps ] ] [ cbs cbs-value [ bytes | kbytes | mbytes ] pbs pbs-value [ bytes | kbytes | mbytes ] ] [ share ] [ mode { color-blind | color-aware } ] [ green pass [ service-class class color color-value ] | yellow { discard | pass [ service-class class color color-value ] } | red { discard | pass [ service-class class color color-value ] } ]*

      A CAR action is configured. On the CX110 switch module GE switching plane, you are advised to apply traffic policies with CAR behaviors to the inbound direction.

      NOTE:

      If the packet forwarding mode on the CX31x&CX91x series switch module 10GE switching planes is set to cut through, the traffic policy containing car cannot be applied to the outbound direction. If car is required, run the assign forward mode store-and-forward command to change the packet forwarding mode to store-and-forward or apply the traffic policy containing car to the inbound direction.

      When the packet forwarding mode on the CX710 switch module 40GE converged switching plane is set to Cut Through, the CX710 switch module 40GE converged switching plane does not support the traffic policy defining car. To use car, run the assign forward mode store-and-forward command to change the packet forwarding mode to store-and-forward.

    3. (Optional) Run:

      statistics enable

      The traffic statistics function is enabled.

    4. Run:

      commit

      The configuration is committed.

    5. Run:

      quit

      Exit from the traffic behavior view.

    6. Run:

      quit

      Exit from the system view.

  3. Configure a traffic policy.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      traffic policy policy-name

      A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

    3. Run:

      classifier classifier-name behavior behavior-name [ precedence precedence-value ]

      A traffic behavior is bound to a traffic classifier in a traffic policy.

    4. Run:

      commit

      The configuration is committed.

    5. Run:

      quit

      The traffic policy view is quitted.

  4. Apply the traffic policy.
    • Applying a traffic policy to an interface
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        interface interface-type interface-number

        The interface view is displayed.

      3. Run:

        traffic-policy policy-name { inbound | outbound }

        A traffic policy is applied to the interface.

      4. Run:

        commit

        The configuration is committed.

    • Applying a traffic policy to a VLAN
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        vlan vlan-id

        The VLAN view is displayed.

      3. Run:

        traffic-policy policy-name { inbound | outbound }

        A traffic policy is applied to the VLAN.

        After a traffic policy is applied, the system performs traffic policing for the packets that belong to a VLAN and match traffic classification rules in the inbound or outbound direction.

      4. Run:

        commit

        The configuration is committed.

    • Applying a traffic policy to the system
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

        A traffic policy is applied to the system.

      3. Run:

        commit

        The configuration is committed.

Configuring Hierarchical Traffic Policing

Context

The device supports hierarchical traffic policing. After the system uses MQC to implement traffic policing (level-1 CAR) to service flows matching a traffic classifier in a traffic policy, it aggregates all the service flows matching the traffic classifier and perform traffic policing (level-2 CAR) for the aggregated flow. Hierarchical traffic policing multiplexes user traffic statistics and fine-granular control of user traffic. For details about level-1 CAR, see Configuring MQC to Implement Traffic Policing.

NOTE:

This configuration task is supported by only the CX110 switch module GE switching plane.

Procedure
  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    qos car car-name { percent percent-value | cir cir-value [ kbps | mbps | gbps ] [ cbs cbs-value [ bytes | kbytes | mbytes ] [ pbs pbs-value [ bytes | kbytes | mbytes ] ] | pir pir-value [ kbps | mbps | gbps ] [ cbs cbs-value [ bytes | kbytes | mbytes ] pbs pbs-value [ bytes | kbytes | mbytes ] ] ] }

    A CAR profile is created and configured.

    NOTE:

    The CIR in the CAR profile must be larger than the CIR in the traffic behavior.

  3. Run:

    traffic behavior behavior-name

    The traffic behavior view is displayed.

  4. Run:

    car car-name share

    The aggregated CAR action is configured.

  5. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display traffic behavior [ behavior-name ] command to check the traffic behavior configuration.
  • Run the display traffic classifier [ classifier-name ] command to check the traffic classifier configuration.
  • Run the display traffic policy [ policy-name [ classifier classifier-name ] ] command to check the traffic policy configuration.
  • Run the display traffic-policy applied-record [ policy-name ] [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id ] [ inbound | outbound ] command to check the application record of the specified traffic policy.
  • Run the display qos car [ car-name ] command to check the QoS CAR configuration.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57179

Downloads: 3617

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next