Aggregation Switch: Increasing the Priority of Special Traffic
Networking Requirements
Core switches set up a CSS that functions as the core of the entire campus network to implement high network reliability and forwarding of a large amount of data. In addition, core switches are configured with the native AC function to manage APs and transmit wireless service traffic on the entire network, implementing wired and wireless convergence. Aggregation switches set up stacks to implement device-level backup and increase the interface density and forwarding bandwidth.
Before deploying QoS, ensure that the campus network is connected. For details, see Campus Network Connectivity Deployment.
In this example, the aggregation switch needs to guarantee the bandwidth and preferentially forward the traffic of the special user (PC1).
Device Requirements and Versions
Location |
Device Requirement |
Device Used in This Example |
Version Used in This Example |
|---|---|---|---|
Aggregation layer |
- |
S5731-H |
V200R019C10 |
Deployment Roadmap
Step |
Deployment Roadmap |
Devices Involved |
|---|---|---|
1 |
Create an ACL and configure an ACL rule to allow VIP user traffic to pass through. |
Aggregation switch |
2 |
Configure a traffic classifier and reference the ACL rule to classify VIP user traffic into one type. |
|
3 |
Configure a traffic behavior to re-mark 802.1p priorities of VLAN packets with 5. |
|
4 |
Configure a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy. |
|
5 |
Apply the traffic policy to a downlink interface of the aggregation switch to increase the priority of incoming special user traffic. |
Data Plan
Device |
Item |
VLAN ID |
Network Segment |
|---|---|---|---|
AGG1 |
Service VLAN for wired users |
VLAN 50 |
172.16.50.0/24 |
Item |
Interface Number |
|---|---|
Interface for connecting AGG1 and ACC1 |
Eth-Trunk 30 |
Item |
Description |
|---|---|
ACL |
|
QoS |
|
Deployment Precautions
In this example, special user traffic belongs to VLAN packets, so the remark 8021p command is used to re-mark 802.1p priorities of VLAN packets.
Packets of different types use different QoS priorities. VLAN packets use 802.1p priorities, IP packets use DSCP priorities, and MPLS packets use EXP priorities. To increase the priority of VoIP traffic, run the remark dscp ef command. This is because VoIP traffic belongs to IP packets, and EF traffic requires low delay, low jitter, and low packet loss ratio. Typical examples of EF traffic in practice are real-time services such as video, voice, and video conferencing.
Deployment Procedure
- Configure devices at core, aggregation, and access layers to ensure connectivity of the basic network.
For details, see Native AC Solution: Aggregation Switches Function as Gateways for Wired and Wireless Users.
- Configure an ACL. Create an ACL and configure an ACL rule to allow special user traffic to pass through.
<AGG1> system-view [AGG1] acl 3000 [AGG1-acl-adv-3000] rule permit ip source 172.16.50.0 0.0.0.255 //Allow packets with the source IP address on the network segment that PC1 belongs to pass through. [AGG1-acl-adv-3000] quit
- Configure a traffic classifier and reference the ACL rule to classify special user traffic into one type.
[AGG1] traffic classifier c1 [AGG1-classifier-c1] if-match acl 3000 [AGG1-classifier-c1] quit
- Configure a traffic behavior to re-mark 802.1p priorities of VLAN packets with 5.
[AGG1] traffic behavior b1 [AGG1-behavior-b1] remark 8021p 5 [AGG1-behavior-b1] quit
- Configure a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy.
[AGG1] traffic policy p1 [AGG1-trafficpolicy-p1] classifier c1 behavior b1 [AGG1-trafficpolicy-p1] quit
- Apply the traffic policy to a downlink interface of the aggregation switch to increase the priority of incoming special user traffic.
[AGG1] interface eth-trunk 30 //Eth-Trunk 30 is the downlink interface of the aggregation switch. [AGG1-Eth-Trunk30] traffic-policy p1 inbound [AGG1-Eth-Trunk30] quit
Verifying the Deployment
Expected Result
The traffic policy is applied successfully, and packets sent by the special user (PC1) leave the aggregation switch through queue 5 on the outbound interface (uplink interface of the aggregation switch).
Verification Method
- Run the display traffic-policy applied-record [ policy-name ] command to check the use records of a specified traffic policy.
[AGG1] display traffic-policy applied-record p1 ------------------------------------------------- Policy Name: p1 Policy Index: 0 Classifier:c1 Behavior:b1 ------------------------------------------------- *interface Eth-Trunk30 traffic-policy p1 inbound ------------------------------------------------- Policy total applied times: 1. - Run the display qos queue statistics command to check queue-based traffic statistics on uplink interfaces (XGE0/0/1 and XGE1/0/1) of the aggregation switch. XGE0/0/1 is used as an example. Compared with the rate before the traffic policy is applied, the rate of the packets in queue 5 (Passed Rate(pps)) increases significantly, and the packets are mapped to the correct priority queue.
[AGG1] display qos queue statistics interface xgigabitethernet 0/0/1 queue 5 ------------------------------------------------------------ Queue ID : 5 CIR(kbps) : 0 PIR(kbps) : 1,000,000 Used Length(byte) : 0 Passed Packets : 15,683,478 Passed Rate(pps) : 5,552 Passed Bytes : 1,631,081,712 Passed Rate(bps) : 4,619,544 Dropped Packets : 0 Dropped Rate(pps) : 0 Dropped Bytes : 0 Dropped Rate(bps) : 0 ------------------------------------------------------------
Configuration Files
AGG1
# sysname AGG1 # vlan batch 20 30 to 31 50 70 # dhcp enable # dhcp snooping enable # acl number 3000 rule 5 permit ip source 172.16.50.0 0.0.0.255 # traffic classifier c1 operator or if-match acl 3000 # traffic behavior b1 remark 8021p 5 # traffic policy p1 match-order config classifier c1 behavior b1 # vlan 30 dhcp snooping enable vlan 31 dhcp snooping enable vlan 50 dhcp snooping enable # interface Vlanif20 ip address 192.168.20.1 255.255.255.0 dhcp select interface # interface Vlanif30 ip address 172.16.30.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable dhcp select interface dhcp server dns-list 192.168.100.2 # interface Vlanif31 ip address 172.16.31.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable dhcp select interface dhcp server dns-list 192.168.100.2 # interface Vlanif50 ip address 172.16.50.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable dhcp select interface dhcp server dns-list 192.168.100.2 # interface Vlanif70 ip address 172.16.70.2 255.255.255.0 # interface Eth-Trunk10 description connect to CORE port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 70 mode lacp # interface Eth-Trunk30 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 50 traffic-policy p1 inbound mode lacp port-isolate enable group 1 # interface GigabitEthernet0/0/3 eth-trunk 30 # interface GigabitEthernet0/0/10 mad detect mode direct # interface GigabitEthernet1/0/3 eth-trunk 30 # interface GigabitEthernet1/0/10 mad detect mode direct # interface XGigabitEthernet0/0/1 eth-trunk 10 # interface XGigabitEthernet1/0/1 eth-trunk 10 # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 172.16.30.0 0.0.0.255 network 172.16.31.0 0.0.0.255 network 172.16.50.0 0.0.0.255 network 172.16.70.0 0.0.0.255 network 192.168.20.0 0.0.0.255 # capwap source interface vlanif20 # wlan traffic-profile name traff user-isolate l2 security-profile name sec1 security open security-profile name sec2 security open ssid-profile name ssid1 ssid Employee ssid-profile name ssid2 ssid Guest vap-profile name vap1 forward-mode tunnel service-vlan vlan-id 30 ssid-profile ssid1 security-profile sec1 traffic-profile traff ip source check user-bind enable arp anti-attack check user-bind enable learn-client-address dhcp-strict vap-profile name vap2 forward-mode tunnel service-vlan vlan-id 31 ssid-profile ssid2 security-profile sec2 traffic-profile traff ip source check user-bind enable arp anti-attack check user-bind enable learn-client-address dhcp-strict regulatory-domain-profile name domain1 ap-group name ap-group1 regulatory-domain-profile domain1 radio 0 vap-profile vap1 wlan 1 vap-profile vap2 wlan 2 radio 1 vap-profile vap1 wlan 1 vap-profile vap2 wlan 2 ap-id 1 type-id 30 ap-mac 00e0-fc12-3450 ap-sn 2102355547W0E3000316 ap-name area_1 ap-group ap-group1 # return