HP MSR Router Series ACL and QoS Configuration Guide(V7) Part number: 5998-5681 Software version: CMW710-R0106 Document version: 6PW100-20140607
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring ACLs ························································································································································· 5 Overview············································································································································································ 5 ACL categories ····································································································································
Displaying and maintaining QoS policies ·················································································································· 25 Configuring priority mapping ··································································································································· 27 Overview········································································································································································· 27 Introduc
Setting the maximum reserved bandwidth as a percentage of available bandwidth ··································· 56 Displaying and maintaining CBQ ······················································································································· 56 CBQ configuration example ································································································································ 57 Configuring packet information pre-extraction ·····································
Appendix B Default uncolored priority maps ·············································································································· 91 Appendix C Introduction to packet precedences ······································································································· 92 IP precedence and DSCP values·························································································································· 92 802.
Configuring ACLs In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs" provides an example.
• config—Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before a rule with a higher ID. If you use this method, check the rules and their order carefully. • auto—Sorts ACL rules in depth-first order. Depth-first ordering makes sure any subset of a rule is always matched before the rule. Table 1 lists the sequence of tie breakers that depth-first ordering uses to sort rules for each type of ACL.
automatically numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert between two rules. By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility of inserting rules in an ACL. This feature is important for a config-order ACL, where ACL rules are matched in ascending order of rule ID.
Configuring an IPv4 basic ACL IPv4 basic ACLs match packets based only on source IP addresses. To configure an IPv4 basic ACL: Step Command Remarks 1. Enter system view. system-view N/A By default, no ACL exists. IPv4 basic ACLs are numbered in the range of 2000 to 2999. 2. Create an IPv4 basic ACL and enter its view. acl number acl-number [ name acl-name ] [ match-order { auto | config } ] 3. (Optional.) Configure a description for the IPv4 basic ACL.
Step Command 5. Create or edit a rule. rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * 6. (Optional.) Add or edit a rule comment. rule rule-id comment text Remarks By default, an IPv6 basic ACL does not contain any rule.
Step Command 5. Create or edit a rule.
Step Command Remarks 4. (Optional.) Set the rule numbering step. step step-value The default setting is 5. 5. Create or edit a rule.
Step Command Remarks 3. (Optional.) Configure a description for the Ethernet frame header ACL. description text By default, an Ethernet frame header ACL has no ACL description. 4. (Optional.) Set the rule numbering step. step step-value The default setting is 5. 5. Create or edit a rule.
Step Command 3. Apply an ACL to the interface to filter packets. packet-filter [ ipv6 ] { acl-number | name acl-name } { inbound | outbound } Remarks By default, an interface does not filter packets. You can apply up to 32 ACLs to the same direction of an interface. Applying an ACL to an interzone instance for packet filtering Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interzone view. interzone source source-zone-name destination destination-zone-name N/A 3.
Task Command Display ACL configuration and match statistics. display acl [ ipv6 ] { acl-number | all | name acl-name } Display ACL application information for packet filtering (MSR2000/MSR3000). display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | interzone [ source source-zone-name destination destination-zone-name ] } Display ACL application information for packet filtering (MSR4000).
• Deny access from any other department to the database server. Figure 1 Network diagram Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. system-view [RouterA] time-range work 08:0 to 18:00 working-day # Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL.
Reply from 192.168.0.100: bytes=32 time=1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Reply from 192.168.0.100: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms The output shows that the database server can be pinged.
QoS overview In data communications, Quality of Service (QoS) provides differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. QoS manages network resources and prioritizes traffic to balance system resources. The following section describes typical QoS service models and widely used QoS techniques. QoS service models This section describes several typical QoS service models.
• Traffic shaping. • Rate limit. • Congestion management. • Congestion avoidance. The following section briefly introduces these QoS techniques. All QoS techniques in this document are based on the DiffServ model.
2. The QoS module takes various QoS actions on classified traffic as configured, depending on the traffic processing phase and network status. For example, you can configure the QoS module to perform the following: { Traffic policing for incoming traffic. { Traffic shaping for outgoing traffic. { Congestion avoidance before congestion occurs. { Congestion management when congestion occurs. ...
Configuring a QoS policy In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy.
Defining a traffic class Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic class and enter traffic class view. traffic classifier classifier-name [ operator { and | or } ] By default, no traffic class is configured. By default, no match criterion is configured. 3. Configure match criteria. if-match [ not ] match-criteria For more information, see the if-match command in ACL and QoS Command Reference.
Configuring a child policy You can nest a QoS policy in a traffic behavior to reclassify the traffic class associated with the behavior. Then the actions that are defined in the QoS policy are taken on the reclassified traffic. The QoS policy nested in the traffic behavior is called a child policy. The QoS policy that nests the behavior is called a parent policy.
• Control plane—The QoS policy takes effect on the traffic received on the control plane. • Management interface control plane—The QoS policy takes effect on the traffic sent from the management interface to the control plane. You can modify traffic classes, traffic behaviors, and class-behavior associations in a QoS policy even after it is applied. If a traffic class references an ACL for traffic classification, you can delete or modify the ACL.
The router is enabled with predefined control plane QoS policies by default. A predefined control plane QoS policy uses the protocol type or protocol group type to identify the type of packets sent to the control plane. You can reference protocol types or protocol group types in if-match commands in traffic class view for traffic classification. Then you can reconfigure traffic behaviors for these traffic classes as required.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter management interface control plane view. control-plane management N/A 3. Apply the QoS policy to the management interface control plane. qos apply policy policy-name inbound By default, no QoS policy is applied to the management interface control plane.
Display QoS policy configuration (MSR2000/MSR3000). display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] Display QoS policy configuration (MSR4000). display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] [ slot slot-number ] Display information about QoS policies applied to interfaces (MSR2000/MSR3000).
Configuring priority mapping Overview When a packet arrives, a device assigns a set of QoS priority parameters to the packet based on either a priority field carried in the packet or the port priority of the incoming port. This process is called "priority mapping." During this process, the device can modify the priority of the packet according to the priority mapping rules. The set of QoS priority parameters decides the scheduling priority and forwarding priority of the packet.
Priority mapping configuration tasks You can configure priority mapping by using any of the following methods: • Configuring priority trust mode—In this method, you can configure a port to look up a trusted priority type (802.1p, for example) in incoming packets in the priority maps. Then, the system maps the trusted priority to the target priority types and values. • Changing port priority—If no packet priority is trusted, the port priority of the incoming port is used.
You can configure the device to trust a particular priority field carried in packets for priority mapping on ports or globally. When you configure the trusted packet priority type on an interface, use the following available keywords: • dot1p—Uses the 802.1p priority of received packets for mapping. • dscp—Uses the DSCP precedence of received IP packets for mapping. To configure the trusted packet priority type on an interface: Step Command Remarks 1. Enter system view. system-view N/A 2.
Port priority configuration example Network requirements As shown in Figure 5, the IP precedence of traffic from Router A to Router C is 3, and the IP precedence of traffic from Router B to Router C is 1. Configure Router C to preferentially process packets from Router A to the server when GigabitEthernet 2/1/2 of Router C is congested.
• The R&D department connects to GigabitEthernet 2/1/1 of the router, which sets the 802.1p priority of traffic from the R&D department to 4. • The management department connects to Ethernet 2/1/2 of the router, which sets the 802.1p priority of traffic from the management department to 5. Configure port priority, 802.1p-to-local mapping table, and priority marking to implement the plan as described in Table 2.
# Set the port priority of GigabitEthernet 2/1/0 to 3. system-view [Router] interface gigabitethernet 2/1/0 [Router-GigabitEthernet2/1/0] qos priority 3 [Router-GigabitEthernet2/1/0] quit # Set the port priority of GigabitEthernet 2/1/1 to 4. [Router] interface gigabitethernet 2/1/1 [Router-GigabitEthernet2/1/1] qos priority 4 [Router-GigabitEthernet2/1/1] quit # Set the port priority of GigabitEthernet 2/1/2 to 5.
Configuring traffic policing, GTS, and rate limit In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic.
CBS is implemented with bucket C, and EBS with bucket E. In each evaluation, packets are measured against the following bucket scenarios: • If bucket C has enough tokens, packets are colored green. • If bucket C does not have enough tokens but bucket E has enough tokens, packets are colored yellow. • If neither bucket C nor bucket E has sufficient tokens, packets are colored red. Traffic policing Traffic policing supports policing the inbound traffic and the outbound traffic.
GTS GTS supports shaping the outbound traffic. GTS limits the outbound traffic rate by buffering exceeding traffic. You can use GTS to adapt the traffic output rate on a device to the input traffic rate of its connected device to avoid packet loss. The differences between traffic policing and GTS are as follows: • Packets to be dropped with traffic policing are retained in a buffer or queue with GTS, as shown in Figure 8.
Rate limit also uses token buckets for traffic control. When rate limit is configured on an interface, a token bucket handles all packets to be sent through the interface for rate limiting. If enough tokens are in the token bucket, packets can be forwarded. Otherwise, packets are put into QoS queues for congestion management. In this way, the traffic passing the physical interface is controlled. Figure 10 Rate limit implementation The token bucket mechanism limits traffic rate when accommodating bursts.
Step Command Remarks 5. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name By default, no traffic behavior is configured. 6. Configure a traffic policing action. car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * By default, no traffic policing action is configured. 7. Return to system view. quit N/A 8.
Configuring ACL-based traffic policing Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure an ACL-based CAR policy on the interface. qos car { inbound | outbound } acl [ ipv6 ] acl-number cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * By default, no CAR policy is configured on an interface.
Step Command Remarks • In absolute value: 6. Configure a GTS action. gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] By default, no GTS action is configured. • In percentage: gts percent cir cir-percent [ cbs cbs-time [ ebs ebs-time ] ] [ queue-length queue-length ] 7. Return to system view. quit N/A 8. Create a QoS policy and enter policy view. qos policy policy-name By default, no QoS policy is created. 9.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure GTS on the interface. qos gts any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] By default, GTS is not configured on an interface. Configuring the rate limit The rate limit of a physical interface specifies the maximum rate of incoming packets or outgoing packets. To configure the rate limit: Step Command Remarks 1.
Traffic policing and GTS configuration example Network requirements As shown in Figure 11: • The server, Host A, and Host B can access the Internet through Router A and Router B. • The server, Host A, and GigabitEthernet 2/1/0 of Router A are in the same network segment. • Host B and GigabitEthernet 2/1/1 of Router A are in the same network segment.
[RouterA-acl-basic-2001] quit [RouterA] acl number 2002 [RouterA-acl-basic-2002] rule permit source 1.1.1.2 0 [RouterA-acl-basic-2002] quit # Configure CAR policies for different flows received on GigabitEthernet 2/1/0.
Configuration procedure # Configure per-IP-address rate limiting on GigabitEthernet 2/1/1 to limit the rate of each host on the network segment 2.1.1.1 through 2.1.1.100, and allow all IP addresses in the network segment to share the remaining bandwidth. system-view [Router] qos carl 1 source-ip-address range 2.1.1.1 to 2.1.1.
Configuring congestion management In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 13 shows common congestion scenarios.
FIFO Figure 14 FIFO queuing As shown in Figure 14, the first in first out (FIFO) uses a single queue and does not classify traffic or schedule queues. FIFO delivers packets depending on their arrival order: the packet that arrives earlier is scheduled first. The only concern of FIFO is queue length, which affects delay and packet loss rate. On a device, resources are assigned to packets depending on their arrival order and load status of the device. The best-effort service model uses FIFO queuing.
• Short packets and long packets are equally scheduled. If long packets and short packets exist in queues, statistically the short packets are scheduled preferentially to reduce the jitter between packets. WFQ considers weights when determining the queue scheduling order. Statistically, WFQ gives high-priority traffic more scheduling opportunities than low-priority traffic.
• Emergency queue—Enqueues emergent packets. The emergency queue is a FIFO queue without bandwidth restriction. • Low Latency Queuing (LLQ)—An EF queue. Because packets are fairly treated in CBQ, delay-sensitive flows like video and voice packets might not be transmitted timely. To solve this problem, LLQ combines PQ and CBQ to preferentially transmit delay-sensitive flows like voice packets. When defining traffic classes for LLQ, you can configure a class of packets to be preferentially transmitted.
Type Number of queues Advantages Disadvantages • Easy to configure. • Bandwidth guarantee for packets from cooperative (interactive) sources (such as TCP packets). • Reduces jitter. • Reduces the delay for WFQ Configurable interactive applications with a small amount of data. The processing speed is slower than FIFO. • Bandwidth assignment based on traffic priority. • Automatic bandwidth reassignment to increase bandwidth for each class when the number of traffic classes decreases.
Step Command Remarks 1. Enter system view. system-view N/A • Enter interface view: interface interface-type interface-number 2. Enter interface or PVC view. • Enter PVC view: N/A a. interface atm interface-number b. pvc vpi/vci The default FIFO queue size is 75. 3. Configure the FIFO queue size. qos fifo queue-length queue-length If the burst traffic is too heavy, increase the queue length to make queue scheduling more accurate.
Step Command Remarks 3. Configure WFQ. qos wfq [ dscp | precedence ] [ queue-length max-queue-length | queue-number total-queue-number ] * By default, WFQ is not configured. Displaying and maintaining WFQ Execute display commands in any view. Task Command Display the WFQ configuration and statistics for an interface or PVC.
• Associates the predefined class default-class with the predefined traffic behavior be. Defining a class Step Command Remarks 1. Enter system view. system-view N/A 2. Create a class and enter class view. traffic classifier classifier-name [ operator { and | or } ] By default, no class is created. By default, no match criterion is configured. 3. Configure match criteria. if-match [ not ] match-criteria For more information about configuring match criteria, see ACL and QoS Command Reference.
• You cannot configure the queue ef command together with the any of the commands queue af and queue-length for a traffic behavior. • The default class cannot be associated with a traffic behavior including EF. • To configure queue ef for multiple classes of a policy, you must configure them in one of the following units: • { Bandwidth. { Percentage of the available bandwidth.
Enabling WRED When you enable WRED, follow these guidelines: • Before enabling WRED, configure the queue af or queue wfq command. • The wred command and the queue-length command are mutually exclusive. • When WRED is disabled, other WRED configurations are deleted. To enable WRED: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name By default, no traffic behavior is created. 3. Enable WRED.
Step Command 3. Configure the lower limit, upper limit, and drop probability denominator for a DSCP value in WRED. Remarks wred dscp dscp-value low-limit low-limit high-limit high-limit [ discard-probability discard-prob ] By default, low-limit is 10, high-limit is 30, and discard-prob is 10. Repeat this command to configure more DSCP values.
• You must enable the rate limit function for the queuing function to take effect on subinterfaces. Configuration procedure To apply a policy to an interface or PVC: Step Command Remarks 1. Enter system view. system-view N/A • Enter interface view: interface interface-type interface-number • Enter PVC view: 2. Enter interface or PVC view. a. interface atm interface-number Settings in interface view take effect on the current interface. Settings in PVC view take effect on the current PVC. b.
Setting the maximum reserved bandwidth as a percentage of available bandwidth The maximum reserved bandwidth is set on a per-interface basis and decides the maximum bandwidth assignable for the QoS queues on an interface. It is typically set no greater than 80% of available bandwidth, considering the bandwidth for control traffic and Layer 2 frame headers. Use the default maximum reserved bandwidth setting in most situations.
CBQ configuration example Network requirements As shown in Figure 17, configure a QoS policy to meet the following requirements: • Traffic from Router C is classified into three classes based on DSCP values. Perform AF for traffic with DSCP values of AF11 and AF21, and set a minimum guaranteed bandwidth percentage of 5% for the traffic. • Perform EF for traffic with a DSCP value of EF and set the maximum bandwidth percentage for the traffic to 30%.
# Define a traffic behavior, and enable EF and set a maximum bandwidth percentage of 30% (both bandwidth and delay are guaranteed for EF traffic) in the traffic behavior. [RouterA] traffic behavior ef_behav [RouterA-behavior-ef_behav] queue ef bandwidth pct 30 [RouterA-behavior-ef_behav] quit # Define a QoS policy and associate the configured traffic behaviors with classes in the QoS policy.
[Sysname-Tunnel0] qos pre-classify 59
Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance: • Actively monitors network resources (such as queues and memory buffers). • Drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, congestion avoidance cooperates with the flow control mechanism at the source end to regulate the network traffic size.
With FIFO queuing used, you can set the exponent for average queue size calculation, upper threshold, lower threshold, and drop probability for each queue to provide differentiated drop policies for different classes of packets.
• Exponent for average queue size calculation—The greater the exponent, the less sensitive the average queue size is to real-time queue size changes. The formula for calculating the average queue size is average queue size = ( previous average queue size x (1 – 2–n) ) + (current queue size x 2–n), where n is the exponent. • Denominator for drop probability calculation—The greater the denominator, the smaller the calculated drop probability.
[Sysname] interface gigabitethernet 2/1/0 # Enable IP precedence-based WRED. [Sysname-GigabitEthernet2/1/0] qos wred ip-precedence enable # Set the following parameters for packets with IP precedence value 3: lower threshold 20, upper threshold 40, and drop probability denominator 15. [Sysname-GigabitEthernet2/1/0] qos wred ip-precedence 3 low-limit 20 high-limit 40 discard-probability 15 # Set the exponent for average queue size calculation to 6.
Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status. Configuration procedure To configure traffic filtering: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic class and enter traffic class view.
Configuration example Network requirements As shown in Figure 19, configure traffic filtering on GigabitEthernet 2/1/0 to deny the incoming packets with a source port number other than 21. Figure 19 Network diagram Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is not 21.
Configuring priority marking Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a traffic class of IP packets to control the forwarding of these packets. To configure priority marking, you can associate a traffic class with a traffic behavior configured with the priority marking action to set the priority fields or flag bits of the traffic class of packets.
Step Command Remarks 8. Create a QoS policy and enter QoS policy view. qos policy policy-name By default, no QoS policy is configured. 9. Associate the traffic class with the traffic behavior in the QoS policy. classifier classifier-name behavior behavior-name By default, a traffic class is not associated with a traffic behavior. 10. Return to system view. quit N/A • Applying the QoS policy to an interface or 11. Apply the QoS policy.
system-view [Router] acl number 3000 [Router-acl-adv-3000] rule permit ip destination 192.168.0.1 0 [Router-acl-adv-3000] quit # Create advanced ACL 3001, and configure a rule to match packets with destination IP address 192.168.0.2. [Router] acl number 3001 [Router-acl-adv-3001] rule permit ip destination 192.168.0.2 0 [Router-acl-adv-3001] quit # Create advanced ACL 3002, and configure a rule to match packets with destination IP address 192.168.0.3.
[Router] qos policy policy_server [Router-qospolicy-policy_server] classifier classifier_dbserver behavior behavior_dbserver [Router-qospolicy-policy_server] classifier classifier_mserver behavior behavior_mserver [Router-qospolicy-policy_server] classifier classifier_fserver behavior behavior_fserver [Router-qospolicy-policy_server] quit # Apply the QoS policy named policy_server to the incoming traffic of GigabitEthernet 2/1/0.
Configuring traffic redirecting Traffic redirecting redirects packets matching the specified match criteria to a location for processing. The router supports redirecting traffic to an interface. The following matrix shows the feature and hardware compatibility: Hardware Traffic redirecting feature compatibility MSR2000 No MSR3000 Yes on HMIM-24GSW interface modules MSR4000 Yes on HMIM-24GSW interface modules Configuration procedure To configure traffic redirecting: Step Command Remarks 1.
Step Command Remarks 9. Associate the traffic class with the traffic behavior in the QoS policy. classifier classifier-name behavior behavior-name By default, no class-behavior association is configured for a QoS policy. 10. Return to system view. quit N/A • Applying the QoS policy to an interface or 11. Apply the QoS policy. PVC • Applying the QoS policy to the control plane 12. (Optional.) Display traffic redirecting configuration.
[RouterA-classifier-classifier_1] quit # Create a traffic class named classifier_2, and use ACL 2001 as the match criterion in the traffic class. [RouterA] traffic classifier classifier_2 [RouterA-classifier-classifier_2] if-match acl 2001 [RouterA-classifier-classifier_2] quit # Create a traffic behavior named behavior_1, and configure the action of redirecting traffic to GigabitEthernet 2/1/1.
Configuring QPPB The term "router" in this document refers to both routers and Layer 3 switches. Overview The QoS Policy Propagation Through the Border Gateway Protocol (QPPB) feature enables you to classify IP packets based on BGP community lists, prefix lists, and BGP AS paths. The QPPB feature is implemented as follows: • The BGP route sender preclassifies routes before advertising them.
Tasks at a glance Configuring the route receiver: • • • • • (Required.) Configuring basic BGP functions (Required.) Configuring a routing policy (Required.) Enabling QPPB on the route receiving interface (Required.) Configuring a QoS policy (Required.) Applying the QoS policy to an interface Configuring the route sender Configure the BGP route sender to set route attributes for routes before advertising them.
Configuring a QoS policy The classes in the QoS policy use the IP precedence and local QoS ID set by the routing policy as match criteria. Applying the QoS policy to an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Apply the specified policy to the interface. qos apply policy policy-name { inbound | outbound } By default, a QoS policy is not applied.
[RouterA-bgp-ipv4] quit [RouterA-bgp] quit 3. Configure Router B: # Configure a BGP connection to Router A, apply the routing policy qppb to routes from the peer 168.1.1.1, and add the network 2.2.2.0/8 to the BGP routing table. system-view [RouterB] bgp 2000 [RouterB-bgp] peer 168.1.1.1 as-number 1000 [RouterB-bgp] peer 168.1.1.1 connect-interface GigabitEthernet 2/1/1 [RouterB-bgp] address-family ipv4 [RouterB-bgp-ipv4] peer 168.1.1.1 enable [RouterB-bgp-ipv4] peer 168.1.1.
SubProtID: 0x2 Age: 00h00m33s Cost: 0 Preference: 255 IpPre: 1 QosLocalID: 3 Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: default-vrf TableID: 0x2 OrigAs: 1000 NibID: 0x15000000 LastAs: 1000 AttrID: 0x0 Neighbor: 168.1.1.1 Flags: 0x10060 OrigNextHop: 168.1.1.1 Label: NULL RealNextHop: 168.1.1.
Red packets : 0 (Packets) 0 (Bytes) QPPB configuration example in an MPLS L3VPN Network requirements As shown in Figure 23, all routers run BGP. Configure QPPB so that Router C can perform the following tasks: • Receive routes. • Set the QPPB local QoS IDs. • Use the QoS policy to limit the traffic rate to 2 Mbps in each direction. Figure 23 Network diagram Table 4 Interfaces and IP address assignment Device Router A Router C Interface IP address GE2/1/0 192.168.1.2/24 GE2/1/1 167.1.1.
[RouterB-vpn-instance-vpn1] vpn-target 200:1 import-extcommunity [RouterB-vpn-instance-vpn1] quit # Configure a BGP connection. [RouterB] router id 1.1.1.1 [RouterB] bgp 200 [RouterB-bgp] peer 2.2.2.2 as-number 200 [RouterB-bgp] peer 2.2.2.2 connect-interface loopback 0 [RouterB-bgp] ip vpn-instance vpn1 [RouterB-bgp-vpn1] peer 167.1.1.1 as-number 100 [RouterB-bgp-vpn1] address-family ipv4 [RouterB-bgp-ipv4-vpn1] peer 167.1.1.
[RouterC] bgp 200 [RouterC-bgp] peer 1.1.1.1 as-number 200 [RouterC-bgp] peer 1.1.1.1 connect-interface loopback 0 [RouterC-bgp] ip vpn-instance vpn1 [RouterC-bgp-vpn1] peer 169.1.1.1 as-number 300 [RouterC-bgp-vpn1] address-family ipv4 [RouterC-bgp-ipv4-vpn1] peer 169.1.1.1 enable [RouterC-bgp-ipv4-vpn1] peer 169.1.1.1 route-policy qppb import [RouterC-bgp-ipv4-vpn1] quit [RouterC-bgp-vpn1] quit [RouterC-bgp] address-family vpnv4 [RouterC-bgp-vpnv4] peer 1.1.1.1 enable [RouterC-bgp-vpnv4] peer 1.1.1.
[RouterC] interface gigabitethernet 2/1/0 [RouterC-GigabitEthernet2/1/0] bgp-policy destination ip-qos-map [RouterC-GigabitEthernet2/1/0] quit # Bind interface GigabitEthernet 2/1/0 to the VPN instance vpn1. [RouterC] interface gigabitethernet 2/1/0 [RouterC-GigabitEthernet2/1/0] ip binding vpn-instance vpn1 [RouterC-GigabitEthernet2/1/0] ip address 169.1.1.2 24 # Apply the QoS policy qppb to the incoming and outgoing traffic of interface GigabitEthernet 2/1/0.
Destinations : 14 Routes : 14 Destination/Mask Proto 0.0.0.0/32 1.1.1.1/32 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 127.0.0.1 InLoop0 2.2.2.2/32 OSPF 1 168.1.1.1 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 168.1.1.0/24 Direct 0 0 168.1.1.2 GE2/1/1 168.1.1.0/32 Direct 0 0 168.1.1.2 GE2/1/1 168.1.
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 168.1.1.0/24 Direct 0 0 168.1.1.1 GE2/1/1 168.1.1.0/32 Direct 0 0 168.1.1.1 GE2/1/1 168.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 168.1.1.255/32 Direct 0 0 168.1.1.1 GE2/1/1 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.
192.168.1.0/24 BGP 0 169.1.1.2 GE2/1/1 192.168.3.0/24 Direct 0 255 0 192.168.3.2 GE2/1/0 192.168.3.0/32 Direct 0 0 192.168.3.2 GE2/1/0 192.168.3.2/32 Direct 0 0 127.0.0.1 InLoop0 192.168.3.255/32 Direct 0 0 192.168.3.2 GE2/1/0 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # Display the QoS policy configuration on interface GigabitEthernet 2/1/0 of Router C.
Matched : 311 (Packets) 23243 (Bytes) 5-minute statistics: Forwarded: 0/24 (pps/bps) Dropped : 0/0 (pps/bps) Operator: AND Rule(s) : If-match any Behavior: be -noneClassifier: qppb Matched : 0 (Packets) 0 (Bytes) 5-minute statistics: Forwarded: 0/0 (pps/bps) Dropped : 0/0 (pps/bps) Operator: AND Rule(s) : If-match qos-local-id 1023 Behavior: qppb Committed Access Rate: CIR 2000 (kbps), CBS 125000 (Bytes), EBS 512 (Bytes) Green action : pass Yellow action : pass Red action : discard Green packets : 0
2. Configure BGP on Router A. system-view [RouterA] bgp 1000 [RouterA] peer 168::2 as-number 2000 [RouterA] peer 168::2 connect-interface gigabitethernet 2/1/1 [RouterA-bgp] address-family ipv6 [RouterA-bgp-ipv6] peer 168::2 enable [RouterA-bgp-ipv6] import-route direct [RouterA-bgp-ipv6] quit [RouterA-bgp] quit 3. Configure Router B: # Configure BGP.
Destinations : 7 Routes : 7 Destination: ::1/128 Protocol NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 1::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/0 Cost : Direct : 0 Destination: 1::1/128 Protocol NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 168::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/1 Cost : Direct : 0 Destination: 168::1/128 Protocol NextHop : ::1 Preferen
Interface : InLoop0 Cost : 0 Destination: 2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 168::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/1 Cost : 0 Destination: 168::2/128 Protocol NextHop : ::1 Preference: 0 : Direct Interface : InLoop0 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop
Behavior: qppb Committed Access Rate: CIR 512 (kbps), CBS 32000 (Bytes), EBS 512 (Bytes) Green action : pass Yellow action : pass Red action : discard Green packets : 0 (Packets) 0 (Bytes) Yellow packets: 0 (Packets) 0 (Bytes) Red packets : 0 (Packets) 0 (Bytes) 89
Appendixes Appendix A Acronym Table 5 Appendix A Acronym Acronym Full spelling AF Assured Forwarding BE Best Effort BQ Bandwidth Queuing CAR Committed Access Rate CBS Committed Burst Size CBQ Class Based Queuing CBWFQ Class Based Weighted Fair Queuing CE Customer Edge CIR Committed Information Rate CQ Custom Queuing DiffServ Differentiated Service DoS Denial of Service DSCP Differentiated Services Code Point EBS Excess Burst Size EF Expedited Forwarding FEC Forwarding Equiva
Acronym Full spelling QPPB QoS Policy Propagation Through the Border Gateway Protocol RED Random Early Detection RSVP Resource Reservation Protocol RTP Real-Time Transport Protocol TE Traffic Engineering ToS Type of Service VoIP Voice over IP VPN Virtual Private Network WFQ Weighted Fair Queuing WRED Weighted Random Early Detection Appendix B Default uncolored priority maps Table 6 Default dot1p-lp priority map Input priority value dot1p-lp map dot1p lp 0 2 1 0 2 1 3 3 4 4
Appendix C Introduction to packet precedences IP precedence and DSCP values Figure 25 ToS and DS fields Bits: 0 1 2 3 4 5 6 7 IPv4 ToS byte Preced ence RFC 1122 Type of Service RFC 1349 M B Z Must Be Zero Bits: 0 1 2 3 4 5 6 7 DSCP DS-Field (for IPv4,ToS octet,and for IPv6,Traffic Class octet ) IP Type of Service (ToS) RFC 791 Class Selector codepoints CU Currently Unused Differentiated Services Codepoint (DSCP) RFC 2474 As shown in Figure 25, the ToS field in the IP header contains 8 bits.
DSCP value (decimal) DSCP value (binary) Description 26 011010 af31 28 011100 af32 30 011110 af33 34 100010 af41 36 100100 af42 38 100110 af43 8 001000 cs1 16 010000 cs2 24 011000 cs3 32 100000 cs4 40 101000 cs5 48 110000 cs6 56 111000 cs7 0 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header. It applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2. Figure 26 An Ethernet frame with an 802.
Table 10 Description on 802.1p priority 802.1p priority (decimal) 802.
Configuring MPLS QoS Overview MPLS uses 3 bits, called EXP bits, to carry class-of-service information to provide support for DiffServ. MPLS QoS identifies different traffic flows with different EXP bits and implements differentiated services. MPLS QoS can guarantee low delay and low packet loss ratio for critical service traffic, such as voice and video traffic. For more information about MPLS, see MPLS Configuration Guide. MPLS QoS supports CAR and priority marking.
Step Command Remarks 3. Configure an MPLS CAR policy for the interface. qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * By default, no CAR policy is configured for an interface.
Configuring time ranges You can implement a service based on the time of the day by applying a time range to it. A time-based service only takes effect in any time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them. If a time range does not exist, the service based on the time range does not take effect. The following basic types of time ranges are available: • Periodic time range—Recurs periodically on a day or days of the week.
Figure 28 Network diagram Server Host A 192.168.1.2/24 GE2/1/0 GE2/1/1 Router A 192.168.0.100/24 Host B 192.168.1.3/24 Configuration procedure # Create a periodic time range during 8:00 and 18:00 on working days from June 2013 to the end of the year. system-view [RouterA] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2013 to 24:0 12/31/2013 # Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit only packets from 192.168.1.2/32 during the time range work.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point. Represents a mesh access point.
Index ACDIMNOPQRT Configuring WFQ,49 A Configuring WRED on an interface,62 ACL configuration example,14 Contacting HP,99 Appendix A Acronym,90 Conventions,100 Appendix B Default uncolored priority maps,91 Copying an ACL,12 Appendix C Introduction to packet precedences,92 Applying the QoS policy,22 D C Defining a QoS policy,21 Defining a traffic behavior,21 Changing the port priority of an interface,29 Defining a traffic class,21 Configuration example,67 Displaying and maintaining ACLs,13 Co
Priority mapping table and priority marking configuration example,30 R Related information,99 Q T QoS service models,17 Time range configuration example,97 QoS techniques overview,17 Traffic policing and GTS configuration example,41 QPPB configuration examples,75 QPPB configuration task list,73 QPPB fundamentals,73 103
