No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Optimizing IP Performance

Optimizing IP Performance

Configuring an Outbound Interface to Fragment IP Packets

Context

If the size of IP packets exceeds the MTU, oversized packets will be discarded. After IP packet fragmentation is enabled, the system sets the DF field of an IP packet to 0 and fragments the IP packet to ensure that all packets are forwarded.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    clear ip df

    The IP packet fragmentation is enabled on an outbound interface.

    By default, an outbound interface does not fragment IP packets.

    The device can forcibly fragment only the IP packets generated by the device but not the IP packets forwarded by the device.

  4. Run:

    commit

    The configuration is committed.

Configuring the Packet Forwarding Mode

Context

When low packet delay is required, run the assign forward mode cut-through command to set the packet forwarding mode to cut-through to speed up packet forwarding.

The CX11x switch module GE switching plane do not support the configuration of the packet forwarding mode.

In cut-through mode, CRC error packets are also forwarded but not discarded.

In cut-through mode, if network congestion occurs, the system forwards packets in store-and-forward mode. After network congestion is eliminated, the system forwards packets in cut-through mode.

When the packet forwarding mode on the CX710 switch module 40GE converged switching plane is set to cut-through, the CX710 switch module 40GE converged switching plane does not support PFC, ETS, interface-based rate limiting in the outbound direction, queue-based traffic shaping, traffic policy defining car, interface-based rate limiting in the inbound direction, and flow control function. To use these functions, change the packet forwarding mode to store-and-forward.

On the CX710 switch module 40GE converged switching plane, 10GE interfaces split from 40GE interfaces do not support the packet forwarding mode set to cut-through.

If the packet forwarding mode on the CX31x&CX91x series switch module 10GE switching planes is set to cut-through, the traffic policy containing car cannot be applied to the outbound direction. If car is required, change the packet forwarding mode to store-and-forward or apply the traffic policy containing car to the inbound direction.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    assign forward mode { store-and-forward | cut-through }

    The packet forwarding mode is configured.

    By default, the packet forwarding mode is store-and-forward mode.

    After you configure the packet forwarding mode or restore the default packet forwarding mode, restart the device to make the configuration take effect.

  3. Run:

    commit

    The configuration is committed.

Configuring the Hash Mode of the Layer 3 Forwarding Table

Context

When planned multicast addresses cause hash conflicts, configure the hash mode of the Layer 3 forwarding table to reduce hash conflicts.

After configuring the hash mode of the Layer 3 forwarding table, restart the device to make the configuration take effect.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Configure the hash mode of the Layer 3 forwarding table on the device.

    On the the CX31x&CX91x series switch module 10GE switching planes and CX710 switch module 40GE converged switching plane, run:

    assign forward layer-3 hash { crc32-upper | crc32-lower | lsb | crc16-upper | crc16-lower }

    The hash mode of the Layer 3 forwarding table is configured.

    On the CX11x switch module GE switching plane, run:

    assign forward layer-3 hash { crc32-upper | crc32-lower | crc16 }

    The hash mode of the Layer 3 forwarding table is configured.

    By default, the hash mode of the Layer 3 forwarding table is crc32-lower.

  3. Run:

    commit

    The configuration is committed.

Configuring the Device to Process IP Packets with Options

Context

IP packets can carry route options including the route alert option, route record option, source route option, and timestamp option. These route options are used to diagnose network paths and temporarily transmit special services. These options, however, may be used by attackers to spy on the network structure for initiating attacks. This degrades network security and device performance. To solve this problem, you can perform the following configurations to configure the device to discard the IP packets that contain the route options.

Procedure

  1. Configure the device to process IP packets with options in the system view or interface view:

    • Enter the system view.

      Run:

      system-view

      The system view is displayed.

    • Enter the interface view.

      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        interface interface-type interface-number

        The interface view is displayed.

      3. On an Ethernet interface, run:

        undo portswitch

        The interface is switched to Layer 3 mode.

        By default, an Ethernet interface works in Layer 2 mode.

        If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

        If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  2. Do as follows according to different route options in IP packets:

    • Run:

      ip option route-alert disable

      The system is disabled from processing the IP packets carrying route alert options.

    • Run:

      ip option route-record disable

      The system is disabled from processing the IP packets carrying record route options.

    • Run:

      ip option source-route disable

      The system is disabled from processing the IP packets carrying source route options.

    • Run:

      ip option time-stamp disable

      The system is disabled from processing the IP packets carrying timestamp options.

    By default, the system is enabled to process the IP packets carrying route options.

  3. Run:

    commit

    The configuration is committed.

Configuring a Packet Priority

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    set priority { 8021p 8021p-number | dscp dscp-number }

    The value of the 802.1p priority and DSCP priority is set.

    By default, the value of the 802.1p priority and DSCP priority is not set.

  3. Run:

    commit

    The configuration is committed.

Configuring ICMP properties

Context

Optimizing ICMP properties can reduce ICMP packets on the network and reduce the burden on the device.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    icmp echo-reply fast disable

    The fast ICMP reply function is disabled.

    By default, the fast ICMP reply function is enabled on the device.

  3. Run:

    icmp ttl-exceeded drop { slot slot-id | all }

    The device is configured to discard the ICMP packets whose TTL values are 1.

    By default, the function of discarding ICMP packets with TTL values 1 is disabled.

  4. Run:

    icmp with-options drop { slot slot-id | all }

    The device is configured to discard the ICMP packets that carry options.

    By default, the function of discarding ICMP packets that carry options is disabled.

  5. Run:

    icmp broadcast-address echo disable

    The function of receiving ICMP Echo broadcast messages is disabled.

    By default, the function of receiving ICMP Echo broadcast messages is enabled.

  6. Run:

    icmp name unreachable receive disable

    The function of discarding ICMP packets with unreachable destination addresses is enabled.

    By default, the function of discarding ICMP packets with unreachable destination addresses is disabled.

  7. Run:

    icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } send disable

    The function of sending ICMP packets is disabled in the system view.

    By default, the function of sending ICMP packets is enabled in the system view.

  8. Run:

    icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } receive disable

    The function of receiving ICMP packets is disabled in the system view.

    By default, the function of receiving ICMP packets is enabled in the system view.

  9. Run:

    interface interface-type interface-number

    The interface view is displayed.

  10. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  11. Run:

    icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } send disable

    The function of sending ICMP packets is disabled in the interface view.

    By default, the enabling status of the function that the interface sends ICMP packets is the same as that of the function that the system sends ICMP packets.

  12. Run:

    icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } send enable

    The function of sending ICMP packets is enabled in the interface view.

    By default, the enabling status of the function that the interface sends ICMP packets is the same as that of the function that the system sends ICMP packets.

  13. Run:

    icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } receive disable

    The function of receiving ICMP packets is disabled in the interface view.

    By default, the enabling status of the function that the interface receives ICMP packets is the same as that of the function that the system receives ICMP packets.

  14. Run:

    icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } receive enable

    The function of receiving ICMP packets is enabled in the interface view.

    By default, the enabling status of the function that the interface receives ICMP packets is the same as that of the function that the system receives ICMP packets.

  15. Run:

    icmp name redirect receive disable

    The function of receiving ICMP redirect packets is disabled in the interface view.

    By default, the enabling status of the function that the interface receives ICMP redirect packets is the same as that of the function that the system receives ICMP redirect packets. That is, an interface can receive ICMP redirect packets.

  16. Run:

    icmp name redirect receive enable

    The function of receiving ICMP redirect packets is enabled in the interface view.

    By default, the enabling status of the function that the interface receives ICMP redirect packets is the same as that of the function that the system receives ICMP redirect packets. That is, an interface can receive ICMP redirect packets.

  17. Run:

    icmp name redirect send disable

    The function of sending ICMP redirect packets is disabled in the interface view.

    By default, the enabling status of the function that the interface sends ICMP redirect packets is the same as that of the function that the system sends ICMP redirect packets. That is, an interface can send ICMP redirect packets.

  18. Run:

    icmp name redirect send enable

    The function of sending ICMP redirect packets is enabled in the interface view.

    By default, the enabling status of the function that the interface sends ICMP redirect packets is the same as that of the function that the system sends ICMP redirect packets. That is, an interface can send ICMP redirect packets.

  19. Run:

    commit

    The configuration is committed.

Configuring TCP Properties

Context

When a TCP connection is set up between switch modules and other devices, TCP properties such as TCP connection for BGP need to be configured.

The following TCP properties can be configured on switch modules:

  • SYN-Wait timer: When SYN packets are sent, the SYN-Wait timer is started. If no response packet is received after the SYN-Wait timer expires, the TCP connection is closed.

  • FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2, the FIN-Wait timer is started. If no response packet is received after the FIN-Wait timer expires, the TCP connection is closed.

  • Receive/send buffer size of connection-oriented socket.

  • Maximum Maximum Segment Size (MSS) value: Setting a maximum MSS value for a TCP connection defines the largest TCP packet size, allowing TCP packets to be successfully forwarded by intermediate devices when no MTU is available.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    tcp timer syn-timeout interval

    The SYN-Wait timer of TCP connections is configured.

    By default, the value of the TCP SYN-Wait timer is 75s.

  3. Run:

    tcp timer fin-timeout interval

    The FIN-WAIT timer of TCP connections is configured.

    By default, the value of the TCP FIN-Wait timer is 675s.

  4. Run:

    tcp window window-size

    The size of the receive or send buffer of a connection-oriented socket is configured.

    By default, the size of the receive or send buffer of a connection-oriented socket is 8k bytes.

  5. Run:

    tcp max-mss mss-value

    The maximum MSS value is configured for a TCP connection.

    By default, the maximum MSS value is not configured for TCP connections.

  6. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display tcp status [ local-ip ipv4-address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port remote-port-number ] [ cid cid ] [ socket-id socket-id ] command to view TCP connection status.
  • Run the display tcp statistics [ verbose ] command to view the TCP traffic statistics.
  • Run the display udp status [ local-ip ipv4-address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port remote-port-number ] [ cid cid ] [ socket-id socket-id ] command to view UDP connection status.
  • Run the display udp statistics [ verbose ] command to view the UDP traffic statistics.
  • Run the display ip statistics [ interface interface-type interface-number ] command to view the IP traffic statistics.
  • Run the display icmp statistics [ interface interface-type interface-number ] command to view the ICMP traffic statistics.
  • Run the display forward mode command to check the configured and currently used packet forwarding modes.
  • Run the display forward layer-3 command to check the currently used and configured hash modes of the Layer 3 forwarding table.
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 61520

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next