NE5000E V800R022C00SPC500 Configuration Guide
Class-based QoS Configuration
This chapter describes the configuration of traffic policy based on complex traffic classification as well as the priority mapping in simple traffic classification. In addition, this chapter also provides configuration examples.
- Overview of Class-based QoS
- Feature Requirement of Class-based QoS
- Configuring MF Classification-based Traffic Policies for IP Packets
- Configuring Priority Mappings for IP Packets
- Configuring MF Classification-based Traffic Policies for VLAN Packets
- Configuring Priority Mappings for VLAN Packets
- Configuring Priority Mappings for MPLS Packets
- (Optional) Configuring a Priority for Protocol Packets
- Maintaining Class-based QoS Configuration
- Configuration Examples for Class-based QoS
- Example for Configuring MF Classification for IP Packets
- Example for Configuring IP-based MF Classification on an MPLS Interface
- Example for Configuring MF Classification Based on Inner Information of SRv6 Packets Using a Cascaded Traffic Policy in an L3VPNv4 over SRv6 TE Policy Scenario
- Example for Configuring Redirection on Dual Outbound Interfaces
- Example for Configuring a Traffic Policy Based on MF Classification in an MPLS Networking Scenario
- Example for Configuring MF Classification-based Traffic Policies for VLAN Packets
- Example for Configuring Priority Mappings for VLAN Packets Based on BA Classification
- Example for Configuring Priority Mappings for MPLS Packets Based on BA Classification
Overview of Class-based QoS
Definition
Traffic classification technology allows a device to classify packets that enter a DiffServ domain in order for the device to identify the packet service type and to apply any appropriate action upon the packet.
A traffic classifier is configured to provide differentiated services and must be associated with a certain traffic control or resource allocation behavior, which is called a traffic behavior.
Traffic Classification Techniques
Packets can be classified based on QoS priorities (for details, see section QoS Priority Fields), or packet information such as the source IP address, destination IP address, MAC address, IP protocol, and port number, or specifications in an SLA.
After packets are classified at the DiffServ domain edge, internal nodes provide differentiated services for classified packets. A downstream node can accept and continue the upstream classification or classify packets based on its own criteria.
Therefore, traffic classification can be classified as behavior aggregate classification or multi-field classification. For details, see section BA Classification and MF Classification.
BA Classification
- DSCP value of IPv4 packets
- TC value of IPv6 packets
- EXP value of MPLS packets
- 802.1p value of VLAN packets
It is used to simply identify the traffic that has the specific priority or class of service (CoS) for mapping between external and internal priorities.
BA classification confirms that the priority of incoming packets on a device is trusted and mapped to the service-class and color based on a priority mapping table. The service-class and color of outgoing packets are then mapped back to the priority. For details about priority mapping, see section QoS Priority Mapping.
To configure BA classification on a NE5000E, configure a DiffServ (DS) domain, define a priority mapping table for the DS domain, and bind the DS domain to a trusted interface.
BA classification applies to the DS internal nodes.
Multi-Field Classification
As networks rapidly develop, services on the Internet become increasingly diversified. Various services share limited network resources, especially when multiple services use port number 80. Because of this increasing demand, network devices are required to possess a high degree of sensitivity for services, including an in-depth parsing of packets and a comprehensive understanding of any packet field at any layer. This level of sensitivity rises far beyond what behavior aggregate (BA) classification can offer. Multi-field (MF) classification can be deployed to help address this sensitivity deficit.
MF classification allows a device to elaborately classify packets based on certain conditions, such as 5-tuple (source IP address, source port number, protocol number, destination address, and destination port number). To simplify configurations and facilitate batch modification, MF classification commands are designed based on a template. For details, see section Traffic Policy Based on MF Classification.
Traffic Behaviors Techniques
The following table describes traffic behaviors that can be implemented individually or jointly for classified packets on a NE5000E.
Traffic Behavior |
Description |
|
|---|---|---|
Marking/Re- marking |
External marking |
Sets or modifies the priority of packets to relay QoS information to the next device. |
Internal marking |
Sets the class of service (CoS) and drop precedence of packets for internal processing on a device so that packets can be placed directly in specific queues. Setting the drop precedence of packets is also called coloring packets. When traffic congestion occurs, packets in the same queue are provided with differentiated buffer services based on colors. |
|
Traffic policing |
Restricts the traffic rate to a specific value. When traffic exceeds the specified rate, excess traffic is dropped. |
|
Congestion management |
Places packets in queues for buffering. When traffic congestion occurs, the device determines the forwarding order based on a specific scheduling algorithm and performs traffic shaping for outgoing traffic to meet users' requirements on the network performance. |
|
Congestion avoidance |
Monitors network resources. When network congestion intensifies, the device drops packets to prevent overloading the network. |
|
Packet filtering |
Functions as the basic traffic control method. The device determines whether to drop or forward packets based on traffic classification results. |
|
Policy-based routing (also called redirection) |
Determines whether packets will be dropped or forwarded based on the following policies:
|
|
Load balancing |
Load balancing is configured to be session-by-session or packet-by-packet. Load balancing applies only to packets that have multiple forwarding paths available. There are two possible scenarios:
|
|
Packet fragmentation |
Modifies the Don't Fragment (DF) field of packets. NOTE:
Some packets sent from user terminals are 1500 bytes long. PCs generally set the DF value to 1 in the packets. When packets traverse network devices at various layers, such as the access, aggregation, or core network layer, additional information is added so that the packet length will exceed the maximum transmission unit (MTU) of 1500 bytes. If such a packet carries the DF value of 1 in the header, the packet will be dropped. A DF value of 1 specifies that a datagram not be fragmented in transit. To prevent such packet loss and to keep users unaware of any change, the device involved is allowed to set the DF field in an IP header. |
|
URPF (Unicast Reverse Path Forwarding) |
Prevents the source address spoofing attack. URPF obtains the source IP address and the inbound interface of a packet and checks them against the forwarding table. If the source IP address is not found, URPF considers the source IP address as a pseudo address and drops the packet. |
|
Flow mirroring |
Allows a device to copy an original packet from a mirrored port and to send the copy to the observing port. |
|
Flow sampling |
Collects information about specific data flow, such as timestamps, source address, destination address, source port number, destination port number, ToS value, protocol number, packet length, and inbound interface information, to monitor specific users. |
|
Modifying the TTL value |
Modifies the Time To Live (TTL) value of IP packet headers. |
|
Configuring MF Classification-based Traffic Policies for IP Packets
This section describes how to configure MF classification-based traffic policies for IP packets.
Context
As networks rapidly develop and services become increasingly diversified, multiple service flows share the same network resource. In some scenarios, incoming or ongoing traffic on a network needs to be classified. For example, voice, video, and data services must be allocated different bandwidths because they have different requirements on delay. Traffic from different users must be distinguished and allocated different bandwidths and priorities. BA classification-based traffic policies fail to meet such requirements.
MF classification-based traffic policies for IP packets provide differentiated services according to parameters such as the DSCP value, protocol type, IP address, and port number in packets, which can meet the requirements of different services on bandwidth and delay.
Typically, MF classification-based traffic policies are configured on routers at the network edge, and BA classification-based traffic policies are configured on core routers.
MF classification-based traffic policies for IP packets is in conflict with Flow Influence.
Pre-configuration Tasks
Before configuring MF classification-based traffic policies for IP packets, you need to complete the following tasks:
Configure the physical parameters of interfaces.
Configure the link layer attributes of interfaces.
Configure IP addresses for interfaces.
Enable the routing protocol for communication between devices at the network layer.
Configuring a Traffic Classifier
You need to configure a traffic classifier before configuring class-based QoS. The traffic classifier can be configured based on the ACL rule, IP precedence, MAC address, protocol address, and so on.
Procedure
- Define a traffic classifier based on Layer 3 or Layer 4 information
- Define matching rules for the traffic classifier as required.
![]()
For IPv6 packets, you need to specify the keyword ipv6 when defining a matching rule in Step 3. A matching rule defined to match packets based on the source or destination addresses applies to IPv6 packets, but not IPv4 packets.
You can define different ACL rules as required, including the protocol type, source address, destination address, and ToS in packets. The if-match acl command filters packets according to the ACL rules defined in the rule command. The system then performs the corresponding traffic behavior for the matching packets.
To define a matching rule based on an ACL, run the if-match [ ipv6 ] acl { acl-number | name acl-name } [ precedence precedence-value ] command.
To define a matching rule to classify traffic based on the DSCP value, run the if-match [ ipv6 ] dscp dscp-value command.
To define a matching rule to classify traffic based on the IPv4 TCP flag value, run the if-match tcp syn-flag { tcpflag-value [ mask tcpflag-mask ] | bit-match { established | fin | syn | rst | psh | ack | urg | ece | cwr | ns } } command.
- To set a matching rule to classify traffic based on the IPv6 TCP flag, run the if-match ipv6 tcp syn-flag { tcpflag-value [ mask tcpflag-mask ] | bit-match { established | fin | syn | rst | psh | ack | urg } } command.
To define a matching rule to classify traffic based on the precedence of an IP packet, run the if-match [ ipv6 ] ip-precedence ip-precedence command.
To define a matching rule to classify traffic based on the MPLS EXP value, run the if-match mpls-exp exp-value command.
To define a matching rule to match all packets, run the if-match [ ipv6 ] any command.
To define a matching rule to classify traffic based on the value of the next IPv6 header, run the if-match ipv6 next-header header-number first-next-header command.
To define a matching rule to classify traffic based on the source IPv6 address, run the if-match ipv6 source-address ipv6-address prefix-length command.
To define a matching rule to classify traffic based on a destination IPv6 address, run the if-match ipv6 destination-address ipv6-address prefix-length command.
- To define a matching rule to classify traffic based on the QoS policy ID, run the if-match qos-local-id qos-local-id command.
- To define a matching rule to classify traffic based on the source and destination QoS policy IDs, run the if-match qos-local-id source source-qos-local-id destination destination-qos-local-id command.
- To define a matching rule to classify traffic based on the IPv6 QoS policy ID, run the if-match ipv6 qos-local-id qos-local-id command.
- Define matching rules for the traffic classifier as required.
- Define a traffic classifier based on Layer 2 information
- Define a traffic classifier based on the packet offset.
- Run if-match { offset offset-value match-value match-value match-mask match-mask } <1-4>
A matching rule based on the packet offset is configured.
![]()
A matching rule based on the packet offset affects forwarding performance. Therefore, understand related precautions before using the if-match offset command.
- Run if-match { offset offset-value match-value match-value match-mask match-mask } <1-4>
Defining a Traffic Behavior and Configuring Actions
This section describes the traffic behaviors supported by a device and how to configure actions for a traffic behavior.
Context
A device supports various types of actions for a traffic behavior. You can configure one or more types of actions as required.
Procedure
- Run system-view
The system view is displayed.
- Run traffic behavior behavior-name
A traffic behavior is configured and its view is displayed.
- Configure packet filtering actions.
- Run permit | deny
Packets are permitted or denied.
![]()
If both the if-match any and deny commands are configured, the MF classification function prevents all packets (including protocol packets) from passing through an interface. Therefore, exercise caution when using a combination of the preceding commands.
If the permit or deny action is configured in both the rule command and the traffic behavior view, only the packets permitted by the rule command are processed based on the traffic behavior. If the deny action is configured in either the rule command or the traffic behavior view, all matched packets are discarded.
- Run permit | deny
- Configure a traffic policing action.
- Configure forcible traffic classification.
- Configure packet re-marking.
- Configure redirection actions for packets.
- IP packets support multiple redirection actions. Select the corresponding configurations in the following table based on packet types and service scenarios on the network.
![]()
To enable a device to generate traps when redirection PBR switching is triggered or the redirection next hop is invalid, run the redirect nexthop trap enable command in the system view.
Table 1-291 IP packet redirection configurationsPacket Type
Redirection Scenario
Configuration Command
IPv4 packets
Configure the IPv4 address and outbound interface, VPN instance, and NQA test instance on a single next hop for redirecting IPv4 packets.
- redirect ip-nexthop ip-address interface interface-type interface-number [ route-forward ] [ pri-type common ]
- redirect ip-nexthop ip-address nqa nqa-test-administer-name name-of-nqa-test-instance [ routing-filter { default-routing | blackhole-routing } * ] [ deny ] [ pri-type common ] [ public-network ]
- redirect ip-nexthop ip-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
In a scenario in which packets are redirected to a single next hop whose IP address matches a default route or a black-hole route, configure the packets to be forwarded based on the destination IP address.
redirect ip-nexthop ip-address [ routing-filter { default-routing | blackhole-routing } * ] [ deny ] [ pri-type common ] [ public-network ]
Configure the IPv4 addresses and outbound interfaces, VPN instances, and NQA test instances on multiple next hops for redirecting IPv4 packets.
- redirect ipv4-multinhp { nhp ip-address interface interface-type interface-number } &2-42 [ loadbalance [ sip-hash ] [ unequal-cost ] ] [ route-forward ] [ pri-type common ]
- redirect ipv4-multinhp { nhp ip-address nqa nqa-test-administer-name name-of-nqa-test-instance } &2-42 [ routing-filter { default-routing | blackhole-routing } * ] [ deny ] [ pri-type common ]
- redirect ipv4-multinhp { nhp ip-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] } &2-42 [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ] [ non-revertive ]
Configure IPv4 packets to be directly redirected to a specified outbound interface.
redirect to interface { interface-name | interface-type interface-number } [ route-forward ]
In a scenario in which packets are redirected to multiple next hops whose IP addresses match default or black-hole routes, configure the packets to be forwarded based on the destination IP address.
redirect ipv4-multinhp { nhp ip-address } &2-42 [ routing-filter { default-routing | blackhole-routing } * ] [ deny ] [ pri-type common ]
IPv6 packets
Configure the IPv6 address and outbound interface, VPN instance, and NQA test instance on a single next hop for redirecting IPv6 packets.
- redirect ipv6-nexthop ipv6-address interface interface-type interface-number [ route-forward ] [ pri-type common ]
- redirect ipv6-nexthop ipv6-address nqa nqa-test-administer-name name-of-nqa-test-instance [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
- redirect ipv6-nexthop ipv6-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
In a scenario in which packets are redirected to a single next hop whose IP address matches a default route or a black-hole route, configure the packets to be forwarded based on the destination IP address.
- redirect ip-nexthop ip-address [ routing-filter { default-routing | blackhole-routing } * ] [ deny ] [ pri-type common ] [ public-network ]
Configure the IPv6 addresses and outbound interfaces, VPN instances, and NQA test instances on multiple next hops for redirecting IPv6 packets.
- redirect ipv6-multinhp { nhp ipv6-address interface interface-type interface-number } &2-16 [ loadbalance [ unequal-cost ] ] [ route-forward ] [ pri-type common ]
- redirect ipv6-multinhp { nhp ipv6-address nqa nqa-test-administer-name name-of-nqa-test-instance } &2-16 [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
- redirect ipv6-multinhp { nhp ipv6-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] } &2-16 [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
In a scenario in which packets are redirected to multiple next hops whose IP addresses match default or black-hole routes, configure the packets to be forwarded based on the destination IP address.
- redirect ipv6-nexthop ipv6-address [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
Configure IPv6 packets to be directly redirected to a specified outbound interface.
redirect ipv6 to interface { interface-name | interface-type interface-number } [ route-forward ]
IPv4 and IPv6 packets
Configure IPv4 or IPv6 packets forwarded by private network routes to be redirected to public network routes' outbound interfaces.
redirect { ip | ipv6 } public-network
Configure IP data flows to be redirected to the public network's target LSP.
redirect lsp public dest-ipv4-address [ nexthop-address | interface interface-type interface-number | secondary ]
Configure packets to be redirected to a specified VPN group.
redirect vpn-group vpn-group-name
Configure packets to be redirected to a specified VSI.
redirect vsi vsi-name
Configure packets to be redirected to a specified tunnel.
redirect interface tunnel tunnelname [ destination-ip destination-ip-address vpn-instance vpn-instance-name ] [ route-forward ]
Configure public network IPv4/IPv6 packets to be redirected to a single SR-MPLS TE Policy.
redirect sr-te policy endpoint color [ label label ] [ route-forward ]
Configure public network IPv4/IPv6 packets to be redirected to a single SRv6 TE Policy.
redirect srv6-te policy endpoint color [ { sid | vpnsid } sid-ip ]
Configure IPv4/IPv6 packets to be redirected to multiple SRv6 TE Policies for load balancing.
redirect-template srv6-te template-name
NOTE:Before performing this configuration, you need to create an SRv6 TE Policy redirection template in the system and specify SRv6 TE Policies.- Run the redirect template template-name srv6-te command to create an SRv6 TE Policy redirection template and enter its view.
- Run the endpoint endpoint color color [ { sid | vpnsid } sid-ip ] command to configure an SRv6 TE Policy to which IPv4/IPv6 packets are redirected.
- Run the commit command to commit the configuration.
- IP packets support multiple redirection actions. Select the corresponding configurations in the following table based on packet types and service scenarios on the network.
- Configure a cascaded traffic policy.
ACL rules are generally used for redirection in a traffic behavior. However, the specifications of ACL rules are limited. When ACL rules defined for MF classification do not meet the live network requirements, you can redirect the traffic behavior to a configured traffic policy to implement cascaded MF classification.
- Configure the sampling function of NetStream statistics.
To charge the subscribers or collect traffic statistics based on traffic classifiers, you can configure the corresponding traffic classifier and run the following commands to enable NetStream sampling:
- Increase the priority of the traffic behavior.
If both BGP flow specification and MF classification are configured on a device, you can run the increase-priority command to allow the traffic behavior configured in MF classification to preferentially take effect.
- Enable the logging of the first packet that matches an ACL.
- Run log first-packet
The device is enabled to log the first packet that matches an ACL.
After this function is enabled, a log is recorded when the first packet matches an ACL. The log contains the inbound/outbound interface name, source IP address, destination IP address, protocol number, source port number (TCP/UDP), destination port number (TCP/UDP), time when the first packet was received (in milliseconds), and number of packets within the specified period.
- Run quit
Return to the system view.
- (Optional) Run traffic-behavior log { entries number-of-entries | interval interval-time } *
The maximum number of flows and the interval for collecting packet statistics recorded by the log are configured.
- Run commit
The configuration is committed.
- Run log first-packet
Configuring a Traffic Policy
After defining traffic classifiers and behaviors, you need to configure a traffic policy to associate them.
Procedure
- Run system-view
The system view is displayed.
- Run traffic policy policy-name
A traffic policy is defined and its view is displayed.
![]()
Cascaded MF classification: ACL rules are generally used for redirection in a traffic behavior. However, the specifications of ACL rules are limited. When ACL rules defined for MF classification do not meet actual requirements, you can redirect the traffic behavior to a configured traffic policy, implementing cascaded MF classification.
- Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]
A traffic classifier is associated with a traffic behavior in the traffic policy, and a matching precedence is configured.
- (Optional) Run step step-value
The step between sub-policies is configured.
- (Optional) Run statistics enable
The statistics collection function is enabled for the traffic policy.
By default, the statistics collection function is disabled for a traffic policy to conserve memory resources. To view statistics about a traffic policy, you can enable the statistics collection function for it.
- (Optional) Run undo share-mode
The unshared mode is specified for the traffic policy.
By default, a traffic policy works in shared mode. If a traffic policy has been applied to an interface, you cannot modify its shared or unshared mode. If such modification is required, you need to cancel the application on the interface first.- Shared mode: Although a traffic policy is applied to different interfaces, its statistics are displayed as summarized data of the interfaces and the data of each interface cannot be distinguished.
- Unshared mode: Statistics on a traffic policy can be displayed by interface according to the interfaces to which the traffic policy is applied.
- (Optional) Run match-type ipv6 qos-local-id enable
The IPv6 qos-local-id matching mode is enabled.
If a matching rule based on an IPv6 QoS policy ID is configured in a traffic classifier, the matching rule takes effect only after the IPv6 qos-local-id matching mode is enabled.
- Run commit
The configuration is committed.
Applying a Traffic Policy
A class-based policy does not take effect unless it is applied to an interface.
Procedure
- Run system-view
The system view is displayed.
- (Optional) Configure packet information to be matched when a traffic policy is applied to a board.
- Select one of the following configurations based on service requirements.
- Run the traffic-policy match-ip-layer { mpls-pop | mpls-push } * command to configure MF classification based only on IP layer (Layer 3) information for incoming/outgoing traffic on the public network.
- Run the traffic-policy match-mpls-layer { mpls-push | mpls-pop } * command to configure MF classification based on both IP and MPLS information for incoming/outgoing traffic on the public network.
![]()
If MF classification based on both IP and MPLS information is configured, do not specify other parameters when running the traffic-policy policy-name { inbound | outbound } command on an interface. Otherwise, the function does not take effect.
- Run the commit command to commit the configuration.
- Select one of the following configurations based on service requirements.
- Perform the following operations based on the interfaces on which a traffic policy is used:
- Apply an MF classification-based traffic policy to a Layer 3 interface.
- To enter the Layer 3 interface view, run the interface interface-type interface-number command.
- (Optional) To apply an MF classification-based traffic policy to incoming traffic based on the source and destination QoS policy IDs, run the qppb-policy qos-local-id both inbound command.
![]()
The if-match qos-local-id source source-qos-local-id destination destination-qos-local-id command must be run prior to the qppb-policy qos-local-id both inbound command. For details, see section defining a traffic classifier.
- To apply a traffic policy to the Layer 3 interface, run the traffic-policy policy-name { inbound | outbound } [ all-layer | link-layer | mpls-layer ] command.
![]()
- If link-layer is configured, the device performs MF classification based on Layer 2 information of packets.
- If mpls-layer is configured, the device performs MF classification based on MPLS packet header information.
- If all-layer is configured, the device first performs MF classification based on Layer 2 information of packets. If packets do not match any rule based on Layer 2 information, the device performs MF classification based on Layer 3 information of packets.
- Apply an MF classification-based traffic policy to an EVC Layer 2 sub-interface, with the bandwidth allocation mode specified.
- To enter the EVC Layer 2 sub-interface view, run the interface interface-type interface-number.subnum mode l2 command.
- To apply a traffic policy to the EVC Layer 2 sub-interface, run the traffic-policy policy-name { inbound | outbound } identifier { none | vid | ce-vid | vid-ce-vid } [ all-layer | link-layer] command.
![]()
The bandwidth allocation mode specified using the identifier parameter must be the same as the one configured on the EVC Layer 2 sub-interface.
- Apply an MF classification-based traffic policy to a QinQ VLAN tag termination sub-interface, with the PVLAN ID and CVLAN ID ranges specified.
- To enter the sub-interface view, run the interface interface-type interface-number.subinterface-number command.
- To set a VLAN ID range for the sub-interface and configure the sub-interface to remove the tags from double-tagged packets, run the encapsulation qinq-termination [ rt-protocol ] command.
- To configure the sub-interface as a QinQ VLAN tag termination sub-interface, run the qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid ce-vid [ to high-ce-vid ] [ vlan-group group-id ] command.
- To apply a traffic policy to the QinQ VLAN tag termination sub-interface, run the traffic-policy policy-name { inbound | outbound } pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ] [ all-layer | link-layer | mpls-layer ] command.
- Apply an MF classification-based traffic policy to a VBDIF interface.
- To create a bridge domain (BD), run the bridge-domain bd-id command.
- To return to the system view, run the quit command.
- To create a VBDIF interface and enter the VBDIF interface view, run the interface vbdif bd-id command.
- To apply a traffic policy to the VBDIF interface, run the traffic-policy policy-name { inbound | outbound } command.
- (Optional) Apply an MF classification-based traffic policy to an EVPN instance.
- To enter the EVPN instance view, run the evpn vpn-instance vpn-instance-name bd-mode command.
- To apply a traffic policy to the EVPN instance, run the traffic-policy policy-name network inbound command.
- Apply an MF classification-based traffic policy to a Layer 3 interface.
- (Optional) Run qos traffic-car member-link-scheduler distribute in the Eth-Trunk interface view
When CAR is configured on a trunk interface, the sum of all the member interfaces' bandwidth complies with the CAR settings.
- Run commit
The configuration is committed.
Verifying the Configuration
After class-based QoS is successfully configured, you can check the traffic classifiers, traffic behaviors, bindings between traffic classifiers and behaviors in the specified traffic policy, configured traffic policies and their application, as well as configured queues and their application.
Procedure
- Run the display interface [ interface-type [ interface-number ] ] command to check traffic information about an interface.
- Run the display traffic behavior { system-defined | user-defined } [ behavior-name ] command to check the traffic behavior configuration.
- Run the display traffic classifier { system-defined | user-defined } [ classifier-name ] command to check the traffic classifier configuration.
- Run the display traffic policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] command to check bindings between all traffic classifiers and traffic behaviors or between a specified traffic classifier and a traffic behavior in a traffic policy.
- Run the display traffic policy [ policy-name ] statistics interface interface-type interface-number [ .sub-interface ] { inbound | outbound } [ verbose { classifier-based [ class class-name ] | rule-based [ class class-name ] [ filter ] } ] command to check traffic policy statistics on an interface.
Configuring Priority Mappings for IP Packets
This section describes how to configure the mappings between DSCP values of IP packets, QoS service classes, and colors to implement QoS scheduling of IP packets.
Context
Traffic policy based on BA classification is used to map the priority of traffic on one type of network to another type. That is, to transmit the traffic in the other network according to the original priority.
When the NE5000E serves as the border router for different networks, the original external priorities (DSCP values) in the IP packets that go into the NE5000E are all mapped to the internal priorities of the router represented by service classes of DiffServ and colors. When the NE5000E sends out the packets, the internal priority is mapped back to the external priority.
BA classification is usually implemented on the core devices of the network. It can be implemented on both physical and logical interfaces. If implemented on the logical interface, BA classification can limit traffic congestion on member ports of the logical interface and restrict the priority of packets on the logical interface.
A DiffServ (DS) domain is a group of DiffServ nodes that adopt the same service policies and implement the same PHB aggregate.
The priority of packets is usually accepted or re-defined on the core router. On the border router in the IP domain or MPLS domain, DSCP and EXP values also need to be mapped.
The BA classification can map the internal priority to the external priority, and the external priority to the internal priority. However, mapping between traffic of the same type, for example, IP traffic or MPLS traffic, is not supported.
If unified scheduling is required for all upstream traffic on an interface, you can run the qos default-service-class command to configure the upstream traffic on the interface to enter the specific queues and provide corresponding services. After this command is run, other packets cannot be enabled to enter the queues, and BA classification cannot be enabled.
Pre-configuration Tasks
Configure physical parameters for interfaces.
Configure link layer attributes for interfaces to work properly.
Configure IP addresses for interfaces.
Enable a routing protocol for communication between devices.
Verifying the Configuration
Run the following commands to check the previous configuration.
- Run the display diffserv domain [ ds-domain-name ] [ 8021p | dscp | exp | ip-precedence ] [ inbound | outbound ] command to check the DiffServ domain configuration.
- Run the display diffserv domain application ds-domain-name command to check the interface list applied to a specified DiffServ domain.
Configuring MF Classification-based Traffic Policies for VLAN Packets
This section describes how to configure MF classification-based traffic policies for VLAN packets.
Context
To manage or limit the traffic that goes into or flows in a network according to the class of service, you need to configure QoS traffic policies based on MF classification. That is, you need to provide differentiated services according to the VLAN attributes of packets. In this way, traffic from different users, such as voice services, video services, and data services can be served differently in terms of bandwidth, delay, and precedence. After VLAN QoS is used for the traffic entering the VLAN network, the traffic can either retain its QoS attributes of the previous network, or has its QoS attributes modified according to the configurations of the VLAN. In this manner, the traffic continues to be transmitted in the VLAN.
MF classification-based traffic policies are usually configured on the router located at the edge of a network, whereas BA classification-based traffic policies are configured on the router located near the core of a network.
Configuring Rules for Mapping VLAN Frame Priorities
This section describes how to configure the rule for mapping VLAN frame priorities.
Procedure
- Run system-view
The system view is displayed.
- Run traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed.
- Run if-match 8021p 8021p-value
A rule for mapping the 802.1p values of VLAN packets is defined.
- Run commit
The configuration is committed.
Configuring a Traffic Policy
After defining traffic classifiers and behaviors, you need to configure a traffic policy to associate them.
Procedure
- Run system-view
The system view is displayed.
- Run traffic policy policy-name
A traffic policy is defined and its view is displayed.
- Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]
A traffic classifier is associated with a traffic behavior in the traffic policy, and a matching priority is configured.
- (Optional) Run step step-value
The step between sub-policies is configured.
- (Optional) Run statistics enable
The statistics collection function is enabled for the traffic policy.
By default, the statistics collection function is disabled for a traffic policy to conserve memory resources. To view statistics about a traffic policy, you can enable the statistics collection function for it.
- Run commit
The configuration is committed.
Applying a Traffic Policy
A class-based policy does not take effect unless it is applied to an interface.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run traffic-policy policy-name { inbound | outbound } [ all-layer | link-layer | mpls-layer ]
A traffic policy is applied to the interface.
If you specify link-layer, the router matches Layer 2 information about packets with the traffic policy and performs a corresponding action.
If you specify mpls-layer, the router performs complex traffic classification based on MPLS packet header information.
If you specify all-layer, The device first performs rule-matching according to Layer 2 information and implements a corresponding traffic action. If Layer 2 information of a packet does not match the traffic rule, the system performs rule-matching according to Layer 3 information and implements a corresponding traffic action.
By default, the NE5000E performs complex traffic classification based on Layer 3 or Layer 4 information, the MPLS information of the packets and other information.
- Run commit
The configuration is committed.
Verifying the Configuration
After VLAN QoS is successfully configured, you can view the traffic classifiers, traffic behaviors, binding between traffic classifiers and behaviors in the specified traffic policy, configured traffic policies and their application, and configured queues and their application.
Procedure
- Run the display interface [ interface-type [ interface-number ] ] command to check traffic information about an interface.
- Run the display traffic behavior { system-defined | user-defined } [ behavior-name ] command to check the traffic behavior configuration.
- Run the display traffic classifier { system-defined | user-defined } [ classifier-name ] command to check the traffic classifier configuration.
- Run the display traffic policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] command to check bindings between all traffic classifiers and traffic behaviors or between a specified traffic classifier and a traffic behavior in a traffic policy.
- Run the display traffic policy [ policy-name ] statistics interface interface-type interface-number [ .sub-interface ] { inbound | outbound } [ verbose { classifier-based [ class class-name ] | rule-based [ class class-name ] [ filter ] } ] command to check traffic policy statistics on an interface.
- Run the display traffic policy statistics interface interface-type interface-number { inbound | outbound } [ verbose { classifier-based [ class class-name ] | rule-based [ class class-name ] [ filter ] } ] command to check traffic policy statistics on an interface.
Configuring Priority Mappings for VLAN Packets
This section describes how to configure priority mappings for VLAN packets and the application environment of this function.
Context
Traffic policy based on BA classification is used to map the priority of traffic on one type of network to another type. That is, to transmit the traffic in the other network according to the original priority.
When the NE5000E serves as the border router for different networks, the original external priorities (802.1p values) in the VLAN packets that go into the NE5000E are all mapped to the internal priorities of the router represented by service classes of DiffServ and colors. When the NE5000E sends out the packet, the internal priority is mapped back to the external priority.
If unified scheduling is required for all upstream traffic on an interface, you can run the qos default-service-class command to configure the upstream traffic on the interface to enter the specific queues and provide corresponding services. After this command is run, other packets cannot be enabled to enter the queues, and BA classification cannot be enabled.
Pre-configuration Tasks
Before configuring priority mappings for VLAN packets, complete the following tasks:
Configure physical parameters for interfaces.
Configure link layer attributes for interfaces to work properly.
Configure IP addresses for interfaces.
Enable a routing protocol for communication between devices.
In VS mode, this configuration is supported only by the admin VS.
Procedure
- Run system-view
The system view is displayed.
- Run diffserv domain { ds-domain-name | default} [ domain-id domain-id-value ]
A DiffServ domain is defined and the DiffServ domain view is displayed.
- Define traffic policies on the router based on the actual situation.
To define a traffic policy for incoming VLAN traffic, run the 8021p-inbound 8021p-value phb service-class [ color ] command.
To define a traffic policy for outgoing VLAN traffic, run the 8021p-outbound service-class color map 8021p-value command.
The system predefines the default domain profile for VLAN packets.
The default domain profile describes the default mappings between the 802.1p priorities of VLAN packets, QoS services classes, and colors. You can modify the mappings in the default domain profile. The 802.1p priorities of packets from an upstream device are mapped to QoS service classes and colors, and Table 1-294 shows the mappings. The QoS service classes and colors of packets to a downstream device are mapped to 802.1p priorities, and Table 1-295 shows the mappings.
Table 1-294 Default mapping from the IP Precedence/MPLS EXP/802.1p to the service-class and colorIP Precedence/MPLS EXP/802.1p
Service
Color
0
BE
Green
1
AF1
Green
2
AF2
Green
3
AF3
Green
4
AF4
Green
5
EF
Green
6
CS6
Green
7
CS7
Green
Table 1-295 Default mapping from the service-class and color to IP Precedence/MPLS EXP/802.1pService
Color
IP Precedence/MPLS EXP/802.1p
BE
Green, Yellow, Red
0
AF1
Green, Yellow, Red
1
AF2
Green, Yellow, Red
2
AF3
Green, Yellow, Red
3
AF4
Green, Yellow, Red
4
EF
Green, Yellow, Red
5
CS6
Green, Yellow, Red
6
CS7
Green, Yellow, Red
7
- Run commit
The configuration is committed.
- Run quit
Return to the system view.
- Run interface gigabitethernet interface-number.subnumber
The sub-interface view is displayed.
- Apply a traffic policy to VLAN packets on an interface.
Bind an interface to a DiffServ domain. Perform the following configurations based on the application scenario:
![]()
The application scenarios of the two configurations are different:
- The qos phb enable command maps priorities only for downstream traffic.
- To map priorities for both upstream and downstream traffic, run the trust upstream command.
- Run the trust upstream { 5p3d | ds-domain-name | default } command to bind the sub-interface to a DiffServ domain.
- Run the qos phb enable command to map priorities only for downstream packets.
- Run the trust { 8021p | inner-8021p | outer-8021p } [ inbound | outbound ] command to enable 802.1p value-based BA classification.
![]()
- Before running the trust 8021p command on an interface, you must run the trust upstream command to bind the interface to a DiffServ domain. Otherwise, the trust 8021p configuration does not take effect.
- When the L3VPN DiffServ mode is pipe and traffic needs to be scheduled based on the 802.1p value, run the diffserv-mode pipe mapping-8021p mpls-pop command in the system view to enable the MPLS egress PE to fill the 802.1p value in outgoing packets.
- Run commit
The configuration is committed.
Verifying the Configuration
Run the following commands to check the previous configuration.
- Run the display diffserv domain [ ds-domain-name ] [ 8021p | dscp | exp ] [ inbound | outbound ] command to check the DiffServ domain configuration.
- Run the display diffserv domain application ds-domain-name command to check the interface list applied to a specified DiffServ domain.
Configuring Priority Mappings for MPLS Packets
This section describes how to configure priority mappings for MPLS packets and the application environment of this function.
Context
A priority mapping based on BA classification maps network-specific traffic priorities between two networks of different types so that the traffic priorities can remain unchanged while traffic is being transmitted between various networks.
When the NE5000E serves as the border router for different networks, the original external priorities (EXP values) in the MPLS packets that go into the NE5000E are all mapped to the internal priorities represented by service classes of DiffServ and colors. When the NE5000E sends out a packet, the internal priority is mapped back to the external priority.
Generally, the priority mappings of MPLS packets are configured on the core device of the network.
Pre-configuration Tasks
Before configuring priority mappings for MPLS packets, complete the following tasks:
Configure physical parameters for interfaces.
Configure link layer attributes for interfaces to work properly.
Configure IP addresses for interfaces.
Enable a routing protocol for communication between devices.
In VS mode, this configuration is supported only by the admin VS.
Procedure
- Run system-view
The system view is displayed.
- Run diffserv domain ds-domain-name
A DiffServ domain is defined and its view is displayed.
- Define traffic policies on the router based on the actual situation.
To define a traffic policy for incoming MPLS traffic, run the mpls-exp-inbound exp phb service-class [ color ] command.
To define a traffic policy for outgoing MPLS traffic, run the mpls-exp-outbound service-class color map exp-value command.
The system predefines a default domain. If you do not configure priority mappings in Step 3 for the DiffServ domain, the system uses the default mappings. The default domain describes the default mappings from the EXP values of MPLS packets to QoS service classes and colors, or from QoS service classes and colors to the EXP values of MPLS packets. You can change the mappings in the default domain. The EXP values of the packets from an upstream device are mapped to QoS service classes and colors. Their mappings are shown in Table 1-296. The QoS service classes and colors of the packets entering a downstream device are mapped to EXP values. Their mappings are shown in Table 1-297.
The default mappings between the EXP values of MPLS packets and QoS service classes are shown in Table 1-296.
Table 1-296 Default mappings between the EXP values and QoS service classesEXP
Service
Color
EXP
Service
Color
0
BE
Green
4
AF4
Green
1
AF1
Green
5
EF
Green
2
AF2
Green
6
CS6
Green
3
AF3
Green
7
CS7
Green
The default mappings between the EXP values of MPLS packets and QoS service classes are shown in Table 1-297.
- Run commit
The configuration is committed.
- Run quit
Return to the system view.
- Run interface interface-type interface-number
The interface view is displayed.
- Run trust upstream { ds-domain-name | default }
The DiffServ domain is bound to the interface, and BA classification is enabled on the interface.
- Run commit
The configuration is committed.
Verifying the Configuration
Run the following commands to check the previous configuration.
- Run the display diffserv domain [ ds-domain-name ] [ 8021p | dscp | exp ] [ inbound| outbound ] command to check the DiffServ domain configuration.
- Run the display diffserv domain application ds-domain-name command to check the interface list applied to a specified DiffServ domain.
(Optional) Configuring a Priority for Protocol Packets
You can set the differentiated services code point (DSCP) value of management or control protocol packets sent by the local device, and enable the protocol packets to enter the specified internal priority queue and obtain the corresponding colors based on the DSCP values.
Context
Currently, when the NE5000E performs internal scheduling on protocol packets, by default, it places the protocol packets in the CS6 queue without colors, and the priority of the packets is fixed. If you use the CS6 queue for another purpose or not for service forwarding, services are affected. In addition, on the downstream device, scheduling requirements of specified protocol packets may fail to be met because these packets may enter the low-priority QoS queue. Therefore, to allow for flexible packet scheduling, allow these packets to enter other queues.
Procedure
- Run system-view
The system view is displayed.
- Configure the DSCP value of management or control protocol packets based on the packet type.
- Run the host-packet type { management-protocol | control-protocol } dscp dscp-value command to configure the DSCP value of IPv4 management or control protocol packets.
- Run the host-packet ipv6 type { management-protocol | control-protocol } dscp dscp-value command to configure the DSCP value of IPv6 management or control protocol packets.
![]()
Generally, each protocol has a default DSCP value, and the DSCP values of some protocols can be configured using the host-packet type command or the corresponding commands for changing the DSCP values of the protocols. In this case, the rules for the DSCP values to take effect as follows:
- If a protocol has its own command for changing the DSCP value, the DSCP value configured using its own command takes effect regardless of whether the DSCP value is controlled by the host-packet type command.
- If a protocol does not have its own command for changing the DSCP value and the DSCP value is controlled by the host-packet type command, the DSCP value configured using the command takes effect.
- If a protocol does not have its own command for changing the DSCP value and the DSCP value is not controlled by the host-packet type command, the default DSCP value takes effect.
For details about the DSCP value and meaning corresponding to each PHB, see DSCP and PHB.
Table 1-298 and Table 1-299 describe how to change the ToS/DSCP value of the IPv4 protocol and the traffic class/DSCP value of the IPv6 protocol, respectively.
Table 1-298 ToS/DSCP value of IPv4 and its modification methodProtocol
Default ToS/DSCP Value
Controlled by the host-packet type Command
Modification Command for Each Protocol
ICMP_ECHO
0
No
ping -dscp dscp-value
ICMP_ECHO_REPLY
0
No
N/A
ICMP Error
48
No
N/A
DNS
0
No
N/A
FTP
48
Yes (host-packet type management-protocol)
N/A
TFTP
48
Yes (host-packet type management-protocol)
N/A
SNMP
48
Yes (host-packet type management-protocol)
snmp-agent packet-priority snmp priority-level
SSH
48
Yes (host-packet type management-protocol)
ssh server dscp value
Telnet
48
Yes (host-packet type management-protocol)
telnet server dscp value
Syslog (UDP)
0
Yes (host-packet type management-protocol)
info-center syslog packet-priority priority-level
The info-center syslog packet-priority priority-level command takes precedence over the host-packet type management-protocol command.
Syslog (TCP)
0
No
info-center syslog packet-priority priority-level
HWTACACS
48
Yes (host-packet type management-protocol)
N/A
NTP
48
Yes (host-packet type control-protocol)
N/A
BFD
56
No
tos-exp tos-value (BFD session view)
tos-exp tos-value { dynamic | static } (BFD view)
IGMP
48
No
N/A
PIM
48
No
N/A
BGP
48
Yes (host-packet type control-protocol)
N/A
LDP
48
Yes (host-packet type control-protocol)
N/A
OSPF
48
Yes (host-packet type control-protocol)
N/A
VXLAN
If the inner IP ToS is valid, the ToS/DSCP value of the inner IP packet is inherited. Otherwise, it is set to 48.
No
N/A
RSVP-TE
48
No
N/A
MSDP
48
No
N/A
Table 1-299 Traffic class/DSCP value of IPv6 and its modification methodProtocol
Default Traffic Class/DSCP Value
Controlled by the host-packet type Command
Modification Command for Each Protocol
ICMP6_ECHO
0
No
ping ipv6 -tc traffic-class-value
ICMP6_ECHO_REPLY
Copied from the TC/DSCP value of an ICMP6_ECHO message
No
N/A
ICMP6 Error
Copied from the TC/DSCP value of an ICMP6_ECHO message
No
N/A
ND (NS/NA/RS/RA)
48
No
N/A
DNSv6
0
No
N/A
FTPv6
0
Yes (host-packet ipv6 type management-protocol)
N/A
TFTPv6 SERVER
NA
No
NA
TFTPv6 CLIENT
0
Yes (host-packet ipv6 type management-protocol)
NA
SNMPv6
48
No
snmp-agent packet-priority snmp priority-level
SSHv6
0
Yes (host-packet ipv6 type management-protocol)
N/A
Telnetv6
0
Yes (host-packet ipv6 type management-protocol)
N/A
Syslog (UDP)
0
Yes (host-packet ipv6 type management-protocol)
info-center syslog packet-priority priority-level
Syslog (TCP)
0
No
info-center syslog packet-priority priority-level
HWTACACS
48
No
N/A
NTPv6
0
Yes (host-packet ipv6 type management-protocol)
N/A
BFDv6
56
No
tos-exp tos-value (BFD session view)
tos-exp tos-value { dynamic | static } (BFD view)
MLD
48
No
N/A
PIMv6
48
No
N/A
BGP4+
48
Yes (host-packet ipv6 type control-protocol)
N/A
OSPFv3
48
Yes (host-packet ipv6 type control-protocol)
N/A
DHCPv6
48
No
N/A
VXLAN
If the inner IP TC is valid, the TC/DSCP value of the inner IP packet is inherited. Otherwise, it is set to 48.
No
N/A
- Run host-packet dscp dscp-value map local-service cos-value [ color color ]
Mappings between DSCP values of protocol packets and internal priorities and between DSCP values and colors are configured.
![]()
The DSCP value in the host-packet type command only indicates the priority of protocol packets. 802.1p priorities of Layer 2 protocol packets are mapped from the DSCP value based on the DS domain configured on the outbound interface. EXP priorities of MPLS packets are the leftmost 3 bits of the DSCP value. If this command is not used, sent protocol packets carry the preconfigured priority.
- Run commit
The configuration is committed.
Maintaining Class-based QoS Configuration
This section describes how to clear statistics of traffic policies.
Clearing Traffic Policy Statistics
This section describes the commands for clearing traffic policy statistics.
Context
Statistics cannot be restored after being cleared. Exercise caution when clearing statistics.
Procedure
- Run the reset traffic policy [ [ name ] policy-name ] statistics interface { interface-name | interface-type interface-number } [ vlan vlan-id | pe-vid pe-vid ce-vid ce-vid | vid vid | ce-vid ce-vid | vid vid ce-vid ce-vid ] { inbound | outbound } command to clear traffic policy statistics on a specified interface.
- Run the reset traffic policy statistics bridge-domain bdid { inbound | outbound } command to clear traffic policy statistics in a specified BD.
Configuration Examples for Class-based QoS
This section provides typical examples for configuring class-based QoS.
Example for Configuring MF Classification for IP Packets
This section provides an example for configuring MF classification for IP packets.
Networking Requirements
As shown in Figure 1-1026, MF classification is configured on DeviceC to implement access control between DeviceA and DeviceB. In addition, traffic statistics can be collected to verify packet sending and receiving.
Interface1 and Interface2 in this example represent GE 1/0/0 and GE 2/0/0, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
Configure ACL rules.
Configure a traffic classifier.
Configure a traffic behavior.
Configure a traffic policy.
Apply the traffic policy.
Data Preparation
To complete the configuration, you need the following data:
ACL number
Names of the traffic classifier, traffic behavior, and traffic policy, and number of the interface to which the traffic policy is applied
Procedure
- Configure ACL rules.
<HUAWEI> system-view[~HUAWEI] sysname DeviceC
[*HUAWEI] commit
[~DeviceC] acl number 3333[*DeviceC-acl-advance-3333]rule 5 permit ip source 1.1.1.1 0 destination 2.2.2.2 0[*DeviceC-acl-advance-3333]rule 10 permit ip source 2.2.2.2 0 destination 1.1.1.1 0[*DeviceC-acl-advance-3333] commit[~DeviceC-acl-advance-3333] quit - Configure a traffic classifier.
[~DeviceC] traffic classifier c1[*DeviceC-classifier-c1] if-match acl 3333[*DeviceC-classifier-c1] commit[~DeviceC-classifier-c1] quit - Configure a traffic behavior.
[~DeviceC] traffic behavior b1[*DeviceC-behavior-b1] permit[*DeviceC-behavior-b1] commit[~DeviceC-behavior-b1] quit - Configure a traffic policy.
[~DeviceC] traffic policy p1[*DeviceC-trafficpolicy-p1] classifier c1 behavior b1[*DeviceC-trafficpolicy-p1] share-mode[*DeviceC-trafficpolicy-p1] statistics enable[*DeviceC-trafficpolicy-p1] commit[~DeviceC-trafficpolicy-p1] quit - Apply the traffic policy.
[~DeviceC] interface gigabitethernet 1/0/0
[~DeviceC-GigabitEthernet1/0/0] traffic-policy p1 inbound
[*DeviceC-GigabitEthernet1/0/0] traffic-policy p1 outbound
[*DeviceC-GigabitEthernet1/0/0] commit
[~DeviceC-GigabitEthernet1/0/0] quit
[~DeviceC] interface gigabitethernet 2/0/0
[~DeviceC-GigabitEthernet2/0/0] traffic-policy p1 inbound
[*DeviceC-GigabitEthernet2/0/0] traffic-policy p1 outbound
[*DeviceC-GigabitEthernet2/0/0] commit
[~DeviceC-GigabitEthernet2/0/0] quit
- Verify the configuration.
After completing the configuration, run the ping 2.2.2.2 command on DeviceA to ping DeviceB, and run the display traffic policy statistics command on DeviceC to check statistics about traffic exchanged between DeviceA and DeviceB.
[~DeviceC] display traffic policy statistics interface gigabitethernet 1/0/0 inbound
Info: The statistics is shared because the policy is shared. Interface: GigabitEthernet1/0/0 Traffic policy inbound: p1 Traffic policy applied at 2017-08-30 18:30:20 Statistics enabled at 2017-08-30 18:30:20 Statistics last cleared: Never Rule number: 1 IPv4, 0 IPv6 Current status: OK! Item Packets Bytes ------------------------------------------------------------------- Matched 5 500 +--Passed 4 400 +--Dropped 1 100 Missed 0 0 Last 30 seconds rate Item pps bps ------------------------------------------------------------------- Matched 5 500 +--Passed 4 400 +--Dropped 1 100 Missed 0 0
Configuration Files
DeviceC configuration file
# sysname DeviceC # acl number 3333 rule 5 permit ip source 1.1.1.1 0 destination 2.2.2.2 0 rule 10 permit ip source 2.2.2.2 0 destination 1.1.1.1 0 # traffic classifier c1 operator or if-match acl 3333 # traffic behavior b1 # traffic policy p1 share-mode statistics enable classifier c1 behavior b1 precedence 1 # interface GigabitEthernet1/0/0 undo shutdown traffic-policy p1 inbound traffic-policy p1 outbound # interface GigabitEthernet2/0/0 undo shutdown traffic-policy p1 inbound traffic-policy p1 outbound # return
Example for Configuring IP-based MF Classification on an MPLS Interface
This section provides an example for configuring IP-based MF classification on an MPLS interface.
Networking Requirements
As shown in Figure 1-1027, PE1, the P, and PE2 are routers on the MPLS backbone network, and CE1, CE2, CE3, and CE4 are access routers on the edge of the backbone network. Use PE1 as an example. You can configure IP-based MF classification on the public network interface (Interface3) of PE1 to implement traffic control on the public network side and verify the packet sending and receiving through traffic statistics.
Interface1, Interface2, and Interface3 in this example represent GE 1/0/0, GE 2/0/0, and GE 3/0/0, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
Configure basic MPLS functions.
Configure MF classification based on IP layer information for incoming/outgoing packets on the public network.
Configure ACL rules.
Configure a traffic classifier.
Configure a traffic behavior.
Configure a traffic policy.
Apply the traffic policy.
Data Preparation
To complete the configuration, you need the following data:
ACL number
Names of the traffic classifier, traffic behavior, and traffic policy, and number of the interface to which the traffic policy is applied
Procedure
- Configure basic MPLS functions. The configuration details are not mentioned here.
For details about how to configure basic MPLS functions, see Example for Configuring BGP/MPLS IP VPN in HUAWEI NetEngine5000E Configuration Guide - VPN - BGP/MPLS IP VPN Configuration.
- Configure MF classification based on IP layer information for incoming/outgoing packets on the public network.
<HUAWEI> system-view[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] slot 1
[~PE1-slot-1] traffic-policy match-ip-layer mpls-pop[*PE1-slot-1] traffic-policy match-ip-layer mpls-push[*PE1-slot-1] commit[~PE1-slot-1] quit - Configure ACL rules.
[~PE1] acl number 3333[*PE1-acl-advance-3333] rule 5 permit ip source 11.11.11.11 0 destination 33.33.33.33 0[*PE1-acl-advance-3333] rule 10 permit ip source 33.33.33.33 0 destination 11.11.11.11 0[*PE1-acl-advance-3333] commit[~PE1-acl-advance-3333] quit - Configure a traffic classifier.
[~PE1] traffic classifier c1[*PE1-classifier-c1] if-match acl 3333[*PE1-classifier-c1] commit[~PE1-classifier-c1] quit - Configure a traffic behavior.
[~PE1] traffic behavior b1[*PE1-behavior-b1] permit[*PE1-behavior-b1] commit[~PE1-behavior-b1] quit - Configure a traffic policy.
[~PE1] traffic policy p1[*PE1-trafficpolicy-p1] classifier c1 behavior b1[*PE1-trafficpolicy-p1] share-mode[*PE1-trafficpolicy-p1] statistic enable[*PE1-trafficpolicy-p1] commit[~PE1-trafficpolicy-p1] quit - Apply the traffic policy.
[~PE1] interface gigabitethernet 3/0/0
[~PE1-GigabitEthernet3/0/0] traffic-policy p1 inbound
[*PE1-GigabitEthernet3/0/0] traffic-policy p1 outbound
[*PE1-GigabitEthernet3/0/0] commit
[~PE1-GigabitEthernet3/0/0] quit
- Verify the configuration.
After completing the configuration, run the ping 33.33.33.33 command on CE1 to ping CE3, and run the display traffic policy statistics command on PE1 to view statistics about traffic exchanged between CE3 and CE1.
[~PE1] display traffic policy statistics interface gigabitethernet 3/0/0 inbound
Info: The statistics is shared because the policy is shared. Interface: GigabitEthernet3/0/0 Traffic policy inbound: p1 Traffic policy applied at 2017-08-30 18:30:20 Statistics enabled at 2017-08-30 18:30:20 Statistics last cleared: Never Rule number: 1 IPv4, 0 IPv6 Current status: OK! Item Packets Bytes ------------------------------------------------------------------- Matched 5 500 +--Passed 4 400 +--Dropped 1 100 Missed 0 0 Last 30 seconds rate Item pps bps ------------------------------------------------------------------- Matched 5 500 +--Passed 4 400 +--Dropped 1 100 Missed 0 0
Configuration Files
PE1 configuration file
# sysname PE1 # slot 1 traffic-policy match-ip-layer mpls-pop mpls-push traffic-policy match-ip-layer mpls-pop mpls-pop # acl number 3333 rule 5 permit ip source 11.11.11.11 0 destination 33.33.33.33 0 rule 10 permit ip source 33.33.33.33 0 destination 11.11.11.11 0 # traffic classifier c1 operator or if-match acl 3333 # traffic behavior b1 # traffic policy p1 share-mode statistic enable classifier c1 behavior b1 precedence 1 # interface GigabitEthernet3/0/0 undo shutdown traffic-policy p1 inbound traffic-policy p1 outbound # return
Example for Configuring MF Classification Based on Inner Information of SRv6 Packets Using a Cascaded Traffic Policy in an L3VPNv4 over SRv6 TE Policy Scenario
This section provides an example for configuring and applying traffic classifiers and behaviors in an L3VPNv4 over SRv6 TE Policy scenario.
Networking Requirements
On a single NE5000E, an interface is numbered in the format of slot ID/card ID/interface ID. On a cluster, an interface is numbered in the format of chassis ID/slot ID/card ID/interface ID. This requires the chassis ID to be specified along with the slot ID.
PE1, the P, and PE2 are in the same AS and run IS-IS to implement IPv6 network connectivity.
PE1, the P, and PE2 are Level-1 devices that belong to IS-IS process 1.
It is required that a bidirectional SRv6 TE Policy be deployed between PE1 and PE2 to carry L3VPNv4 services.
Apply a cascaded traffic policy to interface1 and interface2 on the P to perform MF classification on communication packets between CE1 and CE2 based on inner information of SRv6 packets.
interface1 and interface2 in this example represent GE 1/0/0 and GE 2/0/0, respectively.
Configuration Roadmap
Configure L3VPNv4 over SRv6 TE Policy.
- Configure MF classification based on inner information of SRv6 packets.
- Configure an ACL rule.
- Configure traffic classifiers.
- Configure traffic behaviors.
- Configure a traffic policy.
- Apply the traffic policy.
Data Preparation
To complete the configuration, you need the following data:
ACL number
Names of traffic classifiers, traffic behaviors, and traffic policies, and numbers of the interfaces to which the traffic policies are applied
Procedure
- Configure L3VPNv4 over SRv6 TE Policy.
For details about how to configure L3VPNv4 over SRv6 TE Policy, see Example for Configuring L3VPNv4 over SRv6 TE Policy in HUAWEI NetEngine5000E Configuration Guide > Segment Routing IPv6 Configuration.
- Configure MF classification based on inner information of SRv6 packets.
- Verify the configuration.
After the preceding configuration is complete, CE1 and CE2 can communicate with each other. You can run the display traffic policy statistics command on the P to check statistics about service traffic between CE1 and CE2.
- Run the display traffic policy name inner statistics interface gigabitethernet 1/0/0 inbound command to check statistics about received packets that match SRv6 inner information on the P.
- Run the display traffic policy name inner statistics interface gigabitethernet 2/0/0 outbound command to check statistics about sent packets that match SRv6 inner information on the P.
Configuration Files
P configuration file
# sysname P # # acl number 3000 rule 5 permit ip dscp cs6 # traffic classifier inner if-match acl 3000 precedence 1 # traffic classifier outer if-match ipv6 any # traffic behavior inner permit # traffic behavior outer traffic-policy inner ip-layer srv6-inner # traffic policy inner statistics enable classifier inner behavior inner precedence 1 # traffic policy outer undo share-mode statistics enable classifier outer behavior outer precedence 1 # interface GigabitEthernet1/0/0 undo shutdown traffic-policy outer inbound traffic-policy outer outbound # interface GigabitEthernet2/0/0 undo shutdown traffic-policy outer inbound traffic-policy outer outbound # return
Example for Configuring Redirection on Dual Outbound Interfaces
This section provides an example for configuring redirection on dual outbound interfaces.
Networking Requirements
As shown in Figure 1-1029, DeviceA connects to the intranet through interface1 and connects to the public network through interface2 and interface3. By default, traffic from the intranet is transmitted to the public network through interface3. To enable traffic from the server to be transmitted to the public network through interface2 and other traffic to the public network through interface3, configure a traffic policy on DeviceA.
interface1, interface2, and interface3 in this example represent GE 1/0/0, GE 2/0/0, and GE 3/0/0, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
Configure a default route.
Configure ACL rules.
Configure traffic classifiers.
Configure traffic behaviors.
Configure a traffic policy.
Apply the traffic policy.
Data Preparation
To complete the configuration, you need the following data:
ACL numbers
Names of the traffic classifier, traffic behavior, and traffic policy, and number of the interface to which the traffic policy is applied
Procedure
- Configure a default route so that intranet traffic is transmitted to the public network through interface3 by default and interface2 is used as the backup outbound interface.
<HUAWEI> system-view[~HUAWEI] ip route-static 0.0.0.0 0.0.0.0 10.1.99.1
[*HUAWEI] ip route-static 0.0.0.0 0.0.0.0 10.1.99.5 preference 70
[*HUAWEI] commit
- Configure ACL rules.
# Configure ACL 3001 to match the traffic from the server to other devices on the intranet.
[~HUAWEI] acl number 3001
[*HUAWEI-acl-advance-3001] rule 5 permit ip source 10.1.40.0 0.0.0.255 destination 10.1.40.0 0.0.0.255
[*HUAWEI-acl-advance-3001] rule 10 permit ip source 10.1.40.0 0.0.0.255 destination 10.1.41.0 0.0.0.255
[*HUAWEI-acl-advance-3001] rule 15 permit ip source 10.1.40.0 0.0.0.255 destination 10.1.42.0 0.0.0.255
[*HUAWEI-acl-advance-3001] commit
[~HUAWEI-acl-advance-3001] quit
# Configure ACL 3002 to match the traffic with the source address being the IP address of the server.
[~HUAWEI] acl number 3002
[*HUAWEI-acl-advance-3002] rule 5 permit ip source 10.1.40.0 0.0.0.255
[*HUAWEI-acl-advance-3002] commit
[~HUAWEI-acl-advance-3002] quit
- Configure traffic classifiers.
# Configure a traffic classifier named c1.
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match acl 3001
[*HUAWEI-classifier-c1] commit
[~HUAWEI-classifier-c1] quit
# Configure a traffic classifier named c2.
[~HUAWEI]traffic classifier c2
[*HUAWEI-classifier-c2] if-match acl 3002
[*HUAWEI-classifier-c2] commit
[~HUAWEI-classifier-c2] quit
- Configure traffic behaviors.
# Configure a traffic behavior named b1.
[~HUAWEI]traffic behavior b1
[*HUAWEI-behavior-b1] permit
[*HUAWEI-behavior-b1] commit
[~HUAWEI-behavior-b1] quit
# Configure a traffic behavior named b2.
[~HUAWEI] traffic behavior b2
[*HUAWEI-behavior-b2] redirect ip-nexthop 10.1.99.5
[*HUAWEI-behavior-b2] commit
[~HUAWEI-behavior-b2] quit
- Configure a traffic policy.
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] classifier c2 behavior b2
[*HUAWEI-trafficpolicy-p1] commit
[~HUAWEI-trafficpolicy-p1] quit
- Apply the traffic policy.
[~HUAWEI] interface gigabitethernet 1/0/0
[~HUAWEI-GigabitEthernet1/0/0] traffic-policy p1 inbound
[*HUAWEI-GigabitEthernet1/0/0] commit
[~HUAWEI-GigabitEthernet1/0/0] quit
- Verify the configuration.
After completing the configuration, run the display traffic policy command on DeviceA to check the configurations of the traffic policy, traffic classifier, and traffic behavior.
[~HUAWEI] display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Total: 5120 Used: 3 Free: 5117 Description: Step: 1 Share-mode Classifier: c1 Precedence: 1 Behavior: b1 -none- Classifier: c2 Precedence: 2 Behavior: b2 Redirecting: redirect ip-nexthop 10.1.99.5 Classifier: default-class Precedence: 65535 Behavior: be -none-
Configuration Files
HUAWEI configuration file
# sysname HUAWEI # ip route-static 0.0.0.0 0.0.0.0 10.1.99.1 ip route-static 0.0.0.0 0.0.0.0 10.1.99.5 preference 70 # acl number 3001 rule 5 permit ip source 10.1.40.0 0.0.0.255 destination 10.1.40.0 0.0.0.255 rule 10 permit ip source 10.1.40.0 0.0.0.255 destination 10.1.41.0 0.0.0.255 rule 15 permit ip source 10.1.40.0 0.0.0.255 destination 10.1.42.0 0.0.0.255 acl number 3002 rule 5 permit ip source 10.1.40.0 0.0.0.255 # traffic classifier c1 operator or if-match acl 3001 traffic classifier c2 operator or if-match acl 3002 # traffic behavior b1 traffic behavior b2 redirect ip-nexthop 10.1.99.5 # traffic policy p1 classifier c1 behavior b1 precedence 1 classifier c2 behavior b2 precedence 1 # interface gigabitethernet1/0/0 undo shutdown traffic-policy p1 inbound # return
Example for Configuring a Traffic Policy Based on MF Classification in an MPLS Networking Scenario
This section provides an example for configuring and applying traffic classifiers and behaviors in an MPLS networking scenario.
Networking Requirements
On a single NE5000E, an interface is numbered in the format of slot ID/card ID/interface ID. On a cluster, an interface is numbered in the format of chassis ID/slot ID/card ID/interface ID. This requires the chassis ID to be specified along with the slot ID.
In Figure 1-1030, PE1, the P, and PE2 are routers on the MPLS backbone network, and CE1 and CE2 are access routers on the edge of the backbone network. Three users from the local network access the Internet through CE1.
On CE1, the CIR of the traffic of the user from the network segment 1.1.1.0 is limited to 10 Mbit/s, and the CBS is limited to 150000 bytes.
On CE1, the CIR of the traffic of the user from the network segment 2.1.1.0 is limited to 5 Mbit/s, and the CBS is limited to 100000 bytes.
On CE1, the CIR of the traffic of the user from the network segment 3.1.1.0 is limited to 2 Mbit/s, and the CBS is limited to 100000 bytes.
On CE1, the DSCP values of the service packets from the three network segments are re-marked to 40, 26, and 0.
On PE1, the CIR, CBS, PIR, and PBS for accessing the MPLS backbone network are limited to 15 Mbit/s, 300000 bytes, 20 Mbit/s, and 500000 bytes, respectively.
On CE1, the CIR, CBS, PIR, and PBS of the UDP packets (except DNS, SNMP, SNMP trap, and syslog packets) are limited to 5 Mbit/s, 100000 bytes, 15 Mbit/s, and 200000 bytes, respectively.
interface1, interface2, interface3, and interface4 in this example represent GE 1/0/0, GE 2/0/0, GE 3/0/0, and GE 4/0/0, respectively.
Configuration Notes
When configuring a traffic policy based on MF classification, pay attention to the following:
- If both the if-match any and deny commands are configured, the MF classification function prevents all packets (including protocol packets) from passing through an interface. Therefore, exercise caution when using a combination of the preceding commands.
- If the permit or deny action is configured in both the rule command and the traffic behavior view, only the packets permitted by the rule command are processed based on the traffic behavior. If the deny action is configured in either the rule command or the traffic behavior view, all matched packets are discarded.
Configuration Roadmap
The configuration roadmap is as follows:
Configure ACL rules.
Configure traffic classifiers.
Configure traffic behaviors.
Configure traffic policies.
Apply the traffic policies to interfaces.
Data Preparation
To complete the configuration, you need the following data:
ACL numbers: 2001, 2002, 2003, 3001, and 3002
Re-marked DSCP values for the packets from the three network segments: 40, 26, and 0
CIRs of the traffic of users from the three network segments: 10 Mbit/s, 5 Mbit/s, and 2 Mbit/s; corresponding CBSs: 150000 bytes, 100000 bytes, and 100000 bytes
CIR, CBS, PIR, and PBS of the UDP packets on CE1: 5 Mbit/s, 100000 bytes, 15 Mbit/s, and 200000 bytes
CIR, CBS, PIR, and PBS on PE1: 15 Mbit/s, 300000 bytes, 20 Mbit/s, and 500000 bytes
Names of traffic classifiers, traffic behaviors, and traffic policies, and numbers of the interfaces to which the traffic policies are applied
Procedure
- Configure interface IP addresses, routes, and basic MPLS functions (for details, see the configuration files).
- Configure MF classification on CE1 to limit the user traffic that accesses CE1 from the three local networks.
# Configure ACL rules.
[~CE1] acl number 2001[*CE1-acl4-basic-2001] rule permit source 1.1.1.0 0.0.0.255[*CE1-acl4-basic-2001] commit[~CE1-acl4-basic-2001] quit[~CE1] acl number 2002[*CE1-acl4-basic-2002] rule permit source 2.1.1.0 0.0.0.255[*CE1-acl4-basic-2002] commit[~CE1-acl4-basic-2002] quit[~CE1] acl number 2003[*CE1-acl4-basic-2003] rule permit source 3.1.1.0 0.0.0.255[*CE1-acl4-basic-2003] commit[~CE1-acl4-basic-2003] quit[~CE1] acl number 3001[*CE1-acl4-advance-3001] rule 0 permit udp destination-port eq dns[*CE1-acl4-advance-3001] rule 1 permit udp destination-port eq snmp[*CE1-acl4-advance-3001] rule 2 permit udp destination-port eq snmptrap[*CE1-acl4-advance-3001] rule 3 permit udp destination-port eq syslog[*CE1-acl4-advance-3001] commit[~CE1-acl4-advance-3001] quit[~CE1] acl number 3002[*CE1-acl4-advance-3002] rule 4 permit udp[*CE1-acl4-advance-3002] commit[~CE1-acl4-advance-3002] quit# Configure traffic classifiers and define ACL-based matching rules.
[~CE1] traffic classifier a[*CE1-classifier-a] if-match acl 2001[*CE1-classifier-a] commit[~CE1-classifier-a] quit[~CE1] traffic classifier b[*CE1-classifier-b] if-match acl 2002[*CE1-classifier-b] commit[~CE1-classifier-b] quit[~CE1] traffic classifier c[*CE1-classifier-c] if-match acl 2003[*CE1-classifier-c] commit[~CE1-classifier-c] quit[~CE1] traffic classifier udplimit[*CE1-classifier-udplimit] if-match acl 3001[*CE1-classifier-udplimit] commit[~CE1-classifier-udplimit] quit[~CE1] traffic classifier udplimit1[*CE1-classifier-udplimit1] if-match acl 3002[*CE1-classifier-udplimit1] commit[~CE1-classifier-udplimit1] quitAfter the preceding configuration is complete, run the display traffic classifier command to check the traffic classifier configuration.
[~CE1] display traffic classifier user-definedUser Defined Classifier Information:
Total: 65535 Used: 6 Free: 65529
Classifier: a
Description:
Operator: or
Rule(s):
if-match acl 2001 precedence 1Classifier: b
Description:
Operator: or
Rule(s):
if-match acl 2002 precedence 2Classifier: c
Description:
Operator: or
Rule(s):
if-match acl 2003 precedence 3Classifier: udplimit
Description:
Operator: or
Rule(s) :
if-match acl 3001 precedence 4Classifier: udplimit1
Description:
Operator: or
Rule(s) :
if-match acl 3002
# Define traffic behaviors, and configure traffic policing and DSCP values to be re-marked.
[~CE1] traffic behavior e[*CE1-behavior-e] car cir 10000 cbs 150000 pbs 0[*CE1-behavior-e] remark dscp 40[*CE1-behavior-e] commit[~CE1-behavior-e] quit[~CE1] traffic behavior f[*CE1-behavior-f] car cir 5000 cbs 100000 pbs 0[*CE1-behavior-f] remark dscp 26[*CE1-behavior-f] commit[~CE1-behavior-f] quit[~CE1] traffic behavior g[*CE1-behavior-g] car cir 2000 cbs 100000 pbs 0[*CE1-behavior-g] remark dscp 0[*CE1-behavior-g] commit[~CE1-behavior-g] quit[~CE1] traffic behavior udplimit[*CE1-behavior-udplimit] permit[*CE1-behavior-udplimit] commit[~CE1-behavior-udplimit] quit[~CE1] traffic behavior udplimit1[*CE1-behavior-udplimit1] car cir 5000 pir 15000 cbs 100000 pbs 200000 green pass yellow discard red discard[*CE1-behavior-udplimit1] commit[~CE1-behavior-udplimit1] quit# Define traffic policies to associate the traffic classifiers with the traffic behaviors.
[~CE1] traffic policy 1[*CE1-trafficpolicy-1] classifier a behavior e[*CE1-trafficpolicy-1] commit[~CE1-trafficpolicy-1] quit[~CE1] traffic policy 2[*CE1-trafficpolicy-2] classifier b behavior f[*CE1-trafficpolicy-2] commit[~CE1-trafficpolicy-2] quit[~CE1] traffic policy 3[*CE1-trafficpolicy-3] classifier c behavior g[*CE1-trafficpolicy-3] commit[~CE1-trafficpolicy-3] quit[~CE1] traffic policy udplimit[*CE1-trafficpolicy-udplimit] classifier udplimit behavior udplimit[*CE1-trafficpolicy-udplimit] classifier udplimit1 behavior udplimit1[*CE1-trafficpolicy-udplimit] commit[~CE1-trafficpolicy-udplimit] quitAfter completing the preceding configuration, run the display traffic policy command to check information about the configured traffic policies, traffic classifiers, and traffic behaviors.
[~CE1] display traffic policy user-definedUser Defined Traffic Policy Information: Total: 10239 Used: 4 Free: 10235 Policy: 1 Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: a Precedence: 1 Behavior: e Committed Access Rate: CIR 10000 (Kbps), PIR 0 (Kbps), CBS 150000 (byte), PBS 0 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Marking: remark dscp cs5 Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: 2 Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: b Precedence: 1 Behavior: f Committed Access Rate: CIR 5000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Marking: remark dscp af31 Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: 3 Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: c Precedence: 1 Behavior: g Committed Access Rate: CIR 2000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Marking: remark dscp default Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: udplimit Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: udplimit Precedence: 1 Behavior: udplimit -none- Classifier: udplimit1 Precedence: 10 Behavior: udplimit1 Committed Access Rate: CIR 5000 (Kbps), PIR 15000 (Kbps), CBS 100000 (byte), PBS 200000 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Classifier: default-class Precedence: 65535 Behavior: be -none-# Apply the traffic policies to the inbound interfaces.
[~CE1] interface gigabitethernet 1/0/0
[~CE1-GigabitEthernet1/0/0] undo shutdown
[~CE1-GigabitEthernet1/0/0] traffic-policy 1 inbound
[*CE1-GigabitEthernet1/0/0] commit
[~CE1-GigabitEthernet1/0/0] quit
[~CE1] interface gigabitethernet 3/0/0
[~CE1-GigabitEthernet3/0/0] undo shutdown
[*CE1-GigabitEthernet3/0/0] traffic-policy 2 inbound
[*CE1-GigabitEthernet3/0/0] commit
[~CE1-GigabitEthernet3/0/0] quit
[~CE1] interface gigabitethernet 4/0/0
[~CE1-GigabitEthernet4/0/0] undo shutdown
[*CE1-GigabitEthernet4/0/0] traffic-policy 3 inbound
[*CE1-GigabitEthernet4/0/0] commit
[~CE1-GigabitEthernet4/0/0] quit
[~CE1] interface gigabitethernet 2/0/0
[~CE1-GigabitEthernet2/0/0] undo shutdown
[*CE1-GigabitEthernet2/0/0] traffic-policy udplimit outbound
[*CE1-GigabitEthernet2/0/0] commit
[~CE1-GigabitEthernet2/0/0] quit
- Configure MF classification on PE1 to limit the traffic that goes to the MPLS backbone network.
# Configure a traffic classifier and define a matching rule.
[~PE1] traffic classifier pe[*PE1-classifier-pe] if-match any[*PE1-classifier-pe] commit[~PE1-classifier-pe] quitAfter the preceding configuration is complete, run the display traffic classifier command to check the traffic classifier configuration.
[~PE1] display traffic classifier user-definedUser Defined Classifier Information:
Total: 65535 Used: 6 Free: 65529
Classifier: pe
Description:
Operator: or
Rule(s):
if-match any
# Define a traffic behavior and configure traffic policing.
[~PE1] traffic behavior pe[*PE1-behavior-pe] car cir 15000 pir 20000 cbs 300000 pbs 500000[*PE1-behavior-pe] commit[~PE1-behavior-pe] quit# Define a traffic policy to associate the traffic classifier with the traffic behavior.
[~PE1] traffic policy pe[*PE1-trafficpolicy-pe] classifier pe behavior pe[*PE1-trafficpolicy-pe] commit[~PE1-trafficpolicy-pe] quitAfter completing the preceding configuration, run the display traffic policy command to check information about the configured traffic policy, traffic classifier, and traffic behavior.
[~PE1] display traffic policy user-definedUser Defined Traffic Policy Information: Total: 10239 Used: 1 Free: 10238 Policy: pe Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: pe Precedence: 1 Behavior: pe Committed Access Rate: CIR 15000 (Kbps), PIR 2000 (Kbps), CBS 300000 (byte), PBS 500000 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Classifier: default-class Precedence: 65535 Behavior: be -none-# Apply the traffic policy to the inbound interface.
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] undo shutdown
[~PE1-GigabitEthernet1/0/0] traffic-policy pe inbound
[*PE1-GigabitEthernet1/0/0] commit
[~PE1-GigabitEthernet1/0/0] quit
- Verify the configuration.
After completing the preceding configuration, run the display interface command on CE1 and PE1 to check the traffic statistics on the interfaces. The command output shows that the traffic policies have been applied to the interfaces.
Configuration Files
CE1 configuration file
# sysname CE1 # acl number 2001 rule 5 permit source 1.1.1.0 0.0.0.255 acl number 2002 rule 5 permit source 2.1.1.0 0.0.0.255 acl number 2003 rule 5 permit source 3.1.1.0 0.0.0.255 acl number 3001 rule 0 permit udp destination-port eq dns rule 1 permit udp destination-port eq snmp rule 2 permit udp destination-port eq snmptrap rule 3 permit udp destination-port eq syslog acl number 3002 rule 4 permit udp # traffic classifier a operator or if-match acl 2001 # traffic classifier b operator or if-match acl 2002 # traffic classifier c operator or if-match acl 2003 # traffic classifier udplimit operator or if-match acl 3001 # traffic classifier udplimit1 operator or if-match acl 3002 # traffic behavior e car cir 10000 cbs 150000 green pass red discard remark dscp cs5 # traffic behavior f car cir 5000 cbs 100000 green pass red discard remark dscp af31 # traffic behavior g car cir 2000 cbs 100000 green pass red discard remark dscp default # traffic behavior udplimit # traffic behavior udplimit1 car cir 5000 pir 15000 cbs 100000 pbs 200000 green pass yellow discard red discard # traffic policy 1 classifier a behavior e precedence 1 # traffic policy 2 classifier b behavior f precedence 1 # traffic policy 3 classifier c behavior g precedence 1 # traffic policy udplimit classifier udplimit behavior udplimit precedence 1 classifier udplimit1 behavior udplimit1 precedence 2 # interface GigabitEthernet1/0/0 undo shutdown ip address 1.1.1.1 255.255.255.0 traffic-policy 1 inbound # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 traffic-policy udplimit outbound # interface GigabitEthernet3/0/0 undo shutdown ip address 2.1.1.1 255.255.255.0 traffic-policy 2 inbound # interface GigabitEthernet4/0/0 undo shutdown ip address 3.1.1.1 255.255.255.0 traffic-policy 3 inbound # ospf 1 area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 2.1.1.0 0.0.0.255 network 3.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return
PE1 configuration file
#
sysname PE1
#
mpls lsr-id 11.11.11.11
#
mpls
#
mpls ldp
#
traffic classifier pe operator or
if-match any
#
traffic behavior pe
car cir 15000 pir 20000 cbs 300000 pbs 500000 green pass yellow pass red discard
#
traffic policy pe
classifier pe behavior pe precedence 1
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.1.1.2 255.255.255.0
traffic-policy pe inbound
#
interface GigabitEthernet2/0/0undo shutdown
ip address 10.10.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 11.11.11.11 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.10.1.0 0.0.0.255
network 11.11.11.11 0.0.0.0
#
return
P configuration file
#
sysname P
#
mpls lsr-id 33.33.33.33
#
mpls
#
mpls ldp
#
interface GigabitEthernet 1/0/0undo shutdown
ip address 10.10.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet 2/0/0undo shutdown
ip address 10.11.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 33.33.33.33 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.10.1.0 0.0.0.255
network 10.11.1.0 0.0.0.255
network 33.33.33.33 0.0.0.0
#
return
PE2 configuration file
#
sysname PE2
#
mpls lsr-id 22.22.22.22
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.12.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0undo shutdown
ip address 10.11.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 22.22.22.22 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.11.1.0 0.0.0.255
network 10.12.1.0 0.0.0.255
network 22.22.22.22 0.0.0.0
#
return
CE2 configuration file
#
sysname CE2
#
interface GigabitEthernet2/0/0undo shutdown
ip address 10.12.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.12.1.0 0.0.0.255
#
return
Example for Configuring MF Classification-based Traffic Policies for VLAN Packets
This section provides an example for configuring and applying an MF classification-based traffic policy in a VLAN QoS scenario.
Networking Requirements
On a single NE5000E, an interface is numbered in the format of slot number/card number/interface number. In the multi-chassis scenario, an interface is numbered in the format of chassis ID/slot number/card number/interface number. This requires the chassis ID to be specified along with the slot number.
As shown in Figure 1-1031, DeviceA and DeviceB connect to each other through a VLAN. When IP packets sent by DeviceA enter the VLAN, by default, the precedence of these IP packets is mapped to the 802.1p value. When these IP packets (carrying VLAN frame priority) leave the VLAN and arrive at DeviceB, the VLAN frame priority is mapped to the IP precedence according to the configuration on DeviceB. Then, these packets are forwarded according to their IP precedence.
interface1, interface2, and interface3 in this example represent GE 1/0/0, GE 2/0/0.1, and GE 3/0/0, respectively.
Configuration Notes
When configuring VLAN QoS, pay attention to the following:
- The statistical function of traffic policies is disabled by default. To display the statistics about a traffic policy, you can enable statistics for the traffic policy by running the statistics enable command.
Configuration Roadmap
The configuration roadmap is as follows:
Configure the VLAN and routes on DeviceA and DeviceB.
Configure QoS policies on DeviceB.
Data Preparation
To complete the configuration, you need the following data:
Names of traffic classification, traffic behaviors, and traffic policies
Preferences for re-marking
Procedure
- Define a classifier to match packets whose 802.1p value is 2.
<HUAWEI> system-view[~HUAWEI] sysname DeviceB
[*HUAWEI] commit
[~DeviceB] traffic classifier test
[*DeviceB-classifier-test] if-match 8021p 2
[*DeviceB-classifier-test] commit
[~DeviceB-classifier-test] quit
- Define a traffic behavior to re-mark the IP precedence of packets as 4.
[~DeviceB] traffic behavior test
[*DeviceB-behavior-test] remark ip-precedence 4
[*DeviceB-behavior-test] commit
[~DeviceB-behavior-test] quit
- Define a QoS policy to associate a configured traffic behavior with a specified traffic classifier.
[~DeviceB] traffic policy test
[*DeviceB-trafficpolicy-test] classifier test behavior test
[*DeviceB-trafficpolicy-test] commit
[~DeviceB-trafficpolicy-test] quit
- Apply the QoS policy to the incoming traffic of GE 2/0/0.1 on DeviceB.
[~DeviceB] interface Gigabitethernet 2/0/0.1
[~DeviceB-Gigabitethernet2/0/0.1] traffic-policy test inbound link-layer
[*DeviceB-Gigabitethernet2/0/0.1] commit
[~DeviceB-Gigabitethernet2/0/0.1] quit
- Verify the configuration.
After the preceding configurations, when packets whose IP precedence is 2 are forwarded by GE 1/0/0.1 on DeviceA reach the VLAN, the IP precedence 2 is mapped to the VLAN priority 2. After these VLAN frames reach DeviceB, DeviceB forwards these VLAN frames as IP packets with the IP precedence of 4 to the network segment 10.1.2.0/24.
Configuration Files
#
sysname DeviceB
#
traffic classifier test operator or
if-match 8021p 2
#
traffic behavior test
remark ip-precedence 4
#
traffic policy test
classifier test behavior test precedence 1
#
interface GigabitEthernet2/0/0.1
traffic-policy test inbound link-layer
#
return
Example for Configuring Priority Mappings for VLAN Packets Based on BA Classification
This section provides an example for configuring priority mappings for VLAN packets based on BA classification.
Networking Requirements
On a single NE5000E, an interface is numbered in the format of slot ID/card ID/interface ID. On a cluster, an interface is numbered in the format of chassis ID/slot ID/card ID/interface ID. This requires the chassis ID to be specified along with the slot ID.
As shown in Figure 1-1032, DeviceA and DeviceB are connected through the VLAN. When IP packets enter the VLAN from DeviceA, DeviceA needs to directly map their priorities to those of VLAN frames according to the default mappings in the DiffServ domain. When IP packets enter DeviceB from the VLAN, DeviceB needs to map the priorities of VLAN frames to those of IP packets based on the configured priority mappings in the DiffServ domain. DeviceB then forwards the packets to the IP network.
interface1, interface2, interface3, and interface4 in this example represent GE 1/0/0, GE 2/0/0, GE 3/0/0, and GE 4/0/0, respectively.
Configuration Notes
When configuring VLAN QoS, note the following points:
- The trust 8021p command can be configured only on Ethernet sub-interfaces (including Eth-Trunk sub-interfaces). Before running the trust 8021p command on an interface, you must run the trust upstream command to bind the interface to a DiffServ domain. Otherwise, the trust 8021p configuration does not take effect.
Configuration Roadmap
The configuration roadmap is as follows:
Configure VLANs and routes on DeviceA and DeviceB.
Configure the inbound interface of DeviceA to trust the priorities of packets from an upstream device.
Configure priority mappings based on BA classification on the inbound interface of DeviceB.
Data Preparation
To complete the configuration, you need the following data:
VLAN ID
802.1p priorities, service classes, colors, and IP DSCP values to be mapped
Procedure
- Configure an IP address for each interface. For details, see the configuration files in this section.
- Configure VLANs on DeviceA and DeviceB.
# Create sub-interface GigabitEthernet 4/0/0.1 for VLAN communication.
[~DeviceA] interface gigabitethernet 4/0/0.1
[~DeviceA-GigabitEthernet4/0/0.1] vlan-type dot1q 10
[*DeviceA-GigabitEthernet4/0/0.1] commit
[~DeviceA-GigabitEthernet4/0/0.1] return
# Create sub-interface GigabitEthernet 2/0/0.1 for VLAN communication.
<DeviceB> system-view[~DeviceB] interface gigabitethernet 2/0/0.1
[~DeviceB-GigabitEthernet2/0/0.1] vlan-type dot1q 10
[*DeviceB-GigabitEthernet2/0/0.1] commit
[~DeviceB-GigabitEthernet2/0/0.1] return
- Configure a dynamic routing protocol (for example, OSPF) on DeviceA and DeviceB.
# Configure DeviceA.
<DeviceA> system-view[~DeviceA] ospf 1
[*DeviceA-ospf-1] area 0.0.0.0
[*DeviceA-ospf-1-area-0.0.0.0] network 10.12.1.0 0.0.0.255
[*DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[*DeviceA-ospf-1-area-0.0.0.0] commit
[~DeviceA-ospf-1-area-0.0.0.0] return
# Configure DeviceB.
<DeviceB> system-view[~DeviceB] ospf 1
[*DeviceB-ospf-1] area 0.0.0.0
[*DeviceB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[*DeviceB-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[*DeviceB-ospf-1-area-0.0.0.0] commit
[~DeviceB-ospf-1-area-0.0.0.0] return
- Enable BA classification on the inbound interface GE 1/0/0 of DeviceA to map the priorities of IP packets to the priorities of VLAN frames according to the default mappings.
<DeviceA> system-view[~DeviceA] interface gigabitethernet 1/0/0
[~DeviceA-GigabitEthernet1/0/0] undo shutdown
[*DeviceA-GigabitEthernet1/0/0] trust upstream default
[*DeviceA-GigabitEthernet1/0/0] commit
[~DeviceA-GigabitEthernet1/0/0] quit
[~DeviceA] interface gigabitethernet 4/0/0.1
[~DeviceA-GigabitEthernet4/0/0.1] trust upstream default
[*DeviceA-GigabitEthernet4/0/0.1] trust 8021p
[*DeviceA-GigabitEthernet4/0/0.1] commit
[~DeviceA-GigabitEthernet4/0/0.1] return
After the preceding configuration is complete, DeviceA maps the DSCP values of all IP packets from an upstream device to the 802.1p priorities of VLAN frames according to the default mappings.
- Configure priority mappings from VLAN frames to IP packets on the inbound interface GE 2/0/0.1 of DeviceB.
<DeviceB> system-view[~DeviceB] diffserv domain default
[*DeviceB-dsdomain-default] 8021p-inbound 2 phb ef green
[*DeviceB-dsdomain-default] ip-dscp-outbound ef green map 34
[*DeviceB-dsdomain-default] commit
[~DeviceB-dsdomain-default] quit
[~DeviceB] interface gigabitethernet 2/0/0.1
[~DeviceB-GigabitEthernet2/0/0.1] trust upstream default
[*DeviceB-GigabitEthernet2/0/0.1] trust 8021p
[*DeviceB-GigabitEthernet2/0/0.1] commit
[~DeviceB-GigabitEthernet2/0/0.1] return
After the preceding configuration is complete, DeviceB maps the VLAN frames with the 802.1p priority of 2 from an upstream device to IP packets with the DSCP value of 34, the service class of AF4, and the packet color of green. DeviceB maps the other 802.1p priorities of VLAN frames to the corresponding DSCP values of IP packets based on the default mappings.
- Verify the configuration.
Run the display qos queue interface gigabitethernet 3/0/0 command on DeviceB. The statistics about AF2 packets are not displayed on the outbound interface. This is because the mapping from the 802.1p priority of 2 to the IP service priority of EF is configured on the inbound interface.
<DeviceB> display qos queue interface gigabitethernet 3/0/0
The interface :GigabitEthernet3/0/0 [be] Pass: 18,466,135 packets, 1,735,817,160 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,599 pps, 3,158,306 bps Last 30 seconds discard rate: 0 pps, 0 bps [af1] Pass: 670,712 packets, 63,046,928 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,600 pps, 3,158,400 bps Last 30 seconds discard rate: 0 pps, 0 bps [af2] Pass: 58 packets, 5,684 bytes Discard: 24,478,662 packets, 1,860,378,312 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps [af3] Pass: 58 packets, 684 bytes Discard: 478,662 packets, 186,037,312 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps [af4] Pass: 670,709 packets, 63,046,646 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,598 pps, 3,158,212 bps Last 30 seconds discard rate: 0 pps, 0 bps [ef] Pass: 670,712 packets, 63,046,928 bytes Discard: 353,802 packets, 406,888,952 bytes Last 30 seconds pass rate: 33,600 pps, 3,158,400 bps Last 30 seconds discard rate: 0 pps, 0 bps [cs6] Pass: 147 packets, 12,667 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,599 pps, 3,258,306 bps Last 30 seconds discard rate: 0 pps, 0 bps [cs7] Pass: 670,708 packets, 63,046,458 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,599 pps, 3,258,306 bps Last 30 seconds discard rate: 0 pps, 0 bps
Configuration Files
DeviceA configuration file
#
sysname DeviceA#
interface GigabitEthernet 1/0/0undo shutdown
ip address 10.12.1.1 255.255.255.0
trust upstream default
#
interface GigabitEthernet4/0/0.1vlan-type dot1q 10
ip address 10.1.1.1 255.255.255.0
trust upstream default
trust 8021p
#
ospf 1
area 0.0.0.0
network 10.12.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return
DeviceB configuration file
#
sysname DeviceB#
diffserv domain default
8021p-inbound 2 phb ef green
ip-dscp-outbound ef green map 34
#
interface GigabitEthernet2/0/0.1vlan-type dot1q 10
ip address 10.1.1.2 255.255.255.0
trust upstream default
trust 8021p
#
interface GigabitEthernet 3/0/0undo shutdown
ip address 10.11.1.1 255.255.255.0
trust upstream default
#
ospf 1
area 0.0.0.0
network 10.11.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return
Example for Configuring Priority Mappings for MPLS Packets Based on BA Classification
This section provides an example for configuring priority mappings for MPLS packets based on BA classification.
Networking Requirements
On a single NE5000E, an interface is numbered in the format of slot ID/card ID/interface ID. On a cluster, an interface is numbered in the format of chassis ID/slot ID/card ID/interface ID. This requires the chassis ID to be specified along with the slot ID.
MPLS neighbor relationships are established between three routers. When IP packets reach DeviceA, DeviceA adds MPLS headers to the IP packets before transmitting them to DeviceC. When the MPLS packets reach DeviceC, DeviceC removes their MPLS headers and forwards them as IP packets.
The DSCP value of the IP packets needs to be changed to the EXP value of MPLS packets on DeviceA, and the EXP value of the MPLS packets needs to be changed to the DSCP value of the IP packets on DeviceC.
In this configuration example, it is assumed that MPLS has been configured on the three routers so that DeviceA forwards IP traffic as MPLS traffic to DeviceC, and DeviceC forwards MPLS traffic as IP traffic.
This example lists only the commands related to QoS.
- interface1 and interface2 in this example represent GE 1/0/0 and GE 2/0/0, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
On the inbound interface GE 1/0/0 of DeviceA, configure the mapping from the IP DSCP field to the MPLS EXP field and enable BA classification.
On the inbound interface GE 1/0/0 of DeviceC, configure the mapping from the MPLS EXP field to the IP DSCP field and enable BA classification.
Data Preparation
To complete the configuration, you need the following data:
MPLS EXP values, service classes, colors, and IP DSCP values to be mapped
Procedure
- Configure basic MPLS functions and routes.
For configuration details, see HUAWEI NetEngine5000E Core Router Configuration Guide - MPLS.
- Configure the mapping from the IP DSCP field to the MPLS EXP field on GE 1/0/0 of DeviceA.
[~DeviceA] diffserv domain default
[~DeviceA-dsdomain-default] ip-dscp-inbound 18 phb af4 green
[*DeviceA-dsdomain-default] mpls-exp-outbound af4 green map 5
[*DeviceA-dsdomain-default] commit
[~DeviceA-dsdomain-default] quit
[~DeviceA] interface GigabitEthernet 1/0/0
[~DeviceA-GigabitEthernet1/0/0] undo shutdown
[~DeviceA-GigabitEthernet1/0/0] trust upstream default
[*DeviceA-GigabitEthernet1/0/0] commit
[~DeviceA-GigabitEthernet1/0/0] quit
[~DeviceA] interface GigabitEthernet 2/0/0
[~DeviceA-GigabitEthernet2/0/0] undo shutdown
[~DeviceA-GigabitEthernet2/0/0] trust upstream default
[*DeviceA-GigabitEthernet2/0/0] commit
[~DeviceA-GigabitEthernet2/0/0] quit
In the preceding configuration, the service class AF2 (green packets with the DSCP value being 18) is mapped to the service class AF4 of the router on the inbound interface of DeviceA; and the service class AF4 of the router is mapped to the MPLS service class EF (priority 5) on the outbound interface. In this manner, the traffic sent from DeviceA is EF traffic.
- Configure the mapping from the MPLS EXP field to the IP DSCP field on GE 1/0/0 of DeviceC.
[~DeviceC] diffserv domain default
[~DeviceC-dsdomain-default] mpls-exp-inbound 5 phb af3 green
[*DeviceC-dsdomain-default] ip-dscp-outbound af3 green map 32
[*DeviceC-dsdomain-default] commit
[~DeviceC-dsdomain-default] quit
[~DeviceC] interface GigabitEthernet 1/0/0
[~DeviceC-GigabitEthernet1/0/0] undo shutdown
[~DeviceC-GigabitEthernet1/0/0] trust upstream default
[*DeviceC-GigabitEthernet1/0/0] commit
[~DeviceC-GigabitEthernet1/0/0] quit
[~DeviceC] interface GigabitEthernet 2/0/0
[~DeviceC-GigabitEthernet2/0/0] undo shutdown
[~DeviceC-GigabitEthernet2/0/0] trust upstream default
[*DeviceC-GigabitEthernet2/0/0] commit
[~DeviceC-GigabitEthernet2/0/0] quit
In the preceding configuration, the MPLS priority 5 is mapped to the service class AF3 (green packets) of the router on the inbound interface of DeviceC; and the service class AF3 (green packets) of the router is mapped to the DSCP value 32 on the outbound interface. In this manner, the traffic sent from DeviceC is AF4 traffic.
- Verify the configuration.
After the configuration is complete, 100 Mbit/s traffic with the DSCP value being 18 is sent from GE 1/0/0 of DeviceA, and 100 Mbit/s traffic with the DSCP value being 32 is sent from DeviceC.
Configuration Files
DeviceA configuration file
#
sysname DeviceA#
diffserv domain default
ip-dscp-inbound 18 phb af4 green
mpls-exp-outbound af4 green map 5
#
interface GigabitEthernet1/0/0undo shutdown
ip address 2.2.2.1 255.255.255.0
trust upstream default
#
interface GigabitEthernet2/0/0undo shutdown
ip address 3.3.3.1 255.255.255.0
trust upstream default
#
return
DeviceC configuration file
#
sysname DeviceC#
diffserv domain default
ip-dscp-outbound af3 green map 32
mpls-exp-inbound 5 phb af3 green
#
interface GigabitEthernet1/0/0undo shutdown
ip address 4.4.4.1 255.255.255.0
trust upstream default
#
interface GigabitEthernet2/0/0undo shutdown
ip address 5.5.5.1 255.255.255.0
trust upstream default
#
return
- Overview of Class-based QoS
- Feature Requirement of Class-based QoS
- Configuring MF Classification-based Traffic Policies for IP Packets
- Configuring Priority Mappings for IP Packets
- Configuring MF Classification-based Traffic Policies for VLAN Packets
- Configuring Priority Mappings for VLAN Packets
- Configuring Priority Mappings for MPLS Packets
- (Optional) Configuring a Priority for Protocol Packets
- Maintaining Class-based QoS Configuration
- Configuration Examples for Class-based QoS
- Example for Configuring MF Classification for IP Packets
- Example for Configuring IP-based MF Classification on an MPLS Interface
- Example for Configuring MF Classification Based on Inner Information of SRv6 Packets Using a Cascaded Traffic Policy in an L3VPNv4 over SRv6 TE Policy Scenario
- Example for Configuring Redirection on Dual Outbound Interfaces
- Example for Configuring a Traffic Policy Based on MF Classification in an MPLS Networking Scenario
- Example for Configuring MF Classification-based Traffic Policies for VLAN Packets
- Example for Configuring Priority Mappings for VLAN Packets Based on BA Classification
- Example for Configuring Priority Mappings for MPLS Packets Based on BA Classification