Example for Configuring Traffic Policing
Networking Requirements
As shown in Figure 3-8, voice, video, and data services on the LAN of the enterprise belong to VLAN10, VLAN20, and VLAN30 respectively. The services are transmitted to Eth2/0/0 of RouterA through the switch, and are then transmitted to the WAN through GE3/0/0 of RouterA.
Flow-based traffic policing needs to be performed for different service packets on RouterA to limit the rate of each service flow within a proper range, so that bandwidth can be ensured for each service. Interface-based traffic policing needs to be performed for all incoming traffic on Eth2/0/0 so that the total traffic rate of the enterprise is limited within a proper range.
Configuration Roadmap
- Create VLANs and VLANIF interfaces on RouterA and configure physical interfaces to ensure that enterprise users can access the WAN through RouterA.
- Configure traffic classifiers on RouterA to classify packets based on VLAN IDs.
- Configure traffic behaviors on RouterA to perform traffic policing for different service flows from the enterprise.
- Configure a traffic policy on RouterA, associate the traffic behaviors with traffic classifiers in the traffic policy, and apply the traffic policy to the inbound direction of the interface on RouterA connected to the switch.
- Configure interface-based traffic policing in the inbound direction of the interface on RouterA connected to the switch to limit the rate of all the packets.
Procedure
- Configure VLANs and interfaces.
# Create VLAN10, VLAN20, and VLAN30 on RouterA.
<Huawei> system-view [Huawei] sysname RouterA [RouterA] vlan batch 10 20 30
# Configure Eth2/0/0 as a trunk interface and allow packets from VLAN10, VLAN20, and VLAN30 to pass through.
[RouterA] interface ethernet 2/0/0 [RouterA-Ethernet2/0/0] port link-type trunk [RouterA-Ethernet2/0/0] port trunk allow-pass vlan 10 20 30 [RouterA-Ethernet2/0/0] quit
Configure the interface on the switch connected to RouterA as a trunk interface and allow packets from VLAN 10, VLAN 20, and VLAN 30 to pass through.
# Create VLANIF10, VLANIF20, and VLANIF30, and assign IP addresses 192.168.1.1/24, 192.168.2.1/24, and 192.168.3.1/24 to VLANIF 10, VLANIF20, and VLANIF30 respectively.
[RouterA] interface vlanif 10 [RouterA-Vlanif10] ip address 192.168.1.1 24 [RouterA-Vlanif10] quit [RouterA] interface vlanif 20 [RouterA-Vlanif20] ip address 192.168.2.1 24 [RouterA-Vlanif20] quit [RouterA] interface vlanif 30 [RouterA-Vlanif30] ip address 192.168.3.1 24 [RouterA-Vlanif30] quit
# Set the IP address of GE3/0/0 to 192.168.4.1/24.
[RouterA] interface gigabitethernet 3/0/0 [RouterA-GigabitEthernet3/0/0] undo portswitch [RouterA-GigabitEthernet3/0/0] ip address 192.168.4.1 24 [RouterA-GigabitEthernet3/0/0] quit
# Configure RouterB and ensure that there are reachable routes between RouterB and RouterA.
- Configure traffic classifiers.
# Configure traffic classifiers c1, c2, and c3 on RouterA to match different service flows from the enterprise based on VLAN IDs.
[RouterA] traffic classifier c1 [RouterA-classifier-c1] if-match vlan-id 10 [RouterA-classifier-c1] quit [RouterA] traffic classifier c2 [RouterA-classifier-c2] if-match vlan-id 20 [RouterA-classifier-c2] quit [RouterA] traffic classifier c3 [RouterA-classifier-c3] if-match vlan-id 30 [RouterA-classifier-c3] quit
- Configure traffic behaviors.
# Create traffic behaviors b1, b2, and b3 on RouterA to perform traffic policing for different service flows from the enterprise.
[RouterA] traffic behavior b1 [RouterA-behavior-b1] car cir 256 [RouterA-behavior-b1] statistic enable [RouterA-behavior-b1] quit [RouterA] traffic behavior b2 [RouterA-behavior-b2] car cir 4000 [RouterA-behavior-b2] statistic enable [RouterA-behavior-b2] quit [RouterA] traffic behavior b3 [RouterA-behavior-b3] car cir 2000 [RouterA-behavior-b3] statistic enable [RouterA-behavior-b3] quit
- Configure a traffic policy and apply the traffic policy to Eth2/0/0.
# Create a traffic policy p1 on RouterA, associate the traffic behaviors with traffic classifiers in the traffic policy, and apply the traffic policy to Eth2/0/0 in the inbound direction.
[RouterA] traffic policy p1 [RouterA-trafficpolicy-p1] classifier c1 behavior b1 [RouterA-trafficpolicy-p1] classifier c2 behavior b2 [RouterA-trafficpolicy-p1] classifier c3 behavior b3 [RouterA-trafficpolicy-p1] quit [RouterA] interface ethernet 2/0/0 [RouterA-Ethernet2/0/0] traffic-policy p1 inbound
- Configure interface-based traffic policing.
# Configure interface-based traffic policing in the inbound direction of Eth2/0/0 on RouterA to limit the total traffic rate of the enterprise within a proper range.
[RouterA-Ethernet2/0/0] qos car inbound cir 10000 [RouterA-Ethernet2/0/0] quit
- Verify the configuration.
# View the traffic classifier configuration.
[RouterA] display traffic classifier user-defined User Defined Classifier Information: Classifier: c2 Operator: OR Rule(s) : if-match vlan-id 20 Classifier: c3 Operator: OR Rule(s) : if-match vlan-id 30 Classifier: c1 Operator: OR Rule(s) : if-match vlan-id 10# View the traffic policy configuration.
[RouterA] display traffic policy user-defined User Defined Traffic Policy Information: Policy: p1 Classifier: c1 Operator: OR Behavior: b1 Committed Access Rate: CIR 256 (Kbps), PIR 0 (Kbps), CBS 48128 (byte), PBS 80128 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard statistic: enable Precedence: 5 Classifier: c2 Operator: OR Behavior: b2 Committed Access Rate: CIR 4000 (Kbps), PIR 0 (Kbps), CBS 752000 (byte), PBS 1252000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard statistic: enable Precedence: 10 Classifier: c3 Operator: OR Behavior: b3 Committed Access Rate: CIR 2000 (Kbps), PIR 0 (Kbps), CBS 376000 (byte), PBS 626000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard statistic: enable Precedence: 15# View the traffic policy configuration on Eth2/0/0.
[RouterA] display traffic policy statistics interface ethernet 2/0/0 inbound Interface: Ethernet2/0/0 Traffic policy inbound: p1 Rule number: 3 Current status: OK! Item Sum(Packets/Bytes) Rate(pps/bps) ------------------------------------------------------------------------------- Matched 0/0 0/0 Passed 0/0 0/0 Dropped 0/0 0/0 Filter 0/0 0/0 CAR 0/0 0/0 Queue Matched 0/0 0/0 Enqueued 0/0 0/0 Discarded 0/0 0/0 CAR 0/0 0/0 Green packets 0/0 0/0 Yellow packets 0/0 0/0 Red packets 0/0 0/0
Configuration Files
- RouterA configuration file
# sysname RouterA # vlan batch 10 20 30 # traffic classifier c1 operator or if-match vlan-id 10 traffic classifier c2 operator or if-match vlan-id 20 traffic classifier c3 operator or if-match vlan-id 30 # traffic behavior b1 car cir 256 cbs 48128 pbs 80128 green pass yellow pass red discard statistic enable traffic behavior b2 car cir 4000 cbs 752000 pbs 1252000 green pass yellow pass red discard statistic enable traffic behavior b3 car cir 2000 cbs 376000 pbs 626000 green pass yellow pass red discard statistic enable # traffic policy p1 classifier c1 behavior b1 precedence 5 classifier c2 behavior b2 precedence 10 classifier c3 behavior b3 precedence 15 # interface Vlanif10 ip address 192.168.1.1 255.255.255.0 # interface Vlanif20 ip address 192.168.2.1 255.255.255.0 # interface Vlanif30 ip address 192.168.3.1 255.255.255.0 # interface Ethernet2/0/0 port link-type trunk port trunk allow-pass vlan 10 20 30 qos car inbound cir 10000 traffic-policy p1 inbound # interface GigabitEthernet3/0/0 undo portswitch ip address 192.168.4.1 255.255.255.0 # return