ACL and QoS Configuration Guide-book

8/10/2019 ACL and QoS Configuration Guide-book

http://slidepdf.com/reader/full/acl-and-qos-configuration-guide-book 1/112

H3C S7500E Series Ethernet Switches

ACL and QoS

Configuration Guide

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Document Version: 20100722-C-1.01

Product Version: Release 6605 and Later



Copyright © 2009-2010, Hangzhou H3C Technologies Co., Ltd. and its l icensors

Al l Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior

written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, V

nG, PSPT,

XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,

Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.



Preface

The H3C S7500E documentation set includes 12 configuration guides, which describe the software

features for the H3C S7500E Series Ethernet Switches and guide you through the softwareconfiguration procedures. These configuration guides also provide configuration examples to help you

apply software features to different network scenarios.

The ACL and QoS Configuration Guide describes fundamentals and configuration of ACL and QoS. It

describes how to create IPv4 ACL and IPv6 ACL, use QoS polices to control traffic, and configure

common QoS techniques such as traffic policing, traffic shaping, congestion management, and

congestion avoidance.

This preface includes:

Audience

Document Organization

Conventions

About the H3C S7500E Documentation Set

Obtaining Documentation

Documentation Feedback

Audience

This documentation is intended for:

Network planners Field technical support and servicing engineers

Network administrators working with the S7500E series

Document Organization

The ACL and QoS Configuration Guide comprises these parts:

ACL Configuration QoS OverviewQoS Configuration Approaches

Priority MappingConfiguration

Traffic Policing, Traffic

Shaping, and Line RateConfiguration

Congestion ManagementConfiguration Congestion Avoidance

Traffic FilteringConfiguration

Priority MarkingConfiguration

Traffic RedirectingConfiguration

Aggregation CARConfiguration

Class-Based AccountingConfiguration

QoS in an EPON System Appendix A DefaultPriority Mapping Tables

Appendix B Introductionto Packet Precedences



Conventions

This section describes the conventions used in this documentation set.

Command conventions

Convention Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

italic Italic text represents arguments that you replace with actual values.

[ ]Square brackets enclose syntax choices (keywords or arguments) that areoptional.

{ x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars,from which you select one.

[ x | y | ... ] Square brackets enclose a set of optional syntax choices separated by verticalbars, from which you select one or none.

{ x | y | ... } * Asterisk marked braces enclose a set of required syntax choices separated byvertical bars, from which you select at least one.

[ x | y | ... ] * Asterisk marked square brackets enclose optional syntax choices separated byvertical bars, from which you may select multiple choices or none.

&<1-n>The argument or keyword and argument combination before the ampersand (&)sign can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions


< > Button names are inside angle brackets. For example, click <OK>.

[ ]Window names, menu items, data table and field names are inside squarebrackets. For example, pop up the [New User] window.

/Multi-level menus are separated by forward slashes. For example,[File/Create/Folder].

Symbols


Means reader be careful. Improper operation may cause data loss or damage toequipment.

Means an action or information that needs special attention to ensuresuccessful configuration or good performance.

Means a complementary description.



About the H3C S7500E Documentation Set

The H3C S7500E documentation set includes:

Category Documents Purposes

Marketing brochures Describe product specifications and benefits.

Technology white papersProvide an in-depth description of software featuresand technologies.

Product description andspecifications

Card datasheets Describe card specifications, features, and standards.

Installation guide Provides a complete guide to hardware installationand hardware specifications.

H3C N68 CabinetInstallation and RemodelIntroduction

Guides you through installing and remodeling H3CN68 cabinets.

H3C Pluggable SFP[SFP+][XFP] Transceiver

Modules InstallationGuide

Guides you through installing SFP/SFP+/XFP

transceiver modules.

H3C Mid-Range SeriesEthernet SwitchesPluggable ModulesManual

Describes the hot-swappable modules available forthe Mid-Range Series Ethernet Switches, theirexternal views, and specifications.

H3C PoE DIMM ModuleInstallation Guide

Describes how to install the DIMM(LSBM1POEDIMMH) for PoE master and slave powermanagement.

Hardware installation

Single PoE DIMMModule Installation Guide

Describes how to install the 24-port DIMM(LSQM1POEDIMMS0) for PoE power management.

Configuration guides Describe software features and configurationprocedures.

Command references Provide a quick reference to all available commands.Software configuration

Configuration examples Describe typical network scenarios and provideconfiguration examples and instructions.

Operations andmaintenance

Release notes

Provide information about the product release,including the version history, hardware and softwarecompatibility matrix, version upgrade information,technical support information, and software upgrading.

http://www.h3c.com/portal/Products___Solutions/Products/Switches/H3C_S7500E_Series_Switches/



http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S7500E_Series_Switches/#Installation
















http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S7500E_Series_Switches/#Configuration

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S7500E_Series_Switches/#Command


http://www.h3c.com/portal/Technical_Support___Documents/Software_Download/Switches/H3C_S7500E_Series_Switches/H3C_S7500E_Series_Switches/

http://www.h3c.com/portal/Technical_Support___Documents/Software_Download/Switches/H3C_S7500E_Series_Switches/H3C_S7500E_Series_Switches/


http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S7500E_Series_Switches/#Command























Category Documents Purposes

H3CPSR320-A[PSR320-D]Power Module UserManual

Describes the appearance, specifications, LEDs, andinstallation and removal of the H3CPSR320-A/PSR320-D power module.

H3C

PSR650-A[PSR650-D]Power Module UserManual


H3CPSR1400-A[PSR1400-D]Power Module UserManual


H3C PSR2800-ACVPower Module UserManual

Describes the appearance, specifications, LEDs, andinstallation and removal of the H3C PSR2800-ACVpower module.

H3C PSR6000-ACVPower Module UserManual

Describes the appearance, specifications, LEDs, andinstallation and removal of the H3C PSR6000-ACVpower module.

H3C PWR-SPA PowerModule Adapter UserManual

Describes the functions and appearance of the H3CPWR-SPA power module adapter, and how to use itwith the PSR650 power module.

Power configuration

H3C S7500E PowerConfiguration Guide

Guides you to select power modules in various cases.

Optional cards Card manuals

The S7500E series Ethernet switches support variouscard models. Each model is provided with a cardmanual that describes:

The type, number, and transmission rate ofinterfaces

Applicable switches of the card Required software version

Pluggable modules supported by the card

Obtaining Documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, and

software feature configuration and maintenance documentation.

[Products & Solutions] – Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download] – Provides the documentation released with

the software version.

Documentation Feedback

You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

























http://www.h3c.com/

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/

http://www.h3c.com/portal/Products___Solutions/

http://www.h3c.com/portal/Technical_Support___Documents/Software_Download/

http://www.h3c.com/portal/Technical_Support___Documents/Software_Download/

http://www.h3c.com/portal/Products___Solutions/

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/

http://www.h3c.com/



























i

Table of Contents

1 ACL Configuration ·····································································································································1-1

ACL Overview ·········································································································································1-1

Introduction to ACL··························································································································1-1

Application of ACLs on the Switch ··································································································1-2

ACL Classification ···························································································································1-2

ACL Numbering and Naming ··········································································································1-3

Match Order·····································································································································1-3

ACL Rule Numbering Step ··············································································································1-4

Implementing Time-Based ACL Rules ····························································································1-5

IPv4 Fragments Filtering with ACLs································································································1-5

ACL Configuration Task List ···················································································································1-5

Configuring an ACL·································································································································1-6

Creating a Time Range ···················································································································1-6

Configuring a Basic ACL ·················································································································1-7

Configuring an Advanced ACL········································································································1-9

Configuring an Ethernet Frame Header ACL················································································1-12

Copying an ACL ····························································································································1-14

Displaying and Maintaining ACLs·········································································································1-15

ACL Configuration Examples················································································································1-15

IPv4 ACL Configuration Example··································································································1-15

IPv6 ACL Configuration Example··································································································1-17

2 QoS Overview ············································································································································2-1

Introduction to QoS ·································································································································2-1

Introduction to QoS Service Models ·······································································································2-1

Best-Effort Service Model················································································································2-1

IntServ Service Model ·····················································································································2-2

DiffServ Service Model····················································································································2-2

QoS Techniques Overview ·····················································································································2-2

Positions of the QoS Techniques in a Network···············································································2-3

3 QoS Configuration Approaches···············································································································3-1

QoS Configuration Approach Overview··································································································3-1

Non Policy-Based Configuration ·····································································································3-1

Policy-Based Configuration ·············································································································3-1

Configuring a QoS Policy························································································································3-1

Defining a Class ······························································································································3-2

Defining a Traffic Behavior ··············································································································3-5

Defining a Policy······························································································································3-5

Applying the QoS Policy··················································································································3-6

Displaying and Maintaining QoS Policies······················································································3-10



ii

4 Priority Mapping Configuration················································································································4-1

Priority Mapping Overview ······················································································································4-1

Introduction to Priority Mapping·······································································································4-1

Priority Mapping Tables···················································································································4-1

Priority Trust Mode on a Port ··········································································································4-2

Priority Mapping Procedure·············································································································4-2

Priority Mapping Configuration Tasks·····································································································4-4

Configuring Priority Mapping···················································································································4-5

Configuring a Priority Mapping Table······························································································4-5

Configuring the Priority Trust Mode on a Port·················································································4-5

Configuring the Port Priority of a Port······························································································4-6

Displaying and Maintaining Priority Mapping··························································································4-6

Priority Mapping Configuration Examples·······························································································4-7

Priority Mapping Table and Priority Marking Configuration Example··············································4-7

5 Traffic Policing, Traffic Shaping, and Line Rate Configuration ····························································5-1

Traffic Policing, Traffic Shaping, and Line Rate Overview······································································5-1

Traffic Evaluation and Token Buckets·····························································································5-1

Traffic Policing·································································································································5-2

Traffic Shaping ································································································································5-3

Line Rate ·········································································································································5-4

Configuring Traffic Policing ·····················································································································5-5

Configuration Procedure··················································································································5-5

Configuration Example ····················································································································5-6

Configuring GTS ·····································································································································5-7



Configuring the Line Rate ·······················································································································5-8



Displaying and Maintaining Traffic Policing, GTS, and Line Rate ··························································5-9

6 Congestion Management Configuration ·································································································6-1

Congestion Management Overview········································································································6-1

Causes, Impacts, and Countermeasures of Congestion·································································6-1

Congestion Management Policies···································································································6-2

Congestion Management Configuration Approaches·············································································6-4

Per-Queue Hardware Congestion Management ····················································································6-5

Configuring SP Queuing··················································································································6-5

Configure WRR Queuing·················································································································6-6

Configuring WFQ Queuing ··············································································································6-6

Configuring SP+WRR Queues········································································································6-8


Displaying and Maintaining Congestion Management············································································6-9

7 Congestion Avoidance······························································································································7-1

Congestion Avoidance Overview············································································································7-1

Introduction to WRED Configuration·······································································································7-2



iii

WRED Configuration Approaches···································································································7-2

Introduction to WRED Parameters··································································································7-2

Configuring WRED on an Interface·········································································································7-2



Displaying and Maintaining WRED·········································································································7-3

8 Traffic Filtering Configuration··················································································································8-1

Traffic Filtering Overview ························································································································8-1

Configuring Traffic Filtering·····················································································································8-1

Support of Line Cards for the Traffic Filtering Function··········································································8-2

Traffic Filtering Configuration Example···································································································8-3

Traffic Filtering Configuration Example···························································································8-3

9 Priority Marking Conf iguration·················································································································9-1

Priority Marking Overview ·······················································································································9-1

Configuring Priority Marking····················································································································9-1

Support of Line Cards for Priority Marking······························································································9-3

Priority Marking Configuration Example··································································································9-5

Priority Marking Configuration Example··························································································9-5

QoS-Local-ID Marking Configuration Example ···············································································9-6

10 Traffic Redirect ing Conf iguration ········································································································10-1

Traffic Redirecting Overview·················································································································10-1

Configuring Traffic Redirecting ·············································································································10-1

Support of Line Cards for Traffic Redirecting ·······················································································10-2

11 Aggregation CAR Configuration ··········································································································11-1

Aggregation CAR Overview ··················································································································11-1

Referencing an Aggregation CAR in a Traffic Behavior ·······································································11-1

Configuration prerequisites ···········································································································11-1

Configuration procedure················································································································11-1

Displaying and Maintaining Aggregation CAR······················································································11-2

12 Class-Based Accounting Configuration······························································································12-1

Class-Based Accounting Overview·······································································································12-1

Configuring Class-Based Accounting ···································································································12-1

Displaying and Maintaining Traffic Accounting ·····················································································12-2

Class-Based Accounting Configuration Example ·················································································12-2

Class-Based Accounting Configuration Example··········································································12-2

13 QoS in an EPON System·······················································································································13-4

QoS in an EPON System······················································································································13-4

QoS Functions for Uplink Traffic ···································································································13-4

QoS Functions for Downlink Traffic·······························································································13-5

Configuring QoS in an EPON System ··································································································13-6

QoS Configuration Task List in an EPON System ········································································13-6

Configuring QoS at the OLT side ··································································································13-7

Configuring QoS at the ONU Side·······························································································13-10

Example for UNI Priority Remarking Configuration·····································································13-14



iv

14 Appendix A Default Priority Mapping Tables ·····················································································14-1

15 Appendix B Introduction to Packet Precedences ··············································································15-1

IP Precedence and DSCP Values ········································································································15-1

802.1p Priority·······································································································································15-2

EXP Values···········································································································································15-3

16 Index ·······················································································································································16-1



1-1

1 ACL Configuration

This chapter includes these sections:

ACL Overview

ACL Configuration Task List

Configuring an ACL

Creating a Time Range

Configuring a Basic ACL

Configuring an Advanced ACL

Configuring an Ethernet Frame Header ACL

Copying an ACL

Displaying and Maintaining ACLs

ACL Configuration Examples

Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document.

The S7500E Series Ethernet Switches are distributed devices supporting Intelligent Resilient

Framework (IRF). Two S7500E series can be connected together to form a distributed IRF device.If an S7500E series is not in any IRF, it operates as a distributed device; if the S7500E series is in

an IRF, it operates as a distributed IRF device. For introduction of IRF, see IRF Configuration

Guide.

ACL Overview

This section covers these topics:

Introduction to ACL

Application of ACLs on the Switch

ACL Classification

ACL Numbering and Naming

Match Order

Implementing Time-Based ACL Rules

IPv4 Fragments Filtering with ACLs

Introduction to ACL

As network scale and network traffic are increasingly growing, network security and bandwidth

allocation become more and more critical to network management. Packet filtering can be used to



1-2

efficiently prevent illegal users from accessing networks and to control network traffic and save

network resources. Access control lists (ACL) are often used to filter packets with configured matching

rules.

ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass and

what should be rejected based on matching criteria such as source MAC address, destination MAC

address, source IP address, destination IP address, and port number.

Appl ication of ACLs on the Switch

The switch supports two ACL application modes:

Hardware-based application: An ACL is assigned to a piece of hardware. For example, an ACL

can be referenced by QoS for traffic classification. Note that when an ACL is referenced to

implement QoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions to

be taken on packets matching the ACL depend on the traffic behavior definition in QoS. For details

about traffic behavior, see QoS Configuration Approaches in ACL and QoS Configuration Guide.

Software-based application: An ACL is referenced by a piece of upper layer software. For

example, an ACL can be referenced to configure login user control behavior, thus controlling

Telnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software,

actions to be taken on packets matching the ACL depend on those defined by the ACL rules. For

details about login user control, see User Login Control in Fundamentals Configuration Guide.

When an ACL is assigned to a piece of hardware and referenced by a QoS policy for traffic

classification, the switch does not take action according to the traffic behavior definition on a

packet that does not match the ACL.

When an ACL is referenced by a piece of software to control Telnet, SNMP, and Web login users,

the switch denies all packets that do not match the ACL.

ACL Classi fication

ACLs fall into three categories, as shown in Table 1-1.

Table 1-1 ACL categories

Category ACL number IP version Match criteria

IPv4 Source IPv4 address

Basic ACLs 2000 to 2999

IPv6 Source IPv6 address

Advanced ACLs 3000 to 3999 IPv4

Source/destination IPv4 address, protocols

over IPv4, and other Layer 3 and Layer 4

header fields



1-3

Category ACL number IP version Match criteria

IPv6

Source/destination IPv6 address, protocols

over IPv6, and other Layer 3 and Layer 4

header fields

Ethernet frame

header ACLs4000 to 4999 IPv4 and IPv6

Layer 2 header fields, such as source and

destination MAC addresses, 802.1p priority,

and link layer protocol type

ACL Numbering and Naming

Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a

number for identification, and in addition, you can also assign the ACL a name for the ease of

identification. After creating an ACL with a name, you can neither rename it nor delete its name.For an Ethernet frame header ACL, the ACL number and name must be globally unique. For an IPv4

basic or advanced ACLs, its ACL number and name must be unique among all IPv4 ACLs, and for an

IPv6 basic or advanced ACL, among all IPv6 ACLs. You can assign an IPv4 ACL and an IPv6 ACL the

same number and name.

Match Order

The rules in an ACL are sorted in a certain order. When a packet matches a rule, the device stops the

match process and performs the action defined in the rule. If an ACL contains overlapping or

conflicting rules, the matching result and action to take depend on the rule order.

Two ACL match orders are available:

config: Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before a

rule with a higher ID. If you use this approach, check the rules and their order carefully.

auto: Sorts ACL rules in depth-first order, as described in Table 1-2. The depth-first order varies

with ACL categories.

Table 1-2 Sorting ACL rules in depth-first order

ACL category Depth-f irst rule sor ting procedures

IPv4 basic ACL

1) A rule configured with a VPN instance takes precedence.

2) A rule with more 0s in the source IP address wildcard mask takes precedence.

More 0s means a narrower IP address range.

3) A rule with a smaller ID takes precedence.



1-4

ACL category Depth-f irst rule sor ting procedures

IPv4 advanced ACL

1) A rule configured with a VPN instance takes precedence.

2) A rule configured with a specific protocol is prior to a rule with the protocol type set

to IP. IP represents any protocol over IP.

3) A rule with more 0s in the source IP address wildcard mask takes precedence.More 0s means a narrower IP address range.

4) A rule with more 0s in the destination IP address wildcard mask takes

precedence.

5) A rule with a narrower TCP/UDP service port number range takes precedence.


IPv6 basic ACL

1) A rule configured with a longer prefix for the source IP address takes precedence.

A longer prefix means a narrower IP address range.


IPv6 advanced ACL

1) A rule configured with a specific protocol is prior to a rule with the protocol type set

to IP. IP represents any protocol over IPv6.

2) A rule configured with a longer prefix for the source IPv6 address has a higher

priority.

3) A rule configured with a longer prefix for the destination IPv6 address takes

precedence.

4) A rule with a narrower TCP/UDP service port number range takes precedence.


Ethernet frame

header ACL

1) A rule with more 1s in the source MAC address mask takes precedence. More 1smeans a smaller MAC address.

2) A rule with more 1s in the destination MAC address mask takes precedence.


A wildcard mask, also called an inverse mask, is a 32-bit binary and represented in dotted decimal

notation. In contrast to a network mask, the 0 bits in a wildcard mask represent ‘do care’ bits, while the

1 bits represent 'don’t care bits'. If the 'do care' bits in an IP address identical to the 'do care' bits in an

IP address criterion, the IP address matches the criterion. All 'don’t care' bits are ignored. The 0s and

1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask. With

wildcard masks, you can create more granular match criteria than network masks.

ACL Rule Numbering Step

What is the ACL rule numbering s tep

If you do not assign an ID for the rule you are creating, the system automatically assigns it a rule ID.

The rule numbering step sets the increment by which the system numbers rules automatically. For



1-5

example, the default ACL rule numbering step is 5. If you do assign IDs to rules you are creating, they

are numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert

between two rules.

By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility of

inserting rules in an ACL. This feature is important for a config order ACL, where ACL rules are

matched in ascending order of rule ID.

Automat ic ru le number ing and re-numbering

The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step

to the current highest rule ID, starting with 0.

For example, if the numbering step is 5 (the default), and there are five ACL rules numbered 0, 5, 9, 10,

and 12, the newly defined rule will be numbered 15. If the ACL does not contain any rule, the first rule

will be numbered 0.

Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five

rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be

renumbered 0, 2, 4, 6 and 8.

Likewise, after you restore the default step, ACL rules are renumbered in the default step. Assume that

there are four ACL rules numbered 0, 2, 4, and 6 in steps of 2. When the default step is restored, the

rules are renumbered 0, 5, 15, and 15.

Implementing Time-Based ACL Rules

You can implement ACL rules based on the time of day by applying a time range to them. A time-based

ACL rule takes effect only in any time periods specified by the time range.

Two basic types of time range are available:

Periodic time range, which recurs periodically on a day or days of the week.

Absolute time range, which represents only a period of time and does not recur.

You may apply a time range to ACL rules before or after you create it. However, the rules using the

time range can take effect only after you define the time range.

IPv4 Fragments Filtering with ACLs

Traditional packet filtering matched only first fragments of IPv4 packets, and allowed all subsequent

non-first fragments to pass through. This mechanism resulted in security risks, because attackers may

fabricate non-first fragments to attack networks.

A rule defined with the fragment keyword applies to only IP fragments. Note that a rule defined with

the fragment keyword matches non-last IP fragments on an SA or EA Series LPUs while matching

non-first IP fragments on an SC, EB, or SD Series LPUs. For detailed information about types of LPUs,

see the installation manual.

ACL Configuration Task List

IPv4 configuration task list

Complete the following tasks to configure an IPv4 ACL:



1-6

Task Remarks

Creating a Time Range Optional

Configuring an IPv4 basic ACL

Configuring an IPv4 advanced ACL


Copying an IPv4 ACL Optional

IPv6 ACL configuration task list

Complete the following tasks to configure an IPv6 ACL:

Task Remarks

Creating a Time Range Optional

Configuring an IPv6 basic ACL

Configuring an IPv6 Advanced ACL


Copying an IPv6 ACL Optional

Configuring an ACL

Creating a Time Range

Follow these steps to create a time range:

To do… Use the command… Remarks

Enter system view system-view ––

Create a time range

time-range time-range-name

{ start-time to end-time days

[ from time1 date1 ] [ to time2

date2 ] | from time1 date1 [ to

time2 date2 ] | to time2 date2 }

Required

By default, no time range exists.

You may create time ranges identified with the same name. They are regarded as one time range

whose active period is the result of ORing periodic ones, ORing absolute ones, and ANDing periodic

and absolute ones.

You may create a maximum of 256 uniquely named time ranges, each with 32 periodic time ranges at

most and 12 absolute time ranges at most.



1-7

Configuring a Basic ACL

Configur ing an IPv4 basic ACL

IPv4 basic ACLs match packets based on only source IP address.

Follow these steps to configure an IPv4 basic ACL:



Create an IPv4 basic ACL and

enter its view

acl number acl-number [ name

acl-name ] [ match-order { auto |

config } ]

Required

By default, no ACL exists.

IPv4 basic ACLs are numbered in

the range 2000 to 2999.

You can use the acl name

acl-name command to enter the

view of an existing named IPv4

ACL.

Configure a description for the

IPv4 basic ACLdescription text

Optional

By default, an IPv4 basic ACL has

no ACL description.

Set the rule numbering step step step-value Optional

5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit }

[ fragment | logging | source

{ sour-addr sour-wildcard | any } |

time-range time-range-name |

vpn-instance

vpn-instance-name ]*

Required

By default, an IPv4 basic ACL

does not contain any rule.

To create or edit multiple rules,

repeat this step.

Note that the logging and

vpn-instance keywords are not

supported if the ACL is to be

referenced by a QoS policy for

traffic classification.

Configure or edit a rule description rule rule-id comment text

Optional

By default, an IPv4 ACL rule has

no rule description.

Note that:

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.



1-8

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.

When the ACL match order is auto, a newly created rule will be inserted among the existing rules

in the depth-first match order. Note that the IDs of the rules still remain the same.

You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]

match-order { auto | config } command but only when it does not contain any rules.

Configur ing an IPv6 basic ACL

Follow these steps to configure an IPv6 basic ACL:



Create an IPv6 basic ACL view

and enter its view

acl ipv6 number acl6-number

[ name acl6-name ] [ match-order

{ auto | config } ]

Required


IPv6 basic ACLs are numbered in

the range 2000 to 2999.

You can use the acl ipv6 name

acl6-name command to enter the


ACL.


IPv6 basic ACLdescription text

Optional

By default, an IPv6 basic ACL has

no ACL description.


5 by default



[ fragment | logging | source

{ ipv6-address prefix-length |

ipv6-address/prefix-length | any } |

time-range time-range-name ]*

Required

By default, an IPv6 basic ACL



repeat this step.

Note that the logging and

fragment keywords are not






1-9



Optional

By default, an IPv6 basic ACL rule

has no rule description.

Note that:








You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name

acl6-name ] match-order { auto | config } command but only when it does not contain any rules.

Configuring an Advanced ACL

Configur ing an IPv4 advanced ACL IPv4 advanced ACLs match packets based on source and destination IP addresses, protocols over IP,

and other protocol header information, such as TCP/UDP source and destination port numbers, TCP

flags, ICMP message types, and ICMP message codes.

IPv4 advanced ACLs also allow you to filter packets based on three priority criteria: type of service

(ToS), IP precedence, and differentiated services codepoint (DSCP) priority.

Compared with IPv4 basic ACLs, IPv4 advanced ACLs allow of more flexible and accurate filtering.

Follow these steps to configure an IPv4 advanced ACL:





1-10


Create an IPv4 advanced ACL and

enter its view



config } ]

Required


IPv4 advanced ACLs are

numbered in the range 3000 to

3999.




ACL.


IPv4 advanced ACLdescription text

Optional

By default, an IPv4 advanced ACL

has no ACL description.


5 by default.



protocol [ { established | { ack

ack-value | fin fin-value | psh

psh-value | rst rst-value | syn

syn-value | urg urg-value } * } |

destination { dest-addr

dest-wildcard | any } |

destination-port operator port1

[ port2 ] | dscp dscp | fragment |

icmp-type { icmp-type icmp-code |

icmp-message } | logging |

precedence precedence |

reflective | source { sour-addr

sour-wildcard | any } | source-port

operator port1 [ port2 ] |

time-range time-range-name | tos

tos | vpn-instance

vpn-instance-name ] *

Required

By default, an IPv4 advanced ACL



repeat this step.

Note that if the ACL is to be


traffic classification, the logging ,

reflective and vpn-instance

keywords are not supported and

the operator argument cannot be:

neq , if the policy is for the

inbound traffic,

gt , lt , neq or range, if the

policy is for the outbound

traffic.


Optional



Note that:



1-11










Configur ing an IPv6 Advanced ACL

IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6 address,

protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number,

TCP/UDP destination port number, ICMP message type, and ICMP message code.

Compared with IPv6 basic ACLs, they allow of more flexible and accurate filtering.

Follow these steps to configure an IPv6 advanced ACL:



Create an IPv6 advanced ACL

and enter its view

acl ipv6 number acl6-number [ name

acl6-name ] [ match-order { auto |

config } ]

Required


IPv6 advanced ACLs are


3999.

You can use the acl ipv6 name

acl6-name command to enter

the view of an existing named

IPv6 ACL.


IPv6 advanced ACLdescription text

Optional

By default, an IPv6 advanced

ACL has no ACL description.


5 by default.



1-12



rule [ rule-id ] { deny | permit } protocol

[ { established | { ack ack-value | fin

fin-value | psh psh-value | rst rst-value |

syn syn-value | urg urg-value } * } |

destination { dest dest-prefix |

dest/dest-prefix | any } |

destination-port operator port1 [ port2 ]

| dscp dscp | fragment | icmpv6-type

{ icmpv6-type icmpv6-code |

icmpv6-message } | logging | source

{ source source-prefix |

source/source-prefix | any } |source-port operator port1 [ port2 ] |

time-range time-range-name ] *

Required

By default IPv6 advanced ACL



repeat this step.

Note that if the ACL is to be


traffic classification, the logging

and fragment keywords are not

supported and the operator

argument cannot be:

neq , if the policy is for the

inbound traffic,

gt , lt , neq or range, if the

policy is for the outbound

traffic.

Configure or edit a rule

descriptionrule rule-id comment text

Optional



Note that:








You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name

acl6-name ] match-order { auto | config } command but only when it does not contain any rules.


Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol

header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.



1-13

Follow these steps to configure an Ethernet frame header ACL:



Create an Ethernet frame header

ACL and enter its view



config } ]

Required


Ethernet frame header ACLs are


4999..



view of an existing named

Ethernet frame header ACL.


Ethernet frame header ACLdescription text

Optional

By default, an Ethernet frame

header ACL has no ACL

description.


5 by default.


rule [ rule-id ] { deny | permit }[ cos vlan-pri | dest-mac

dest-addr dest-mask | lsap

lsap-code lsap-wildcard |

source-mac sour-addr

source-mask | time-range

time-range-name | type type-code

type-wildcard ]*

Required


header ACL does not contain any

rule.


repeat this step.

Note that the lsap keyword is not





Optional


header ACL rule has no rule

description.

Note that:








1-14





Copying an ACL

You can create an ACL by copying an existing ACL. The new ACL has the same properties and content

as the source ACL except the ACL number and name.

To copy an IPv4 or IPv6 ACL successfully, ensure that:

The destination ACL number is from the same category as the source ACL number.

The source IPv4 or IPv6 ACL already exits but the destination IPv4 or IPv6 ACL does not.

Copying an IPv4 ACL

Follow these steps to copy an IPv4 ACL:


Enter system view system-view —

Copy an existing IPv4 ACL to

create a new IPv4 ACL

acl copy { source-acl-number |

name source-acl-name } to

{ dest-acl-number | name

dest-acl-name }

Required

Copying an IPv6 ACL

Follow these steps to copy an IPv6 ACL:



Copy an existing IPv6 ACL to

generate a new one of the same

category

acl ipv6 copy

{ source-acl6-number | name

source-acl6-name } to

{ dest-acl6-number | name

dest-acl6-name }

Required

The generated ACL does not take the name of the source ACL.



1-15

Displaying and Maintaining ACLs

To do... Use the command… Remarks

Display configuration and match

statistics for one or all IPv4 ACLs

(distributed device)

display acl { acl-number | all | name

acl-name } [ slot slot-number ] Available in any view



(distributed IRF device)

display acl { acl-number | all | name

acl-name } [ chassis chassis-number slot

slot-number ]

Available in any view



(distributed device)

display acl ipv6 { acl6-number | all |

name acl6-name } [ slot slot-number ] Available in any view



(distributed IRF device)

display acl ipv6 { acl6-number | all |

name acl6-name } [ chassis

chassis-number slot slot-number ]


Display the usage of ACL

resources (distributed device)display acl resource [ slot slot-number ] Available in any view

Display the usage of ACL

resources (distributed IRF device)

display acl resource [ chassis

chassis-number slot slot-number ] Available in any view

Display the configuration and

status of one or all time ranges

display time-range { time-range-name |

all } Available in any view

Clear statistics on one or all IPv4

ACLs

reset acl counter { acl-number | all |

name acl-name } Available in user view

Clear statistics on one or all IPv6

basic and advanced ACLs

reset acl ipv6 counter { acl6-number | all

| name acl6-name } Available in user view

ACL Configuration Examples

IPv4 ACL Configuration Example

Network Requirements

As shown in Figure 1-1, a company interconnects its departments through the switch.

Configure an ACL to deny access of all departments but the President’s office to the salary query

server during office hours (from 8:00 to 18:00) in working days.



1-16

Network Diagram

Figure 1-1 Network diagram for IPv4 ACL configuration

GE2/0/4GE2/0/1

GE2/0/2 GE2/0/3

192.168.1.0/24

192.168.4.1

Switch

R&D department192.168.2.0/24

Salary server

Marketing department192.168.3.0/24

President’s Office

Configuration Procedure

Create a time range for office hours

# Create a periodic time range spanning 8:00 to 18:00 in working days.

<Swi t ch> syst em- vi ew

[ Swi t ch] t i me- r ange t r name 8: 00 t o 18: 00 worki ng- day

Define an ACL to control access to the salary query server

# Configure a rule to control access of the R&D Department to the salary query server.[ Swi t ch] acl number 3000

[ Swi t ch- acl - adv- 3000] r ul e deny i p sour ce 192. 168. 2. 0 0. 0. 0. 255 desti nati on 192. 168. 4. 1

0. 0. 0. 0 t i me- r ange t r name

[ Swi t ch- acl - adv-3000] qui t

# Configure a rule to control access of the Marketing Department to the salary query server.

[ Swi t ch] acl number 3001

[ Swi t ch- acl - adv- 3001] r ul e deny i p sour ce 192. 168. 3. 0 0. 0. 0. 255 desti nati on 192. 168. 4. 1

0. 0. 0. 0 t i me- r ange t r name

[ Swi t ch- acl - adv-3001] qui t

Apply the IPv4 ACL# Configure class c_rd for packets matching IPv4 ACL 3000.

[Swi tch] t raf f i c c l assi f i er c_rd

[ Swi t ch- cl assi f i er - c_rd] i f - mat ch acl 3000

[Swi tch- cl assi f i er - c_rd] qui t

# Configure traffic behavior b_rd to deny matching packets.

[ Swi t ch] t r af f i c behavi or b_rd

[ Swi t ch- behavi or - b_rd] f i l t er deny

[ Swi t ch- behavi or - b_r d] qui t

# Configure class c_market for packets matching IPv4 ACL 3001.

[ Swi t ch] t raff i c cl assi f i er c_market[ Swi t ch- cl assi f i er - c_mar ket ] i f - mat ch acl 3001

[ Swi t ch- cl assi f i er - c_mar ket ] qui t



1-17

# Configure traffic behavior b_ market to deny matching packets.

[ Swi t ch] t r af f i c behavi or b_mar ket

[ Swi t ch- behavi or - b_mar ket ] f i l t er deny

[ Swi t ch- behavi or- b_market ] qui t

# Configure QoS policy p_rd to use traffic behavior b_rd for class c_rd.

[ Swi t ch] qos pol i cy p_r d[ Swi t ch- qospol i cy- p_rd] cl assi f i er c_rd behavi or b_r d

[ Swi t ch- qospol i cy- p_rd] qui t

# Configure QoS policy p_market to use traffic behavior b_market for class c_market.

[ Swi t ch] qos pol i cy p_market

[ Swi t ch- qospol i cy- p_market ] cl assi f i er c_market behavi or b_mar ket

[ Swi t ch- qospol i cy- p_mar ket ] qui t

# Apply QoS policy p_rd to interface GigabitEthernet 2/0/2.

[ Swi t ch] i nt er f ace Gi gabi t Et her net 2/ 0/ 2

[ Swi t ch- Gi gabi t Et hernet 2/ 0/ 2] qos appl y pol i cy p_r d i nbound

[ Swi t ch- Gi gabi t Et her net 2/ 0/ 2] qui t# Apply QoS policy p_market to interface GigabitEthernet 2/0/3.


[ Swi t ch- Gi gabi t Et hernet 2/ 0/ 3] qos appl y pol i cy p_market i nbound

IPv6 ACL Configuration Example

Network Requirements

As shown in Figure 1-2, a company interconnects its departments through the switch.

Configure an ACL to deny access of the R&D department to external networks.

Network Diagram

Figure 1-2 Network diagram for IPv6 ACL configuration


# Create an IPv6 ACL 2000.

<Swi t ch> syst em- vi ew

[ Swi t ch] acl i pv6 number 2000

[ Swi t ch- acl 6- basi c- 2000] r ul e deny sour ce 4050: : 9000/ 120

[ Swi t ch- acl 6- basi c- 2000] qui t

# Configure class c_rd for packets matching IPv6 ACL 2000.

[Swi tch] t raf f i c c l assi f i er c_rd

[ Swi t ch- cl assi f i er - c_rd] i f - mat ch acl i pv6 2000

[Swi tch- cl assi f i er - c_rd] qui t

# Configure traffic behavior b_rd to deny matching packets.



1-18

[ Swi t ch] t r af f i c behavi or b_rd

[ Swi t ch- behavi or - b_rd] f i l t er deny

[ Swi t ch- behavi or - b_r d] qui t

# Configure QoS policy p_rd to use traffic behavior b_rd for class c_rd.

[ Swi t ch] qos pol i cy p_r d

[ Swi t ch- qospol i cy- p_rd] cl assi f i er c_rd behavi or b_r d

[ Swi t ch- qospol i cy- p_rd] qui t

# Apply QoS policy p_rd to interface GigabitEthernet 2/0/1.


[ Swi t ch- Gi gabi t Et hernet 2/ 0/ 1] qos appl y pol i cy p_r d i nbound



2-1

2 QoS Overview

The S7500E Series Ethernet Switches are distributed devices supporting Intelligent Resilient

Framework (IRF). Two S7500E series can be connected together to form a distributed IRF device. If

an S7500E series is not in any IRF, it operates as a distributed device; if the S7500E series is in an

IRF, it operates as a distributed IRF device. For introduction of IRF, see IRF Configuration Guide.

This chapter covers the following topics:

Introduction to QoS

Introduction to QoS Service Models

QoS Techniques Overview

Introduction to QoS

In data communications, Quality of Service (QoS) is the ability of a network to provide differentiated

service guarantees for diversified traffic regarding bandwidth, delay, jitter, and drop rate.

The network resources are always scarce. Wherever there is contention for resources, there is the

demand for QoS to prioritize important traffic flows over trivial traffic flows. When making a QoS

scheme, a network administrator must plan network resources carefully considering the characteristics

of various applications to balance the interests of diversified users and fully utilize network resources.

The following part introduces the QoS service models, and some mature QoS techniques in wide use.

Appropriately using these techniques in specific environments, you can improve QoS effectively.

Introduction to QoS Service Models

This section covers three typical QoS service models: Best-effort service

Integrated service (IntServ)

Differentiated service (DiffServ)

Best-Effort Service Model

Best effort is a single service model and also the simplest service model. In the best effort service

model, the network delivers the packets at its best effort but does not guarantee delay or reliability.

The best-effort service model is the default model in the Internet and is applicable to most network

applications. It is implemented through FIFO queuing.





2-3

Positions of the QoS Techniques in a Network

Figure 2-1 Positions of the QoS techniques in a network

As shown in Figure 2-1, traffic classification, traffic shaping, traffic policing, congestion management,

and congestion avoidance mainly implement the following functions:

Traffic classification uses certain match criteria to assign packets with the same characteristics to

a class. Based on classes, differentiated services can be provided. Traffic classification uses

certain match criteria to organize packets with different characteristics into different classes.

Traffic classification is the basis for providing differentiated services.

Traffic policing polices flows entering or leaving a device and can be applied in both inbound and

outbound directions of a port. When a flow exceeds the pre-set threshold, some restriction or

punishment measures can be taken to prevent overconsumption of network resources.

Traffic shaping proactively adapts the output rate of traffic to the network resources available on

the downstream device to eliminate packet drop and delay. Traffic shaping is usually applied in

the outbound direction of a port.

Congestion management provides a resource scheduling policy to arrange the forwarding

sequence of packets when congestion occurs. Congestion management is usually applied to the

outgoing traffic of a port.

Congestion avoidance monitors the usage status of network resources and is usually applied to

the outgoing traffic of a port. As congestion becomes worse, it actively reduces the amount of

traffic by dropping packets.



3-1

3 QoS Configuration Approaches

This chapter covers the following topics:

QoS Configuration Approach Overview

Configuring a QoS Policy

QoS Configuration Approach Overview

Two approaches are available for you to configure QoS: policy-based and non policy-based.

Some QoS features can be configured in either approach while some can be configured only in one

approach.

Non Policy-Based Configuration

In the non policy-based approach, you configure QoS service parameters without using a QoS policy.

For example, to rate limit an interface, you can use the line rate feature to directly configure a rate limit

on the interface rather than using a QoS policy.

Policy-Based Configuration

In the policy-based approach, QoS service parameters are configured through configuring QoS

policies. A QoS policy defines what QoS actions to take on what class of traffic for purposes such as

traffic shaping or traffic policing.

Before configuring a QoS policy, be familiar with these concepts: class, traffic behavior, and policy.

Class

Classes are used to identify traffic.

A class is identified by a class name and contains match criteria for traffic identification. The

relationship between the criteria is AND or OR.

AND: A packet is considered as belonging to a class only when the packet matches all the criteria

in the class.

OR: A packet is considered as belonging to a class if it matches any of the criteria in the class.Traffic behavior

A traffic behavior defines a set of QoS actions to take on packets, such as priority marking and traffic

redirecting.

Policy

A policy associates a class with a traffic behavior to define what actions to take on which class of

traffic.

You can configure multiple class-behavior associations in a policy.

Configuring a QoS Policy

Figure 3-1 shows how to configure a QoS policy.



3-2

Figure 3-1 QoS policy configuration procedure

Defining a Class

To define a class, you need to specify a name for it and then configure match criteria in class view.

Follow these steps to define a class:



Create a class and enter class

view

traffic classifier tcl-name

[ operator { and | or } ]

Required

By default, the relationship

between match criteria is AND.

Configure match criteria if-match match-criteria Required

match-criteria: Match criterion. Table 3-1 shows the available criteria.

Table 3-1 The keyword and argument combinations for the match-criteria argument

Keyword and argument combination Description

acl { access-list-number | name acl-name }

Specifies to match an IPv4 ACL specified by its

number or name. The access-list-number argument

specifies an ACL by its number, which ranges from

2000 to 4999; the name acl-name keyword-argument

combination specifies an ACL by its name.



3-3


acl ipv6 { access-list-number | name acl-name }

Specifies to match an IPv6 ACL specified by its

number or name. The access-list-number argument

specifies an ACL by its number, which ranges from

2000 to 3999; the name acl-name keyword-argumentcombination specifies an ACL by its name.

anyMatches all packets (IPv6 packets are ignored on the

SC cards).

customer-dot1p 8021p-list

Matches the 802.1p priority of the customer network.

The 8021p-list argument is a list of up to eight 802.1p

priority values. An 802.1p priority is in the range 0 to

7.

customer-vlan-id vlan-id-list

Specifies to match the packets of specified VLANs ofuser networks. The vlan-id-list argument specifies a

list of VLAN IDs, in the form of vlan-id to vlan-id or

multiple discontinuous VLAN IDs (separated by

space). You can specify up to eight VLAN IDs for this

argument at a time. VLAN ID is in the range 1 to

4094.

destination-mac mac-address Matches a destination MAC address

dscp dscp-list

Matches DSCP values. The dscp-list is a list of up to

eight DSCP values. A DSCP value is a number in the

range of 0 to 63 or a word representing the specific

value. For the number-to-word mapping, see Table

15-2.

ip-precedence ip-precedence-list

Matches IP precedence. The ip-precedence-list is a

list of up to eight IP precedence values. An IP

precedence is in the range of 0 to 7.

protocol protocol-name Matches a protocol. The protocol-name can be IP or

IPv6.

qos-local-id local-id-value

Matches a local QoS ID, which is in the range of 1 to

4095. The local QoS IDs supported on the S7500E

series switches are from 1 to 3999.

service-dot1p 8021p-list

Matches the 802.1p priority of the service provider

network. The 8021p-list argument is a list of up to

eight 802.1p priority values. An 802.1p priority is in

the range 0 to 7.



3-4


service-vlan-id vlan-id-list

Specifies to match the packets of the VLANs of the

operator’s network. The vlan-id-list argument is a list

of VLAN IDs, in the form of vlan-id to vlan-id or

multiple discontinuous VLAN IDs (separated byspace). You can specify up to eight VLAN IDs for this

argument at a time. VLAN ID is in the range of 1 to

4094.

source-mac mac-address Matches a source MAC address

system-index index-value-list

Matches a pre-defined match criterion (system-index)

for packets sent to the control plane. The

index-value-list argument specifies a list of up to eight

system indexes. The system index range is from 1 to

128.

Suppose the logical relationship between classification rules is and. Note the following when using the

if-match command to define matching rules.

If multiple matching rules with the acl or acl ipv6 keyword specified are defined in a class, the

actual logical relationship between these rules is or when the policy is applied.

If multiple matching rules with the customer-vlan-id or service-vlan-id keyword specified are

defined in a class, the actual logical relationship between these rules is or .



3-5

The matching criteria listed below must be unique in a traffic class with the operator being AND.

Therefore, even though you can define multiple if-match clauses for these matching criteria or input

multiple values for a list argument (such as the 8021p-list argument) listed below in a traffic class,

avoid doing that. Otherwise, the QoS policy referencing the class cannot be applied to interfaces

successfully.

customer-dot1p 8021p-list

destination-mac mac-address

dscp dscp-list

ip-precedence ip-precedence-list

service-dot1p 8021p-list

source-mac mac-address

system-index index-value-list

To create multiple if-match clauses or specify multiple values for a list argument for any of the

matching criteria listed above, ensure that the operator of the class is OR.

Defining a Traffic Behavior

A traffic behavior is a set of QoS actions to take on a traffic class for purposes such as traffic filtering,

shaping, policing, priority marking. To define a traffic behavior, you must first create it and then

configure QoS actions such as priority marking and redirect in traffic behavior view.Follow these steps to define a traffic behavior:



Create a traffic behavior and enter

traffic behavior view

traffic behavior behavior-name Required

Configure other actions in the

traffic behavior

See the subsequent sections depending on the purpose of the traffic

behavior: traffic policing, traffic filtering, traffic redirecting, priority

marking, traffic accounting and so on.

Defining a Policy

In a policy, you can define multiple class-behavior associations. A behavior is performed for the

associated class of packets. In this way, various QoS features can be implemented.

Follow these steps to associate a class with a behavior in a policy:





3-6


Create a policy and enter policy

view qos policy policy-name Required

Associate a class with a behavior

in the policy

classifier tcl-name behavior

behavior-name [ mode

dot1q-tag-manipulation ]

Required

Specify the

dot1q-tag-manipulation keyword

if the class-behavior association is

defined for VLAN mapping.

If an ACL is referenced by a QoS policy for defining traffic match criteria, packets matching the

ACL are organized as a class and the behavior defined in the QoS policy applies to the class

regardless of whether the match mode of the if-match clause is deny or permit.

In a QoS policy with multiple class-to-traffic-behavior associations, if the action of creating an

outer VLAN tag, the action of setting customer network VLAN ID, or the action of setting service

provider network VLAN ID is configured in a traffic behavior, we recommend you not to configure

any other action in this traffic behavior. Otherwise, the QoS policy may not function as expected

after it is applied.

The do1q-tag-manipulation keyword is applicable to only many-to-one VLAN mapping

configuration. For information about many-to-one VLAN mapping, see VLAN Mapping

Configuration in the Layer 2 - LAN Switching Configuration Guide.

Applying the QoS Pol icy

You can apply a QoS policy to different occasions:

Applied to an interface, the policy takes effect on the traffic sent or received on the interface.

Applied to a user profile, the policy takes effect on the traffic sent or received by the online users

of the user profile.

Applied to a VLAN, the policy takes effect on the traffic sent or received on all ports in the VLAN.

Applied globally, the policy takes effect on the traffic sent or received on all ports.

Applied to the control plane, the policy takes effect on the traffic sent or received on the control

plane.



3-7

You can modify classes, behaviors, and class-behavior associations in a QoS policy even after it

is applied.

The QoS policies applied to ports, VLANs, and the system globally have descending priorities. For

example, if a port and a VLAN carried on the port have both referenced a QoS policy for incoming

traffic, the one on the port is used to match traffic prior to the one for the VLAN.

Applying the QoS policy to an interface

A policy can be applied to multiple interfaces, but in one direction (inbound or outbound) of an interface

only one policy can be applied.

Follow these steps to apply the QoS policy to an interface:



Enter

interface

view

interface interface-type

interface-number

Enter

interface

view or port

group view Enter port

group viewport-group manual port-group-name

Use either command

Settings in interface view take

effect on the current interface;

settings in port group view take

effect on all ports in the port group.

Apply the policy to the

interface/port group

qos apply policy policy-name

{ inbound | outbound } Required

The QoS policy applied to the outgoing traffic of a port does not regulate local packets, which are

critical protocol packets sent by the card that hosts the interface for maintaining the normal operation

of the device. The most common local packets include link maintenance packets, STP, LDP, and

RSVP packets.

Applying the QoS policy to online users

You can apply a QoS policy to multiple online users, but in one direction of each online user only one

policy can be applied. To modify a QoS policy already applied in a certain direction, remove the QoS

policy application first.

Follow these steps to apply the QoS policy to online users:







3-9

QoS policies cannot be applied to dynamic VLANs, for example, VLANs created by GVRP.

Applying the QoS pol icy global ly

You can apply a QoS policy globally to the inbound or outbound direction of all ports.

Follow these steps to apply the QoS policy globally:



Apply the QoS policy globally qos apply policy policy-name

global { inbound | outbound }Required

A QoS policy containing any of the nest, remark customer-vlan-id, and remark service-vlan-id

Actions cannot be applied globally.

Applying the QoS policy to the cont rol p lane

Packet processing units fit into the data plane and the control plane depending on their functions.

At the data plane are units responsible for receiving, transmitting, and switching (that is,

forwarding) packets, such as various dedicated forwarding chips. They deliver super processing

speeds and throughput.

At the control plane are processing units running most routing and switching protocols and

responsible for protocol packet resolution and calculation, such as CPUs. Compared with data

plane units, they allow for great packet processing flexibility but have lower throughput.

When the data plane receives packets that it cannot recognize or process, it transmits them to the

control plane. If the transmission rate exceeds the processing capability of the control plane, which

very likely occurs at times of DoS attacks, the control plane will be busy handling undesired packets

and fail to handle legitimate packets correctly or timely. As a result, protocol performance is affected.

To address this problem, you can apply a QoS policy to the control plane to take QoS actions such as

traffic filtering or rate limiting on inbound traffic, thus ensuring that the control plane can receive,

transmit, and process packets normally.

Follow these steps to apply the QoS policy to the control plane:


Enter system view

system-view —

Enter control plane view (on a

distributed device)

control-plane slot slot-number Required



3-10


Enter control plane view (on a

distributed IRF device)

control-plane chassis chassis-number slot

slot-number Required

Apply the QoS policy to the

control plane

qos apply policy policy-name { inbound |

outbound } Required

The QoS policy applied to the control plane for a specific slot takes effect only on the slot.

In case a global QoS policy conflicts with a control plane QoS policy, the control plane QoS policy

takes effect on the control plane.

By default, devices are configured with pre-defined control plane policies, which take effect on the

control planes by default. A pre-defined control plane QoS policy uses the system-index to identify

the type of packets sent to the control plane. You can reference system-indexes in if-match

commands in class view for traffic classification and then re-configure traffic behaviors for these

classes as required. You can use the display qos policy control-plane pre-defined command

to display them.

In a QoS policy for control planes, if a system index classifier is configured, the associated traffic

behavior can contain only the CAR or accounting action. In addition, if the CAR action is

configured, only its CIR setting can be applied.

Displaying and Maintaining QoS Policies


Display traffic class information

display traffic classifier

user-defined [ tcl-name ] Available in any view

Display traffic behavior

configuration information

display traffic behavior

user-defined [ behavior-name ] Available in any view

Display user-defined QoS policy


display qos policy user-defined

[ policy-name [ classifier

tcl-name ] ]


Display QoS policy configuration

on the specified or all interfaces

display qos pol icy interface

[ interface-type interface-number ]

[ inbound | outbound ]


Display VLAN QoS policy

configuration on a distributed

device

display qos vlan-policy { name

policy-name | vlan vlan-id } [ slot

slot-number ] [ inbound |outbound ]




3-11


Display VLAN QoS policy

configuration on a distributed IRF

device

display qos vlan-policy { name

policy-name | vlan [ vlan-id ] }

[ chassis chassis-number slot

slot-number ] [ inbound |outbound ]


Display information about QoS

policies applied globally on a

distributed device

display qos policy global [ slot

slot-number ] [ inbound |

outbound ]


Display information about QoS

policies applied globally on a

distributed IRF device

display qos policy global



outbound ]


Display information about control

plane QoS policies on a distributed

device

display qos policy

control-plane [ slot


outbound ]


Display information about control

plane QoS policies on a distributed

IRF device

display qos policy control-plane



outbound ]


Display information about

pre-defined control plane QoS

policies on a distributed device

display qos policy

control-plane pre-defined

[ slot slot-number ]


Display information about

pre-defined control plane QoS

policies on a distributed IRF device

display qos policy control-plane

pre-defined [ chassis

chassis-number slot slot-number ]


Clear VLAN QoS policy statisticsreset qos vlan-policy [ vlan

vlan-id ] [ inbound | outbound ] Available in user view

Clear the statistics for a QoS policy

applied globally

reset qos po licy global

[ inbound | outbound ] Available in user view

Clear the statistics for the QoS

policy applied to a control plane on

a distributed device

reset qos policy

control-plane [ slot


outbound ]

Available in user view

Clear the statistics for the QoS

policy applied to a control plane on

a distributed IRF device

reset qos po licy control -plane



outbound ]




3-12



4-1

4 Priori ty Mapping Configuration

When configuring priority mapping, go to these sections for information you are interested in:

Priority Mapping Overview

Priority Mapping Configuration Tasks

Configuring Priority Mapping

Displaying and Maintaining Priority Mapping

Priority Mapping Configuration Examples

Priority Mapping Overview

Introduction to Priori ty Mapping

The priorities of a packet determine its transmission priority. There are two types of priority: priorities

carried in packets and priorities locally assigned for scheduling only.

The packet-carried priorities include 802.1p priority, DSCP precedence, IP precedence, EXP, and so

on. These priorities have global significance and affect the forwarding priority of packets across the

network.

The locally assigned priorities have only local significance. They are assigned by the device for

scheduling only. These priorities include the local precedence and drop precedence, as follows.

Local precedence is used for queuing. A local precedence value corresponds to an output queue. A packet with higher local precedence is assigned to a higher priority output queue to be

preferentially scheduled.

Drop precedence is used for making packet drop decisions. Packets with the highest drop

precedence are dropped preferentially.

When a packet enters the device from a port, the device assigns a set of QoS priority parameters to

the packet based on a certain priority and sometimes may modify its priority, according to certain rules

depending on device status. This process is called priority mapping. The priority based on which

priority mapping is performed depends on the priority trust mode configured on the port . The set of

QoS priority parameters decides the scheduling priority and forwarding priority of the packet.

Priority Mapping Tables

Priority mapping is implemented with priority mapping tables. The device provides various types of

priority mapping tables, or rather, priority mappings. By looking up a priority mapping table, the device

decides which priority value is to assign to a packet for subsequent packet processing.

dot1p-dp : 802.1p-to-drop priority mapping table.

dot1p-exp: 802.1p-to-EXP priority mapping table. (Available only on the EB and SD cards)

dot1p-lp : 802.1p-to-local priority mapping table.

dscp-dot1p: DSCP-to-802.1p priority mapping table, which is applicable to only IP packets.

dscp-dp: DSCP-to-drop priority mapping table, which is applicable to only IP packets.



4-2

dscp-dscp: DSCP-to-DSCP priority mapping table, which is applicable to only IP packets.

exp-dot1p: EXP-to-802.1p priority mapping table. (Available only on the EB and SD cards)

exp-dp: EXP-to-drop priority mapping table.

The default priority mapping tables (as shown in Appendix A Default Priority Mapping Tables) are

available for priority mapping. Generally, they are sufficient for priority mapping. If a default priority

mapping table cannot meet your requirements, you can modify the priority mapping table as required.

Priority Trust Mode on a Port

The priority trust mode on a port decides which priority is used for priority mapping table lookup. There

are two priority trust modes on the H3C S7500E series switches:

dot1p: Uses the 802.1p priority carried in packets for priority mapping.

dscp: Uses the DSCP carried in packets for priority mapping.

In addition, port priority was introduced for 802.1q untagged packets. Thus, when a port configured

with the 802.1p trust mode receives an 802.1q untagged packet, the priority of the port is used as the802.1p priority of the packet for priority mapping table lookup.

The priority mapping procedure varies with the priority modes, as described in the next section Priority

Mapping Procedure.

Priority Mapping Procedure

Figure 4-1 presents how the S7500E performs priority mapping for an Ethernet packet. The procedure

differs depending on whether the packet is 802.1q tagged or not.



4-3

Figure 4-1 Priority mapping procedure for an Ethernet packet

Which priority istrusted on the

port?

Receive apacket on a port

Use the portpriority as the

802.1p priority ofthe packet

Look up thedot1p-dp and

dot1p-lp tables

Mark the packetwith local

precedence anddrop precedence

Is the packet802.1q tagged?

DSCP in packets

Look up thedscp-dp, dscp-

dot1p, and dscp-dscp tables

802.1p inpackets

Mark the packetwith 802.1ppriority, drop

precedence, andnew DSCPprecedence

Look up thedot1p-lp table


precedence

Look up thedot1p-dp and

dot1p-lp tables


precedence anddrop precedence

Schedule the packetaccording to its localprecedence and drop

precedence

Y

N

For an MPLS packet, the priority mapping procedure as shown in Figure 4-2 is adopted:



4-4

Figure 4-2 Priority mapping procedure for an MPLS packet

Receive apacket

Look up theexp-dp table

Mark the packetwith drop

precedence

Look up theexp-dot1p table

Mark the packetwith new 802.1p

priority

Look up thedot1p-lp table

Mark the packetwith localprecedence

Schedule the packetaccording to its localprecedence and drop

precedence

The priority mapping procedure presented above applies in the absence of priority marking. If priority

marking is configured, the device performs priority marking before priority mapping, and then uses there-marked packet-carried priority for priority mapping or directly uses the re-marked scheduling priority

for traffic scheduling depending on your configuration. In this case, neither priority trust mode

configuration on the port nor port priority configuration takes effect.

Priority Mapping Configuration Tasks

You are recommended to plan QoS throughout the network before making QoS configuration.

Complete the following task to configure priority mapping:

Task Remarks

Configuring a Priority Mapping Table Optional

Configuring the Priority Trust Mode on a Port Optional

Configuring the Port Priority of a Port Optional



4-5

Configuring Priority Mapping

Configuring a Priori ty Mapping Table

Follow these steps to configure an uncolored priority mapping table:



Enter priority mapping table view

qos map-table { dot1p-dp |

dot1p-exp | dot1p-lp |

dscp-dot1p | dscp-dp |

dscp-dscp | exp-dot1p | exp-dp }

Required

Configure the priority mapping

table

import import-value-list export

export-value

Required

Newly configured mappings

overwrite the old ones.

Display the configuration of the

priority mapping table

display qos map-table

[ dot1p-dp | dot1p-exp | dot1p-lp

| dscp-dot1p | dscp-dp |

dscp-dscp | exp-dot1p | exp-dp ]

Optional


The 802.1p-to-EXP priority mapping table (dot1p-exp) and the EXP-to-802.1p priority mapping table

(exp-dot1p) are available only for the EB and SD cards.

Configuring the Priori ty Trust Mode on a Port

Follow these steps to configure the trusted packet priority type on an interface/port group:



Enter

interface

view


interface-number

Enter

interface

view or port


group view

port-group manual port-group-name

Use either command





Configure

the priority

trust mode

Trust the

DSCP

priority in

packets

qos trust dscp

Use either command

By default, the device trusts the802.1p priority in packets.



4-6


Trust the

802.1p

priority in

packets

undo qos trust

Display the priority trust

mode configuration on the

port

display qos trust interface


Optional


Configuring the Port Priority of a Port

You can change the port priority of a port used for priority mapping. For the priority mapping procedure,

see the Priority Mapping Procedure section.Follow these steps to configure the port priority of a port for priority mapping:



Enter

interface

view


interface-number

Enter

interface

view or port


group view

port-group manual

port-group-name

Use either command

Settings in interface view take effect on

the current interface; settings in port

group view take effect on all ports in the

port group.

Configure the port priority qos priority priority-value Required

The default port priority is 0.

Display the trusted packet

priority type and the

priorities of an interface



Optional


Displaying and Maintaining Priority Mapping


Display priority mapping table

configuration

display qos map-table

[ dot1p-dp | dot1p-exp | dot1p-lp

| dscp-dot1p | dscp-dp |

dscp-dscp | exp-dot1p | exp-dp ]


Display the trusted packet priority

type on a port


[ interface-type interface-number ] Available in any view



4-7

Priority Mapping Configuration Examples

Priority Mapping Table and Priority Marking Configuration Example

For information about priority marking, see Priority Marking Configuration.

Network requirements

As shown in Figure 4-3, the enterprise network of a company interconnects all departments through

Device. The network is described as follows:

The marketing department connects to GigabitEthernet 2/0/1 of Device, which sets the 802.1p

priority of traffic from the marketing department to 3. The R&D department connects to GigabitEthernet 2/0/2 of Device, which sets the 802.1p priority

of traffic from the R&D department to 4.

The management department connects to GigabitEthernet 2/0/3 of Device, which sets the 802.1p

priority of traffic from the management department to 5.

Configure port priority, 802.1p-to-local priority mapping table, and priority marking to implement the

plan as described in Table 4-1.

Table 4-1 Configuration plan

Queuing plan

Traffic

destinationTraffic Priorit y order

Traffic sourceOutput

queue

Queue

priority

R&D department 6 High

Management

department4 MediumPublic servers

R&D department > management

department > marketing

department

Marketing department 2 Low

R&D department 2 Low

Management

department6 High

Internet

through HTTP

management department >

marketing department > R&D

department

Marketing department 4 Medium



4-8

Figure 4-3 Network diagram for priority mapping table and priority marking configuration

Host

Server

R&D department

Internet

Device GE2/0/1

GE2/0/2GE2/0/3

GE2/0/4

Marketing department

Host

Server

Host

Server

Management department

Public servers

GE2/0/5

Data server

Mail server

Configuration procedure

1) Configure trusting port priority

# Set the port priority of GigabitEthernet 2/0/1 to 3.<Devi ce> syst em- vi ew

[ Devi ce] i nt er f ace gi gabi t et her net 2/ 0/ 1

[ Devi ce- Gi gabi t Et her net 2/ 0/ 1] qos pr i or i t y 3

[ Devi ce- Gi gabi t Et her net 2/ 0/ 1] qui t

# Set the port priority of GigabitEthernet 2/0/2 to 4.


[ Devi ce- Gi gabi t Et her net 2/ 0/ 2] qos pr i or i t y 4


# Set the port priority of GigabitEthernet 2/0/3 to 5.

[ Devi ce] i nt er f ace gi gabi t et her net 2/ 0/ 3[ Devi ce- Gi gabi t Et her net 1/ 3] qos pr i or i t y 5

[ Devi ce- Gi gabi t Et her net 1/ 3] qui t

2) Configure the priority mapping table

# Configure the 802.1p-to-local priority mapping table to map 802.1p priority values 3, 4, and 5 to local

precedence values 2, 6, and 4.

[ Devi ce] qos map- t abl e dot1p- l p

[ Devi ce- mapt bl - dot 1p- l p] i mport 3 expor t 2



[ Devi ce- mapt bl - dot 1p- l p] qui t3) Configure priority marking



4-9

# Mark the HTTP traffic of the management department, marketing department, and R&D department

to the Internet with 802.1p priorities 4, 5, and 3 respectively. Use the priority mapping table configured

above to map the 802.1p priorities to local precedence values 6, 4, and 2 respectively for differentiated

traffic treatment.

# Create ACL 3000 to match HTTP traffic.

[ Devi ce] acl number 3000

[ Devi ce- acl - adv- 3000] r ul e permi t t cp desti nat i on- port eq 80

[ Devi ce- acl - adv- 3000] qui t

# Create class http and reference ACL 3000 in the class.

[Devi ce] t r af f i c cl assi f i er ht t p

[ Devi ce- cl assi f i er - ht t p] i f - mat ch acl 3000

[Devi ce- cl assi f i er - ht t p] qui t

# Configure a priority marking policy for the management department and apply the policy to the

incoming traffic of GigabitEthernet 2/0/3.

[ Devi ce] t r af f i c behavi or admi n

[ Devi ce- behavi or - admi n] r emark dot1p 4

[ Devi ce- behavi or- admi n] qui t

[ Devi ce] qos pol i cy admi n

[ Devi ce- qospol i cy- admi n] cl assi f i er htt p behavi or admi n

[ Devi ce- qospol i cy- admi n] qui t


[ Devi ce- Gi gabi t Ethernet 2/ 0/ 3] qos appl y pol i cy admi n i nbound

# Configure a priority marking policy for the marketing department and apply the policy to the incoming

traffic of GigabitEthernet 2/0/1.

[ Devi ce] t r af f i c behavi or mar ket

[ Devi ce- behavi or - market] r emark dot1p 5[ Devi ce- behavi or- market ] qui t

[ Devi ce] qos pol i cy market

[ Devi ce- qospol i cy- mar ket ] cl assi f i er ht t p behavi or mar ket

[ Devi ce- qospol i cy- mar ket ] qui t


[ Devi ce- Gi gabi t Ethernet 2/ 0/ 1] qos appl y pol i cy market i nbound

# Configure a priority marking policy for the R&D department and apply the policy to the incoming

traffic of GigabitEthernet 2/0/2.

[ Devi ce] t r af f i c behavi or r d

[ Devi ce- behavi or- r d] r emark dot 1p 3[ Devi ce- behavi or - r d] qui t

[ Devi ce] qos pol i cy rd

[ Devi ce- qospol i cy- r d] cl assi f i er ht t p behavi or r d

[ Devi ce- qospol i cy- r d] qui t


[ Devi ce- Gi gabi t Et hernet 2/ 0/ 2] qos appl y pol i cy r d i nbound



5-1

5 Traffic Policing, Traffic Shaping, and Line Rate

Configuration

When configuring traffic classification, traffic policing, and traffic shaping, go to these sections for

information you are interested in:

Traffic Policing, Traffic Shaping, and Line Rate Overview

Configuring Traffic Policing

Configuring GTS

Configuring the Line Rate

Displaying and Maintaining Traffic Policing, GTS, and Line Rate

Traffic Policing, Traffic Shaping, and Line Rate Overview

Without limits on user traffic, a network can be overwhelmed very easily. To help assign network

resources such as bandwidth efficiently to improve network performance and hence user satisfaction,

QoS technologies such as traffic policing, traffic shaping, and rate limit were introduced. For example,

you can configure a flow to use only the resources committed to it in a certain time range, thus

avoiding network congestion caused by burst traffic.

Traffic policing and generic traffic shaping (GTS) limit traffic rate and resource usage according to

traffic specifications. Once a particular traffic exceeds its specifications such as bandwidth assigned to

it, it is shaped or policed to ensure that it is under the specifications. Generally, token buckets are used

to evaluate traffic specifications.

Traffic Evaluation and Token Buckets

Token bucket features

A token bucket is analogous to a container holding a certain number of tokens. The system puts tokens

into the bucket at a set rate. When the token bucket is full, the extra tokens overflows.

Evaluating traffic w ith the token bucket

The evaluation of traffic specifications is based on whether the number of tokens in the bucket canmeet the need of packet forwarding. Generally, one token is associated with a 1-bit forwarding

authority. If the number of tokens in the bucket is enough for forwarding the packets, the traffic

conforms to the specification and is called conforming traffic; otherwise, the traffic does not conform to

the specification and is called excess traffic.

A token bucket has the following configurable parameters:

Mean rate at which tokens are put into the bucket, namely, the permitted average rate of traffic. It

is usually set to the committed information rate (CIR).

Burst size or the capacity of the token bucket. It is the maximum traffic size that is permitted in

each burst. It is usually set to the committed burst size (CBS). The set burst size must be greater

than the maximum packet size.



5-2

Evaluation is performed for each arriving packet. In each evaluation, if the number of tokens in the

bucket is enough, the traffic conforms to the specification and the corresponding tokens for forwarding

the packet are taken away; if the number of tokens in the bucket is not enough, it means that too many

tokens have been used and the traffic is excessive.

Complicated evaluation

You can set two token buckets, the C bucket and the E bucket, to evaluate traffic in a more

complicated environment and achieve more policing flexibility. For example, traffic policing uses four

parameters:

CIR: Rate at which tokens are put into the C bucket, that is, the average packet transmission or

forwarding rate allowed by the C bucket.

CBS: Size of the C bucket, that is, transient burst of traffic that the C bucket can forward.

Peak information rate (PIR): Rate at which tokens are put into the E bucket, that is, the average

packet transmission or forwarding rate allowed by the E bucket.

Excess burst size (EBS): Size of the E bucket, that is, transient burst of traffic that the E bucket

can forward.

CBS is implemented with the C bucket and EBS with the E bucket. In each evaluation, packets are

measured against the buckets:

If the C bucket has enough tokens, packets are colored green.

If the C bucket does not have enough tokens but the E bucket has enough tokens, packets are

colored yellow.

If neither the C bucket nor the E bucket has sufficient tokens, packets are colored red.

Traffic Policing

Traffic policing supports policing traffic in the inbound direction and the outbound direction. Thereafter,

the outbound direction is taken for example.

A typical application of traffic policing is to supervise the specification of certain traffic entering a

network and limit it within a reasonable range, or to "discipline" the extra traffic. In this way, the networkresources and the interests of the user are protected. For example, you can limit bandwidth for HTTP

packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing

can drop the packets or reset the IP precedence of the packets.



5-3

Figure 5-1 Schematic diagram for traffic policing

Tokenbucket

Packets dropped

Packetclassification

Packets to be sentthrough this interface

Packets sent

Tokens are put into thebucket at the set rate

Queue

Traffic policing is widely used in policing traffic entering the networks of internet service providers

(ISPs). It can classify the policed traffic and take pre-defined policing actions on each packet

depending on the evaluation result:

Forwarding the traffic if the evaluation result is “conforming.”

Dropping the traffic if the evaluation result is “excess.”

Modifying the DSCP priority of the conforming traffic and forwarding it.

Traffic Shaping

Traffic shaping supports shaping traffic to the outgoing traffic.

Traffic shaping provides measures to adjust the rate of outbound traffic actively. A typical traffic

shaping application is to limit the local traffic output rate according to the downstream traffic policing

parameters.

The difference between traffic policing and GTS is that packets to be dropped with traffic policing are

retained in a buffer or queue with GTS, as shown in Figure 5-2. When there are enough tokens in the

token bucket, the buffered packets are sent at an even rate. Traffic shaping may result in additional

delay while traffic policing does not.





5-5

Figure 5-4 Line rate implementation

In the token bucket approach to traffic control, bursty traffic can be transmitted so long as enough

tokens are available in the token bucket; if tokens are inadequate, packets cannot be transmitted until

the required number of tokens are generated in the token bucket. Thus, traffic rate is restricted to the

rate for generating tokens, thus limiting traffic rate and allowing bursty traffic.

Line rate can only limit the total traffic rate on a physical port, while traffic policing can limit the rate of a

flow on a port. To limit the rate of all the packets on a port, using line rate is easier.

Configuring Traffic Policing


Follow these steps to configure traffic policing:




view

traffic classifier tcl-name [ operator { and

| or } ] —

Configure the match criteria if-match match-criteria —

Exit class view quit —

Create a behavior and enter

behavior viewtraffic behavior behavior-name —



5-6


Configure a traffic policing

action

car cir committed-information-rate [ cbs

committed-burst-size [ ebs

excess-burst-size ] ] [ pir

peak-information-rate ] [ green action ]

[ yellow action ] [ red action ]

Required

On SC, SA, and EA LPUs,

the granularity of traffic

policing is 64 kbps.

On SD and EB LPUs, the

granularity of traffic policing

is 8 kbps.

Exit behavior view quit —

Create a policy and enter

policy view

qos policy policy-name —

Associate the class with the

traffic behavior in the QoS

policy


behavior-name —

Exit policy view quit —

To an interface Applying the QoS policy to an interface —

To online users Applying the QoS policy to online users —

To a VLAN Applying the QoS policy to a VLAN —

Globally Applying the QoS policy globally —

Apply the

QoS

policy

To the control

plane

Applying the QoS policy to the control

plane —

Only SC, SD and EB cards support policing traffic in the outbound direction.

Configuration Example

Configure traffic policing on GigabitEthernet 2/0/1 to limit the rate of received HTTP traffic to 512 kbps

and drop the exceeding traffic.

# Enter system view.

<Sysname> syst em- vi ew

# Configure advanced ACL 3000 to match HTTP traffic.

[ Sysname] acl number 3000

[ Sysname- acl - adv- 3000] r ul e per mi t t cp dest i nati on- por t eq 80





5-8


Configure GTS on GigabitEthernet2/0/1, shaping the packets of queue 1 when the sending rate

exceeds 512 kbps.


<Sysname> syst em- vi ew# Enter interface view.

[ Sysname] i nt er f ace gi gabi t et her net 2/ 0/ 1

# Configure GTS parameters.

[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos gt s queue 1 ci r 512



Follow these steps to configure the line rate:



Enter

interface

view

interface interface-type interface-number Enter

interface

view or port



Use either command

Settings in interface view take effect

on the current interface; settings in

port group view take effect on all

ports in the port group.

Configure the inbound or

outbound line rate for the

interface/port group

qos lr outbound cir

committed-information-rate [ cbs

committed-burst-size ]

Required

On SC, SA, and EA LPUs, the

granularity of line rate is 64 kbps.


granularity of line rate is 8 kbps.

Display line rate


on the interface/all

interfaces

display qos lr interface [ interface-type

interface-number ] Available in any view


Limit the outbound line rate of GigabitEthernet 2/0/1 to 512 kbps.



# Enter interface view.




5-9

# Limit the outbound line rate of GigabitEthernet 2/0/1 to 512 kbps.

[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos l r out bound ci r 512

Displaying and Maintaining Traffic Policing, GTS, and Line Rate

On the S7500E series switches, you can configure traffic policing in policy-based approach. For

related displaying and maintaining commands, see Displaying and Maintaining QoS Policies.


Display interface GTS


display qos g ts interface


Display interface line rate


display qos lr interface




6-1

6 Congestion Management Configuration

When configuring hardware congestion management, go to these sections for information you are

interested in:

Congestion Management Overview

Congestion Management Configuration Approaches

Per-Queue Hardware Congestion Management

Displaying and Maintaining Congestion Management

Congestion Management Overview

Causes, Impacts, and Countermeasures of Congestion

Network congestion is a major factor contributed to service quality degrading on a traditional network.

Congestion is a situation where the forwarding rate decreases due to insufficient resources, resulting

in extra delay.

Congestion easily occurs in complex packet switching circumstances in the Internet. The following

figure shows two common cases:

Figure 6-1 Traffic congestion causes

100M>10M

（100M+10M+50M）>100M

100M

100M

100M

50M

10M10M

（1）（2）

Congestion may bring these negative results:

Increased delay and jitter during packet transmission

Decreased network throughput and resource use efficiency

Network resource (memory in particular) exhaustion and even system breakdown

Congestion is unavoidable in switched networks and multi-user application environments. To improve

the service performance of your network, you must take some proper measures to address the

congestion issues.

The key to congestion management is how to define a dispatching policy for resources to decide the

order of forwarding packets when congestion occurs.



6-2

Congestion Management Policies

In general, congestion management uses queuing technology. The system uses a certain queuing

algorithm for traffic classification, and then uses a certain precedence algorithm to send the traffic.

Each queuing algorithm addresses a particular network traffic problem and which algorithm is used

affects bandwidth resource assignment, delay, and jitter significantly.Queue scheduling processes packets by their priorities, preferentially forwarding high-priority packets.

In the following section, Strict Priority (SP) queuing, Weighted Fair Queuing (WFQ), and Weighted

Round Robin (WRR) queuing are introduced.

SP queuing

SP queuing is specially designed for mission-critical applications, which require preferential service to

reduce the response delay when congestion occurs.

Figure 6-2 Schematic diagram for SP queuing

As shown in Figure 6-2, SP queuing classifies eight queues on a port into eight classes, numbered 7 to

0 in descending priority order.

SP queuing schedules the eight queues strictly according to the descending order of priority. It sends

packets in the queue with the highest priority first. When the queue with the highest priority is empty, it

sends packets in the queue with the second highest priority, and so on. Thus, you can assign

mission-critical packets to the high priority queue to ensure that they are always served first and

common service packets to the low priority queues and transmitted when the high priority queues are

empty.

The disadvantage of SP queuing is that packets in the lower priority queues cannot be transmitted if

there are packets in the higher priority queues. This may cause lower priority traffic to starve to death.

WRR queuing

WRR queuing schedules all the queues in turn to ensure that every queue can be served for a certain

time, as shown in Figure 6-3.



6-3

Figure 6-3 Schematic diagram for WRR queuing

Queue 0 Weight 1

……

Queue 1 Weight 2

Queue N-2Weight N-1

Queue N-1 Weight N

Packets to be sent throughthis port Sent packets

Interface

Queuescheduling

Sending queuePacket

classification

Assume there are eight output queues on a port. WRR assigns each queue a weight value

(represented by w7, w6, w5, w4, w3, w2, w1, or w0) to decide the proportion of resources assigned to

the queue. On a 100 Mbps port, you can configure the weight values of WRR queuing to 5, 3, 1, 1, 5, 3,

1, and 1 (corresponding to w7, w6, w5, w4, w3, w2, w1, and w0 respectively). In this way, the queue

with the lowest priority is assured of 5 Mbps of bandwidth at least, thus avoiding the disadvantage of

SP queuing that packets in low-priority queues may fail to be served for a long time.

Another advantage of WRR queuing is that while the queues are scheduled in turn, the service time for

each queue is not fixed, that is, if a queue is empty, the next queue will be scheduled immediately. This

improves bandwidth resource use efficiency.

WFQ queuing

Figure 6-4 Schematic diagram for WFQ queuing

Queue 1 Band width 1

……

Queue 2 Band width 2

Queue N-1 Band width N-1

Queue N Band width N

Packets to be sent throughthis port

Packetclassification

Sent packets

Interface

Sending queueQueue

scheduling

WFQ is derived from fair queuing (FQ), which is designed for fairly sharing network resources,

reducing the delay and jitter of all traffic. FQ fully consider the interests of all queues to ensure that:

Different queues have fair dispatching opportunities, preventing a single queue from being

delayed for too long.



6-4

Short packets and long packets are fairly scheduled: if there are both long packets and short

packets in queues, statistically the short packets should be scheduled preferentially to reduce the

jitter between packets as a whole.

Compared with FQ, WFQ takes weights into account when determining the queue scheduling order.

Statistically, WFQ gives high priority traffic more scheduling opportunities than low priority traffic. WFQ

can automatically classify traffic according to the “session” information of traffic (protocol type, TCP or

UDP source/destination port numbers, source/destination IP addresses, IP precedence bits in the ToS

field, and so on), and try to provide as many queues as possible so that each traffic flow can be put into

these queues to balance the delay of every traffic flow as a whole. When dequeuing packets, WFQ

assigns the outgoing interface bandwidth to each traffic flow by precedence. The higher precedence

value a traffic flow has, the more bandwidth it gets.

Additionally, WFQ can work with the minimum guaranteed bandwidth mechanism. You can configure a

minimum guaranteed bandwidth for each WFQ queue to guarantee that each WFQ queue is

guaranteed of the bandwidth when congestion occurs. The assignable bandwidth (assignable

bandwidth = total bandwidth – the sum of the minimum guaranteed bandwidth for each queue) isallocated to queues based on queue priority.

For example, assume that the total bandwidth of a port is 10 Mbps, and there are five flows on the port

currently, with the precedence being 0, 1, 2, 3, and 4 and the minimum guaranteed bandwidth being

128 kbps, 128 kbps, 128 kbps, 64 kbps, and 64 kbps respectively.

The assignable bandwidth = 10 Mbps – (128 kbps + 128 kbps + 128 kbps + 64 kbps + and 64

kbps) = 9.5 Mbps

The total assignable bandwidth quota is the sum of all the (precedence value + 1)s, that is, 1 + 2 +

3 + 4 + 5 = 15.

The bandwidth percentage assigned to each flow is (precedence value of the flow + 1)/totalassignable bandwidth quota. The bandwidth percentages for the flows are 1/15, 2/15, 3/15, 4/15,

and 5/15 respectively.

The bandwidth finally assigned to a queue = the minimum guaranteed bandwidth + the bandwidth

allocated to the queue from the assignable bandwidth

Because WFQ can balance delay and jitter among flows when congestion occurs, it is effectively

applied in some special occasions. For example, WFQ is used for the assured forwarding (AF)

services of the Resource Reservation Protocol (RSVP). In Generic Traffic Shaping (GTS), WFQ is

used to schedule buffered packets.

SP+WRR queuing

By assigning some queues on the port to the SP scheduling group and the others to the WRR

scheduling group (that is, group 1), you implement SP + WRR queue scheduling on the port. Packets

in the SP scheduling group are scheduled preferentially. When the SP scheduling group is empty,

packets in the WRR scheduling group are scheduled. Queues in the SP scheduling group are

scheduled with the SP queue scheduling algorithm. Queues in the WRR scheduling group are

scheduled with WRR.

Congestion Management Configuration Approaches

Complete the following tasks to achieve congestion management:



6-5

Task Remarks

Configuring SP Queuing Optional

Configure WRR Queuing Optional

Configuring WFQ Queuing Optional

Configuring SP+WRR Queues Optional

Per-Queue Hardware Congestion Management

Configuring SP Queuing


Follow these steps to configure SP queuing:



Enter

interface

view


interface-number

Enter

interface

view or port


group view

port-group manual

port-group-name

Use either command


the current interface; settings in port

group view take effect on all ports in the

port group.

Configure SP queuing

qos sp

Optional

The default queuing algorithm on an

interface is SP queuing.

Display SP queuing

configuration

display qos sp interface


Optional


Configuration example

1) Network requirements

Configure GigabitEthernet 2/0/1 to use SP queuing.

2) Configuration procedure

# Enter system view


# Configure GigabitEthernet2/0/1 to use SP queuing.

[ Sysname]i nt erf ace gi gabi t ether net 2/ 0/ 1

[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos sp



6-6

Configure WRR Queuing


Follow these steps to configure group-based WRR queuing:



Enter

interface

view


interface-number

Enter

interface

view or port



Use either command





Enable WRR queuing

qos wrr

Optional

The default queuing algorithm on

an interface is SP queuing.

Configure a WRR queue qos wrr queue-id group 1 weight

schedule-value Required

Display WRR queuing


display qos wrr interface


Optional




Enable WRR queuing on the interface GigabitEthernet 2/0/1.

Assign queues 0 through 7 to the WRR group, with their weights being 1, 3, 3, 5, 8, 8, 10, and 15.




# Configure WRR queuing on GigabitEthernet 2/0/1.


[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos wr r

[ Sysname- Gi gabi t Ether net 2/ 0/ 1] qos wr r 0 group 1 wei ght 1






[ Sysname- Gi gabi t Ether net 2/ 0/ 1] qos wr r 6 gr oup 1 wei ght 10

[ Sysname- Gi gabi t Ether net 2/ 0/ 1] qos wr r 7 gr oup 1 wei ght 15

Configuring WFQ Queuing


Follow these steps to configure an WFQ queue:



6-7



Enter

interface

view


interface-number

Enter

interface

view or port



Use either command

Settings in interface view takeeffect on the current interface;



Enable WFQ queuing qos wfq

Required

The default queuing algorithm on

an interface is SP queuing.

Configure the minimum

guaranteed bandwidth foran WFQ queue

qos bandwidth queue queue-id min

bandwidth-value

Required

64 kbps by default

Specify the queue

scheduling weight for an

WFQ queue

qos wfq queue-id weight

schedule-value

Required

1 by default

Display WFQ queuing

configuration

display qos wfq i nterface


Optional


The support of different cards for the minimum guaranteed bandwidth and scheduling weight

configuration for WFQ queues varies as follows:

The SC, SD, and EB cards support both minimum guaranteed bandwidth and scheduling weight

configurations.

The EA cards support both configurations too, but the scheduling weight for each queue can only

be 1.

The SA cards support only the scheduling weight configuration.



Configure the queues on port GigabitEthernet2/0/1 as WFQ queues and sets the scheduling

weights of queues 1, 3, 4, 5, and 6 to 1, 5, 10, 15, and 10 respectively.

Set the minimum guaranteed bandwidth of queue 1 to 128 kbps.




# Configure WFQ queues on GigabitEthernet 2/0/1.



6-8


[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos wf q

[ Sysname- Gi gabi t Ether net 2/ 0/ 1] qos wf q 1 wei ght 1





# Set the minimum guaranteed bandwidth of queue 1 to 128 kbps.

[ Sysname- Gi gabi t Ether net 2/ 0/ 1] qos bandwi dth queue 1 mi n 128

Configuring SP+WRR Queues


Follow these steps to configure SP + WRR queues:



Enter interface

view


interface-number Enter

interface

view or port

group viewEnter port

group view

port-group manual

port-group-name

Use either command


the current interface; settings in port group

view take effect on all ports in the port

group.

Enable the WRR queue

scheduling on the portqos wrr

Required

The default queuing algorithm on an

interface is SP queuing.

Configure SP queue

schedulingqos wrr queue-id group sp Required

Configure WRR queue

scheduling

qos wrr queue-id group

group-id byte-count

schedule-value

Required



Configure to adopt SP+WRR queue scheduling algorithm on GigabitEthernet2/0/1.

Configure queue 0, queue 1, queue 2 and queue 3 on GigabitEthernet2/0/1 to be in SP queue

scheduling group.

Configure queue 4, queue 5, queue 6 and queue 7 on GigabitEthernet2/0/1 to be in WRR queue

scheduling group, with the weight being 2, 4, 6 and 8 respectively.


# Enter system view.<Sysname> syst em- vi ew

# Enable the SP+WRR queue scheduling algorithm on GigabitEthernet2/0/1.



6-9

[ Sysname] i nt er f ace Gi gabi t Et her net 2/ 0/ 1

[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos wr r

[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos wr r 0 gr oup sp








Displaying and Maintaining Congestion Management


Display WRR queue configuration

information

display qos wrr interface [ interface-type

interface-number ]

Display SP queue configuration

information

display qos sp interface [ interface-type

interface-number ]

Display WFQ queue configuration

information

display qos wfq interface [ interface-type

interface-number ]




7-1

7 Congestion Avoidance

When configuring congestion avoidance, go to these sections for information you are interested in:

Congestion Avoidance Overview

Introduction to WRED Configuration

Configuring WRED on an Interface

Displaying and Maintaining WRED

Congestion Avoidance Overview

Avoiding congestion before it occurs to deteriorate network performance is a proactive approach to

improving network performance. As a flow control mechanism, congestion avoidance actively drops

packets when congestion is expected to occur or deteriorate by monitoring the utilization of network

resources (such as queues or memory buffers) to alleviate the load on the network.

Compared with end-to-end flow control, this flow control mechanism controls the load of more flows in

a device. When dropping packets from a source end, it cooperates with the flow control mechanism

(such as TCP flow control) at the source end to regulate the network traffic size. The combination of

the local packet drop policy and the source-end flow control mechanism helps maximize throughput

and network use efficiency and minimize packet loss and delay.

Traditional packet drop policy

Tail drop is the traditional approach to congestion avoidance. In this approach, when the size of a

queue reaches the maximum threshold, all the subsequent packets are dropped.

This results in global TCP synchronization. That is, if packets from multiple TCP connections are

dropped, these TCP connections go into the state of congestion avoidance and slow start to reduce

traffic, but traffic peak occurs later. Consequently, the network traffic jitters all the time.

RED and WRED

You can use random early detection (RED) or weighted random early detection (WRED) to avoid

global TCP synchronization.

Both RED and WRED avoid global TCP synchronization by randomly dropping packets. Thus, while

the sending rates of some TCP sessions slow down after their packets are dropped, other TCP

sessions remain at high sending rates. As there are always TCP sessions at high sending rates, link

bandwidth is efficiently utilized.

The RED or WRED algorithm sets an upper threshold and lower threshold for each queue, and

processes the packets in a queue as follows:

When the queue size is shorter than the lower threshold, no packet is dropped;

When the queue size reaches the upper threshold, all subsequent packets are dropped;

When the queue size is between the lower threshold and the upper threshold, the received

packets are dropped at random. The longer a queue is, the higher the drop probability is. However,

a maximum drop probability exists.





7-3



Create a WRED table qos wred queue table table-name —

Configure the drop

parameters for each

queue in the WRED table

queue queue-id [ drop-level drop-level ]

low-limit low-limit [ discard-probability

discard-prob ]

Optional

By default, the low-limit argument

is 100 and the discard-prob

argument is 10.

Enter

interface

view

interface interface-type interface-number Enter

interface

view or port


group view

port-group manual port-group-name

Use either command





Apply the WRED table qos wred apply table-name Required



Apply a queue-based WRED table to port GigabitEthernet 2/0/1.


# Enter system view.<Sysname> syst em- vi ew

# Configure a queue-based WRED table.

[ Sysname] qos wr ed queue t abl e queue- t abl e1

[ Sysname- wr ed- t abl e- queue- t abl e1] qui t

# Enter interface view.


# Apply the queue-based WRED table to GigabitEthernet 2/0/1.

[ Sysname- Gi gabi t Et her net 2/ 0/ 1] qos wr ed appl y queue- t abl e1

Displaying and Maintaining WRED


Display WRED configuration

information on the interface or all

interfaces

display qos wred interface


Display configuration information

about a WRED table or all WRED

tables

display qos wred table

[ table-name ] Available in any view



8-1

8 Traffic Filtering Configuration

When configuring traffic filtering, go to these sections for information you are interested in:

Traffic Filtering Overview

Configuring Traffic Filtering

Traffic Filtering Configuration Example

Traffic Filtering Overview

You can filter in or filter out a class of traffic by associating the class with a traffic filtering action. For

example, you can filter packets sourced from a specific IP address according to network status. By

using ACL rules configured with a time range for traffic classification, you can implement time-based

traffic filtering.

Configuring Traffic Filtering

Follow these steps to configure traffic filtering:




view

traffic classifier tcl-name [ operator

{ and | or } ] —





Configure the traffic filteringaction

filter { deny | permit }

Required

deny: Drops packets.

permit: Permits packets to

pass through.



viewqos policy policy-name —



policy


behavior-name —



8-2







Apply the

QoS

policy

To the control

plane


plane —

Display the traffic filtering

configuration

display traffic behavior user-defined

[ behavior-name ]

Optional


With filter deny configured for a traffic behavior, the other actions (except class-based accounting) in

the traffic behavior do not take effect.

Support of Line Cards for the Traffic Filtering Function

Table 8-1 shows the support of line cards for the traffic filtering action for the inbound and outbound

traffic.

For line card categories and their description, see the installation manual for the S7500E series

switches.

Table 8-1 Support of line cards for the traffic filtering action

Traffic di rection (right)

Card category (below)

Inbound Outbound

SC Supported Supported

SA Supported Not supported

EA Supported Not supported

EB Supported Supported



8-3

Traffic di rection (right)


Inbound Outbound

SD Supported Supported




As shown in Figure 8-1, Host is connected to GigabitEthernet 2/0/1 of Device.

Configure traffic filtering to filter the packets whose source port is 21 received on GigabitEthernet 2/0/1.

Figure 8-1 Network diagram for traffic filtering configuration


# Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21.

<Devi ceA> syst em- vi ew

[ Devi ceA] acl number 3000

[ Devi ceA- acl - basi c- 3000] r ul e 0 per mi t t cp sour ce- port eq 21

[ Devi ceA- acl - basi c- 3000] qui t

# Create a class named classifier_1, and reference ACL 3000 in the class.

[Devi ceA] t raf f i c c l assi f i er c l assi f i er_1

[ Devi ceA- cl assi f i er - cl assi f i er _1] i f - mat ch acl 3000

[Devi ceA- c l assi f i er - c l assi f i er_1] qui t

# Create a behavior named behavior_1, and configure the traffic filtering action for the behavior to

drop packets.

[ Devi ceA] t r af f i c behavi or behavi or _1

[ Devi ceA- behavi or - behavi or _1] f i l t er deny

[ Devi ceA- behavi or- behavi or _1] qui t

# Create a policy named policy, and associate class classifier_1 with behavior behavior_1 in the

policy.

[ Devi ceA] qos pol i cy pol i cy

[ Devi ceA- qospol i cy- pol i cy] cl assi f i er cl assi f i er _1 behavi or behavi or _1

[ Devi ceA- qospol i cy- pol i cy] qui t

# Apply the policy named policy to the incoming traffic of GigabitEthernet 2/0/1.

[ Devi ceA] i nt er f ace gi gabi t et her net 2/ 0/ 1

[ Devi ceA- Gi gabi t Et her net 2/ 0/ 1] qos appl y pol i cy pol i cy i nbound



9-1

9 Priori ty Marking Configuration

When configuring priority marking, go to these sections for information you are interested in:

Priority Marking Overview

Configuring Priority Marking

Priority Marking Configuration Example

Priority Marking Overview

Priority marking can be used together with priority mapping. For details, see Priority Mapping Table

and Priority Marking Configuration Example.

Priority marking sets the priority fields or flag bits of packets to modify the priority of traffic. For example,

you can use priority marking to set IP precedence or DSCP for a class of IP traffic to change its

transmission priority in the network.

To configure priority marking, you can associate a class with a behavior configured with the priority

marking action to set the priority fields or flag bits of the class of packets.

Configuring Priority Marking

Follow these steps to configure priority marking:




view

traffic classifier tcl-name [ operator { and

| or } ] —





Set the DSCP value for

packetsremark dscp dscp-value Optional



9-2


Set the 802.1p priority for

packets or configure the

inner-to-outer tag priority

copying function

remark dot1p { 8021p |

customer-dot1p-trust } Optional

Set the drop precedence for

packets

remark drop-precedence

drop-precedence-value

Optional

Applicable to only the

outbound direction

Set the IP precedence for

packets

remark ip-precedence

ip-precedence-value Optional

Set the local precedence for

packets

remark local-precedence

local-precedence Optional

Set the QoS-local-ID for

packetsremark qos-local-id local-id-value

Optional

The QoS-local-ID is used for

identifying services and has

only local significance. By

marking different classes of

traffic with the same QoS local

ID, you can re-classify them to

apply a uniform set of QoS

actions on them.


Create a policy and enter

policy viewqos policy policy-name —



policy


behavior-name —






Apply the

QoS

policy

To the control

plane


plane —

Display the priority marking

configuration

display traffic behavior user-defined

[ behavior-name ]

Optional




9-3

Support of Line Cards for Priority Marking

Table 9-1 and Table 9-2 show the support of line cards for the priority marking actions for the inbound

and outbound traffic.


switches.

Table 9-1 Support of SC/SA/EA cards for priority marking

Card

category

(right)

SC SA EA

Action

(below)Inbound Outbound Inbound Outbound Inbound Outbound

Remarking the

802.1p

precedence

for packets

Supported Supported Supported Not supported Supported Not supported

Remarking the

drop

precedence

for packets

SupportedNot

supportedSupported Not supported Supported Not supported

Remarking the

DSCP

precedence

for packets


Remarking the

IP precedence

for packets


Remarking the

local

precedence

for packets

SupportedNot

supportedSupported Not supported Supported Not supported



9-4

Card

category

(right)

SC SA EA

Action

(below)

Inbound Outbound Inbound Outbound Inbound Outbound

Remarking the

specified QoS

local ID for

packets.

Not

supported

Not

supported

Not

supportedNot supported

Not

supportedNot supported

Table 9-2 Support of EB/SD cards for priority marking

Card category

(right)EB SD

Action (below) Inbound Outbound Inbound Outbound

Remarking the

802.1p precedence

for packets

Supported Supported Supported Supported

Remarking the drop

precedence for

packets

Supported Not supported Supported Not supported

Remarking the

DSCP precedence

for packets


Remarking the IP

precedence for

packets


Remarking the

local precedence

for packets


Remarking the

specified QoS local

ID for packets.




9-5




As shown in Figure 9-1, the enterprise network of a company interconnects hosts with servers throughDevice. The network is described as follows:

Host A and Host B are connected to GigabitEthernet 2/0/1 of Device.

The data server, mail server, and file server are connected to GigabitEthernet 2/0/2 of Device.

Configure priority marking on Device to satisfy the following requirements:

Traffic source Destination Processing priority

Host A, B Data server High

Host A, B Mail server Medium

Host A, B File server Low

Figure 9-1 Network diagram for priority marking configuration

Internet

Host A

Host B

Device

Data server 192.168.0.1/24

Mail server 192.168.0.2/24

File server 192.168.0.3/24

GE2/0/1 GE2/0/2


# Create advanced ACL 3000, and configure a rule to match packets with destination IP address

192.168.0.1.

<Devi ce> syst em- vi ew


[ Devi ce- acl - adv- 3000] r ul e permi t i p dest i nati on 192. 168. 0. 1 0



192.168.0.2.





192.168.0.3.




9-6



# Create a class named classifier_dbserver , and reference ACL 3000 in the class.

[Devi ce] t r af f i c c l assi f i er c l assi f i er_dbserver

[ Devi ce- cl assi f i er - cl assi f i er _dbser ver ] i f - mat ch acl 3000

[ Devi ce- cl assi f i er- cl assi f i er_dbserver] qui t

# Create a class named classifier_mserver , and reference ACL 3001 in the class.

[ Devi ce] t raff i c cl assi f i er cl assi f i er_mserver

[ Devi ce- cl assi f i er - cl assi f i er _mserver ] i f - mat ch acl 3001

[ Devi ce- cl assi f i er- cl assi f i er_mserver] qui t

# Create a class named classifier_fserver , and reference ACL 3002 in the class.

[Devi ce] t raf f i c c l assi f i er c l assi f i er_ f server

[ Devi ce- cl assi f i er- cl assi f i er_f server] i f - match acl 3002

[Devi ce- cl assi f i er - cl assi f i er_ f server] qui t

# Create a behavior named behavior_dbserver , and configure the action of setting the local

precedence value to 4 for the behavior.[ Devi ce] t r af f i c behavi or behavi or _dbser ver

[ Devi ce- behavi or- behavi or_ dbserver ] r emark l ocal - pr ecedence 4

[ Devi ce- behavi or- behavi or_dbserver ] qui t

# Create a behavior named behavior_mserver , and configure the action of setting the local

precedence value to 3 for the behavior.

[ Devi ce] t r af f i c behavi or behavi or_mserver

[ Devi ce- behavi or- behavi or_ mserver ] r emark l ocal - precedence 3

[ Devi ce- behavi or- behavi or_mserver ] qui t

# Create a behavior named behavior_fserver , and configure the action of setting the local

precedence value to 2 for the behavior.[ Devi ce] t r af f i c behavi or behavi or _f ser ver

[ Devi ce- behavi or- behavi or_f server ] r emar k l ocal - pr ecedence 2

[ Devi ce- behavi or - behavi or _f ser ver ] qui t

# Create a policy named policy_server , and associate classes with behaviors in the policy.

[ Devi ce] qos pol i cy pol i cy_ser ver

[ Devi ce- qospol i cy- pol i cy_ser ver ] cl assi f i er cl assi f i er _dbser ver behavi or behavi or _dbser ver

[ Devi ce- qospol i cy- pol i cy_ser ver ] cl assi f i er cl assi f i er _mser ver behavi or behavi or _mser ver

[ Devi ce- qospol i cy- pol i cy_server] cl assi f i er cl assi f i er _f ser ver behavi or behavi or_f ser ver

[ Devi ce- qospol i cy- pol i cy_server] qui t

# Apply the policy named policy_server to the incoming traffic of GigabitEthernet 2/0/1.[ Devi ce] i nt er f ace gi gabi t et her net 2/ 0/ 1

[ Devi ce- Gi gabi t Et hernet 2/ 0/ 1] qos appl y pol i cy pol i cy_server i nbound


QoS-Local-ID Marking Configuration Example

QoS-local-ID marking is mainly used for re-classifying packets of multiple classes to perform a uniform

set of actions on them as a re-classified class.

Consider the case of limiting the total rate of packets with source MAC address 0001-0001-0001 and

packets with source IP address 1.1.1.1 to 128 kbps. Without QoS local ID marking, you can only

assign fixed bandwidth to the two classes by associating each of them with a rate-limit traffic behavior.



9-7

With QoS local ID marking, however, traffic limit applies to the two classes as a whole, allowing the

switch to dynamically assign the bandwidth to the two classes depending on their traffic size.

To configure QoS-local-ID marking to limit the total rate of the two classes, you need to mark packets

of the two classes with the same QoS-local-ID; create a class to match the QoS local ID, and associate

this class with the traffic policing action. The configuration procedure is as follows:

# Create ACL 2000 to match packets with source IP address 1.1.1.1.


[ Sysname] acl number 2000

[ Sysname-acl - basi c- 2000] r ul e permi t sour ce 1. 1. 1. 1 0

[ Sysname-acl - basi c- 2000] qui t

# Create a class class_a to match both packets with source MAC address 0001-0001-0001 and

packets with source IP 1.1.1.1.


[ Sysname] t raf f i c cl assi f i er cl ass_a oper at or or

[ Sysname-cl assi f i er- cl ass_a] i f - mat ch sour ce- mac 1- 1- 1

[ Sysname- cl assi f i er - cl ass_a] i f - mat ch acl 2000

[ Sysname- cl assi f i er - cl ass_a] qui t

# Create a behavior behavior_a, and configure the action of marking packets with QoS-local-ID 100

for the behavior.

[ Sysname] t r af f i c behavi or behavi or _a

[ Sysname- behavi or- behavi or_ a] r emark qos- l ocal - i d 100

[ Sysname- behavi or- behavi or_ a] qui t

# Create a class class_b to match packets with QoS-local-ID 100.

[ Sysname] t raf f i c cl assi f i er cl ass_b

[ Sysname- cl assi f i er - cl ass_b] i f - mat ch qos- l ocal - i d 100

[ Sysname- cl assi f i er - cl ass_b] qui t

# Create a behavior behavior_b, and configure the action of limiting traffic rate to 128 kbps for the

behavior.

[ Sysname] t r af f i c behavi or behavi or _b

[ Sysname- behavi or- behavi or_ b] car ci r 128

[ Sysname- behavi or- behavi or_ b] qui t

# Create a QoS policy car_policy. In the QoS policy, associate class class_a with behavior

behavior_a, and associate class class_b with behavior behavior_b.

[ Sysname] qos pol i cy car_pol i cy

[ Sysname- qospol i cy- car _pol i cy] cl assi f i er cl ass_a behavi or behavi or _a

[ Sysname- qospol i cy- car _pol i cy] cl assi f i er cl ass_b behavi or behavi or _b

Apply the QoS policy car_policy to the interface, and you can satisfy the network requirements.



10-1

10 Traffic Redirecting Configuration

When configuring traffic redirecting, go to these sections for information you are interested in:

Traffic Redirecting Overview

Configuring Traffic Redirecting

Traffic Redirecting Overview

Traffic redirecting is the action of redirecting the packets matching the specific match criteria to a

certain location for processing.

Currently, the following four traffic redirecting actions are supported:

Redirecting traffic to the CPU: redirects packets which require processing by CPU to the CPU.

Redirecting traffic to an interface: redirects packets which require processing by an interface to the

interface. Note that this action is applicable to only Layer 2 packets, and the target interface

should be a Layer 2 interface.

Redirecting traffic to the next hop: redirects packets which require processing by an interface to

the interface. This action is applicable to only Layer 3 packets.

Configuring Traffic Redirecting

Follow these steps to configure traffic redirecting:




view


{ and | or } ] —




behavior viewtraffic behavior behavior-name Required

Configure a traffic redirecting

action

redirect { cpu | interface interface-type

interface-number | next-hop { ipv4-add1

[ ipv4-add2 ] | ipv6-add1 [ interface-type

interface-number ] [ ipv6-add2

[ interface-type interface-number ] ] }

Optional



viewqos policy policy-name —



10-2




policy


behavior-name —





Apply the

QoS

policy

To the control

plane


plane —

Generally, the action of redirecting traffic to the CPU, the action of redirecting traffic to an interface,

and the action of redirecting traffic to the next hop are mutually exclusive with each other in the

same traffic behavior.

You can use the display traffic behavior command to view the traffic redirecting configuration.

A QoS policy that contains a traffic redirecting action can be applied only to the incoming traffic.

To implement QoS policy routing successfully, ensure that the next hop address specified in the

redirect action exist and the outgoing interface is not a tunnel interface. If you fail to do that, thematching traffic will be dropped.

Support of Line Cards for Traffic Redirecting

Table 10-1 shows the support of line cards for the traffic redirecting action for the inbound and

outbound traffic.


switches.



10-3

Table 10-1 Support of line cards for the traffic redirecting action

Direction(right)


Inbound Outbound

SC LPU Supported Not Supported

SA LPU Supported Not Supported

EA LPU Supported Not Supported

EB LPU Supported Not Supported

SD LPU Supported Not Supported



11-1

11 Aggregation CAR Configuration

Aggregation CAR Overview

With aggregation CAR, one CAR is used to rate limit flows on different ports as a whole. If aggregation

CAR is enabled for multiple ports, the total traffic on these ports must conform to the traffic policing

parameters set in the aggregation CAR.

The S7500E series switches implement aggregation CAR with QoS policies.

Only the SD and EB cards support QoS policies that contain aggregation CAR actions.

Referencing an Aggregation CAR in a Traffic Behavior

Configuration prerequisites

You have determined the parameters in the aggregation CAR.

You have determined the traffic behavior to reference the aggregation CAR.


Follow these steps to reference an aggregation CAR in a traffic behavior:



Configure an aggregation

CAR action

qos car car-name aggregative circommitted-information-rate [ cbs

committed-burst-size [ ebs

excess-burst-size ] ] [ pir

peek-information-rate ] [ green action ]

[ yellow action ] [ red action ]

Required

On SC, SA, and EA LPUs, the

granularity of traffic policing is

64 kbps.


granularity of traffic policing is

8 kbps.

Create a class and enter

class view


{ and | or } ] —




11-2



Enter traffic behavior view traffic behavior behavior-name Required

Reference the aggregationCAR in the traffic behavior

car name car-name Required





Apply the

QoS

policy

To the control

plane


plane —

Displaying and Maintaining Aggregation CAR


Display the statistics for the

specified aggregation CAR

display qos car name

[ car-name ]

Required


Clear the statistics for the specified

aggregation CAR

reset qos car name [ car-name ] Required



Configure an aggregation CAR to rate-limit the traffic of VLAN 10 and VLAN 100 received on

GigabitEthernet 2/0/1 using these parameters: CIR is 256 kbps, CBS is 2000 bytes, and the action for

red packets is discard.

# Configure an aggregation CAR according to the rate limit requirements.

<Sysname> syst em- vi ew[ Sysname] qos car aggcar - 1 aggr egat i ve ci r 256 cbs 2000 r ed di scar d

# Create class 1 to match traffic of VLAN 10; create behavior 1, and reference the aggregation CAR in

the behavior.

[ Sysname] t raf f i c cl assi f i er 1

[ Sysname- cl assi f i er - 1] i f - mat ch cust omer - vl an- i d 10

[ Sysname- cl assi f i er - 1] qui t

[ Sysname] t r af f i c behavi or 1

[ Sysname- behavi or - 1] car name aggcar- 1

[ Sysname- behavi or- 1] qui t

# Create class 2 to match traffic of VLAN 100; create behavior 2, and reference the aggregation CARin the behavior.

[ Sysname] t raf f i c cl assi f i er 2







12-2





Apply the

QoS

policy

To the control

plane


plane

Displaying and Maintaining Traffic Account ing

After completing the configuration above, you can verify the configuration with the display qos policy

global, display qos policy interface, or display qos vlan-policy command depending on the

occasion where the QoS policy is applied.

Class-Based Accounting Configuration Example

Class-Based Accounting Configuration Example


As shown in Figure 12-1, Host is connected to GigabitEthernet 2/0/1 of Device.

Configure class-based accounting to collect statistics for traffic sourced from 1.1.1.1/24 and received

on GigabitEthernet 2/0/1.

Figure 12-1 Network diagram for traffic accounting configuration


# Create basic ACL 2000, and configure a rule to match packets with source IP address 1.1.1.1.

<Devi ceA> syst em- vi ew

[ Devi ceA] acl number 2000

[ Devi ceA- acl - basi c- 2000] r ul e permi t sour ce 1. 1. 1. 1 0

[ Devi ceA- acl - basi c- 2000] qui t

# Create a class named classifier_1, and reference ACL 2000 in the class.

[Devi ceA] t raf f i c c l assi f i er c l assi f i er_1

[ Devi ceA- cl assi f i er - cl assi f i er _1] i f - mat ch acl 2000

[Devi ceA- c l assi f i er - c l assi f i er_1] qui t

# Create behavior behavior_1, and configure an accounting action in the behavior.

[ Devi ceA] t r af f i c behavi or behavi or _1

[ Devi ceA- behavi or- behavi or_ 1] account i ng byt e

[ Devi ceA- behavi or- behavi or _1] qui t



12-3

# Create a policy named policy, and associate class classifier_1 with behavior behavior_1 in the

policy.

[ Devi ceA] qos pol i cy pol i cy

[ Devi ceA- qospol i cy- pol i cy] cl assi f i er cl assi f i er _1 behavi or behavi or _1

[ Devi ceA- qospol i cy- pol i cy] qui t

# Apply the policy named policy to the incoming traffic of GigabitEthernet 2/0/1.[ Devi ceA] i nt er f ace gi gabi t et her net 2/ 0/ 1

[ Devi ceA- Gi gabi t Et her net 2/ 0/ 1] qos appl y pol i cy pol i cy i nbound

[ Devi ceA- Gi gabi t Et her net 2/ 0/ 1] qui t

# Display traffic statistics to verify the configuration.

[ Devi ceA] di spl ay qos pol i cy i nt er f ace gi gabi t et her net 2/ 0/ 1

I nt er f ace: Gi gabi t Et her net 2/ 0/ 1

Di r ect i on: I nbound

Pol i cy: pol i cy

Cl assi f i er : cl assi f i er _1

Operat or : AND

Rul e( s) : I f - match acl 2000

Behavi or: behavi or_ 1

Accounti ng Enabl e:

16 ( Packet s)



13-4

13 QoS in an EPON System

When configuring QoS in an EPON system, go to these sections for information you are interested in:

QoS in an EPON System

Configuring QoS in an EPON System

QoS in an EPON System

An S7500E switch installed with an OLT card can work as an OLT in an EPON system. For detailed

information about an EPON system, see EPON Configuration and related chapters in Layer 2 - LAN

Switching Configuration Guide.

You can configure QoS for an OLT and ONUs attached to the OLT. To achieve QoS in an EPON

system, you must configure QoS at both the OLT side and the ONU side. The following part introduces

QoS functions that can be configured for uplink traffic and those for the downlink traffic.

QoS Functions for Uplink Traffic

Processing on an ONU

Configuring the priority trust mode for an ONU.

Configuring traffic classification for an ONU: the ONU classifies the uplink traffic of a UNI and

marks CoS precedence values for the matching traffic, so that traffic can be put into different

queues.

Filtering the packets matching certain match criteria according to the configured QoS policy.

Configuring the ONU to perform traffic policing for uplink traffic of a UNI.

Configuring the UNI to tag the uplink 802.1q-untagged traffic with the default VLAN tag, and

adding the UNI priority to the Priority field as the 802.1p precedence (CoS precedence).

Configuring the ONU to distribute the uplink traffic to different output queues based on the

mapping between the CoS precedence and local precedence.

Configuring the ONU to perform congestion management for traffic from uplink ports, supporting

SP and WFQ queue scheduling algorithms (available to only H3C ONUs).Processing on an OLT

By default, an OLT port trusts the 802.1p precedence of the packets. You can configure to trust

the DSCP precedence of the packets through the command line. Thus, the OLT will obtain the

CoS precedence based on the mapping between the DSCP precedence and CoS precedence

before mapping the CoS precedence to the corresponding output queue. This configuration

applies to all uplink traffic of ONUs.

Configuring congestion management for uplink ports (supporting SP, WRR, and SP+WRR queue

scheduling algorithms).

Configuring congestion avoidance on an OLT. When the port is congested, received packets aredropped selectively.

Figure 13-1 shows the QoS model for uplink traffic in an EPON system.



13-5

Figure 13-1 QoS model for uplink traffic in an EPON system

QoS Functions for Downlink Traffic

Processing on an OLT

Configuring the OLT to perform priority mapping for packets received from the uplink port

according to the CoS-to-local precedence mapping table and then assign packets to output

queues of the OLT port.

Configuring the OLT to perform congestion management for downlink traffic, supporting SP and

WRR queue scheduling algorithms.

Configuring the OLT to perform line rate and traffic shaping for downlink traffic.

Configuring the maximum downlink bandwidth that the OLT assigns to the ONU.

Configuring high-priority packet buffer for downlink traffic that the OLT sends to the specified

ONU.

Processing on an ONU

Filtering the packets matching certain match criteria according to the configured QoS policy.

Configuring the ONU to distribute the received downlink traffic to different output queues based onthe mapping between the CoS precedence and local precedence.

Configuring the ONU to perform traffic policing for downlink traffic of a UNI.

Some ONUs support configuring queue scheduling for traffic from a UNI. To perform such

configurations, you should log in to the ONU. For detailed configuration, see the ONU user manual.

Figure 13-2 shows the QoS model for downlink traffic in an EPON system.

Figure 13-2 QoS model for downlink traffic in an EPON system



13-6

Configur ing QoS in an EPON System

QoS Configuration Task List in an EPON System

QoS configurations in an EPON system are the same as those in Ethernet, and the corresponding

configuration commands in OLT port view and ONU port view are the same as those in Ethernet port

view too. For detailed configuration, see the corresponding chapters above.

Table 13-1 and Table 13-2 show how to configure QoS for downlink traffic and uplink traffic in an EPON

system.

Table 13-1 Configure QOS at the OLT side of an EPON system

QoS at the OLT side Reference

Configure priority mapping on the

OLT

Modify the priority mapping on the OLT

port

Configuring priority trust mode for

the OLT port

Configuring the Priority Trust Mode on

a Port

Configure traffic policing for uplink

traffic of all ONUs (through QoS)Configuring Traffic Policing

Configure QoS for uplink

traffic

Configure congestion management

on the uplink port





Configure the OLT to perform

priority mapping for traffic received

on an uplink port

Modify the priority mapping on the OLT

port

Configure congestion management

(SP and WRR) on the downlink

OLT port





Configure the high-priority queue

buffer for the specified ONUSending buffer size of the OLT port

Configure QoS for downlink

traffic

Configure line rate and traffic

shaping for downlink traffic

Configuring GTS




13-7

QoS at the OLT side Reference

Assign downlink bandwidth for each

ONU Assign downlink bandwidth for an ONU

Table 13-2 Configure QoS at the ONU side of an EPON system

QoS at the ONU side Reference

Configuring traffic classification and

CoS priority marking for incoming

packets on UNIs

Priority mapping on the UNI

Configure priority trust mode for the

ONU

Configuring the Priority Trust

Mode on a Port

Configuring traffic policing for uplink

traffic of a UNI

Configure traffic policing for

downlink/uplink traffic of a UNI

Configure QoS for uplink

traffic

Configure congestion management for

the uplink port of an ONU



Configure the ONU to perform priority

mapping for downlink traffic from the

OLT according to the CoS-to-local

precedence mapping table

Priority mapping on the ONU port

Set the ONU port priorityConfiguring the Priority Trust

Mode on a Port

Configure QoS for downlink

traffic

Configuring traffic policing for downlink

traffic of a UNI

Configure traffic policing for

downlink/uplink traffic of a UNI

Configuring QoS at the OLT side

Modify the priority mapping on the OLT port

Follow these steps to modify the 802.1p-to-local mapping on the OLT port:



Enter OLT port view interface interface-type interface-number —

Modify the 802.1p-to-local

mapping on the OLT port for

downlink or uplink traffic

priority-queue-mapping { downstream |

upstream } { value } &<1-8>

Optional

For the default

mapping, see Table

14-1.



13-8

Sending buffer size of the OLT port

For traffic to be sent out an OLT port, you can set the priority threshold to identify high-priority traffic

and low-priority traffic. You can set sending buffer to reserve buffer for high-priority queues and thus

decrease the dropping probability of high-priority packets and guarantee QoS for high-priority packet

transmission. The sending buffer does not apply to low-priority queues.

You need to set the buffer parameters for high-priority packets in OLT port view and then enable

high-priority packet buffering for the specified ONU in ONU port view. After the configurations, when

the OLT sends traffic to the specified ONU, high-priority packet buffering is enabled and so that

high-priority packets can be sent preferentially.

You can enable high-priority packet buffering for multiple ONUs, and the OLT will reserve an

independent buffer for each ONU.

Follow these steps to configure rate limiting:



Enter OLT port view interface interface-type interface-number —

Configure the priority threshold

and enable high-priority packet

buffering

bandwidth dow nstream priority-queue priority

high-priority-reserved value

Required

The downlink packets

on an OLT port are

considered

high-priority only if

their priority is greater

then or equal to the

priority value.

The value argument

is in bytes.

By default, no buffer

is reserved for

high-priority packets.

Return to system view quit —

Enter ONU port view interface interface-type interface-number —

Reserve high-priority buffer for

the current ONUbandwidth downstream high-priority enable

Optional

By default, the OLT

reserves no

high-priority buffer for

an ONU.



13-9

High-priority packet buffering takes effect for downlink traffic only when downlink bandwidth allocation

policy is enabled (as shown in Configure traffic policing for downlink/uplink traffic of a UNI).

Assign downlink bandwidth for an ONU

When an S7500E works as an OLT in an EPON system, you can limit the rate at which the OLT port

sends traffic to each ONU, that is, assign downlink bandwidth to each ONU. This function includes two

configurations:

Enabling the downlink bandwidth allocation policy.

Configuring the ONU downlink bandwidth range, including the maximum bandwidth and the

maximum burst buffer.

Follow these steps to configure the ONU bandwidth allocation and related parameters:



Enter ONU port viewinterface interface-type

interface-number —

Enable the ONU downlink

bandwidth allocation policy

and prioritize high-prioritypackets

bandwidth downstream policy

enable

Required

By default, the downlink bandwidth

allocation policy is disabled and

high-priority packets are not

prioritized.

Configure the ONU downlink

bandwidth limit

bandwidth downstream

{ max-bandwidth value |

max-burstsize value } *

Optional

By default, the maximum

bandwidth is 999994 kbps, and the

maximum burst buffer is 8388480

bytes.

The configuration of high-priority packet buffering (as shown in Sending buffer size of the OLT port)

and that of the downlink bandwidth limit take effect only when the downlink bandwidth allocation

policy is enabled.

The configured downlink bandwidth limitation takes effect only on known unicasts, but not on

unknown unicasts, multicasts, or broadcasts.

The sum of the minimum uplink bandwidths configured for all the existing ONU ports under an

OLT port cannot exceed 921600 Kbps, namely, 900 Mbps.



13-10

Configuring QoS at the ONU Side

Priority mapping on the ONU port

When the ONU receives packets on an ONU port, it assigns local precedence to the packets according

to the 802.1p-to-local precedence mapping table. Table 13-3 shows the default 802.1p-to-local

precedence mapping table.Table 13-3 Default mapping between CoS precedence values and local precedence values

CoS precedence Local precedence

0 0

1 0

2 1

3 1

4 2

5 2

6 3

7 3

Follow these steps to configure the mapping between CoS precedence values and local precedence

values:

To do... Use the command... Remarks


Enter ONU port viewinterface interface-type

interface-number —

Configure the mapping

between CoS precedence

values and local precedence

values

qos cos-local-precedence-map

cos0-map-local-prec

cos1-map-local-prec

cos2-map-local-prec

cos3-map-local-prec

cos4-map-local-prec

cos5-map-local-prec

cos6-map-local-prec

cos7-map-local-prec

Required

For the default mapping, see Table

13-3.

Priority mapping on the UNI

You can classify the traffic received on a UNI based on information in the traffic, such as MAC address

and IP address, and then configure different mapping policies for each class of packets. When the

ONU receives packets on a UNI, it determines the actions to perform for packets based on the match



13-11

criteria, VLAN operation mode of the port, and VLAN tagging status of the received packets. For details,

see Table 13-4.

Table 13-4 Relationship between VLAN operation modes and priority remarking

VLAN operation

mode

With or withou t VLAN

tag

Packet processing

With VLAN tag

In the case of traffic classification based on the source MAC

address/destination MAC address, Ethernet priority, VLAN

ID, or physical port, if the packet matches the configured

traffic classification rule, the packet is priority-remarked with

the value specified in the rule and is then forwarded;

otherwise, the packet is directly forwarded.

In the case of traffic classification based on Ethernet type,

DSCP, IP protocol type, source IP address/destination IP

address, or source L4 port, the packet is forwarded withoutany change.

Transparent

mode

Without VLAN tag The packet is forwarded without any change.

With VLAN tag The packet is dropped.

Tag mode

Without VLAN tag

The packet is tagged with the VLAN tag corresponding to the

default PVID of the port, and then:

If the packet matches the configured traffic classification

rule, the packet is priority-remarked with the value specified

in the rule and is then forwarded;

Otherwise, the packet is remarked with the port priority and

is then forwarded.

Translation mode With VLAN tag

Case 1: The VLAN ID in the VLAN tag matches a VLAN

translation entry on the port. The VLAN ID is replaced with the

VLAN ID corresponding to the entry, and then:




Otherwise, the packet is directly forwarded.

Case 2: The VLAN ID in the tag is the default VLAN ID of the

port:




Otherwise, the packet is directly forwarded.

Case 3: The VLAN ID in the tag does not match any VLAN

translation entry on the port. The packet is dropped.



13-12

VLAN operation

mode

With or withou t VLAN

tagPacket processing

Without VLAN tag

The packet is tagged with the VLAN tag corresponding to the

default PVID of the port, and then:




Otherwise, the packet is remarked with the port priority and

is then forwarded.

Follow these steps to configure uplink traffic classification and priority remarking for a UNI:

To do... Use the command... Remarks


Enter ONU port view interface interface-type interface-number —

Configure uplink traffic

priority remarking for a

UNI

uni uni-number classification-marking index index queue

qid priority priority { selector operator matched-value }

&<1-4>

Required

Currently, up to eight rules can be configured for each UNI port on an H3C ONU.



13-13

Table 13-5 Restrictions about the configuration

Item Restrictions

Priority remarking based on

the source MAC address or

destination Mac address

If a source MAC address–based traffic classification rule and a destination

MAC address–based traffic classification rule are configured for a UNI port

of an ONU, and if the uplink traffic satisfies both rules, only the destination

MAC address–based traffic classification rule applies even if the other one

has a higher priority.

The configuration of destination MAC address–based priority remarking

takes effect globally. Namely, a destination MAC address–based traffic

classification rule configured for a UNI port of an ONU applies to incoming

traffic from all the other UNI ports of the ONU.

In the case of source MAC address–based priority remarking for a UNI port,

the ONU adds the source MAC address and the corresponding UNI port

statically into its MAC address table; In the case of destination MACaddress–based priority remarking for a UNI port, the ONU adds the

destination MAC address and the PON port of the ONU statically into its

MAC address table.

It does not support priority remarking based on the source MAC

addresses/destination MAC addresses that are multicast MAC addresses,

all-0 MAC addresses, broadcast MAC addresses, or the MAC address of

the ONU.


Ethernet priority

When the VLAN operation mode is set to tag mode for a UNI and the CoS

value in the traffic classification rule is the same as the priority of the UNI, thetraffic classification rule will not take effect.


VLAN ID

The configuration of VLAN ID–based priority remarking takes effect globally.

Namely, a VLAN ID–based traffic classification rule configured for a UNI port of

an ONU applies to incoming traffic from all the other UNI ports of the ONU.


Ethernet type, DSCP, IP

protocol type, source IP

address/destination IP

address, or source L4 port

The configuration of priority remarking based on Ethernet type, DSCP, IP

protocol type, source IP address/destination IP address, or source L4 port

takes effect globally. Namely, such a traffic classification rule configured for

a UNI port of an ONU applies to incoming traffic from all the other UNI ports

of the ONU.

If multiple rules are matched on the same UNI of an ONU, the match

sequence is L3 L4 L2; if the rules are for the same layer, the rule with

the smallest index has the highest precedence.

The device does not support priority remarking for different UNIs of an ONU

based on the same Ethernet type, DSCP, IP protocol type, source IP

address/destination IP address, or source L4 port.

The device does not support priority remarking based on destination L4

ports.





13-15


# Create ONU 3/0/1:1, and bind it to the ONU.


[ Sysname] i nt er f ace ol t 3/ 0/ 1

[ Sysname- Ol t 3/ 0/ 1] usi ng onu 1

[ Sysname-Ol t 3/ 0/ 1] qui t[ Sysname] i nt erf ace onu 3/ 0/ 1: 1

[ Sysname- Onu3/ 0/ 1: 1] bi nd onui d 000f - e200- 0104

# Set the uplink bandwidth of the ONU port to 50 Mbps (64 Kbps × 800).

[ Sysname- Onu3/ 0/ 1: 1] upst r eam- sl a mi ni mum- bandwi dt h 800 maxi mum- bandwi dt h 800

# Configure the VLAN operation mode as transparent for UNI 1 and UNI 2.

[ Sysname- Onu3/ 0/ 1: 1] uni 1 vl an- mode t r ansparent

[ Sysname- Onu3/ 0/ 1: 1] uni 2 vl an- mode t r ansparent

For detailed information about ONU uplink bandwidth and VLAN operation mode of a UNI, see ONU

Remote Management Configuration and UNI Port Configuration in the Layer 2 - LAN Switching

Configuration Guide.

# Configure priority remarking for UNI 1 and UNI 2.

[ Sysname- Onu3/ 0/ 1: 1] uni 1 cl assi f i cati on- marki ng i ndex 1 queue 3 pri ori t y 3 sr c- mac equal

000A- EB7F- AAAB

[ Sysname- Onu3/ 0/ 1: 1] uni 2 cl assi f i cati on- marki ng i ndex 1 queue 1 pri ori t y 1 sr c- mac equal001B- EB7F- 21AC

After the configuration above is complete, when two streams (each 50 Mbps) from two UNIs of the

ONU are being forwarded to the OLT, the packets sourced from the MAC address of 001B-EB7F-21AC

are dropped at forwarding congestion on the ONU port, because the queue precedence of these

packets is lower than that of the packets sourced from the MAC address of 000A-EB7F-AAAB.



14-1

14 Appendix A Default Priority Mapping Tables

For the default dot1p-exp, dscp-dscp, and exp-dot1p priority mapping tables, an input value yields a

target value that is equal to it.

Table 14-1 The default dot1p-lp and dot1p-dp priority mapping tables

Input priority value dot1p-lp mapping dot1p-dp mapping

802.1p priority (dot1p)Local precedence

(lp)Drop precedence (dp)

0 2 0

1 0 0

2 1 0

3 3 0

4 4 0

5 5 0

6 6 0

7 7 0

Table 14-2 The default dscp-dp and dscp-dot1p priority mapping tables

Input priority value dscp-dp mapping dscp-dot1p mapping

DSCP Drop precedence (dp) 802.1p prio rity (dot1p)

0 to 7 0 0

8 to 15 0 1

16 to 23 0 2

24 to 31 0 3

32 to 39 0 4



14-2

Input priority value dscp-dp mapping dscp-dot1p mapping

DSCP Drop precedence (dp) 802.1p prio rity (dot1p)

40 to 47 0 5

48 to 55 0 6

56 to 63 0 7

Table 14-3 The default exp-dp priority mapping tables

Input priority value exp-dp mapping

EXP value Drop precedence (dp)

0 0

1 0

2 0

3 0

4 0

5 0

6 0

7 0





15-2

Table 15-2 Description on DSCP values

DSCP value (decimal) DSCP value (binary) Description

46 101110 ef

10 001010 af11

12 001100 af12

14 001110 af13

18 010010 af21

20 010100 af22

22 010110 af23

26 011010 af31

28 011100 af32

30 011110 af33

34 100010 af41

36 100100 af42

38 100110 af43

8 001000 cs1

16 010000 cs2

24 011000 cs3

32 100000 cs4

40 101000 cs5

48 110000 cs6

56 111000 cs7

0 000000 be (default)

802.1p Priority

802.1p priority lies in Layer 2 packet headers and is applicable to occasions where Layer 3 header

analysis is not needed and QoS must be assured at Layer 2.



15-3

Figure 15-2 An Ethernet frame with an 802.1Q tag header

As shown in Figure 15-2, the 4-byte 802.1Q tag header consists of the tag protocol identifier (TPID,

two bytes in length), whose value is 0x8100, and the tag control information (TCI, two bytes in length).

Figure 15-3 presents the format of the 802.1Q tag header. The Priority field in the 802.1Q tag header is

called the 802.1p priority, because its use is defined in IEEE 802.1p. Table 15-3 presents the values for

802.1p priority.

Figure 15-3 802.1Q tag header

1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 Priority VLAN ID

TPID (Tag protocol identifier) TCI (Tag control information)

Byte 1 Byte 2

0

Byte 3 Byte 4

CFI

7 5 4 3 2 1 0 7 5 4 3 2 1 06 6 7 5 4 3 2 1 0 7 5 4 3 2 1 06 6

Table 15-3 Description on 802.1p priority

802.1p priority (decimal) 802.1p priority (binary) Description

0 000 best-effort

1 001 background

2 010 spare

3 011 excellent-effort

4 100 controlled-load

5 101 video

6 110 voice

7 111 network-management

EXP Values

The EXP field lies in MPLS labels and is used for QoS.



15-4

Figure 15-4 MPLS label structure

As shown in Figure 15-4, the EXP field is 3 bits long and ranges from 0 to 7.



16-1

16 Index

A

ACL Classification 1-2

ACL Numbering and Naming 1-3

Application of ACLs on the Switch 1-2

Applying the QoS Policy 3-6

B

Best-Effort Service Model 2-1

C

Causes, Impacts, and Countermeasures of

Congestion 6-1

Class-Based Accounting Configuration

Example 12-2

Configuration prerequisites 11-1

Configure WRR Queuing 6-6

Configuring a Basic ACL 1-7

Configuring a Priority Mapping Table 4-5 Configuring an Advanced ACL 1-9


1-12

Configuring QoS at the OLT side 13-7

Configuring QoS at the ONU Side 13-10

Configuring SP Queuing 6-5

Configuring SP+WRR Queues 6-8

Configuring the Port Priority of a Port 4-6

Configuring the Priority Trust Mode on a Port

4-5

Configuring WFQ Queuing 6-6

Congestion Management Policies 6-2

Copying an ACL 1-14

Creating a Time Range 1-6

D

Defining a Class 3-2

Defining a Policy 3-5

Defining a Traffic Behavior 3-5

DiffServ Service Model 2-2

Displaying and Maintaining QoS Policies

3-10

E

Example for UNI Priority Remarking

Configuration 13-14

I

Implementing Time-Based ACL Rules 1-5 Introduction to ACL 1-1

Introduction to Priority Mapping 4-1

Introduction to WRED Parameters 7-2

IntServ Service Model 2-2

IPv4 ACL Configuration Example 1-15

IPv4 Fragments Filtering with ACLs1-5

IPv6 ACL Configuration Example 1-17

L

Line Rate 5-4

M

Match Order 1-3

N

Non Policy-Based Configuration 3-1

P

Policy-Based Configuration 3-1 Positions of the QoS Techniques in a

Network 2-3

Priority Mapping Procedure 4-2

Priority Mapping Table and Priority Marking

Configuration Example 4-7

Priority Mapping Tables 4-1

Priority Marking Configuration Example 9-5

Priority Trust Mode on a Port 4-2

Q



QoS Configuration Task List in an EPON

System 13-6

QoS Functions for Downlink Traffic 13-5

QoS Functions for Uplink Traffic 13-4

QoS-Local-ID Marking Configuration

Example 9-6

T

Traffic Evaluation and Token Buckets 5-1

Traffic Filtering Configuration Example 8-3

Traffic Policing 5-2

Traffic Shaping 5-3

W

WRED Configuration Approaches 7-2