SupportDocumentationRoutersCore RouterNE5000EConfiguration & CommissioningConfiguration Guide

NE5000E V800R022C00SPC500 Configuration Guide

Traffic Policing and Traffic Shaping Configuration

Traffic Policing and Traffic Shaping Configuration

This chapter describes the basic concepts and configuration guide of traffic policing and shaping.

Overview of Traffic Policing and Traffic Shaping

Traffic policing and traffic shaping are key factors for QoS to ensure service quality and provide basic QoS functions for network stability.

Overview of Traffic Policing

Traffic policing controls the rate of incoming packets to ensure that network resources are properly allocated. If the traffic rate of a connection exceeds the specifications on an interface, traffic policing allows the interface to drop excess packets or re-mark the packet priority to maximize network resource usage and protect carriers' profits. An example of this process is restricting the rate of HTTP packets to 50% of the network bandwidth.

Traffic policing implements the QoS requirements defined in the service level agreement (SLA). The SLA contains parameters, such as the committed information rate (CIR), peak information rate (PIR), committed burst size (CBS), and peak burst size (PBS) to monitor and control incoming traffic. The device performs Pass, Drop, or Markdown actions for the traffic exceeding the specified limit. Markdown means that packets are marked with a lower service class or a higher drop precedence so that these packets are preferentially dropped when traffic congestion occurs. This measure ensures that the packets conforming to the SLA can have the services specified in the SLA.

Traffic policing uses committed access rate (CAR) to control traffic. CAR uses token buckets to meter the traffic rate. Then preset actions are implemented based on the metering result. These actions include:
  • Pass: forwards the packets conforming to the SLA.
  • Discard: drops the packets exceeding the specified limit.
  • Re-mark: re-marks the packets whose traffic rate is between the CIR and PIR with a lower priority and allows these packets to be forwarded.

Overview of Traffic Shaping

Traffic shaping controls the rate of outgoing packets to allow the traffic rate to match that on the downstream device. When traffic is transmitted from a high-speed link to a low-speed link or a traffic burst occurs, the inbound interface of the low-speed link is prone to severe data loss. To prevent this problem, traffic shaping must be configured on the outbound interface of the device connecting to the low-speed link, as shown in Figure 1.

Figure 1-1016 Data transmission from the high-speed link to the low-speed link

As shown in Figure 2, traffic shaping can be configured on the outbound interface of an upstream device to make irregular traffic transmitted at an even rate, preventing traffic congestion on the downstream device.

Figure 1-1017 Effect of traffic shaping

Feature Requirement of Traffic Policing

Configuring Interface-based Traffic Policing

Interface-based traffic policing implements unified interface-specific traffic control through CAR configuration.

Procedure

  1. Run the system-view command to enter the system view.
  2. Run the interface interface-type interface-number command to enter the interface view.
  3. Run the qos car { cir-percentage cir-percentage-value [ pir-percentage pir-percentage-value ] } [ cbs cbs-value [ pbs pbs-value ] ] [ green { discard | pass [ service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ service-class class color color ] } ] * { inbound | outbound } [ color-aware ] or qos car { cir cir-value [ pir pir-value ] } [ cbs cbs-value [ pbs pbs-value ] ] [ adjust adjust-value ] [ green { discard | pass [ service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ service-class class color color ] } ] * { inbound | outbound } [ vlan { vlan-id1 [ to vlan-id2 ] &<1-10> } ] [ identifier { none vid ce-vid vid-ce-vid } ] [ color-aware ] command to configure CAR on the interface.

    • The [ vlan { vlan-id1 [ to vlan-id2 ] & <1-10> } ] parameter is valid only for Layer 2 interfaces and is used to configure traffic policing for VLAN packets. If this command is run on a Layer 3 interface, you cannot specify a VLAN ID. If this command is run on a Layer 2 interface, you must specify a VLAN ID.
    • When an interface is configured with both interface-based CAR and MF classification-based CAR actions, the numbers of bytes and packets on which MF classification-based CAR actions are performed are not counted in the interface-based CAR statistics.
    • When both MF classification-based CAR and interface-based CAR are configured, MF classification-based CAR takes effect first, and then interface-based CAR. When both broadcast suppression and interface-based CAR are configured, interface-based CAR applies only to known unicast packets, and broadcast suppression applies to broadcast packets. When CAR is configured for both the packets sent to the CPU and the packets sent to an interface, the CAR statistics on the packets sent to the CPU take precedence over the CAR statistics on the packets sent to an interface.
    • Interface-based CAR cannot be configured on trunk member interfaces.

    • The cir and pir parameters are expressed in kbit/s, and the cbs and pbs parameters are expressed in bytes.

    • If the network traffic is simple, you can configure single-token-bucket traffic policing. In this case, specify the cir and cbs parameters.

    • If the network traffic is complex, you must configure dual-token-bucket traffic policing. In this case, specify the cir, pir, cbs, and pbs parameters.

  4. Run the commit command to commit the configuration.

Verifying the Configuration

After completing the configuration, perform the following operations to check the configurations:

  • Run the display interface [ interface-type [ interface-number ] ] command to check the traffic information about an interface.

  • Run the display car statistics interface interface-type interface-number { inbound | outbound } command to check the CAR statistics about a Layer 3 interface in a specified direction.

Configuring Profile-based Traffic Policing

QoS profile-based traffic policing allows you to configure a CAR policy in a QoS profile and apply the QoS profile to an interface to control the traffic on this interface.

Procedure

  • Configure traffic policing in a QoS profile.
    1. Run the system-view command to enter the system view.
    2. Run the qos-profile profile-name command to create a QoS profile and enter its view.
    3. (Optional) Run the description description-info command to configure a description for the QoS profile.
    4. Run the car { cir cir-value [ pir < pir-value > ] | cir cir-percentage cir-percentage-value [ pir pir-percentage pir-percentage-value ] } [ cbs cbs-value [ pbs pbs-value ] ] [ green { discard | pass [ service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ service-class class color color ] } ] * [ inbound | outbound ] [ color-aware ] command to configure CAR in order to guarantee user traffic.
  • Apply the QoS profile.
    1. Run the system-view command to enter the system view.
    2. Run the interface interface-type interface-number command to enter the interface view.
    3. Run any of the following commands to apply the QoS profile to a specific type of interface:

      • Run the qos-profile qos-profile-name { inbound | outbound } [ identifier none ] [ group group-name ] command to apply the QoS profile to an IP-Trunk interface or a dot1q VLAN tag termination sub-interface.
      • Run the qos-profile qos-profile-name { inbound | outbound } vlan vlan-id-begin [ to vlan-id-end ] [ identifier { vlan-id | none } ] [ group group-name ] command to apply the QoS profile to a Layer 2 interface or a dot1q VLAN tag termination sub-interface.
      • Run the qos-profile qos-profile-name { inbound | outbound } pe-vid pe-vlan-id ce-vid { ce-vlan-id-begin [ to ce-vlan-id-end ] } [ identifier { pe-vid | ce-vid | pe-ce-vid | none } ] [ group group-name ] command to apply the QoS profile to a QinQ VLAN tag termination sub-interface.
      • Run the qos-profile qos-profile-name { inbound | outbound } [ identifier { none | vid | ce-vid | vid-ce-vid } ] [ group group-name ] command to apply the QoS profile to an EVC Layer 2 sub-interface.
      • Run the qos-profile qos-profile-name { inbound | outbound } vni vni-id source sourceip peer peerip command to apply the QoS profile to an NVE interface.

    4. Run the commit command to commit the configuration.
    5. Run the quit command to return to the system view.

Verifying the Configuration

After completing the configuration, perform the following operations to check the configurations:
  • Run the display qos-profile application { qos-profile-name } command to check the application information about a QoS profile.
  • Run the display qos-profile configuration [ qos-profile-name ] command to check the configurations of a QoS profile.
  • Run the monitor qos-profile statistics interface { interface-name | interface-type interface-number } [ vlan vlan-id | pe-vid pe-vid ce-vid ce-vid | vid vid-id | ce-vid ce-vid | vid vid-id ce-vid ce-vid ] { inbound | outbound } [ interval seconds [ repeat repeat ] ] command to monitor QoS profile statistics.

Configuring Traffic Policing Based on Complex Traffic Classification

This section describes how to configure traffic policing based on the complex traffic classification (CTC), which is also called the CTC-based traffic policing.

Usage Scenario

There are a large number of users in the network and they send data constantly. Continuous burst data from numerous users can make the network congested. As a result, the running and service quality of the network are affected to a great extent.

To ensure the availability of bandwidth resources regardless of whether the network is idle or congested, traffic control needs to be implemented on one or several types of packet. You can combine complex traffic classification and traffic control to configure CTC-based traffic policing policies. Then, apply the policies to the inbound interface to restrict the traffic of the specific packets within a reasonable range. In this manner, limited network resources are better utilized.

Complex traffic classification refers to classifying packets according to the source IP address, source port number, protocol number, destination IP address, and destination port number. It is usually configured at the edge of the network.

Pre-configuration Tasks

Before configuring CTC-based traffic policing, you need to complete the following tasks:

  • Configuring the physical parameters of interfaces

  • Configuring the link layer attributes of interfaces to ensure their normal operation

  • Configuring IP addresses for interfaces

  • Enabling the routing protocol for communication between devices

Defining Traffic Classifiers

You need to configure traffic classification before configuring traffic class-based QoS. The traffic classification can be configured based on ACL, IP precedence, protocol type, MAC address, protocol address, and so on.

Procedure

  • Defining traffic classifiers based on Layer 3 or Layer 4 information

    If traffic is classed on the basis of Layer 3 or Layer 4 information, traffic policies can be applied to only Layer 3 interface.

    1. Run system-view

      The system view is displayed.

    2. Run traffic classifier classifier-name [ operator { and | or } ]

      A traffic classifier is defined and the traffic classifier view is displayed.

      If you set more than one matching rule for the same classifier, you can set their logical relations by specifying the parameter operator in this step.

      • and: A packet belongs to the class defined by the classifier only when it matches all the rules.

      • or: A packet belongs to the class defined by the classifier if it matches one of the rules.

    3. Define desired matching rules on the router according to your requirements.

      • To set a matching rule to classify traffic based on the ACL number, run the if-match [ ipv6 ] acl { acl-number | name acl-name } command.
      • To set a matching rule to classify traffic based on the DSCP value, run the if-match dscp { dscp-value | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | default } or if-match ipv6 dscp dscp-value command.
      • To set a matching rule to classify traffic based on the IPv4 TCP flag, run the if-match tcp syn-flag { tcpflag-value [ mask tcpflag-mask ] | bit-match { established | fin | syn | rst | psh | ack | urg | ece | cwr | ns } } command.
      • To set a matching rule to classify traffic based on the IPv6 TCP flag, run the if-match ipv6 tcp syn-flag { tcpflag-value [ mask tcpflag-mask ] | bit-match { established | fin | syn | rst | psh | ack | urg } } command.
      • To set a matching rule to classify traffic based on the IP precedence, run the if-match [ ipv6 ] ip-precedence ip-precedence command.

      • To define a matching rule to classify traffic based on the MPLS EXP value, run the if-match mpls-exp exp-value command.

      • To match all packets, run the if-match [ ipv6 ] any command.

      • To define a matching rule to classify traffic based on the value of the next IPv6 header, run the if-match ipv6 next-header header-number first-next-header command.

      • To set a matching rule to classify traffic based on the source IPv6 address, run the if-match ipv6 source-address ipv6-address prefix-length command.
      • To set a matching rule to classify traffic based on the destination IPv6 address, run the if-match ipv6 destination-address ipv6-address prefix-length command.

      To match IPv6 packets, you must specify the key word ipv6 when you choose a matching rule in Step 3. A matching rule defined to match packets based on source or destination addresses is valid with IPv6 packets, but not with IPv4 packets.

      If you set more than one matching rule for the same classifier, you can set their logical relations by specifying the parameter operator in Step 2.

      • and: A packet belongs to the class defined by the classifier only when it matches all the rules.

      • or: A packet belongs to the class defined by the classifier if it matches one of the rules.

      By default, the value of the logic operator of the rules is or.

    4. Run commit

      The configuration is committed.

  • Defining traffic classifiers based on Layer 2 information

    If traffic is classed on the basis of Layer 2 information, the key word link-layer must be specified in the command line when a traffic policy is applied.

    1. Run system-view

      The system view is displayed.

    2. Run traffic classifier classifier-name [ operator { and | or } ]

      A traffic classifier is defined and the traffic classifier view is displayed.

    3. Define desired matching rules on the router according to your requirements.

      • To set a matching rule to classify traffic based on the ACL number, run the if-match [ ipv6 ] acl { acl-number | name acl-name } command.

      • To set a matching rule to classify traffic based on the source MAC address, run the if-match source-mac mac-address command.

      • To set a matching rule to classify traffic based on the destination MAC address, run the if-match destination-mac mac-address command.

      • To set a matching rule to classify traffic based on the 8021p value of VLAN packets, run the if-match 8021p 8021p-value command.

      If you set more than one matching rule for the same classifier, you can set their logical relations by specifying the parameter operator in Step 2. For detailed instructions, refer to the previous section.

    4. Run commit

      The configuration is committed.

Defining a Traffic Behavior and Configuring Traffic Policing Actions

Configure traffic policing actions for difference traffic classifier.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run traffic behavior behavior-name

    A traffic behavior is configured and the traffic behavior view is displayed.

  3. Run car { cir cir-value [ pir pir-value ] } [ cbs cbs-value [ pbs pbs-value ] ] [ adjust adjust-value ] [ green { discard | pass [ remark dscp dscp | service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ remark dscp dscp | service-class class color color ] } ] * [ color-aware ]

    A traffic policing action is configured.

    After CAR is configured and applied, you can run the display traffic policy statistics interface command to view CAR statistics.

    In Step 3, choose parameters according to your requirement:

    • To configure traffic policing with a single token bucket, select cir and cbs and set pbs to 0.

    • To configure traffic policing with a single rate and double token buckets, select cir, cbs, and pbs.

    • To configure traffic policing with dual rates and dual token buckets, select cir, pir, cbs, and pbs.

    • The cir and pir parameters are expressed in kbit/s, and the cbs and pbs parameters are expressed in bytes.

  4. Run commit

    The configuration is committed.

Follow-up Procedure

The NE5000E supports the re-marking of the priority and color of packets after traffic policing. If the CoS of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-marked only in green.

Defining a Traffic Policy

After traffic classifiers and traffic behaviors are defined, traffic classifiers and traffic behaviors need to be associated to form traffic policies.

Context

Do as follows on the router:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run traffic policy policy-name

    A traffic policy is defined and the traffic policy view is displayed.

  3. Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]

    A traffic behavior is associated with a specified traffic class in the traffic policy.

  4. Run commit

    The configuration is committed.

Applying a Traffic Policy

A class-based policy does not take effect unless it is applied to an interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Configure packet information to be matched when a traffic policy is applied to a board.
    1. Run slot slot-id

      The slot view is displayed.

    2. Select one of the following configurations based on service requirements.

      • Run the traffic-policy match-ip-layer { mpls-pop | mpls-push } * command to configure MF classification based only on IP layer (Layer 3) information for incoming/outgoing traffic on the public network.
      • Run the traffic-policy match-mpls-layer { mpls-push | mpls-pop } * command to configure MF classification based on both IP and MPLS information for incoming/outgoing traffic on the public network.

        If MF classification based on both IP and MPLS information is configured, do not specify other parameters when running the traffic-policy policy-name { inbound | outbound } command on an interface. Otherwise, the function does not take effect.

      • Run the commit command to commit the configuration.

    3. Run quit

      Exit the slot view.

  3. Run interface interface-type interface-number

    The interface view is displayed.

  4. (Optional) Run qos traffic-car member-link-scheduler distribute Weight-based bandwidth allocation is configured for trunk member interfaces when CAR in a traffic policy is applied to the trunk interface.

    This command is supported only on Ethernet trunk interfaces.

  5. Perform the following operations based on the interface to which a traffic policy is applied.

    • Apply an MF classification-based traffic policy to a Layer 3 interface.
      1. To enter the Layer 3 interface view, run the interface interface-type interface-number command.
      2. To apply a traffic policy to the Layer 3 interface, run the traffic-policy policy-name { inbound | outbound } [ link-layer | mpls-layer ] command.

        If link-layer is configured, the device performs MF classification based on Layer 2 information of packets.

        If mpls-layer is configured, the device performs MF classification based on MPLS packet header information.

    • Apply an MF classification-based traffic policy to an EVC Layer 2 sub-interface, with the bandwidth allocation mode specified.
      1. To enter the EVC Layer 2 sub-interface view, run the interface interface-type interface-number.subnum mode l2 command.
      2. To apply a traffic policy to the EVC Layer 2 sub-interface, run the traffic-policy policy-name { inbound | outbound } identifier { none | vid | ce-vid | vid-ce-vid } [ link-layer ] command.

        The bandwidth allocation mode specified using the identifier parameter must be the same as the one configured on the EVC Layer 2 sub-interface.

    • Apply an MF classification-based traffic policy to a QinQ VLAN tag termination sub-interface, with the PVLAN ID and CVLAN ID ranges specified.
      1. To enter the sub-interface view, run the interface interface-type interface-number.subinterface-number command.
      2. To set a VLAN ID range for the sub-interface and configure the sub-interface to remove the tags from double-tagged packets, run the encapsulation qinq-termination [ rt-protocol ] command.
      3. To configure the sub-interface as a QinQ VLAN tag termination sub-interface, run the qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid ce-vid [ to high-ce-vid ] [ vlan-group group-id ] command.
      4. To apply a traffic policy to the QinQ VLAN tag termination sub-interface, run the traffic-policy policy-name { inbound | outbound } pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ] [ link-layer | mpls-layer ] command.

        You can directly run the traffic-policy policy-name { inbound | outbound } [ link-layer | mpls-layer ] command to apply an MF classification-based traffic policy to a QinQ VLAN tag termination sub-interface without specifying PVLAN and CVLAN IDs.

  6. Run commit

    The configuration is committed.

Verifying the Configuration of Traffic Policing Based on MF Classification

After MF classification—based traffic policing is successfully configured, you can view the traffic classifiers, traffic behaviors, binding between traffic classifiers and behaviors in the specified traffic policy, configured traffic policies and their application, and configured queues and their application.

Procedure

  • Run the display interface [ interface-type [ interface-number ] ] command to view the information about the traffic on the interface.
  • Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]command to view information about the configured traffic behaviors.
  • Run the display traffic classifier { system-defined | user-defined } [ classifier-name ] command to view information about the configured traffic classifiers.
  • Run the display traffic policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] command to view information about the association between all or the specified traffic classifiers and traffic behaviors in traffic policies.
  • Run the display qos resource rule { aclv4 | aclv6 | l2acl | mpls } slot slot-id command to view the usage of ACL rules on each board.
  • Run the display qos resource traffic-policy application [ slot slot-id ] command to view the number of interfaces to which traffic policies are bound and the number of remaining interfaces to which traffic policies can be bound.
  • Run the display traffic policy [ [ name ] policy-name ] statistics interface { interface-name | interface-type interface-number } [ vlan vlan-id | pe-vid pe-vid ce-vid ce-vid | vid vid | ce-vid ce-vid | vid vid ce-vid ce-vid ] { inbound | outbound } [ verbose { classifier-based [ class class-name ] | rule-based [ class class-name ] [ filter ] } ] command to view the statistics about the traffic policy.

    To view CAR statistics, classifier-based must be specified.

Configuring Traffic Shaping

The function of traffic shaping is similar to that of traffic policing. Traffic shaping mainly buffers packets that need to be dropped by traffic policing by means of buffer and token bucket.

Usage Scenario

When the traffic volume on a network is heavy, nonconforming packets are directly discarded. If the upstream router sends a large volume of data traffic, the downstream network may be congested or a great number of packets are dropped. To prevent this situation, configure traffic shaping on the outbound interface of the upstream router to limit the traffic. Traffic shaping enables packets to be transmitted at an even rate and improves the allocation of bandwidth resources between the upstream and downstream networks.

Traffic shaping is carried out using buffers and token buckets. If packets are sent at a high rate, nonconforming packets are not dropped. Instead, such packets are placed in buffer queues. Under the control of token buckets, buffered packets are sent at an even rate by queue scheduling priority when the network is idle. As a result, packet retransmissions in case of packet dropping is prevented.

Differentiated service (DiffServ) is used to guarantee the bandwidth for behavior aggregate (BA) data traffic. The NE5000E uses the queue scheduling mechanism to allocate resources to the services of different classes, such as expedited forwarding (EF) and assured forwarding (AF) queues. You do not need to configure queue management.

Currently, the NE5000E supports traffic shaping only for the outgoing traffic on interfaces.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run slot slot-id

    The slot view is displayed.

  3. Run port shaping shaping-value bind mtunnel

    Traffic shaping is configured on the MTI bound to the distributed multicast VPN.

  4. Run commit

    The configuration is committed.

Configuring Interface-based Rate Limit

This section describes how to control the rate at which traffic is forwarded on an interface by configuring interface-based rate limit.

Usage Scenario

To avoid network congestion, you can configure the interface-based rate limit to control the total traffic on physical interfaces.

Interface-based rate limit applies to only outgoing traffic on interfaces.

Pre-configuration Tasks

Before configuring interface-based rate limit, complete the following tasks:

  • Configuring the physical parameters of interfaces

  • Configuring the link layer attributes of interfaces to ensure their normal operation

  • Configuring IP addresses for interfaces

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run qos lr cir { cir-value | cir-percentage percent-value }

    Interface-based rate limit is configured.

  4. Run commit

    The configuration is committed.

Checking the Configuration

Run the following commands to check the previous configuration.

  • Run the display interface [ interface-type interface-number ] command to view information about the traffic on the interface.

Maintaining Traffic Policing, Traffic Shaping and Interface-based Rate limit

This section describes how to clear statistics on traffic policing, shaping and interface-based rate limit.

Clearing Statistics on CAR

This section describes how to clear statistics on CAR.

Context

Queue statistics cannot be restored after you clear it. So, confirm the action before you use the command.

To clear CAR statistics of a specified interface, run the following reset commands in the user view.

Procedure

  • Run the reset car statistics interface { interface-type interface-number | interface-name } [ vlan vlan-id | vid vid | ce-vid ce-vid | vid vid ce-vid ce-vid | pe-vid pe-vid ce-vid ce-vid ] { inbound | outbound } command to clear CAR statistics for the specified direction of the specified interface.
  • Run the reset counters qos queue [ slot slot-id | interface interface-type interface-number [ service-class ] ] command to clear the statistics on QoS queue scheduling of all types of queue or a specified type of queue on the specified interface.

Configuration Examples for Traffic Policing, Traffic Shaping, and Interface-based Rate Limit

This section provides detailed examples for configuring traffic policing, traffic shaping, and interface rate limit in terms of application scenarios and configuration commands.

Example for Configuring Traffic Policing, Traffic Shaping, and Interface-based Rate Limiting

This section provides an example for configuring traffic policing, traffic shaping, and interface-based rate limiting. It describes how to configure traffic policing, traffic shaping, and interface-based rate limiting to control the overall traffic volume that is received or forwarded, and to control the rate of specified packets.

Networking Requirements

On a single NE5000E, an interface is numbered in the format of slot number/card number/interface number. In the multi-chassis scenario, an interface is numbered in the format of chassis ID/slot number/card number/interface number. This requires the chassis ID to be specified along with the slot number.

GE 3/0/0 of DeviceA is connected to GE 1/0/0 of DeviceB. Server, PC1, and PC2 can access the Internet through DeviceA and DeviceB.

Server, PC1, and GE 1/0/0 of DeviceA are on the same network segment. PC2 and GE 2/0/0 of DeviceA are on the same network segment.

The traffic from Server and PC1 to GE 1/0/0 is controlled on DeviceA as follows:

  • A bandwidth of up to 6 Mbit/s is assured for the traffic from Server. The default bandwidth is 5 Mbit/s. For traffic whose rate exceeds 5 Mbit/s but is less than or equal to 6 Mbit/s, packets are normally forwarded. When the traffic rate exceeds 6 Mbit/s, the nonconforming traffic is treated and forwarded as BE traffic flows.

  • The rate limit on the traffic from PC1 is 2 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic is dropped.

In addition, the GE 3/0/0 and GE 2/0/0 respectively on DeviceA and DeviceB have the following requirements for sending and receiving packets:

  • The rate of the EF traffic arriving at DeviceB through GE 3/0/0 of DeviceA is limited to 20 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic is dropped.

  • The rate of the EF traffic arriving at the Internet through GE 2/0/0 of DeviceB is limited to 30 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic is dropped.

  • The rate of the total traffic arriving at the Internet through GE 2/0/0 of DeviceB is limited to 50 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic is dropped.

Interfaces 1 through 3 in this example represent GE 1/0/0, GE 2/0/0, and GE 3/0/0, respectively.

Figure 1-1018 Networking diagram for configuring traffic policing

Configuration Precautions

During the configuration, pay attention to the following:

  • If the CoS of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-marked only in green.

  • To display the statistics about a traffic policy, you can enable statistics for the traffic policy by running the statistics enable command.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure IP addresses for interfaces.

  2. On the inbound interface GE 1/0/0 of DeviceA, configure MF classification-based traffic policing for traffic from Server and PC1.

  3. On the outbound interface GE 3/0/0 of DeviceA, configure traffic shaping so that the rate of the EF traffic that arrives at DeviceB is limited to 20 Mbit/s.

  4. On the outbound interface GE 2/0/0 of DeviceB, configure traffic shaping so that the rate of the EF traffic from GE 2/0/0 to the Internet is limited to 30 Mbit/s. In the traffic shaping, CS6 and CS7 traffic undergoes the Weighted Fair Queuing (WFQ) queue scheduling. The bandwidth percentages of AF1, AF2, AF3, AF4, and BE traffic at the CIR are respectively 5%, 5%, 10%, 10%, and 40%; the percentages of EF traffic at the CIR and PIR are respectively 20% and 30%.

  5. On the outbound interface GE 2/0/0 of DeviceB, configure interface-based rate limiting so that the rate of the traffic from this interface is limited to 50 Mbit/s.

Data Preparation

To complete the configuration, you need the following data:

  • ACL numbers, traffic classifier names, traffic behavior names, traffic policy names, and the interfaces where the traffic policies are applied, for the traffic of Server and PC1

  • CIR, PIR, CBS, and PBS

  • Interface where traffic shaping is configured and the traffic rate for traffic shaping

  • Interface and rate limit for interface-based rate limiting

Procedure

  1. Configure IP addresses for interfaces (The detailed configuration is not mentioned here).
  2. Configure DeviceA.

    # Configure ACL rules for matching data flows from Server and PC1.

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceA
    [*HUAWEI] commit
    [~DeviceA] acl number 2001
    [*DeviceA-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
    [*DeviceA-acl-basic-2001]commit
    [~DeviceA-acl-basic-2001] quit
    [~DeviceA] acl number 2002
    [*DeviceA-acl-basic-2002] rule permit source 1.1.1.2 0.0.0.0
    [*DeviceA-acl-basic-2002] commit
    [~DeviceA-acl-basic-2002] quit

    # Configure traffic classifiers and define ACL-based traffic classifier matching rules.

    [~DeviceA] traffic classifier class1
    [*DeviceA-classifier-class1] if-match acl 2001
    [*DeviceA-classifier-class1] commit
    [~DeviceA-classifier-class1] quit
    [~DeviceA] traffic classifier class2
    [*DeviceA-classifier-class2] if-match acl 2002
    [*DeviceA-classifier-class2] commit
    [~DeviceA-classifier-class2] quit

    # Define a traffic behavior. Set the bandwidth for the traffic from Server to 5 Mbit/s and the maximum bandwidth to 6 Mbit/s. For traffic whose rate exceeds 5 Mbit/s but is lower than or equal to 6 Mbit/s, the traffic is directly forwarded. When the traffic rate exceeds 6 Mbit/s, the nonconforming traffic is treated and forwarded as BE traffic flows.

    [~DeviceA] traffic behavior behavior1
    [*DeviceA-behavior-behavior1] car cir 5000 pir 6000 green pass yellow pass red pass service-class be color green
    [*DeviceA-behavior-behavior1] commit
    [~DeviceA-behavior-behavior1] quit

    # Define a traffic behavior. Set the rate limit on the traffic from PC1 to 2 Mbit/s. When the traffic rate exceeds 2 Mbit/s, the nonconforming traffic is dropped.

    [~DeviceA] traffic behavior behavior2
    [*DeviceA-behavior-behavior2] car cir 2000 green pass red discard
    [*DeviceA-behavior-behavior2] commit
    [~DeviceA-behavior-behavior2] quit

    # Define a traffic policy to associate traffic classifiers with traffic behaviors.

    [~DeviceA] traffic policy policy1
    [*DeviceA-trafficpolicy-policy1] classifier class1 behavior behavior1
    [*DeviceA-trafficpolicy-policy1] classifier class2 behavior behavior2
    [*DeviceA-trafficpolicy-policy1] commit
    [~DeviceA-trafficpolicy-policy1] quit

    # Apply the traffic policy to GE 1/0/0.

    [~DeviceA] interface gigabitethernet 1/0/0
    [~DeviceA-GigabitEthernet1/0/0] undo shutdown
    [*DeviceA-GigabitEthernet1/0/0] traffic-policy policy1 inbound
    [*DeviceA-GigabitEthernet1/0/0] commit
    # Configure traffic shaping on GE 3/0/0 of DeviceA to shape the traffic sent from this interface (dropping traffic whose rate is greater than 20 Mbit/s) so that the packet loss ratio on GE 1/0/0 of DeviceB is lowered.
    [~DeviceA] interface GigabitEthernet 3/0/0
    [~DeviceA-GigabitEthernet3/0/0] undo shutdown
    [*DeviceA-GigabitEthernet3/0/0] qos queue ef cir 20 pir 20 outbound
    [*DeviceA-GigabitEthernet3/0/0] commit

  3. Configure traffic shaping on GE 2/0/0 of DeviceB.

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceB
    [*HUAWEI] commit
    [~DeviceB] interface GigabitEthernet2/0/0
    [~DeviceB-GigabitEthernet2/0/0] undo shutdown
    [*DeviceB-GigabitEthernet2/0/0] qos queue cs6 priority 1 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue cs7 priority 1 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue af1 cir cir-percentage 5 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue af2 cir cir-percentage 5 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue af3 cir cir-percentage 10 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue af4 cir cir-percentage 10 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue ef cir cir-percentage 20 pir pir-percentage 30 outbound
    [*DeviceB-GigabitEthernet2/0/0] qos queue be cir cir-percentage 40 outbound
    [*DeviceB-GigabitEthernet2/0/0] commit
    [~DeviceB-GigabitEthernet2/0/0] return

  4. Configure interface-based rate limiting on GE 2/0/0 of DeviceB to limit the rate of the traffic from this interface to the Internet.

    [~DeviceB] interface GigabitEthernet2/0/0
    [~DeviceB-GigabitEthernet2/0/0]  qos lr cir 50
    [*DeviceB-GigabitEthernet2/0/0] commit
    [~DeviceB-GigabitEthernet2/0/0] return

  5. Verify the configuration.

    Run the display interface command and display qos queue interface GigabitEthernet 2/0/0 command to view interface-based traffic statistics on DeviceB.

Configuration Files

  • DeviceA configuration file

    # 
sysname DeviceA
#
acl number 2001
 rule 5 permit source 1.1.1.1 0
acl number 2002
 rule 5 permit source 1.1.1.2 0
#
traffic classifier class1 operator or
 if-match acl 2001
traffic classifier class2 operator or
 if-match acl 2002
#
traffic behavior behavior1
 car cir 5000 pir 6000 green pass yellow pass red pass service-class be color green
traffic behavior behavior2
 car cir 2000 green pass red discard
#
traffic policy policy1
 classifier class1 behavior behavior1 precedence 1
 classifier class2 behavior behavior2 precedence 2
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 1.1.1.3 255.255.255.0
 traffic-policy policy1 inbound
# 
interface GigabitEthernet3/0/0
  undo shutdown  
  ip address 2.1.1.2 255.255.255.0  
  qos queue ef cir 20 pir 20 outbound 
# 
ospf 1  area 0.0.0.0   network 1.1.1.0 0.255.255.255   
  network 2.1.1.0 0.0.0.255
#
return

  • DeviceB configuration file

    #
 sysname DeviceB
#
interface GigabitEthernet 2/0/0
 undo shutdown
 ip address 2.2.2.1 255.255.255.0
 qos queue cs6 priority 1 outbound                                              
 qos queue cs7 priority 1 outbound            
 qos queue af1 cir cir-percentage 5 outbound                                    
 qos queue af2 cir cir-percentage 5 outbound                                    
 qos queue af3 cir cir-percentage 10 outbound                                   
 qos queue af4 cir cir-percentage 10 outbound                                   
 qos queue ef cir cir-percentage 20 pir pir-percentage 20 outbound              
 qos queue be cir cir-percentage 40 outbound     

 qos lr cir 50
#
ospf 1
 area 0.0.0.0
  network 2.2.2.0 0.0.0.255
  network 2.1.1.0 0.0.0.255
#
return
Translation
Favorite
Download
Update Date:2023-11-24
Document ID:EDOC1100278760
Views:225453
Downloads:1070
Average rating:5.0Points

Related Documents

Digital Signature File

digtal sigature tool