No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - QoS

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes the configurations of QoS functions, including MQC, priority mapping, traffic policing, traffic shaping, interface-based rate limiting, congestion avoidance, congestion management, packet filtering, redirection, traffic statistics, and ACL-based simplified traffic policy.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for MQC (CE Switches Excluding CE6870EI and CE6875EI)

Licensing Requirements and Limitations for MQC (CE Switches Excluding CE6870EI and CE6875EI)

Involved Network Elements

Other network elements are not required.

Licensing Requirements

MQC is a basic feature of the switch and is not under license control.

Version Requirements

Table 2-1 Products and minimum version supporting MQC

Product

Minimum Version Required

CE5810EI

V100R002C00

CE5850EI

V100R001C00

CE5850HI

V100R003C00

CE5855EI

V100R005C10

CE5880EI

V200R005C10

CE6810EI

V100R003C00

CE6810-48S4Q-LI/CE6810-48S-LI

V100R003C10

CE6810-32T16S4Q-LI/CE6810-24S2Q-LI

V100R005C10

CE6850EI

V100R001C00

CE6850-48S6Q-HI

V100R005C00

CE6850-48T6Q-HI/CE6850U-HI/CE6851HI

V100R005C10

CE6855HI

V200R001C00

CE6856HI

V200R002C50

CE6857EI

V200R005C10

CE6860EI

V200R002C50

CE6865EI

V200R005C00

CE6880EI

V200R002C50

CE7850EI

V100R003C00

CE7855EI

V200R001C00

CE8850-32CQ-EI

V200R002C50

CE8850-64CQ-EI

V200R005C00

CE8860EI

V100R006C00

CE8861EI

V200R005C10

CE8868EI

V200R005C10

Feature Limitations

Limitations for MQC Specifications

Table 2-2 describes MQC specifications.
NOTE:

The values in Table 2-2 are used only when the MQC service is configured on a network. If the service configurations on the actual network and test network are different, the MQC specifications may be different from the values in Table 2-2.

Table 2-2 Specifications of MQC

Item

Specification

Maximum number of traffic classifiers

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Maximum number of traffic behaviors

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Maximum number of traffic policies

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Maximum binding count of traffic policies

8192

Maximum number of if-match rules in a traffic classifier

2048

Maximum number of traffic classifiers bound to a traffic policy

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Number of supported traffic policies in each view

Inbound: 2

Outbound: 2

Limitations for Traffic Classifiers

  • When a traffic classifier contains an ACL rule that defines a VPN instance, the vpn-instance field is ignored. That is, both private and public network traffic is matched. To match only private network traffic, apply a traffic policy to the corresponding Layer 3 interface.
  • When editing or modifying traffic classification rules in a traffic policy on the switch configured with the traffic-policy atomic-update-mode command, ensure that the number of remaining ACL resources is larger than twice the number of chip resources occupied by traffic classification rules in the traffic policy.

Limitations for Traffic Policies

  • At most two traffic policies can be applied to the same view and the same direction.
  • When two traffic policies are applied to the same view and the same direction (assuming that traffic policies p1 and p2 are applied in sequence), if traffic policy p1 is unbound and a traffic policy (traffic policy p1 or another one) is applied again, traffic policy p2 becomes invalid for a period of time. In addition, there is a delay for the re-applied traffic policy to take effect after the configuration is committed.
  • When multiple fields of packets of the same type (such as Layer 2, IPv4, or IPv6 packets) need to be matched in a view, apply one traffic policy in the view and specify multiple traffic classifiers and corresponding traffic behaviors in the traffic policy. If both IPv4 and IPv6 packets need to be matched, create one traffic policy for each type of the packets.
  • You can run the display traffic-policy apply-information command in the diagnostic view to check the priorities of all traffic policies that have been applied. The applied traffic policies are displayed in descending order of priority in the command output.

  • When the system resource mode is set to large-acl, traffic behaviors bound to a traffic policy support only the deny and redirect interface actions.
  • When an action defined in a GBP conflicts with an action in the MQC-based traffic policy, the action in the MQC-based traffic policy takes effect.
  • Microsegmentation cannot be configured with the MQC-based traffic policy that defines VXLAN reserved field re-marking.
  • Microsegmentation, MQC-based traffic policy, and service ACL share resources. When all these functions are used simultaneously and resources are insufficient, you need to adjust services to ensure that services can be delivered.
  • Normal ACLs and ARP-based ACLs cannot be matching in a traffic policy simultaneously, but can be applied in two different traffic policies.

  • On the CE5880EI and CE6880EI, when a VLAN is used or a Layer 2 sub-interface connects to the VXLAN, a traffic policy cannot match the original VLAN ID of packets and cannot be applied to the VLAN. You can configure a traffic classifier to match fields except for the VLAN ID and apply the traffic policy to the BD corresponding to the VLAN.

  • For the CE6860EI, CE8850EI, and CE8860EI, when the system resource mode is large-acl:
    • A traffic classifier can define matching rules based only on the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number. If the IP address is matched, the IP address must use a 32-bit mask. If the port number is matched, the single port number must be used.

    • A traffic behavior supports only packet filtering and redirection to interfaces.

    • A traffic policy can be applied only to an interface, a VLAN, or the system.

    • Rules in the same traffic policy must use the same matching items. For example, a traffic policy contains rule 1 and rule 2. If rule 1 matches the destination IPv4 address, rule 2 must also match the destination IPv4 address.

  • When a traffic policy is applied to a VLANIF interface:
    • Traffic policies can be applied to VLANIF interfaces on all models (except the CE6810LI) starting from V100R005C00.

      Traffic policies can be applied to VLANIF interfaces on the CE6810LI starting from V100R005C10.

    • A traffic policy can be applied to a VLANIF interface only in the inbound direction on a switch running V100R005C00.

      A traffic policy can be applied to a VLANIF interface in both the inbound and outbound directions on a switch starting from V100R005C10.

    • A traffic policy applied to a VLANIF interface takes effect only for Layer 3 unicast packets.
    • When a traffic policy is applied to the inbound direction of a VLANIF interface, the bound traffic classifiers can define matching rules based only on the IP address type (IPv4 or IPv6), source IPv4 address, destination IPv4 address, source IPv6 address, destination IPv6 address, protocol type, source port number, destination port number, and IP fragment flag.

      When a traffic policy is applied to the outbound direction of a VLANIF interface, the bound traffic classifiers can define matching rules based only on the IPv4 address type, source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, and IP fragment flag.

    • When a traffic policy is applied to the inbound direction of a VLANIF interface, the bound traffic behaviors support only packet filtering, redirection, PBR, CAR, and traffic statistics collection.

      When a traffic policy is applied to the outbound direction of a VLANIF interface, the bound traffic behaviors support only packet filtering, priority re-marking, CAR, and traffic statistics collection.

    • If a traffic policy is applied in the inbound direction of a VLANIF interface, only the leftmost 64 bits of IPv6 addresses can be matched by default. strict-mode can be specified for a matching rule to match the full 128-bit IPv6 addresses.
    • If the VLANIF interface is used as the TRILL gateway, the traffic policy matches only inner IPv4 packets in which the TRILL header is decapsulated.
  • When a traffic policy is applied to a VBDIF interface:
    • A traffic policy can be applied to a VBDIF interface on the switch running V100R005C10 or a later version.

    • A traffic policy can be applied only to the inbound direction of a VBDIF interface on all switch models running a version earlier than V200R005C10.

      Starting from V200R005C10, a traffic policy can also be applied in the outbound direction of a VBDIF interface on the CE6855HI, CE6856HI, CE6857EI, CE6865EI, CE7855EI, CE8861EI, and CE8868EI.

    • The bound traffic behaviors support only packet filtering, traffic statistics collection, PBR, and CAR if a traffic policy is applied in the inbound direction.

      The bound traffic behaviors support only packet filtering and traffic statistics collection if a traffic policy is applied in the outbound direction.

    • In versions earlier than V200R005C00, a traffic classifier can match only the source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, ICMP type, and IPv4 TCP flag.

      Starting from V200R005C00, a traffic classifier can match the source IPv4 address, destination IPv4 address, source IPv6 address, destination IPv6 address, protocol type, source port number, destination port number, ICMP type, and IPv4 TCP flag.

      Starting from V200R005C10, except for the CE6880EI and CE5880EI, a traffic classifier can also match the IPv6 TCP flag.

    • If the VBDIF interface is used as the VXLAN gateway, the traffic policy matches only inner IPv4 packets in which the VXLAN header is decapsulated.
  • When a traffic policy is applied to a Layer 2 sub-interface:
    • Starting from V200R001C00, a traffic policy can be applied to a Layer 2 sub-interface.
    • In an SVF, if the parent switch is the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6857EI, CE6865EI, CE7850EI, CE8861EI, CE8868EI, or CE7855EI, traffic policies can be applied to Layer 2 sub-interfaces of leaf switches.
    • When a traffic policy is applied to a Layer 2 sub-interface, it can be applied only to the inbound direction of the CE5880EI and CE6880EI, it can be applied to both the inbound and outbound directions of the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6857EI, CE6860EI, CE6865EI, CE7850EI, CE7855EI, CE8850EI, CE8861EI, CE8868EI, and CE8860EI.
    • In version earlier than V200R005C10, the bound traffic classifiers can define matching rules based only on the destination MAC address, source MAC address, Ethernet type, source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number. In addition, only the following traffic behaviors are supported: traffic policing (CAR) and traffic statistics.

      In V200R005C10 and later versions, traffic policing (CAR) and re-marking can also be performed for IPv6 packets if a traffic policy is applied in the inbound or outbound direction on Layer 2 sub-interfaces on the CE6857EI, CE6865EI, CE8861EI, and CE8868EI. On other models, traffic policing (CAR) and re-marking can also be performed for IPv6 packets if a traffic policy is applied in the inbound direction on Layer 2 sub-interfaces.

    • When an SVF uses the centralized forwarding mode and a traffic policy is applied to the outbound direction of a Layer 2 interface on a leaf switch, the traffic policy cannot match broadcast or multicast VXLAN packets.
  • When a traffic policy is applied to a VPN instance:
    • Starting from V100R005C10, traffic policies can be applied to VPN instances on the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6857EI, CE6865EI, CE7850EI, CE8861EI, CE8868EI, and CE7855EI.
    • Starting from V100R006C00, a traffic policy cannot be applied to a VPN instance on the CE6810LI only.
    • In V100R005C10, a traffic policy applied to a VPN instance is mainly used in VXLAN distributed gateway scenarios. In this case, ensure that the switch supports VXLAN.
    • A traffic policy can be applied to a VPN instance only in the inbound direction. The bound traffic classifiers can define matching rules based only on the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number; the bound traffic behaviors support only traffic statistics collection, packet filtering, and PBR.

  • When a traffic policy is applied to a QoS group:
    • Starting from V200R001C00, traffic policies can be applied to QoS groups.
    • A traffic policy can be applied to the inbound direction of a QoS group only in versions earlier than V200R005C10.

      Starting from V200R005C10, a traffic policy can be applied to the outbound direction of a QoS group containing Ethernet or Eth-Trunk interfaces.

    • For models excluding the CE5880EI and CE6880EI, applying a traffic policy to the outbound direction of a QoS group is mutually exclusive with the following functions:
      • Adding Eth-Trunk interfaces to an FCoE interface and enabling traffic statistics collection on the FCoE interface
      • Applying a traffic policy to the outbound direction of an Eth-Trunk interface
      • Configuring an ACL-based simplified traffic policy in the outbound direction of an Eth-Trunk interface
      • Configuring traffic statistics collection on a Layer 3 sub-interface of an Eth-Trunk
    • For models excluding the CE5880EI and CE6880EI:
      • In versions earlier than V200R003C00, a traffic classifier can match only the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number.
      • In V200R003C00, a traffic classifier can match the source MAC address, destination MAC address, Ethernet type, VLAN, source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number.
      • Starting from V200R005C00, a traffic classifier can match the source MAC address, destination MAC address, Ethernet type, VLAN, source IPv4 address, destination IPv4 address, source IPv6 address, destination IPv6 address, protocol type, source port number, and destination port number.
  • When a traffic policy is applied to a BD:

    Starting from V100R006C00, traffic policies can be applied to a BD.

    • When a traffic policy is applied to the inbound direction of a BD:
      • The bound traffic classifiers can define matching rules based only on the source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, DSCP value, TCP flag, and inbound interface.
      • The bound traffic behaviors support VLAN mapping, VLAN stacking, MAC address disabling.
    • When a traffic policy is applied to a BD in the outbound direction:
      • The traffic behavior in the traffic policy supports VLAN mapping, traffic statistics, traffic policing, packet filtering, and priority re-marking.
      • For the CE6855HI, CE6856HI, CE6857EI, CE6865EI, CE8861EI, CE8868EI, and CE7855EI, when a traffic policy is configured in the outbound direction and there are downlink Layer 3 packets, configure traffic policies in both the inbound and outbound directions.
        • If a traffic policy has been configured in the inbound direction, run the remark qos-local-id qos-local-id command to configure the switch to re-mark the local ID of packets matching the traffic classifier and bind the corresponding traffic behavior to the traffic policy. Then configure a traffic policy in the outbound direction in a non-BD view and configure a matching rule based on the local ID in the traffic classifier.
        • If no traffic policy is configured in the inbound direction, run the if-match any command to match all packets and run the remark qos-local-id qos-local-id command to configure the switch to re-mark the local ID of packets matching the traffic classifier, and apply the traffic policy in the inbound direction. Then configure a traffic policy in the outbound direction in a non-BD view and configure a matching rule based on the local ID in the traffic classifier.
      • On the CE5880EI and CE6880EI, if segment VXLAN is used to implement Layer 2 communication and a traffic policy containing a matching rule based on inner information in VXLAN packets is applied to the outbound direction of a BD, the traffic policy does not take effect.

  • When a traffic policy is applied to the outbound direction:
    • A traffic policy containing ARP-based ACLs and user-defined ACLs cannot be applied to the outbound direction.
    • For the CE6857EI, CE6865EI, CE8861EI, and CE8868EI:
      • A traffic policy applied in the VLAN view takes effect only for traffic forwarded at Layer 2.
      • When a traffic policy containing rules for matching VLANs is applied to the outbound direction of access or hybrid interfaces, packet VLAN IDs cannot be matched because they are stripped off the packets.
    • A traffic policy cannot be applied to the outbound direction if the bound traffic behaviors define the following actions:
      • mirroring cpu and mirroring observe-port
        NOTE:

        In V200R003C00 and later versions, a traffic policy containing the mirroring observe-port action can be applied to the outbound direction on the CE5880EI and CE6880EI.

      • ip urpf disable
      • remark local-precedence
      • mac-address learning disable
      • redirect cpu, redirect interface, and redirect interface tunnel (not supported by the CE5880EI and CE6880EI)
      • redirect nexthop, redirect load-balance, redirect ipv6 nexthop (not supported by the CE5880EI and CE6880EI), redirect ipv6 load-balance (not supported by the CE5880EI and CE6880EI), and redirect remote
      • car share
  • Compared with versions earlier than V100R006C00SPC300, V100R006C00SPC300 and later versions provide different implementation modes for traffic policies containing conflicting rules or actions. There are also upgrade compatibility problems.

    Traffic Policy Application

    Difference

    Traffic classifiers bound to a traffic policy define two or more of following matching rules based on IPv4, IPv6, VXLAN, MPLS, and GRE information.

    • Versions earlier than V100R006C00SPC300: The system displays a message indicating that the traffic policy fails to be applied. All rules or actions in the traffic policy do not take effect.
    • V100R006C00SPC300 and later versions: The rules or actions configured later fail.
    • After the switch is upgraded from a version earlier than V100R006C00SPC300 to V100R006C00SPC300 or a later version, only one rule or action among conflicting rules or actions takes effect. The effective rule or action depends on the configuration sequence in the configuration file before the upgrade. Among conflicting rules or actions, the rule or action that was configured first takes effect, and subsequent conflicting configurations will be lost. For example, a traffic behavior defines the traffic statistics collection, redirection, and deny actions in sequence. After the upgrade, only the traffic statistics collection and redirection actions take effect, and the configuration of the deny action is lost.

    A traffic behavior defines both the redirect and deny actions.

    A traffic policy containing the vlan-stacking action is applied to the outbound direction.

    • Versions earlier than V100R006C00SPC300: The system displays a message indicating that the traffic policy fails to be applied. All rules or actions in the traffic policy do not take effect.
    • V100R006C00SPC300 and later versions: The traffic policy configuration fails.
    • After the switch is upgraded from a version earlier than V100R006C00SPC300 to V100R006C00SPC300 or a later version, the traffic policy configuration will be lost.
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166640

Views: 51487

Downloads: 221

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next