HP MSR2000/3000/4000 Router Series ACL and QoS Configuration Guide (V7) Part number: 5998-3995 Software version: CMW710-R0007P02 Document version: 6PW100-20130927
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring ACLs ························································································································································· 4 Overview············································································································································································ 4 ACL categories ····································································································································
Configuring a child policy ···································································································································· 22 Applying the QoS policy to an interface ····················································································································· 23 Configuring the QoS policy-based traffic rate statistics collection period for an interface···································· 23 Displaying and maintaining QoS policies ·················
Applying the QoS policy ······································································································································ 52 Configuring the maximum available interface bandwidth ··············································································· 53 Setting the maximum reserved bandwidth as a percentage of available bandwidth ··································· 53 Displaying and maintaining CBQ ·································································
Index ··········································································································································································· 80 Configuring ACLs Overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs" provides an example.
Match order The rules in an ACL are sorted in a specific order. When a packet matches a rule, the device stops the match process and performs the action defined in the rule. If an ACL contains overlapping or conflicting rules, the matching result and action to take depend on the rule order. The following ACL match orders are available: • config—Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before a rule with a higher ID.
bits are ignored. The 0s and 1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask. Rule numbering ACL rules can be manually numbered or automatically numbered. This section describes how automatic ACL rule numbering works. Rule numbering step If you do not assign an ID to the rule you are creating, the system automatically assigns it a rule ID. The rule numbering step sets the increment by which the system automatically numbers rules.
Configuration task list Tasks at a glance (Required.) Perform at least one of the following tasks: • Configuring a basic ACL { Configuring an IPv4 basic ACL { Configuring an IPv6 basic ACL • Configuring an advanced ACL { Configuring an IPv4 advanced ACL { Configuring an IPv6 advanced ACL • Configuring an Ethernet frame header ACL • Configuring a user-defined ACL (Optional.) Copying an ACL (Optional.
Step 6. (Optional.) Add or edit a rule comment. Command Remarks rule rule-id comment text By default, no rule comments are configured. Configuring an IPv6 basic ACL IPv6 basic ACLs match packets based only on source IP addresses. To configure an IPv6 basic ACL: Step 1. Enter system view. Command Remarks system-view N/A By default, no ACL exists. IPv6 basic ACLs are numbered in the range of 2000 to 2999. Create an IPv6 basic ACL view and enter its view.
Step 1. Enter system view. Command Remarks system-view N/A By default, no ACL exists. IPv4 advanced ACLs are numbered in the range of 3000 to 3999. Create an IPv4 advanced ACL and enter its view. acl number acl-number [ name acl-name ] [ match-order { auto | config } ] (Optional.) Configure a description for the IPv4 advanced ACL. description text By default, an IPv4 advanced ACL has no ACL description. (Optional.) Set the rule numbering step. step step-value The default setting is 5. 5.
Step Command Remarks By default, no ACL exists. IPv6 advanced ACLs are numbered in the range of 3000 to 3999. Create an IPv6 advanced ACL and enter its view. acl ipv6 number acl-number [ name acl-name ] [ match-order { auto | config } ] (Optional.) Configure a description for the IPv6 advanced ACL. description text By default, an IPv6 advanced ACL has no ACL description. (Optional.) Set the rule numbering step. step step-value The default setting is 5. 5. Create or edit a rule.
Step Command Remarks By default, no ACL exists. Ethernet frame header ACLs are numbered in the range of 4000 to 4999. Create an Ethernet frame header ACL and enter its view. acl number acl-number [ name acl-name ] [ match-order { auto | config } ] (Optional.) Configure a description for the Ethernet frame header ACL. description text By default, an Ethernet frame header ACL has no ACL description. (Optional.) Set the rule numbering step. step step-value The default setting is 5. 5.
Step Command Remarks 4. Create or edit a rule. rule [ rule-id ] { deny | permit } [ { { ipv4 | ipv6 | l2 | l4 } rule-string rule-mask offset }&<1-8> ] [ counting | time-range time-range-name ] * By default, a user-defined ACL does not contain any rule. 5. (Optional.) Add or edit a rule comment. rule rule-id comment text By default, no rule comments are configured. Copying an ACL You can create an ACL by copying an existing ACL (source ACL).
Setting the interval for generating and outputting packet filtering logs After you set the interval, the device periodically generates and outputs the packet filtering logs to the information center, including the number of matching packets and the matched ACL rules. For more information about information center, see Network Management and Monitoring Configuration Guide. To set the interval for generating and outputting packet filtering logs: Step Command Remarks 1. Enter system view.
Task Command Display detailed ACL packet filtering information (MSR2000/MSR3000). display packet-filter verbose interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] Display detailed ACL packet filtering information (MSR4000). display packet-filter verbose interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] [ slot slot-number ] Clear ACL statistics.
# Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits access from the President's office to the financial database server, one rule permits access from the Financial department to the database server during working hours, and one rule denies access from any other department to the database server. [RouterA] acl number 3000 [RouterA-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.
# Display configuration and match statistics for IPv4 advanced ACL 3000 on Router A during the working hours. [RouterA] display acl 3000 Advanced ACL 3000, named -none-, 3 rules, ACL's step is 5 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.100 0 rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work (4 times matched) (Active) rule 10 deny ip destination 192.168.0.100 0 (4 times matched) The output shows that rule 5 is active.
Configuring MPLS QoS Overview In the area of QoS, in order to provide the support for differentiated services (DiffServ) as IP does, MPLS uses three bits analogous to IP precedence, called "EXP bits," to carry class-of-service information. With the EXP bits, MPLS QoS is achieved to identify different traffic flows and implement differentiated services, guaranteeing low delay and low packet loss ratio for critical service traffic, such as voice and video traffic.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A By default, no CAR policy is configured for an interface. 3. Configure an MPLS CAR policy for the interface.
Step Command Remarks 8. Create a QoS policy and enter QoS policy view. qos policy policy-name By default, no QoS policy is created. 9. Associate the traffic class with the traffic behavior in the QoS policy. classifier classifier-name behavior behavior-name By default, no traffic behavior is associated with a traffic class. 10. Return to system view. quit N/A 11. Apply the QoS policy to an interface. For more information, see "Configuring a QoS policy." By default, no QoS policy is applied.
QoS overview In data communications, Quality of Service (QoS) is a network's ability to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. Network resources are scarce. The contention for resources requires that QoS prioritize important traffic flows over trivial ones. For example, when bandwidth is fixed, more bandwidth for one traffic flow means less bandwidth for the other traffic flows.
All QoS techniques in this document are based on the DiffServ model. QoS techniques overview The QoS techniques include traffic classification, traffic policing, traffic shaping, rate limit, congestion management, and congestion avoidance. The following section briefly introduces these QoS techniques.
2. The QoS module takes various QoS actions on classified traffic as configured, depending on the traffic processing phase and network status. For example, you can configure the QoS module to perform traffic policing for incoming traffic, traffic shaping for outgoing traffic, congestion avoidance before congestion occurs, and congestion management when congestion occurs. ...
Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy. MQC approach In the modular QoS configuration (MQC) approach, you configure QoS service parameters by using QoS policies.
Defining a traffic class Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic class and enter traffic class view. traffic classifier classifier-name [ operator { and | or } ] By default, no traffic class is configured. By default, no match criterion is configured. 3. Configure match criteria. if-match [ not ] match-criteria For more information, see the if-match command in ACL and QoS Command Reference.
Associate a traffic class with a traffic behavior to create a class-behavior association in the QoS policy. 3. classifier classifier-name behavior behavior-name By default, a traffic class is not associated with a traffic behavior. Repeat this step to create more class-behavior associations. Configuring a child policy You can nest a QoS policy in a traffic behavior to re-classify the traffic class associated with the behavior and take actions that are defined in the policy on the re-classified traffic.
Applying the QoS policy to an interface A QoS policy can be applied to multiple interfaces, but only one QoS policy can be applied in one direction (inbound or outbound) of an interface. You can modify traffic classes, traffic behaviors, and class-behavior associations in a QoS policy even after it is applied. If a traffic class references an ACL for traffic classification, you can delete or modify the ACL (such as add rules to, delete rules from, and modify rules of the ACL).
Task Command Display traffic class configuration (MSR2000/MSR3000). display traffic classifier { system-defined | user-defined } [ classifier-name ] Display traffic class configuration (MSR4000). display traffic classifier { system-defined | user-defined } [ classifier-name ] [ slot slot-number ] Display traffic behavior configuration (MSR2000/MSR3000). display traffic behavior { system-defined | user-defined } [ behavior-name ] Display traffic behavior configuration (MSR4000).
Configuring priority mapping Overview When a packet arrives, depending on your configuration, a device assigns a set of QoS priority parameters to the packet based on either a certain priority field carried in the packet or the port priority of the incoming port. This process is called "priority mapping." During this process, the device can modify the priority of the packet according to the priority mapping rules.
• Configuring priority trust mode—In this approach, you can configure a port to look up a certain trusted priority type (802.1p, for example) in incoming packets in the priority maps and map the trusted priority to the target priority types and values. • Changing port priority—If no packet priority is trusted, the port priority of the incoming port is used. By changing the port priority of a port, you change the priority of the incoming packets on the port.
• dot1p—Uses the 802.1p priority of received packets for mapping. • dscp—Uses the DSCP precedence of received IP packets for mapping. To configure the trusted packet priority type on an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the trusted packet priority type. qos trust { dot1p | dscp } By default, no trusted packet priority type is configured.
Port priority configuration example Network requirements As shown in Figure 5, the IP precedence of traffic from Router A to Router C is 3, and the IP precedence of traffic from Router B to Router C is 1. Configure Router C to preferentially process packets from Router A to the server when Ethernet 1/3 of Router C is congested.
• The R&D department connects to Ethernet 1/2 of the router, which sets the 802.1p priority of traffic from the R&D department to 4. • The management department connects to Ethernet 3/1 of the router, which sets the 802.1p priority of traffic from the management department to 5. Configure port priority, 802.1p-to-local mapping table, and priority marking to implement the plan as described in Table 2.
Configuration procedure 1. Configure trusting port priority: # Set the port priority of Ethernet 1/1 to 3. system-view [Router] interface ethernet 1/1 [Router-Ethernet1/1] qos priority 3 [Router-Ethernet1/1] quit # Set the port priority of Ethernet 1/2 to 4. [Router] interface ethernet 1/2 [Router-Ethernet1/2] qos priority 4 [Router-Ethernet1/2] quit # Set the port priority of Ethernet 1/3 to 5. [Router] interface ethernet 1/3 [Router-Ethernet1/3] qos priority 5 [Router-Ethernet1/3] quit 2.
Configuring traffic policing, GTS, and rate limit Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic. Traffic policing, Generic Traffic Shaping (GTS), and rate limit control the traffic rate and resource usage according to traffic specifications.
CBS is implemented with bucket C, and EBS with bucket E. In each evaluation, packets are measured against the following bucket scenarios: • If bucket C has enough tokens, packets are colored green. • If bucket C does not have enough tokens but bucket E has enough tokens, packets are colored yellow. • If neither bucket C nor bucket E has sufficient tokens, packets are colored red. Traffic policing Traffic policing supports policing the inbound traffic and the outbound traffic.
GTS GTS supports shaping the outbound traffic. GTS limits the outbound traffic rate by buffering exceeding traffic. You can use GTS to adapt the traffic output rate on a device to the input traffic rate of its connected device to avoid packet loss. The differences between traffic policing and GTS are as follows: • Packets to be dropped with traffic policing are retained in a buffer or queue with GTS, as shown in Figure 8.
Rate limit also uses token buckets for traffic control. When rate limit is configured on an interface, a token bucket handles all packets to be sent through the interface for rate limiting. If enough tokens are in the token bucket, packets can be forwarded. Otherwise, packets are put into QoS queues for congestion management. In this way, the traffic passing the physical interface is controlled. Figure 10 Rate limit implementation The token bucket mechanism limits traffic rate when accommodating bursts.
Step Command Remarks Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name By default, no traffic behavior is configured. 6. Configure a traffic policing action. car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * By default, no traffic policing action is configured. 7. Return to system view. quit N/A 8.
Configuring ACL-based traffic policing Step Command Remarks 1. Enter system view. system-view N/A 2. Configure an ACL. See "Configuring ACLs." N/A 3. Enter interface view. interface interface-type interface-number N/A 4. Configure an ACL-based CAR policy on the interface.
Step Command Remarks • In absolute value: Configure a GTS action. 6. gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] * • In percentage: By default, no GTS action is configured. gts percent cir cir-percent [ cbs cbs-time [ ebs ebs-time ] ] [ queue-length queue-length ] 7. Return to system view. quit N/A 8. Create a QoS policy and enter policy view. qos policy policy-name By default, no QoS policy is created. 9.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure GTS on the interface. qos gts any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] By default, GTS is not configured on an interface. Configuring the rate limit The rate limit of a physical interface specifies the maximum rate of incoming packets or outgoing packets. To configure the rate limit: Step Command Remarks 1.
Traffic policing and GTS configuration example Network requirements As shown in Figure 11: • Server, Host A, and Host B can access the Internet through Router A and Router B. • Server, Host A, and Ethernet 1/1 of Router A are in the same network segment. • Host B and Ethernet 1/2 of Router A are in the same network segment. Perform traffic control for packets received on Ethernet 1/1 of Router A from Server and Host A respectively as follows: • Limit the rate of packets from Server to 54 kbps.
[RouterA-acl-basic-2001] rule permit source 1.1.1.1 0 [RouterA-acl-basic-2001] quit [RouterA] acl number 2002 [RouterA-acl-basic-2002] rule permit source 1.1.1.2 0 [RouterA-acl-basic-2002] quit # Configure CAR policies for different flows received on Ethernet 1/1.
Configuration procedure # Configure per-IP-address rate limiting on Ethernet 1/2 to limit the rate of each host on the network segment 2.1.1.1 through 2.1.1.100, and make traffic from all IP addresses in the network segment share the remaining bandwidth. system-view [Router] qos carl 1 source-ip-address range 2.1.1.1 to 2.1.1.
Configuring congestion management Overview Causes, impacts, and countermeasures of congestion Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 13 shows common congestion scenarios.
FIFO Figure 14 FIFO queuing As shown in Figure 14, the first in first out (FIFO) uses a single queue and does not classify traffic or schedule queues. FIFO delivers packets depending on their arrival order: the packet that arrives earlier is scheduled first. The only concern of FIFO is queue length, which affects delay and packet loss rate. On a device, resources are assigned to packets depending on their arrival order and load status of the device. The best-effort service model uses FIFO queuing.
WFQ considers weights when determining the queue scheduling order. Statistically, WFQ gives high-priority traffic more scheduling opportunities than low-priority traffic.
packets. When defining traffic classes for LLQ, you can configure a class of packets to be preferentially transmitted. The packets of all priority classes are assigned to the same priority queue. Bandwidth restriction on each class of packets is checked before the packets are enqueued. During the dequeuing operation, packets in the priority queue are transmitted first. To reduce the delay of the other queues except the priority queue, LLQ assigns the maximum available bandwidth to each priority class.
Type Number of queues Advantages Disadvantages • Easy to configure. • Bandwidth guarantee for packets from cooperative (interactive) sources (such as TCP packets). • Reduces jitter. • Reduces the delay for WFQ Configurable interactive applications with a small amount of data. The processing speed is slower than FIFO. • Bandwidth assignment based on traffic priority. • Automatic bandwidth reassignment to increase bandwidth for each class when the number of traffic classes decreases.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the FIFO queue size. qos fifo queue-length queue-length The default FIFO queue size is 75. If the burst traffic is too heavy, increase the queue length to make queue scheduling more accurate. Displaying and maintaining FIFO Execute the display command in any view.
Configuring CBQ Predefined classes, traffic behaviors, and policies The system predefines the following classes, traffic behaviors, and policies: Predefined classes The system predefines some classes and defines general rules for the classes. You can use these predefined classes when defining a policy: • default-class—Matches the default traffic. • ef, af1, af2, af3, af4—Matches IP DSCP value ef, af1, af2, af3, af4, respectively.
By default, no match criterion is configured. Configure match criteria. 3. if-match [ not ] match-criteria For more information about configuring match criteria, see ACL and QoS Command Reference. Defining a traffic behavior To define a traffic behavior, create the traffic behavior first and then configure QoS attributes in traffic behavior view.
2. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name By default, no behavior is created. 3. Configure EF and the maximum bandwidth. queue ef bandwidth { bandwidth [ cbs burst ] | pct percentage [ cbs-ratio ratio] } By default, EF is not configured. Command Remarks Configuring WFQ Step 1. Enter system view. system-view N/A 2. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name By default, no behavior is created.
Configuring the exponent for WRED to calculate the average queue size Before configuring the WRED exponent, make sure the queue af or queue wfq command has been configured and the wred command has been used to enable WRED. To configure the exponent for WRED to calculate the average queue size: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name By default, no traffic behavior is created. 3.
Step Command Remarks By default, no traffic behavior is created. 2. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name 3. Configure the lower limit, upper limit, and drop probability denominator for an IP precedence value in WRED. wred ip-precedence precedence low-limit low-limit high-limit high-limit [ discard-probability discard-prob ] By default, low-limit is 10, high-limit is 30, and discard-prob is 10.
Configuring the maximum available interface bandwidth The maximum available interface bandwidth refers to the maximum interface bandwidth used for bandwidth check when CBQ enqueues packets, rather than the actual bandwidth of the physical interface. If no maximum available bandwidth is configured for an interface, the following bandwidth is used for CBQ calculation: • The actual baud rate or rate if the interface is a physical one.
Set the maximum reserved bandwidth as a percentage of available bandwidth. 3. qos reserved-bandwidth pct percent The default setting is 80. Displaying and maintaining CBQ Execute display commands in any view. Task Command Remarks Display class configuration. display traffic classifier { system-defined | user-defined } [ classifier-name ] Available in any view. Display traffic behavior configuration.
Figure 17 Network diagram Router D Router C Ethernet Ethernet AF11 Eth1/1 1.1.1.1/24 Eth1/1 1.1.1.2/24 AF21 EF Router B Router A Configuring Router A # Define three classes to match the IP packets with the DSCP values AF11, AF21, and EF, respectively.
[RouterA-Ethernet1/1] ip address 1.1.1.1 255.255.255.0 [RouterA-Ethernet1/1] qos apply policy dscp outbound The configuration enables EF traffic to be forwarded preferentially when congestion occurs.
Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance actively monitors network resources (such as queues and memory buffers), and drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, it cooperates with the flow control mechanism (such as TCP flow control) at the source end to regulate the network traffic size.
When using FIFO queuing, you can set the exponent for average queue size calculation, upper threshold, lower threshold, and drop probability for each queue to provide differentiated drop policies for different classes of packets.
probability. When the average queue size exceeds the upper threshold, subsequent packets are dropped. • Drop precedence—A parameter used for packet drop. The value 0 corresponds to green packets, the value 1 corresponds to yellow packets, and the value 2 corresponds to red packets. Red packets are dropped preferentially. • Exponent for average queue size calculation—The greater the exponent, the less sensitive the average queue size is to real-time queue size changes.
[Sysname-Ethernet1/1] qos wred ip-precedence enable # Set the following parameters for packets with IP precedence value 3: lower threshold 20, upper threshold 40, and drop probability denominator 15. [Sysname-Ethernet1/1] qos wred ip-precedence 3 low-limit 20 high-limit 40 discard-probability 15 # Set the exponent for average queue size calculation to 6. [Sysname-Ethernet1/1] qos wred weighting-constant 6 Displaying and maintaining WRED Execute display commands in any view.
Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status. Configuration procedure Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic class and enter traffic class view. traffic classifier classifier-name [ operator { and | or } ] By default, no traffic class is configured. 3.
Configuration example Network requirements As shown in Figure 19, configure traffic filtering on Ethernet 1/1 to filter the incoming packets with source port other than port 21. Figure 19 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is not 21.
Configuring priority marking Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a traffic class of IP packets to control the forwarding of these packets. To configure priority marking, you can associate a traffic class with a traffic behavior configured with the priority marking action to set the priority fields or flag bits of the traffic class of packets.
Step Command Remarks classifier classifier-name behavior behavior-name By default, a traffic class is not associated with a traffic behavior. 10. Return to system view. quit N/A 11. Apply the QoS policy to the interface. Applying the QoS policy to an interface By default, a QoS policy is not applied. 12. (Optional.) Display the priority marking configuration. display qos policy user-defined [ policy-name ] Available in any view. 9.
# Create advanced ACL 3001, and configure a rule to match packets with destination IP address 192.168.0.2. [Router] acl number 3001 [Router-acl-adv-3001] rule permit ip destination 192.168.0.2 0 [Router-acl-adv-3001] quit # Create advanced ACL 3002, and configure a rule to match packets with destination IP address 192.168.0.3. [Router] acl number 3002 [Router-acl-adv-3002] rule permit ip destination 192.168.0.
[Router-qospolicy-policy_server] classifier classifier_mserver behavior behavior_mserver [Router-qospolicy-policy_server] classifier classifier_fserver behavior behavior_fserver [Router-qospolicy-policy_server] quit # Apply the QoS policy named policy_server to the incoming traffic of Ethernet 1/1.
Configuring traffic redirecting Traffic redirecting is the action of redirecting the packets matching the specific match criteria to a certain location for processing. The router supports redirecting traffic to an interface. Configuration procedure Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic class and enter traffic class view. traffic classifier classifier-name [ operator { and | or } ] By default, no traffic class exists.
Configuration example Network requirements As shown in Figure 21, redirect the traffic that GigabitEthernet 1/1 receives from the network segments 2.2.2.0/24 and 3.3.3.0/24 to GigabitEthernet 1/2 and GigabitEthernet 1/3, respectively. Figure 21 Network diagram Configuration procedure # Create basic ACL 2000, and configure a rule to match packets from the network segment 2.2.2.0/24. system-view [RouterA] acl number 2000 [RouterA-acl-basic-2000] rule permit source 2.2.2.0 0.0.0.
[RouterA] qos policy policy [RouterA-qospolicy-policy] classifier classifier_1 behavior behavior_1 [RouterA-qospolicy-policy] classifier classifier_2 behavior behavior_2 [RouterA-qospolicy-policy] quit # Apply the QoS policy policy to the incoming traffic of GigabitEthernet 1/1.
Appendix Appendix A Acronym Table 4 Appendix A Acronym Acronym Full spelling AF Assured Forwarding BE Best Effort CAR Committed Access Rate CBS Committed Burst Size CBQ Class Based Queuing CBWFQ Class Based Weighted Fair Queuing CIR Committed Information Rate DiffServ Differentiated Service DoS Denial of Service DSCP Differentiated Services Code Point EBS Excess Burst Size EF Expedited Forwarding FIFO First in First out FQ Fair Queuing GTS Generic Traffic Shaping IntServ Int
Acronym Full spelling WFQ Weighted Fair Queuing WRED Weighted Random Early Detection Appendix B Default priority maps Table 5 Default dot1p-lp priority map Input priority value dot1p-lp map dot1p lp 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Table 6 Default dscp-lp priority map Input priority value dscp-lp map dscp lp 0 to 7 0 8 to 15 1 16 to 23 2 24 to 31 3 32 to 39 4 40 to 47 5 48 to 55 6 56 to 63 7 71
Appendix C Introduction to packet precedences IP precedence and DSCP values Figure 22 ToS and DS fields Bits: 0 1 2 3 4 5 6 7 IPv4 ToS byte Preced ence RFC 1122 Type of Service RFC 1349 M B Z Must Be Zero Bits: 0 1 2 3 4 5 6 7 DSCP DS-Field (for IPv4,ToS octet,and for IPv6,Traffic Class octet ) IP Type of Service (ToS) RFC 791 Class Selector codepoints CU Currently Unused Differentiated Services Codepoint (DSCP) RFC 2474 As shown in Figure 22, the ToS field in the IP header contains 8 bits.
DSCP value (decimal) DSCP value (binary) Description 28 011100 af32 30 011110 af33 34 100010 af41 36 100100 af42 38 100110 af43 8 001000 cs1 16 010000 cs2 24 011000 cs3 32 100000 cs4 40 101000 cs5 48 110000 cs6 56 111000 cs7 0 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header and applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2. Figure 23 An Ethernet frame with an 802.
Table 9 Description on 802.1p priority 802.1p priority (decimal) 802.
Configuring time ranges You can implement a service based on the time of the day by applying a time range to it. A time-based service only takes effect in any time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them. If a time range does not exist, the service based on the time range does not take effect. The following basic types of time range are available: • Periodic time range—Recurs periodically on a day or days of the week.
Figure 25 Network diagram Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 2011 to the end of the year. system-view [RouterA] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2011 to 24:0 12/31/2011 # Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit only packets from 192.168.1.2/32 during the time range work. [RouterA] acl number 2001 [RouterA-acl-basic-2001] rule permit source 192.168.1.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ACDIMNOPQRT Conventions,78 A Copying an ACL,9 ACL configuration example,11 D Appendix A Acronym,70 Appendix B Default priority maps,71 Defining a QoS policy,21 Appendix C Introduction to packet precedences,72 Defining a traffic behavior,21 Applying the QoS policy to an interface,23 Defining a traffic class,21 C Displaying and maintaining ACLs,10 Displaying and maintaining FIFO,47 Changing the port priority of an interface,27 Displaying and maintaining priority mapping,27 Configuration e
QoS service models,17 T QoS techniques overview,18 Time range configuration example,75 R Traffic policing and GTS configuration example,39 Related information,77 81
