No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - QoS

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of QoS functions, including MQC, priority mapping, traffic policing, traffic shaping, interface-based rate limiting, congestion avoidance, congestion management, packet filtering, redirection, traffic statistics, and ACL-based simplified traffic policy.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for MQC (CE12800)

Licensing Requirements and Limitations for MQC (CE12800)

Involved Network Elements

Other network elements are not required.

Licensing Requirements

MQC is a basic feature of the switch and is not under license control.

Version Requirements

Table 2-1 Products and minimum version supporting MQC

Product

Minimum Version Required

CE12804/CE12808/CE12812

V100R001C00

CE12816

V100R003C00

CE12804S/CE12808S

V100R005C00

CE12800E

V200R002C50

Feature Limitations

Limitations for MQC Specifications

Table 2-2 describes MQC specifications.
NOTE:

The values in Table 2-2 are used in each VS only when the MQC service is configured on a network. If the service configurations on the actual network and test network are different, the specifications of MQC may be different from the values in Table 2-2.

Table 2-2 Specifications of MQC

Item

Specification

Maximum number of traffic classifiers

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Maximum number of traffic behaviors

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Maximum number of traffic policies

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Maximum binding count of traffic policies

12288

Maximum number of if-match rules in a traffic classifier

2048

Maximum number of traffic classifiers bound to a traffic policy

  • V100R005C00 and earlier versions: 256
  • V100R005C10 to V200R002C50: 512
  • V200R003C00 and later versions: 2048

Number of supported traffic policies in each view

Inbound: 2

Outbound: 2

  • For the cards that support extended TCAM, if the extended TCAM assigns ACL resources and the MQC-related configuration views, matching fields, and actions are included in the subsets of the following conditions, the MQC service is preferentially delivered to the extended TCAM.
    • Views: VLAN, VLANIF interface, GE interface, 10GE interface, 40GE interface, 100GE interface, Eth-Trunk interface, Layer 3 sub-interface, BD, and VBDIF interface views
    • Matching fields: source IP address, destination IP address, source port number, destination port number, protocol type, ICMP type, ICMP code, IP fragment, and TCP flag
    • Actions: permit, deny, redirection, re-marking, mirroring, and MAC address learning disabling
    Delivering the MQC service to the extended TCAM consumes 1 KB or 2 KB resources. If KB resources are insufficient, disable the extended TCAM from assigning ACL resources. You can configure a TCAM template and bind it to a card, and then configure resources but not ACL resources. For details, see "Configuring the Resource Upper Limit of an External TCAM" in the CloudEngine 12800 and 12800E Series Switches Product Documentation - Configuration - Device Management Configuration Guide - Hardware Management. The KB resources occupied by the MQC service in this situation are listed in the preceding table.
    NOTE:
    • Executing either the deny/redirection or re-marking action consumes 1 KB resources.
    • Executing the deny/redirection and re-marking actions consumes 2 KB resources.
  • When the switch is enabled to provide nonstop services during modification of MQC-based traffic classification rules on card that supports extended TCAM, if many traffic policies that have been applied are modified frequently, multiple traffic policies that are about to age out coexist. As a result, a large number of ACL resources are consumed. In this case, traffic policies may fail to be delivered due to insufficient ACL resources.

  • In the scenario where the switch is enabled to use the resource saving mode when a traffic policy is applied, for ED, EF, and EG series cards that support extended TCAM, the system automatically releases ACL resources that are occupied by all traffic policies (excluding ACL-based simplified traffic policies) delivered to the extended TCAM. The system then delivers the traffic policy to the built-in TCAM. However, the traffic policy may fail to be delivered due to insufficient built-in TCAM resources.

  • On a transit device, all the following cards cannot perform internal priority mapping based on the EXP priority of MPLS packets. By default, these cards map the internal priority based on the 802.1p priority. In this case, you can configure MQC to map the EXP priority of MPLS packets (if-match mpls-exp) to the internal priority (remark local-precedence). The involved cards are as follows: CE-L48GT-EA, CE-L48GT-EC, CE-L48GS-EA, CE-L48GS-EC, CE-L24XS-BA, CE-L24XS-EA, CE-L48XS-BA, CE-L48XS-EA and CE-L24LQ-EA.

Limitations for Traffic Classifiers

  • When a traffic classifier contains an ACL rule that defines a VPN instance, the vpn-instance field is ignored. That is, both private and public network traffic is matched. To match only private network traffic, apply a traffic policy to the corresponding Layer 3 interface.
  • When editing or modifying traffic classification rules in a traffic policy on the switch configured with the traffic-policy atomic-update-mode command, ensure that the number of remaining ACL resources is larger than twice the number of chip resources occupied by traffic classification rules in the traffic policy.
  • A traffic classifier cannot match packets based on the VLAN ID of a Layer 2 sub-interface.
  • If a traffic policy for matching the TCP flag in IPv6 packets is applied in the following situations, the traffic classification rule cannot match the TCP flag, source port number, and destination port number concurrently:
    • The traffic policy is applied in the VBDIF interface view or VLANIF interface view.
    • The traffic policy is applied in the outbound direction in the VLAN interface view, Eth-Trunk interface view, or physical interface view.
    • The traffic policy is applied in the inbound direction in the Eth-Trunk interface view or physical interface view, and the traffic behavior defines the redirection action.
  • For CE12800 series switches, if a traffic classifier contains both if-match any and other matching rules, the actual fields used for matching packets depend on the type of packets that match the matching rules except if-match any.

Limitations for Traffic Policies

  • In a version earlier than V200R003C00, the switch is enabled to use the Single mode for resource occupancy when a traffic policy is applied by default. In V200R003C00 or a later version, the switch is disabled from using the Single mode for resource occupancy when a traffic policy is applied by default. Therefore, after the system software of the switch is upgraded from a version earlier than V200R003C00 to V200R003C00 or a later version, if a traffic policy configured before the upgrade becomes invalid, you can enable the switch to use the Single mode for resource occupancy when a traffic policy is applied to solve this problem.
  • In V200R005C10 and earlier versions, a maximum of two traffic policies can be applied to the same direction in the same view.
  • When two traffic policies are applied to the same view and the same direction (assuming that traffic policies p1 and p2 are applied in sequence), if traffic policy p1 is unbound and a traffic policy (traffic policy p1 or another one) is applied again, traffic policy p2 becomes invalid for a period of time. In addition, there is a delay for the re-applied traffic policy to take effect after the configuration is committed.
  • Starting from V100R005C10, use either of the following methods on the NVO3-enabled device to prevent service overlay failures:
    • On the CE12800, run the assign forward nvo3 acl extend enable command to enable the ACL extension function and then restart the device.
    • On the CE12800, if the network-side interface of the VXLAN tunnel or the EVN tunnel is not an Eth-Trunk interface, run the assign forward nvo3 eth-trunk hash disable command to disable the Eth-Trunk interface from load balancing NVO3 packets in optimized mode.
  • When multiple fields of packets of the same type (such as Layer 2, IPv4, or IPv6 packets) need to be matched in a view, apply one traffic policy in the view and specify multiple traffic classifiers and corresponding traffic behaviors in the traffic policy. If both IPv4 and IPv6 packets need to be matched, create one traffic policy for each type of the packets.
  • Applying, modifying, and deleting a traffic policy take effect after a slight delay, which is proportional to the number of rules. In extreme conditions, the delay may reach minutes.
  • If fast delivery of ACLs is enabled and an applied traffic policy changes, the traffic policy that has been applied becomes invalid for a period of time (no longer than 200s) and the switch recollects statistics. After the configuration of new services is complete, disable fast delivery of ACLs.
  • If an ACL6 rule is defined to match the fragment flag, a traffic policy that contains this ACL6 rule cannot match IPv6 fragments.
  • You can run the display traffic-policy apply-information command in the diagnostic view to check the priorities of all traffic policies that have been applied. The applied traffic policies are displayed in descending order of priority in the command output.

  • When the MQC service matches Layer 2 fields, IPv6 packets may fail to be matched. To match IPv6 packets, configure IPv6 rules. For the packet types matching the MQC service, you can run the display system tcam service brief command in the diagnostic view to check groups occupied by the MQC service and run the display system tcam acl group resource command in the system view to check the packet types matching the group.
  • When a traffic classifier matches a user-defined ACL, the traffic policy cannot be applied to the outbound direction. When the traffic policy is applied to the inbound direction, the offset against l2-head can only be 2, 6, 10, 14, or 18, the offset against ipv4-head can only be 0, 4, 8, 12, 16, or 20, and the offset against l4-head can only be 0, 4, 8, 12, or 16. If you need to set an offset beyond the previous ranges, enable the switch to use the resource saving mode when a traffic policy is applied.

  • When a traffic policy that contains rules based only on IPv6 5-tuple information is applied to a physical interface or an Eth-Trunk, the IPv6 address with 128 bits can be matched. In other situations, only the leftmost 64 bits of an IPv6 address can be matched.
  • When a traffic policy is applied to the inbound direction:
    • If a traffic policy containing both rules for matching IPv4 packets and Layer 2 ACLs, Layer 2 ACL matching rules take effect only for IPv4 packets.
    • If a traffic policy containing both rules for matching IPv6 packets and Layer 2 ACLs, Layer 2 ACL matching rules take effect only for IPv6 packets.
    • If a traffic policy containing both rules for matching MPLS packets and Layer 2 ACLs, Layer 2 ACL matching rules take effect only for MPLS packets.
  • When a traffic policy is applied to a VLANIF interface:
    • For a switch running V100R005C00 or a later version, a traffic policy can be applied to a VLANIF interface.
    • For a switch running V100R005C10 or an earlier version, a traffic policy can be applied only to the inbound direction of a VLANIF interface.

      For a switch running V100R006C00 or a later version, a traffic policy can be applied to both the inbound and outbound directions of a VLANIF interface.

    • A traffic policy applied to a VLANIF interface takes effect only for Layer 3 unicast packets.
    • A traffic policy that contains rules matching the IPv4 field takes effect only for IPv4 unicast packets. A traffic policy that contains rules matching the IPv6 field takes effect only for IPv6 unicast packets. A traffic policy can only contain rules matching either the IPv4 or IPv6 field.
    • A traffic policy containing only if-match any takes effect for both IPv4 and IPv6 unicast packets.
    • If a traffic policy contains only if-match any on a VRRP-enabled router, only the IPv4 or IPv6 packets forwarded based on the VRRP virtual IP address can be matched.
    • When a traffic policy is applied to the inbound direction of a VLANIF interface, the bound traffic classifiers can define matching rules based only on the IP address type (IPv4 or IPv6), source IPv4 address, destination IPv4 address, leftmost 64 bits of the source IPv6 address, leftmost 64 bits of the destination IPv6 address, protocol type, source port number, destination port number, and IP fragment flag.

      When a traffic policy is applied to the outbound direction of a VLANIF interface, the bound traffic classifiers can define matching rules based only on the IPv4 address type, source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, and IP fragment flag.

    • When a traffic policy is applied to the inbound direction of a VLANIF interface, the bound traffic behaviors support only packet filtering, redirection, PBR, CAR, and traffic statistics collection.

      When a traffic policy is applied to the outbound direction of a VLANIF interface, the bound traffic behaviors support only packet filtering and mirroring.

    • If the VLANIF interface is used as the TRILL gateway, the traffic policy matches only inner IPv4 packets in which the TRILL header is decapsulated.
    • If the switch equipped with SD, FD, FD1, FDA, FG, and FG1 series cards is configured as the TRILL gateway, when a traffic policy is configured on the VLANIF interface corresponding to the CE VLAN, if match acl cannot be used to match TRILL known unicast packets. if match trill acl can be used to match TRILL known unicast packets. In this scenario, packets cannot be redirected to interfaces.

    • When a traffic policy is applied to a VLANIF interface in the inbound direction on the VXLAN decapsulation device, VXLAN packets cannot be matched.

  • When a traffic policy is applied to a VBDIF interface:
    • A traffic policy can be applied to a VBDIF interface on the switch running V100R005C10 or a later version.

    • A traffic policy can be applied to a VBDIF interface only in the inbound direction.

    • In versions earlier than V200R002C50, the bound traffic behaviors support only packet filtering, PBR, and CAR.

      Starting from V200R002C50, the bound traffic behaviors support only packet filtering, traffic statistics collection, PBR, and CAR.

    • In versions earlier than V200R005C00, a traffic classifier can match only the source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, ICMP type, and IPv4 TCP flag.

      In V200R005C00, a traffic classifier can match the source IPv4 address, destination IPv4 address, high-order 64 bits of the source IPv6 address, high-order 64 bits of the destination IPv6 address, protocol type, source port number, destination port number, ICMP type, and IPv4 TCP flag.

      Starting from V200R005C10, a traffic classifier can match the source IPv4 address, destination IPv4 address, high-order 64 bits of the source IPv6 address, high-order 64 bits of the destination IPv6 address, protocol type, source port number, destination port number, ICMP type, IPv4 TCP flag and IPv6 TCP flag.

    • If the VBDIF interface is used as the VXLAN gateway, the traffic policy matches only inner IPv4 packets in which the VXLAN header is decapsulated.
    • If the switch functions as the decapsulation device of a VXLAN tunnel and the card interoperability mode is set to non-enhanced mode, the following situations will occur:
      • In versions earlier than V200R002C50, when the enhanced mode of the VXLAN NVO3 gateway is the Layer 3 non-loopback mode, only the if-match vxlan or if-match vxlan acl command can be used to match inner fields of VXLAN packets. If the enhanced mode of the VXLAN NVO3 gateway is the loopback or Layer 2 non-loopback mode, only the if-match acl command can be used to match inner fields of VXLAN packets.
      • In V200R002C50 and later versions, regardless of the enhanced mode of the NVO3 gateway, only the if-match vxlan or if-match vxlan acl command can be used to match inner fields of VXLAN packets. The if-match acl command cannot be used to match inner fields of VXLAN packets.
      When a switch is upgraded from a version earlier than V200R002C50 to V200R002C50 or a later version and the enhanced mode of the VXLAN NVO3 gateway is the loopback or Layer 2 non-loopback mode:
      • If the if-match vxlan or if-match vxlan acl command has been configured before the upgrade, the configuration takes effect after the upgrade. In this case, packets may be incorrectly matched, and you need to configure matching rules based on the actual traffic model.
      • If the if-match acl command has been configured before the upgrade, the configuration becomes invalid after the upgrade. In this case, you need to configure matching rules based on the actual traffic model.
  • When a traffic policy is applied to a Layer 2 sub-interface:
    • Starting from V200R001C00, a traffic policy can be applied to a Layer 2 sub-interface.
    • When a traffic policy is applied to a Layer 2 sub-interface, it can be applied only to the inbound direction.
    • In version earlier than V200R005C10, the bound traffic classifiers can define matching rules based only on the destination MAC address, source MAC address, Ethernet type, source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number. In addition, only the following traffic behaviors are supported: traffic policing (CAR) and traffic statistics.

      In V200R005C10 and later versions, traffic policing (CAR) and re-marking (excluding the re-marking of the 802.1p priority) can also be performed for IPv6 packets.

  • When a traffic policy is applied to a Layer 3 sub-interface:
    • When a traffic policy is applied to a Layer 3 sub-interface in the inbound direction on the VXLAN decapsulation device, VXLAN packets cannot be matched.

    • A traffic policy that contains rules based only on IPv6 5-tuple information can match only the high-order 64 bits of an IPv6 address but not the low-order 64 bits of an IPv6 address.
  • When a traffic policy is applied to a VPN instance:
    • Starting from V100R005C10, traffic policies can be applied to VPN instances.
    • In V100R005C10, a traffic policy applied to a VPN instance is mainly used in VXLAN distributed gateway scenarios. In this case, ensure that the switch supports VXLAN.
    • A traffic policy can be applied to a VPN instance only in the inbound direction. The bound traffic classifiers can define matching rules based only on the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number; the bound traffic behaviors support only traffic statistics collection (starting from V100R006C00), packet filtering, and PBR.

  • When a traffic policy is applied to a VSI:
    • The traffic classifiers bound to the traffic policy cannot match the outer VLAN ID, inner and outer VLAN IDs of QinQ packets, stacked VLAN ID through VLAN stacking, or mapped VLAN ID through VLAN mapping.
  • When a traffic policy is applied to an AC interface:
    • The traffic classifiers bound to the traffic policy cannot match the outer VLAN ID, inner and outer VLAN IDs of QinQ packets, stacked VLAN ID through VLAN stacking, or mapped VLAN ID through VLAN mapping.
  • When a traffic policy is applied to a QoS group:
    • Starting from V100R006C00, traffic policies can be applied to QoS groups.
    • A traffic policy can be applied to the inbound direction of a QoS group only in versions earlier than V200R005C00.

      Starting from V200R005C00, a traffic policy can be applied to the outbound direction of a QoS group containing Ethernet or Eth-Trunk interfaces.

    • In versions earlier than V200R003C00, a traffic classifier can match only the source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number.

      In V200R003C00, a traffic classifier can match the source MAC address, destination MAC address, Ethernet type, VLAN, source IPv4 address, destination IPv4 address, protocol type, source port number, and destination port number.

      Starting from V200R005C00, a traffic classifier can match the source MAC address, destination MAC address, Ethernet type, VLAN, source IPv4 address, destination IPv4 address, leftmost 64 bits of the source IPv6 address, leftmost 64 bits of the destination IPv6 address, protocol type, source port number, and destination port number.

    • When a traffic policy is applied to the inbound direction of a QoS group, the bound traffic behaviors support only packet filtering, traffic statistics collection, PBR (only for Layer 3 unicast traffic), and redirection to interfaces, observing interface groups, or CPUs (only for Layer 2 traffic).

      If a traffic policy is applied to the outbound direction of a QoS group, the bound traffic behaviors support only packet filtering.

    • If the interoperability mode of the switch is non-enhanced mode and a QoS group containing members is configured, you cannot configure EVN or mapping between PHBs and DSCP priorities in the outbound direction of the VLAN. Similarly, if you configure EVN or mapping between PHBs and DSCP priorities in the outbound direction of VLANs, a QoS group containing members cannot be configured.
  • When a traffic policy is applied to a BD:

    Starting from V100R006C00, traffic policies can be applied to a BD.

    • When a traffic policy is applied to the inbound direction of a BD:
      • For the packets sent from an Ethernet network to a VXLAN network, there is no limitation for traffic classifiers and traffic behaviors.
      • For the packets sent from a VXLAN network to an Ethernet network, a traffic classifier can only define if-match vxlan to match the source IPv4 address, destination IPv4 address, protocol type, source port number, destination port number, DSCP value, TCP flag, and inbound interface of packets. A traffic behavior can define only packet filtering, redirection, PBR, traffic statistics collection, and traffic policing.
    • When a traffic policy is applied to the outbound direction of a BD:
      • The bound traffic behaviors do not support CAR.
      • For the packets sent from an Ethernet network to a VXLAN network, packet matching is not supported.
      • For the packets sent from a VXLAN network to an Ethernet network, the limitations are the same as those when a traffic policy is applied to the outbound direction.
      • If the matching rule in the traffic classifier is if-match any or based on Layer 2 fields (such as the source MAC address, destination MAC address, Ethernet type, and VLAN ID), the traffic policy takes effect only for Layer 2 traffic.
      • If the matching rule in the traffic classifier is based on Layer 3 fields (such as the source IPv4 address, destination IPv4 address, and protocol type) or Layer 4 fields (such as the source port number and destination port number), the traffic policy takes effect only for Layer 3 traffic.
    • To match packets sent from a VXLAN network to an Ethernet network in inbound and outbound directions of a BD, configure two traffic policies and apply them to the inbound and outbound directions of the BD respectively.
  • When a traffic policy is applied to the outbound direction:
    • The protocol type of Ethernet frames matching a traffic policy in the outbound direction can be only ARP (0x0806), IP (0x0800), or TRILL (0x22f3).

    • When packets (including FCoE packets) are forwarded at Layer 3, a traffic policy in the outbound direction cannot match the modified Layer 2 field.

    • On cards except CE-L48GT and CE-L48GS series cards, when a traffic policy defining an IPv6 packet matching rule is applied to the outbound direction and all physical interface to which the traffic policy is applied belong to the same forwarding chip, the maximum total bandwidth of these interfaces is 100 Gbit/s.

      For example, on the CE-L24LQ-EA card, interfaces 0 to 5 belong to chip 0, interfaces 6 to 11 belong to chip 1, interfaces 12 to 17 belong to chip 2, and interfaces 18 to 23 belong to chip 3. When a traffic policy defining an IPv6 packet matching rule is applied to the outbound direction of four interfaces (for example, interfaces 0, 6, 12, and 18) in different chips, the maximum total bandwidth of the interfaces is 160 Gbit/s (4 x 40 Gbit/s). When the traffic policy defining an IPv6 packet matching rule is applied to the outbound direction of four interfaces (for example, interfaces 0 to 3) in the same chip, the maximum total bandwidth of the interfaces is 100 Gbit/s.

    • In versions earlier than V100R005C00, when the ARP resource allocation mode is set to the extend mode and a traffic policy defining a matching rule based on the TCP/UDP port number or fragment flag is applied to the outbound direction, fragments may be incorrectly matched. Do not configure the extended ARP resource allocation mode and the preceding traffic policy simultaneously.
    • In V100R005C00 and V100R005C10, if the ARP resource allocation mode is set to the extend mode in a stack, the switch cannot match the TCP flag field or IP fragment field in the outbound direction.
    • When a traffic policy for matching IPv6 packets is applied to the outbound direction of a 48GE card, this traffic policy does not take effect for double-tagged packets carrying Layer 3 or Layer 4 fields.
    • The following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics collection, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and statistics collection on VLANIF interfaces or Layer 3 sub-interfaces. When the services are configured on an interface in the outbound direction, only the service with the highest priority takes effect. For example, when both packet filtering and statistics on VLANIF interfaces are configured on a VLANIF interface, only packet filtering takes effect.

      For sFlow and NetStream, the preceding limitations apply to all interfaces in V100R005C10 and earlier versions and only to Layer 2 sub-interfaces and Layer 3 sub-interfaces in V100R006C00 and later versions.

    • On a device that decapsulates VXLAN packets, a traffic policy containing rules for matching packets based on the TCP flag or rules for matching the fragment flag does not take effect in the outbound direction. When a traffic policy is applied to the device that decapsulates VXLAN packets and the enhanced mode is configured, a traffic policy containing rules for matching IPv4 and IPv6 5-tuple information does not take effect in the outbound direction.
    • After one of the following traffic policies is applied to the outbound direction, the switch forwards traffic in loopback mode. In this case, all traffic is looped back on the interface before being forwarded. The traffic policies are as follows:
      • Traffic policy that contains traffic behaviors defining traffic policing
      • Traffic policy that contains traffic classifiers defining IPv6 matching rules
      • Traffic policy that contains traffic behaviors defining traffic statistics collection for cards except the SD, FD, FD1, FDA, FG, and FG1 series
      • Traffic policy that contains traffic behaviors defining traffic statistics collection when the traffic-policy outbound-legacy-mode command is run in the system view for the SD, FD, FD1, FDA, FG, and FG1 series cards
    • If the switch forwards traffic in loopback mode:
      • The traffic policy can be applied only to physical interfaces, Eth-Trunk interfaces, and VLANs.
      • When traffic exceeds 50% of the total forwarding performance of the LPU, there is a high probability that packet loss will occur.
      • The queue statistics on the outbound interface include the traffic before and after the loopback. If the bound traffic behavior defines traffic policing, the queue statistics on the outbound interface include the traffic before the loopback and the traffic that is policed after the loopback.
      • For the packets that need to be forwarded at Layer 3, the looped traffic is forwarded at Layer 2. Therefore, the traffic before and after the loopback is forwarded in different queues. If the qos phb marking 8021p disable command is not configured, the 802.1p priority has a fixed value of 2 for IPv4 packets and 3 for IPv6 packets after the loopback.
      • If NetStream and sFlow are both applied, the switch collects both the traffic before and after the loopback.
      • The interface-based rate limiting, queue traffic shaping, ETS, and PFC functions are not supported in the outbound direction.
      • If traffic exceeds the bandwidth of the outbound interface, the actually-forwarded traffic is smaller than the interface bandwidth. In this case, ensure that the actual traffic does not exceed the interface bandwidth.
    • When either of the following traffic policies is applied to the outbound direction, the logging rule in the traffic policy does not take effect. That is, matched packets are to be discarded and no log is recorded.
      • Traffic policy that contains a traffic behavior defining the deny action and a traffic classifier defining the ACL logging rule.
      • Traffic policy that contains a traffic classifier defining the ACL deny action and ACL logging rule.
    • When a traffic policy that contains a traffic behavior defining packet filtering or mirroring is applied to the outbound direction, the following situations may occur:
      • If there is only the traffic classifier that defines if-match any, the traffic policy takes effect only for Layer 2 traffic.
      • If there is a traffic classifier that matches Layer 3 fields, the traffic policy takes effect only for Layer 3 traffic.
      • If there is no traffic classifier that matches Layer 3 fields, the traffic policy takes effect only for Layer 2 traffic.
    • If a traffic classifier contains the following rules, the corresponding traffic policy cannot be applied to the outbound direction:
      • if-match inner-vlan and if-match vlan inner-vlan
      • if-match 8021p and if-match inner-8021p
      • if-match discard
      • if-match double-tag
      • if-match outbound-interface (V100R003C10 and earlier versions)
      • if-match tcp-flag (versions earlier than V100R005C00)
      • if-match ipv6 dscp
      • if-match ipv6 acl (V100R003C00 and earlier versions)
      • if-match acl (IPv4 ACLs that define the IP fragment, TCP-Flag, and TTL-Expired, and ARP-based ACLs)
        NOTE:

        In V100R005C00 and later versions, IPv4 ACL rules containing the TCP- flag can be applied to the outbound direction.

    • A traffic policy cannot be applied to the outbound direction if the bound traffic behaviors define the following actions:
      • remark local-precedence
      • mac-address learning disable
      • redirect cpu, redirect interface, redirect lsp, redirect observe-port group, and redirect interface tunnel
      • redirect nexthop, redirect load-balance, redirect ipv6 nexthop, redirect ipv6 load-balance, and redirect remote
      • car share
      • mirroring cpu
  • Compared with versions earlier than V100R006C00SPC300, V100R006C00SPC300 and later versions provide different implementation modes for traffic policies containing conflicting rules or actions. There are also upgrade compatibility problems.

    Traffic Policy Application

    Difference

    Traffic classifiers bound to a traffic policy define two or more of following matching rules based on IPv4, IPv6, VXLAN, MPLS, and GRE information.

    • Versions earlier than V100R006C00SPC300: The system displays a message indicating that the traffic policy fails to be applied. All rules or actions in the traffic policy do not take effect.
    • V100R006C00SPC300 and later versions: The rules or actions configured later fail.
    • After the switch is upgraded from a version earlier than V100R006C00SPC300 to V100R006C00SPC300 or a later version, only one rule or action among conflicting rules or actions takes effect. The effective rule or action depends on the configuration sequence in the configuration file before the upgrade. Among conflicting rules or actions, the rule or action that was configured first takes effect, and subsequent conflicting configurations will be lost. For example, a traffic behavior defines the traffic statistics collection, redirection, and deny actions in sequence. After the upgrade, only the traffic statistics collection and redirection actions take effect, and the configuration of the deny action is lost.

    A traffic behavior defines both the redirect and deny actions.

    A traffic policy containing the vlan-stacking action is applied to the outbound direction.

    • Versions earlier than V100R006C00SPC300: The system displays a message indicating that the traffic policy fails to be applied. All rules or actions in the traffic policy do not take effect.
    • V100R006C00SPC300 and later versions: The traffic policy configuration fails.
    • After the switch is upgraded from a version earlier than V100R006C00SPC300 to V100R006C00SPC300 or a later version, the traffic policy configuration will be lost.
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004202

Views: 21315

Downloads: 24

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next