R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

241

242

243

244

245

246

247

248

249

250

236

[FirewallB] interface GigabitEthernet 0/2

[FirewallB-GigabitEthernet0/2] qos car outbound any cir 1000 cbs 65000 ebs 0 green pass

red discard

Configuration guidelines

QoS configuration guidelines

When configuring QoS, follow these guidelines:

1. The system-defined classifiers, behaviors, and policies cannot be modified or removed.

2. For bursty traffic to be handled effectively, ensure that the ratio of CBS to CIR configured for CAR

is at least 100:16.

3. How an ACL referenced by a QoS policy is handled depends on whether the policy is applied to

a software interface or a hardware interface. (Categorization of interfaces varies by device.)

• If the QoS policy is applied to a software interface, only the permit statements in the referenced ACL

will take effect and the deny statements in the referenced ACL will be ignored.

• If the QoS policy is applied to a hardware interface, packets matching the ACL are organized as

a class and the behavior defined in the QoS policy applies to the class regardless of whether the

referenced ACL is a deny or permit clause.

4. The QoS policy applied in the outbound direction of a port does not take effect on local protocol

data units (PDUs). Local PDUs are packets sent by the protocols essential to device operation from

the local device, such as link maintenance packets like ISIS, OSPF, RIP, BGP, LDP, RSVP, and SSH.

Because drop of local PDUs may cause anomaly, QoS is designed not to regulate local PDUs.

5. When configuring queuing for a traffic behavior, follow these guidelines:

• In a policy, the default class default-class cannot be associated with a traffic behavior configured

with EF; a traffic behavior configured with WFQ can be associated with only the default class.

• The sum of the bandwidth assigned to the AF and EF classes in a policy must be smaller than the

available bandwidth of the interface to which the policy is applied. The sum of bandwidth

percentage assigned to the AF and EF classes in a policy must be less than or equal to 100.

• The bandwidth assigned to the AF and EF classes in a policy must be represented in the same

format as absolute bandwidth values or as percentages.

Traffic policing configuration guidelines

If you apply an IP network segment-based CAR list to an interface, the CIR you defined takes on different

meanings depending on the configurations of the per-IP address rate limiting function and the shared

bandwidth mode for the CAR list.

• If the per-IP address rate limiting function is not enabled, the CIR specifies the total bandwidth for

the network segment and will be allocated to each IP address based on its traffic size.

• If the per-IP address rate limiting function is enabled but the shared bandwidth mode is not enabled,

the CIR specifies bandwidth for each IP address, and the bandwidth cannot be shared by the other

IP addresses within the network segment.

• If both the per-IP address rate limiting function and the shared bandwidth mode are enabled, the

CIR specifies the total shared bandwidth for the network segment, which will be dynamically and

evenly allocated to the traffic by IP address.