No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - QoS

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes the configurations of QoS functions, including MQC, priority mapping, traffic policing, traffic shaping, interface-based rate limiting, congestion avoidance, congestion management, packet filtering, redirection, traffic statistics, and ACL-based simplified traffic policy.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for MQC (CE6870EI and CE6875EI)

Licensing Requirements and Limitations for MQC (CE6870EI and CE6875EI)

Involved Network Elements

Other network elements are not required.

Licensing Requirements

MQC is a basic feature of the switch and is not under license control.

Version Requirements

Table 2-3 Products and minimum version supporting MQC

Product

Minimum Version Required

CE6870-24S6CQ-EI/CE6870-48S6CQ-EI

V200R001C00

CE6870-48T6CQ-EI

V200R002C50

CE6875-48S4CQ-EI

V200R003C00

Feature Limitations

Limitations for specifications of MQC

Table 2-4 describes the specifications of MQC.
NOTE:

The values in Table 2-4 are used only when the MQC service is configured on a network. If the service configurations on the actual network and test network are different, the specifications of MQC may be different from the values in Table 2-4.

Table 2-4 Specifications of MQC

Item

Specification

Maximum number of traffic classifiers

  • Versions earlier than V200R003C00: 512
  • V200R003C00 and later versions: 2048

Maximum number of traffic behaviors

  • Versions earlier than V200R003C00: 512
  • V200R003C00 and later versions: 2048

Maximum number of traffic policies

  • Versions earlier than V200R003C00: 512
  • V200R003C00 and later versions: 2048

Maximum binding count of traffic policies

12288

Maximum number of if-match rules in a traffic classifier

2048

Maximum number of traffic classifiers bound to a traffic policy

  • Versions earlier than V200R003C00: 512
  • V200R003C00 and later versions: 2048

Number of supported traffic policies in each view

Inbound: 2

Outbound: 2

Limitations for Traffic Classifiers

  • When a traffic classifier contains an ACL rule that defines a VPN instance, the vpn-instance field is ignored. That is, both private and public traffic is matched. To match only private traffic, apply a traffic policy to the corresponding Layer 3 interface.
  • When editing or modifying traffic classification rules in a traffic policy on the switch configured with the traffic-policy atomic-update-mode command, ensure that the number of remaining ACL resources is larger than twice the number of chip resources occupied by traffic classification rules in the traffic policy.
  • A traffic classifier cannot match packets based on the VLAN ID of a Layer 2 sub-interface.
  • If a traffic policy for matching the TCP flag in IPv6 packets is applied in the following situations, the traffic classification rule cannot match the TCP flag, source port number, and destination port number concurrently:
    • The traffic policy is applied in the VBDIF interface view or VLANIF interface view.
    • The traffic policy is applied in the outbound direction in the VLAN interface view, Eth-Trunk interface view, or physical interface view.
    • The traffic policy is applied in the inbound direction in the Eth-Trunk interface view or physical interface view, and the traffic behavior defines the redirection action.

Limitations for Traffic Policies

  • By default, the CE6870EI running a version earlier than V200R003C00 is enabled to use the Single mode for resource occupancy when a traffic policy is applied, while the CE6870EI running V200R003C00 or a later version is disabled from using the Single mode for resource occupancy when a traffic policy is applied by default. Therefore, after the system software of the CE6870EI is upgraded from a version earlier than V200R003C00 to V200R003C00 or a later version, if a traffic policy configured before the upgrade becomes invalid, you can enable the switch to use the Single mode for resource occupancy when a traffic policy is applied to solve this problem.
  • At most two traffic policies can be applied to the same view and the same direction.
  • When two traffic policies are applied to the same view and the same direction (assuming that traffic policies p1 and p2 are applied in sequence), if traffic policy p1 is unbound and a traffic policy (traffic policy p1 or another one) is applied again, traffic policy p2 becomes invalid for a period of time. In addition, there is a delay for the re-applied traffic policy to take effect after the configuration is committed.
  • You can run the assign forward nvo3 acl extend enable command to enable the NVO3 ACL extension function, and restart the switch to reduce the risk of the failure in configuring ACL-consuming services.

  • When multiple fields of packets of the same type (such as Layer 2, IPv4, or IPv6 packets) need to be matched in a view, apply one traffic policy in the view and specify multiple traffic classifiers and corresponding traffic behaviors in the traffic policy. If both IPv4 and IPv6 packets need to be matched, create one traffic policy for each type of the packets.
  • Applying, modifying, and deleting a traffic policy take effect after a slight delay, which is proportional to the number of rules. In extreme conditions, the delay may reach minutes.
  • If fast delivery of ACLs is enabled and an applied traffic policy changes, the traffic policy that has been applied becomes invalid for a period of time (no longer than 200s) and the switch recollects statistics. It is recommended that fast delivery of ACLs be enabled only when new services are deployed. After the configuration of new services is complete, disable fast delivery of ACLs.
  • If an ACL6 rule is defined to match the fragment flag, a traffic policy that contains this ACL6 rule cannot match IPv6 fragments.
  • You can run the display traffic-policy apply-information command in the diagnostic view to check the priorities of all traffic policies that have been applied. The command output displays traffic policies in descending order of priority.

  • When the MQC service matches Layer 2 fields, IPv6 packets may fail to be matched. To match IPv6 packets, configure IPv6 rules. For the packet types matching the MQC service, you can run the display system tcam service brief command in the diagnostic view to check group occupied by the MQC service and run the display system tcam acl group resource command in the system view to check the packet types matching the group.
  • When a traffic classifier matches a user-defined ACL, the traffic policy cannot be applied to the outbound direction. When the traffic policy is applied to the inbound direction, the offset against l2-head can only be 2, 6, 10, 14, or 18, the offset against ipv4-head can only be 0, 4, 8, 12, 16, or 20, and the offset against l4-head can only be 0, 4, 8, 12, or 16. If you need to set an offset beyond the previous ranges, enable the switch to use the resource saving mode when a traffic policy is applied.

  • When a traffic policy that contains rules based only on IPv6 5-tuple information is applied in the physical interface, Eth-Trunk view, or system view, the full 128-bit IPv6 address can be matched. Otherwise, only the high-order 64 bits of an IPv6 address can be matched, and the low-order 64 bits of an IPv6 address cannot be matched.
  • When a traffic policy is applied to the inbound direction:
    • If a traffic policy containing both rules for matching IPv4 packets and Layer 2 ACLs, Layer 2 ACL matching rules take effect only for IPv4 packets.
    • If a traffic policy containing both rules for matching IPv6 packets and Layer 2 ACLs, Layer 2 ACL matching rules take effect only for IPv4 packets.
    • If a traffic policy containing both rules for matching MPLS packets and Layer 2 ACLs, Layer 2 ACL matching rules take effect only for MPLS packets.
  • When a traffic policy is applied to a VLANIF interface:
    • A traffic policy applied to a VLANIF interface takes effect only for Layer 3 unicast packets.
    • If a traffic policy contains rules matching the IPv4 field, the traffic policy takes effect only for IPv4 unicast packets. If a traffic policy contains rules matching the IPv6 field, the traffic policy takes effect only for IPv6 unicast packets. A traffic policy can only contain rules matching either the IPv4 or IPv6 field.
    • If a traffic policy contains only if-match any, the traffic policy takes effect for both IPv4 and IPv6 packets.
    • If a traffic policy contains only if-match any on the VRRP-enabled router, the router can only match IPv4 or IPv6 packets forwarded based on the VRRP virtual IP address.
    • When a traffic policy is applied to the inbound direction of a VLANIF interface, the bound traffic classifiers can define matching rules based only on the IP address type (IPv4 or IPv6), source IPv4 address, destination IPv4 address, leftmost 64 bits of the source IPv6 address, leftmost 64 bits of the destination IPv6 address, protocol type, source port number, destination port number, and IP fragment flag.

      When a traffic policy is applied to the outbound direction of a VLANIF interface, the bound traffic classifiers can define matching rules based only on the IPv4 address type, source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, and IP fragment flag.

    • When a traffic policy is applied to the inbound direction of a VLANIF interface, the bound traffic behaviors support only packet filtering, redirection, PBR, CAR, and traffic statistics collection.

      When a traffic policy is applied to the outbound direction of a VLANIF interface, the bound traffic behaviors support only packet filtering and mirroring.

    • If the VLANIF interface is used as the TRILL gateway, the traffic policy matches only inner IPv4 packets in which the TRILL header is decapsulated.
    • When a traffic policy is applied to the inbound direction of a VLANIF interface on the device that decapsulates VXLAN packets, VXLAN packets cannot be matched.
  • When a traffic policy is applied to a VBDIF interface:
    • It can be applied only to the inbound direction.

    • In versions earlier than V200R002C50, the bound traffic behaviors support only packet filtering, PBR, and CAR.

      In V200R002C50 and later versions, the bound traffic behaviors support only packet filtering, traffic statistics collection, PBR, and CAR.

    • In versions earlier than V200R005C00, the bound traffic classifiers can match only the source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, ICMP type, and IPv4 TCP flag.

      In V200R005C00, the bound traffic classifiers can match the source IPv4 address, destination IPv4 address, leftmost 64 bits of the source IPv6 address, leftmost 64 bits of the destination IPv6 address, protocol type, source port number, destination port number, ICMP type, and IPv4 TCP flag.

      Starting from V200R005C10, a traffic classifier can match the source IPv4 address, destination IPv4 address, high-order 64 bits of the source IPv6 address, high-order 64 bits of the destination IPv6 address, protocol type, source port number, destination port number, ICMP type, IPv4 TCP flag, and IPv6 TCP flag.

    • If the VBDIF interface is used as the VXLAN gateway, the traffic policy matches only inner IPv4 packets in which the VXLAN header is decapsulated.
  • When a traffic policy is applied to a Layer 2 sub-interface:
    • It can be applied only to the inbound direction.
    • In version earlier than V200R005C10, the bound traffic classifiers can define matching rules based only on the destination MAC address, source MAC address, Ethernet type, source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number. In addition, only the following traffic behaviors are supported: traffic policing (CAR) and traffic statistics.

      In V200R005C10 and later versions, traffic policing (CAR) and re-marking can also be performed for IPv6 packets.

  • When a traffic policy is applied to a Layer 3 sub-interface:
    • If a traffic policy is applied to the inbound direction of a Layer 3 sub-interface on the device that decapsulates VXLAN packets, VXLAN packets cannot be matched.
    • A traffic policy that contains rules based only on IPv6 5-tuple information can match only the high-order 64 bits of an IPv6 address but not the low-order 64 bits of an IPv6 address.
  • When a traffic policy is applied to a VPN instance:
    • It can be applied only to the inbound direction. The bound traffic classifiers can define matching rules based only on the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number. The bound traffic behaviors support only traffic statistics collection, packet filtering, and PBR.

  • When a traffic policy is applied to a QoS group:
    • In versions earlier than V200R005C00, a traffic policy can be applied to a QoS group only in the inbound direction.

      In V200R005C00 and later versions, a traffic policy can be applied to the outbound direction of a QoS group containing Ethernet or Eth-Trunk interfaces.

    • In versions earlier than V200R003C00, a traffic classifier can define matching rules based only on the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number.

      In V200R003C00, a traffic classifier can match the source MAC address, destination MAC address, Ethernet type, VLAN, source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number.

      In V200R005C00 and later versions, a traffic classifier can match the source MAC address, destination MAC address, Ethernet type, VLAN, source IPv4 address, destination IPv4 address, leftmost 64 bits of the source IPv6 address, leftmost 64 bits of the destination IPv6 address, protocol type, source port number, and destination port number.

    • When a traffic policy is applied to the inbound direction of a QoS group, the bound traffic behaviors support only packet filtering, traffic statistics collection, PBR (only for Layer 3 unicast traffic), and redirection to interfaces, observing interface groups, or CPUs (only for Layer 2 traffic).

      If a traffic policy is applied to the outbound direction of a QoS group, the bound traffic behaviors support only packet filtering.

    • If the interoperability mode of the switch is non-enhanced mode and a QoS group containing members is configured, you cannot configure EVN or mapping between PHBs and DSCP priorities in the outbound direction of the VLAN. Similarly, if you configure EVN or mapping between PHBs and DSCP priorities in the outbound direction of VLANs, a QoS group containing members cannot be configured.
  • When a traffic policy is applied to a BD:

    • When a traffic policy is applied to the inbound direction of a BD:
      • For the packets sent from an Ethernet network to a VXLAN network, there is no limitation for traffic classifiers and traffic behaviors.
      • For the packets sent from a VXLAN network to an Ethernet network, traffic classifiers can only define if-match vxlan rules to match the source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, DSCP value, TCP flag, and inbound interface of packets, and traffic behaviors supports only packet filtering, redirection, PBR, traffic statistics collection, and traffic policing.
    • When a traffic policy is applied to the outbound direction of a BD:
      • The bound traffic behaviors do not support CAR.
      • For the packets sent from an Ethernet network to a VXLAN network, packet matching is not supported.
      • For the packets sent from a VXLAN network to an Ethernet network, the limitations are the same as those when a traffic policy is applied to the outbound direction.
      • If the matching rule in the traffic classifier is if-match any or based on Layer 2 fields (such as the source MAC address, destination MAC address, Ethernet type, and VLAN ID), the traffic policy takes effect only for Layer 2 traffic.
      • If the matching rule in the traffic classifier is based on Layer 3 fields (such as the source IPv4 address, destination IPv4 address, and protocol type) or Layer 4 fields (such as the source port number and destination port number), the traffic policy takes effect only for Layer 3 traffic.
    • To match packets sent from a VXLAN network to an Ethernet network in inbound and outbound directions of a BD, configure two traffic policies and apply them to the inbound and outbound directions of the BD respectively.
  • When a traffic policy is applied to the outbound direction:
    • The protocol type of Ethernet frames matching a traffic policy in the outbound direction can be only ARP (0x0806), IP (0x0800), or TRILL (0x22f3).
    • When packets (including FCoE packets) are forwarded at Layer 3, a traffic policy in the outbound direction cannot match the modified Layer 2 field.
    • If an ACL6 rule is defined to match the fragment flag, a traffic policy applied to the outbound direction cannot match non-first packets of IPv6 fragments.

    • The following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics collection, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and VLANIF interface statistics collection. When the services are configured on an interface in the outbound direction, only the service with the highest priority takes effect. For example, when both packet filtering and VLANIF interface statistics collection are configured on a VLANIF interface, packet filtering takes effect.

      For sFlow and NetStream, the preceding limitations apply only to Layer 2 sub-interfaces and Layer 3 sub-interfaces.

    • On a device that decapsulates VXLAN packets, a traffic policy containing rules for matching packets based on the TCP flag or rules for matching the fragment flag does not take effect in the outbound direction. When a traffic policy is applied to the device that decapsulates VXLAN packets and the enhanced mode is configured, a traffic policy containing rules for matching IPv4 and IPv6 5-tuple information does not take effect in the outbound direction.
    • After one of the following traffic policies is applied to the outbound direction, the switch forwards traffic in loopback mode. In this case, all traffic on the interface is looped back before being forwarded. The traffic policies are as follows:
      • The bound traffic behaviors define traffic policing.
      • The bound traffic classifiers define IPv6 rules.
      • The bound traffic classifiers define traffic statistics collection when the traffic-policy outbound-legacy-mode command is run in the system view.
    • If the switch forwards traffic in loopback mode:
      • The traffic policy can be applied only to physical interfaces, Eth-Trunk interfaces, and VLANs.
      • When traffic exceeds 50% of the total forwarding performance of the LPU, there is a high probability that packet loss will occur.
      • The queue statistics on the outbound interface include the traffic before and after the loopback. If a traffic behavior bound to the traffic policy defines traffic policing, the queue statistics on the outbound interface include the traffic before the loopback and the traffic policed after the loopback.
      • For the packets that need to be forwarded at Layer 3, the looped traffic is forwarded at Layer 2. Therefore, the traffic before and after the loopback is forwarded in different queues. If the qos phb marking 8021p disable command is not configured, the 802.1p priority has a fixed value of 2 for IPv4 packets and 3 for IPv6 packets after the loopback.
      • If NetStream and sFlow are both applied, the switch collects both the traffic before and after the loopback.
      • The interface-based rate limiting, queue traffic shaping, ETS, and PFC functions are not supported in the outbound direction.
      • If traffic exceeds the bandwidth of the outbound interface, the actually-forwarded traffic is smaller than the interface bandwidth. Therefore, ensure that traffic is within the interface bandwidth.
    • If either of the following traffic policies is applied to the outbound direction, logging does not take effect. That is, matched packets can only be discarded, and no log is recorded.
      • The bound traffic behaviors define deny and bound traffic classifiers define ACL logging.
      • The bound traffic classifiers define ACL deny and ACL logging.
    • When a traffic policy is bound to policy behaviors that define packet filtering or mirroring is applied to the outbound direction, the following situations may occur:
      • If there is only the traffic classifier that defines if-match any, the traffic policy takes effect only for Layer 2 traffic.
      • If there is a traffic classifier that matches Layer 3 fields, the traffic policy takes effect only for Layer 3 traffic.
      • If there is no traffic classifier that matches Layer 3 fields, the traffic policy takes effect only for Layer 2 traffic.
    • If the bound traffic classifiers contain the following rules, the traffic policy cannot be applied to the outbound direction:
      • if-match inner-vlan and if-match vlan inner-vlan
      • if-match 8021p and if-match inner-8021p
      • if-match discard
      • if-match double-tag
      • if-match ipv6 dscp
      • if-match acl (IPv4 ACL rule defines the IP fragment or TTL-Expired and ARP ACL)
    • A traffic policy cannot be applied to the outbound direction if the bound traffic behaviors define the following actions:
      • remark local-precedence
      • mac-address learning disable
      • redirect cpu, redirect interface, redirect lsp, redirect observe-port group, and redirect interface tunnel
      • redirect nexthop, redirect load-balance, redirect ipv6 nexthop, redirect ipv6 load-balance, and redirect remote
      • car share
      • mirroring cpu
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166640

Views: 47582

Downloads: 219

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next