QoS (Quality of Service) is a concept generally existing in occasions with service supply and demand. It evaluates the ability to meet the need of the customers in service. Generally, the evaluation is not to grade precisely. Its purpose is to analyze the conditions where the service is the best and the conditions where the service still needs improvement and then to make improvements in the specified aspects.

In an internet, QoS evaluates the ability of the network to deliver packets. The evaluation on QoS can be based on different aspects because the network provides various services. Generally speaking, QoS is the evaluation on the service ability to support the core requirements such as delay, jitter, and packet loss ratio in the packet delivery.

1.1.1 Traffic

Traffic means service traffic; that is, all the packets passing the switch.

1.1.2 Traffic Classification

Traffic classification means identifying packets that conform to certain characteristics according to certain rules.

A classification rule is a filter rule configured to meet your management requirements. It can be very simple. For example, you can use a classification rule to identify traffic with different priorities according to the ToS field in the IP packet header. It can be very complicated too. For example, you can use a classification rule to identify the packets according to the combination of link layer (Layer 2), network layer (Layer 3), and transport layer (Layer 4) information including MAC addresses, IP protocols, source addresses, destination addresses, port numbers of applications, and so on.

Classification is generally based on the information in the packet header and rarely based on the packet contents.

1.1.3 Precedence

1) IP precedence, ToS precedence, and DSCP precedence

Figure 1-1 DS field and TOS byte

The TOS field in an IP header contains eight bits:

l The first three bits indicate IP precedence in the range of 0 to 7.

l Bit 3 to bit 6 indicate ToS precedence in the range of 0 to 15.

l RFC2474 re-defines the ToS field in the IP packet header, which is called the DS field. The first six (bit 0 to bit 5) bits of the DS field indicate DSCP precedence in the range of 0 to 63. The first three bits in DSCP precedence are class selector codepoints, bit 4 and bit 5 indicate drop precedence, and bit 6 is zero indicating that the device sets the service class with the DS model. The last two bits (bit 6 and bit 7) are reserved bits.

The precedence values of the IP packet indicate eight different service classes.

Table 1-1 Description on IP Precedence

IP Precedence (decimal)	IP Precedence (binary)	Description
0	000	routine
1	001	priority
2	010	immediate
3	011	flash
4	100	flash-override
5	101	critical
6	110	internet
7	111	network

The Diff-Serv network defines four traffic classes:

l Expedited Forwarding (EF) class: In this class, packets can be forwarded regardless of link share of other traffic. The class is suitable for preferential services with low delay, low packet loss ratio, low jitter, and assured bandwidth (such as virtual leased line);

l Assured forwarding (AF) class: This class is further divided into four subclasses (AF1/2/3/4) and a subclass is further divided into three drop priorities, so the AF service level can be segmented. The QoS rank of the AF class is lower than that of the EF class;

l Class selector (CS) class: This class comes from the IP TOS field and includes eight classes;

l Best Effort (BE) class: This class is a special class without any assurance in the CS class. The AF class can be degraded to the BE class if it exceeds the limit. Current IP network traffic belongs to this class by default.

Table 1-2 Description on DSCP values

DSCP value (decimal)	DSCP value (binary)	Description
46	101110	ef
10	001010	af11
12	001100	af12
14	001110	af13
18	010010	af21
20	010100	af22
22	010110	af23
26	011010	af31
28	011100	af32
30	011110	af33
34	100010	af41
36	100100	af42
38	100110	af43
8	001000	cs1
16	010000	cs2
24	011000	cs3
32	100000	cs4
40	101000	cs5
48	110000	cs6
56	111000	cs7
0	000000	default (be)

2) 802.1p priority

802.1p priority lies in Layer 2 packet headers and is applicable to occasions where the Layer 3 packet header does not need analysis but QoS must be assured at Layer 2.

Figure 1-2 An Ethernet frame with an 802.1Q tag header

As shown in the figure above, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag header after the source address of the former Ethernet frame header when sending packets.

The 4-byte 802.1Q tag header contains a 2-byte Tag Protocol Identifier (TPID) whose value is 8100 and a 2-byte Tag Control Information (TCI). TPID is a new class defined by IEEE to indicate a packet with an 802.1Q tag. Figure 1-3 describes the detailed contents of an 802.1Q tag header.

Figure 1-3 802.1Q tag headers

In the figure above, the 3-bit priority field in TCI is 802.1p priority in the range of 0 to 7. These three bits specify the precedence of the frame. Eight classes of precedence are used to determine which packet is sent preferentially when congestion occurs.

Table 1-3 Description on 802.1p priority

CoS (decimal)	CoS (binary)	Description
0	000	best-effort
1	001	background
2	010	spare
3	011	excellent-effort
4	100	controlled-load
5	101	video
6	110	voice
7	111	network-management

The precedence is called 802.1p priority because the related applications of this precedence are defined in detail in the 802.1p specifications.

1.1.4 Priority of Protocol Packets

Protocol packets carry their own priority. You can perform QoS actions on protocol packets by setting their priorities.

1.1.5 Priority Remark

The priority remark function is to use ACL rules in traffic identification and remark the priority for the packets matching the ACL rules.

1.1.6 Packet Filter

Packet filter means filtering the service traffic. For example, in the operation of dropping packets, the service traffic matching the traffic classification rule is dropped and the other traffic is permitted. The Ethernet switch adopts a complicated traffic classification rule to filter the packets based on much information and to drop these useless, unreliable, and doubtful packets. Therefore, the network security is enhanced.

The two critical steps in the packet filter operation are:

Step1: Classify the inbound packets to the port by the set classification rule.

Step 2: Perform the filter——drop operation on the classified packets.

The packet filter function can be implemented by applying ACL rules on the port. Refer to the description in the ACL module for detailed configurations.

1.1.7 Port Rate Limit

Port rate limit is port-based rate limit. It limits the total rate of outbound packets on a port.

1.1.8 TP

The network will be made more congested by plenty of continuous burst packets if the traffic of each user is not limited. The traffic of each user must be limited in order to make better use of the limited network resources and provide better service for more users. For example, a traffic can be limited to get only its committed resources during a time period to avoid network congestion caused by excessive bursts.

TP (traffic policing) is a kind of traffic control policy to limit the traffic and its resource usage by supervising the traffic specification. The regulation policy is implemented according to the evaluation result on the premise of knowing whether the traffic exceeds the specification when TP or TS is performed. The token bucket is generally adopted in the evaluation of traffic specification.

I. Traffic evaluation and the token bucket

The token bucket can be considered as a container with a certain capacity to hold tokens. The system puts tokens into the bucket at the set rate. When the token bucket is full, the extra tokens will overflow and the number of tokens in the bucket stops increasing.

Figure 1-4 Evaluate the traffic with the token bucket

1) Evaluating the traffic with the token bucket

The evaluation for the traffic specification is based on whether the number of tokens in the bucket can meet the need of packet forwarding. If the number of tokens in the bucket is enough to forward the packets (generally, one token is associated with a 1-bit forwarding authority), the traffic is conforming to the specification; otherwise, the traffic is nonconforming or excess.

When the token bucket evaluates the traffic, its parameter configurations include:

l Average rate: The rate at which tokens are put into the bucket, namely, the permitted average rate of the traffic. It is generally set to committed information rate (CIR).

l Burst size: The capacity of the token bucket, namely, the maximum traffic size that is permitted in each burst. It is generally set to committed burst size (CBS). The set burst size must be greater than the maximum packet length.

One evaluation is performed on each arriving packet. In each evaluation, if the number of tokens in the bucket is enough, the traffic is conforming to the specification and you must take away some tokens whose number is corresponding to the packet forwarding authority; if the number of tokens in the bucket is not enough, it means that too many tokens have been used and the traffic is excess.

2) Complicated evaluation

You can set two token buckets in order to evaluate more complicated conditions and implement more flexible regulation policies. For example, TP uses four parameters:

l CIR

l CBS

l Peak information rate (PIR)

l Excess burst size (EBS)

Two token buckets are used in this evaluation. Their rates of putting tokens into the buckets are CIR and PIR respectively, and their sizes are CBS and EBS respectively (the two buckets are called C bucket and E bucket respectively for short), representing different permitted burst levels. In each evaluation, you can implement different regulation policies in different conditions, including “enough tokens in C bucket”, “insufficient tokens in C bucket but enough tokens in E bucket” and “insufficient tokens in both C bucket and E bucket”.

II. TP

The typical application of TP is to supervise the specification of certain traffic into the network and limit it within a reasonable range, or to "discipline" the extra traffic. In this way, the network resources and the interests of the operators are protected. For example, you can limit HTTP packets to be within 50% of the network bandwidth. If the traffic of a certain connection is excess, TP can choose to drop the packets or to reset the priority of the packets.

TP is widely used in policing the traffic into the network of internet service providers (ISPs). TP can classify the policed traffic and perform pre-defined policing actions based on different evaluation results. These actions include:

l Forward: Forward the packet whose evaluation result is “conforming” or mark DSCP precedence for Diff-Serv packets and then forward them.

l Drop: Drop the packet whose evaluation result is “nonconforming”.

l Modify the precedence and forward: Modify the priority of the packets whose evaluation result is “partly-conforming” and forward them.

l Enter the next-rank policing: TP can be piled up rank by rank and each rank polices more detailed objects.

1.1.9 Queue Scheduling Configuration Synchronization on Aggregated Ports

The feature of queue scheduling configuration synchronization on aggregated ports makes the queue scheduling configuration synchronous on each port of an aggregation group.

l Supporting the feature of queue scheduling configuration synchronization on the ports in an aggregation group

When you modify or delete the queue scheduling mode in Ethernet port view, the queue scheduling modes of all the ports in the aggregation group are modified or deleted if this port belongs to an aggregation group; only the queue scheduling mode of this port is modified or deleted if this port does not belong to any aggregation group.

l Dynamic aggregation supported by queue scheduling modes on ports

If the queue scheduling configuration information of some LACP-enabled ports in up state is the same, these ports can be aggregated into the same aggregation group.

l Static aggregation or manual aggregation supported by queue scheduling modes on ports

You can add a queue-scheduling-enabled port into a specific static or manual aggregation group. This operation can be performed not only on the local device but also across devices in an intelligent resilient framework (IRF).

l You can use the copy command to copy the queue scheduling configuration of a port.

& Note:

For the introduction to the copy command, refer to the Basic Port Configuration Module in this manual.

1.1.10 Redirect

You can re-specify the forwarding port of packets as required by your own QoS policy.

1.1.11 Queue Scheduling

When the network is congested, the problem that many packets compete for resources must be solved, usually through queue scheduling.

In the following section, strict priority (SP) queues, weighted fair queue (WFQ), and weighted round robin (WRR) queues are introduced.

1) SP queueing

Figure 1-5 Diagram for SP queueing

SP queue-scheduling algorithm is specially designed for critical service applications. An important feature of critical services is that they demand preferential service in congestion in order to reduce the response delay. Assume that there are eight output queues on the port and the preferential queue classifies the eight output queues on the port into eight classes, which are queue7, queue6, queue5, queue4, queue3, queue2, queue1, and queue0. Their priorities decrease in order.

In queue scheduling, SP sends packets in the queue with higher priority strictly following the priority order from high to low. When the queue with higher priority is empty, packets in the queue with lower priority are sent. You can put critical service packets into the queues with higher priority and put non-critical service (such as e-mail) packets into the queues with lower priority. In this case, critical service packets are sent preferentially and non-critical service packets are sent when critical service groups are not sent.

The disadvantage of SP queue is that: if there are packets in the queues with higher priority for a long time in congestion, the packets in the queues with lower priority will be “starved” because they are not served.

2) WFQ queueing

Figure 1-6 Diagram for WFQ

Before WFQ is introduced, you must understand fair queuing (FQ) first. FQ is designed for the purpose of sharing network resources fairly and optimizing the delays and delay jitters of all the flows. It takes the interests of all parties into account, such as:

l Different queues are scheduled fairly, so the delay of each flow is balanced globally.

l Both short and long packets are scheduled fairly. When there are multiple long packets and short packets to be sent among different queues, the short packets must be scheduled preferentially, so that the delay jitters of packets of each flow is reduced globally.

Compared with FQ, WFQ takes the priority into account when calculating the scheduling sequence of packets. Statistically speaking, WFQ assigns more scheduling chances to high priority packets than those to low priority packets. WFQ can classify the traffic automatically according to the session information of traffic including the protocol types, source and destination TCP or UDP port numbers, source and destination IP addresses, and priority bits in the TOS field. WFQ also provide as many queues as possible to accommodate each traffic evenly. Thus, the delay of each traffic is balanced globally. When the packets dequeue, WFQ assigns the bandwidth to each traffic on the egress according to the traffic precedence or DSCP precedence. The lower the traffic precedence is, the less bandwidth the traffic gets. The higher the traffic precedence is, the more bandwidth the traffic gets. Finally, each queue is polled and the corresponding number of packets are taken out to be sent according to the proportion of bandwidth.

You can use the WFQ algorithm to assign bandwidth to queue 0 to queue 7, and then decide which queue a traffic flows into according to the mapping between the COS value of the traffic and the queue, and also deicide how much bandwidth is to be assigned to each traffic.

3) WRR queueing

Figure 1-7 Diagram for WRR

WRR queue-scheduling algorithm schedules all the queues in turn and every queue can be assured of a certain service time. Assume there are eight priority queues on a port. WRR configures a weight value for each queue, which is w7, w6, w5, w4, w3, w2, w1, and w0. The weight value indicates the proportion of obtaining resources. On a 100 M port, configure the weight value of WRR queue-scheduling algorithm to 50, 50, 30, 30, 10, 10, 10, and 10 (corresponding to w7, w6, w5, w4, w3, w2, w1, and w0 in order). In this way, the queue with the lowest priority can get 5 Mbps bandwidth at least, and the disadvantage of SP queue-scheduling that the packets in queues with lower priority may not get service for a long time is avoided. Another advantage of WRR queue is that: though the queues are scheduled in order, the service time for each queue is not fixed; that is to say, if a queue is empty, the next queue will be scheduled. In this way, the bandwidth resources are made full use.

1.1.12 Traffic-based Traffic Statistics

The function of traffic-based traffic statistics is to use ACL rules in traffic identifying and perform traffic statistics on the packets matching the ACL rules. You can get the statistics of the packets you are interested in through this function.

1.2 QoS Supported by S3600 Series

Table 1-4 QoS functions supported by S3600 series and related commands

QoS	Specification	Related command
Priority mapping	Support only the mapping between 802.1p priority and local queues	qos cos-local-precedence-map
Port priority	Supported	priority priority-level priority trust
TP	—	traffic-limit
Priority remark	—	traffic-priority
Redirect	—	traffic-redirect
Queue scheduling	Support SP, WFQ, and WRR Support queue scheduling configuration synchronization on aggregated ports	queue-scheduler
Traffic statistics	Supported	traffic-statistic
Set the priority of protocol packets	Supported	protocol-priority

1.3 Configuring the Mapping between 802.1p Priority and Queues

The mapping between the local precedence and the outbound queue is one-to-one. You can modify the mapping between the 802.1p priority and the outbound queue by modifying the mapping between the 802.1p priority and the local precedence.

I. Configuration prerequisites

You have understood the mapping between the 802.1p priority and the local precedence and the default mapping table.

II. Configuration procedure

Table 1-5 Configure the mapping table

Operation	Command	Description
Enter system view	system-view	—
Configure the COS-to-local-precedence mapping table	qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec	Optional
Display the mapping table	display qos cos-local-precedence-map	Optional You can execute the display command in any view

III. Configuration example

l Configure the following 802.1p priority-to-local precedence mappings: 0 to 2, 1 to 3, 2 to 4, 3 to 1, 4 to 7, 5 to 0, 6 to 5, and 7 to 6.

l Display the configuration results.

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] qos cos-local-precedence-map 2 3 4 1 7 0 5 6

[H3C] dis qos cos-local-precedence-map

cos-local-precedence-map:

cos(802.1p) : 0 1 2 3 4 5 6 7

--------------------------------------------------------------------------

local precedence(queue) : 2 3 4 1 7 0 5 6

1.4 Setting to Use the Port Priority or Packet Priority

By default, the switch replaces the 802.1p priority of the received packet with the priority of the inbound interface, and then assigns local precedence to the packet according to the priority. In this case, you can set the port priority.

In addition, you can specify the switch to use the packet priority.

I. Configuration prerequisites

l The priority trust mode is specified

l The port whose priority is to be configured is specified

l The priority value of the specified port is specified

II. Configuration procedure

Table 1-6 Set to use the port priority

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Set the port priority	priority priority-level	Optional By default, the port priority is 0

Table 1-7 Set to use the packet priority

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Set the switch to use the packet priority	priority trust	Through this configuration, the switch uses the packet priority instead of the port priority

III. Configuration example

l Set to use the port priority and specify the priority of Ethernet1/0/1 to 7.

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] undo priority

[H3C-Ethernet1/0/1] priority 7

l Set the switch to use the 802.1p priority carried in the packet on Ethernet1/0/1.

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] priority trust

1.5 Configuring Priority Remark

Refer to section 1.1.5 "Priority Remark" for the introduction to priority remark.

Priority remark can be implemented in the following ways:

l Through TP. When configuring TP, you can define the action of remarking the DSCP precedence of the packets out of the traffic limit. Refer to section 1.8.2 "Configuration Procedure of TP".

l Through the traffic-priority command. You can remark the IP precedence, 802.1p precedence, DSCP precedence, and local precedence of the packets.

1.5.1 Configuration Prerequisites

l ACL rules used for traffic identifying are defined. Refer to the ACL module in the manual for defining ACL rules

l The type and value of the precedence that the packets matching ACL rules are remarked are determined

l The ports which need this configuration are defined

1.5.2 Configuration Procedure

Table 1-8 Configure priority remark

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Use ACL rules in traffic identifying and specify a new precedence for the packet matching the ACL rules	traffic-priority { inbound \| outbound } acl-rule { { dscp dscp-value \| ip-precedence { pre-value \| from-cos } } \| cos { pre-value \| from-ipprec } \| local-precedence pre-value }*	Required
Display the parameter configurations of priority remark	display qos-interface { interface-type interface-number \| unit-id } traffic-priority	Optional You can execute the display command in any view
Display all the QoS settings of the port	display qos-interface { interface-type interface-number \| unit-id } all

acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in the following table:

Table 1-9 Ways of applying combined ACLs

ACL combination	Form of the acl-rule argument
Apply all the rules in an IP ACL separately	ip-group acl-number
Apply a rule in an IP ACL separately	ip-group acl-number rule rule-id
Apply all the rules in a Link ACL separately	link-group acl-number
Apply a rule in a Link ACL separately	link-group acl-number rule rule-id
Apply all the rules in a user-defined ACL separately	user-group acl-number
Apply a rule in a user-defined ACL separately	user-group acl-number rule rule-id
Apply a rule in an IP ACL and a rule in a Link ACL at the same time	ip-group acl-number rule rule-id link-group acl-number rule rule-id

1.5.3 Configuration Example

l Ethernet1/0/1 of the switch is connected to the 10.1.1.1/24 network segment

l Remark the DSCP precedence of the traffic from the 10.1.1.1/24 network segment to 56

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255

[H3C-acl-basic-2000] quit

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] traffic-priority inbound ip-group 2000 dscp 56

1.6 Setting the Precedence of Protocol Packet

The protocol packet carries its own precedence. You can modify the precedence of the protocol packet by setting its precedence. And then you can match the precedence with the corresponding QoS action to perform the corresponding QoS operation on the protocol packet.

1.6.1 Configuration Prerequisites

l The type of protocol whose precedence needs modification is specified

l The precedence value after modification is specified

1.6.2 Configuration Procedure

Table 1-10 Set the precedence of the protocol packet

Operation	Command	Description
Enter system view	system-view	—
Set the precedence of the protocol packet	protocol-priority protocol-type protocol-type { ip-precedence ip-precedence \| dscp dscp-value }	Required You can modify the IP precedence or DSCP precedence of the protocol packet Only the precedence of TELNET, OSPF, SNMP, and ICMP protocol packets is supported currently
Display the precedence of the protocol packet	display protocol-priority	Optional You can execute the display command in any view

& Note:

The precedence of OSPF protocol packets cannot be changed on S3600-SI series switches.

1.6.3 Configuration Example

l Set the IP precedence of ICMP protocol packets to 3.

l Display the configuration results.

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] protocol-priority protocol-type icmp ip-precedence 3

[H3C] display protocol-priority

Protocol: icmp

IP-Precedence: flash(3)

1.7 Configuring Port Rate Limit

1.7.1 Configuration Prerequisites

l The ports on which rate limit is to be performed is specified

l The target rate is specified

l The direction of rate limit is specified

1.7.2 Configuration Procedure

Table 1-11 Configure port rate limit

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure port-based rate limit	line-rate { inbound \| outbound } target-rate	Required l target-rate: Total rate to limit packet sending and receiving on the port, in Kbps. The granularity of rate limit is 64 Kbps. If the number you input is in the range of N64 to (N+1)64 (N is a natural number), the switch will set the value to (N+1)*64 Kbps automatically l The rate range of 100 M Ethernet ports is from 64 to 99,968 l The rate range of Gigabit Ethernet ports is in from 64 to 1,000,000

1.7.3 Configuration Example

l Set rate limit in the outbound direction of Ethernet1/0/1 on the switch

l The limit rate is 1 Mbps (1,024 Kbps)

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] line-rate outbound 1024

1.8 Configuring TP

Refer to section 1.1.8 "TP" for the introduction to TP.

1.8.1 Configuration Prerequisites

l ACL rules used for traffic identifying are defined. Refer to the ACL module in the manual for defining ACL rules

l The limit rate for TP, the actions for the packets within the specified traffic and the actions for the packets beyond the specified traffic have been specified.

l The ports that need this configuration are specified

1.8.2 Configuration Procedure of TP

Table 1-12 Configure TP

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure traffic-based TP	traffic-limit inbound acl-rule target-rate [ exceed action ]	Required exceed action: Sets the actions on the packets exceeding the specified traffic when the packet traffic exceeds the specified traffic. The actions include: l drop: Drops the packets. l remark-dscp dscp-value: Resets the DSCP precedence of the packets and forwards them.
Display the parameter configurations of traffic policing	display qos-interface { interface-type interface-number \| unit-id } traffic-limit	Optional You can execute the display command in any view
Display all the QoS settings of the port	display qos-interface { interface-type interface-number \| unit-id } all

acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in Table 1-9.

& Note:

l The granularity of TP is 64 Kbps. If the number you input is in the range of N*64 to (N+1)*64 (N is a natural number), the switch will set the value to (N+1)*64 Kbps automatically

l TP configuration is effective only for the ACL rules whose actions are permit.

1.8.3 Configuration Example

l Ethernet1/0/1 of the switch is connected to the 10.1.1.1/24 network segment

l Perform TP on the packets from the 10.1.1.1/24 network segment and the rate of TP is set to100 Kbps

l The packets beyond the specified traffic are forwarded after their DSCP precedence is remarked as 56

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255

[H3C-acl-basic-2000] quit

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] traffic-limit inbound ip-group 2000 100 exceed remark-dscp 56

1.9 Configuring Redirect

Refer to section 1.1.10 "Redirect" for the introduction to redirect.

1.9.1 Configuration Prerequisites

l ACL rules used for traffic identifying are defined. Refer to the ACL module in the manual for defining ACL rules.

l The port that the packets matching the configurations rules are redirected to is specified.

l The ports that need this configuration are specified.

1.9.2 Configuration Procedure

Table 1-13 Configure redirect

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure redirect	traffic-redirect { inbound \| outbound } acl-rule { cpu \| interface interface-type interface-number }	Required
Display the parameter configurations of redirect	display qos-interface { interface-type interface-number \| unit-id } traffic-redirect	Optional You can execute the display command in any view
Display all the QoS settings of the port	display qos-interface { interface-type interface-number \| unit-id } all

acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in Table 1-9.

& Note:

l The redirect configuration is effective only for the ACL rules whose actions are permit.

l When packets are redirected to CPU, they cannot be forwarded normally.

l If you set to redirect the traffic to a Combo port in down state, the system automatically redirects the traffic to the port corresponding to the Combo port in up state.

1.9.3 Configuration Example

l Ethernet1/0/1 of the switch is connected to the 10.1.1.1/24 network segment

l Redirect all the traffic from the 10.1.1.1/24 network segment to Ethernet1/0/7

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255

[H3C-acl-basic-2000] quit

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] traffic-redirect inbound ip-group 2000 interface Ethernet1/0/7

1.10 Configuring Queue-Scheduling

Refer to section 1.1.11 "Queue Scheduling" for the introduction to queue scheduling.

1.10.1 Configuration Prerequisites

The queue-scheduling algorithm is specified: which queues adopt the WRR queue-scheduling algorithm, which queues adopt the WFQ queue-scheduling algorithm, and which queues adopt the SP queue-scheduling algorithm.

1.10.2 Configuration Procedure

Table 1-14 Configure queue scheduling in system view

Operation	Command	Description
Enter system view	system-view	—
Configure the queue scheduling mode	queue-scheduler { strict-priority \| wfq queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width queue6-width queue7-width \| wrr queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight queue6-weight queue7-weight }	Required In WRR or WFQ mode, if the weight value or minimum bandwidth of one or more queues is set to 0, SP algorithm is used for this or these queues By default, all the outbound queues on the port adopt the WRR queue scheduling algorithm and their default weight values are 1:2:3:4:5:9:13:15.
Display the queue-scheduling mode and related parameters on the switch	display queue-scheduler	Optional You can execute the display command in any view.

Table 1-15 Configure queue scheduling in Ethernet port view

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure the queue scheduling mode	queue-scheduler { wfq queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width queue6-width queue7-width \| wrr queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight queue6-weight queue7-weight }	Required In WRR or WFQ mode, if the weight value or minimum bandwidth of one or more queues is set to 0, SP algorithm is used for this or these queues By default, all the outbound queues on the port adopt the WRR queue scheduling algorithm and their default weight values are 1:2:3:4:5:9:13:15.

& Note:

l The queue scheduling algorithm defined by executing the queue-scheduler command in system view takes effect on all ports of the switch. The queue scheduling algorithm defined by executing the queue-scheduler command in Ethernet port view takes effect on the current port only. If the weight values (or bandwidth values) of the queues in the WRR (or WFQ) queue scheduling algorithm defined globally cannot satisfy the requirement of a port, you can modify the weight values (or bandwidth values) of the queues in Ethernet port view of this port. A new queue scheduling algorithm on this port will overwrite the globally defined queue weight value (or bandwidth value). You cannot use the display queue-scheduler command to display the queue weight (or bandwidth value) defined in Ethernet port view.

l If you have configured link aggregation groups, the queue scheduling algorithm defined on a port in an aggregation group will be synchronized to other ports in the aggregation group automatically.

1.10.3 Configuration Example

l The switch adopts the WRR queue scheduling algorithm, and the weight values of outbound queues are 2, 2, 3, 3, 4, 4, 5, and 5, respectively;

l Disable the applied queue scheduling mode. By default, all outbound queues on the port adopts the WRR queue scheduling algorithm and their default weight values are 1:2:3:4:5:9:13:15;

l Query the configuration information.

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] queue-scheduler wrr 2 2 3 3 4 4 5 5

[H3C]display queue-scheduler

Queue scheduling mode: weighted round robin

weight of queue 0: 2

weight of queue 1: 2

weight of queue 2: 3

weight of queue 3: 3

weight of queue 4: 4

weight of queue 5: 4

weight of queue 6: 5

weight of queue 7: 5

[H3C] undo queue-scheduler

[H3C] display queue-scheduler

weight of queue 0: 1

weight of queue 1: 2

weight of queue 2: 3

weight of queue 3: 4

weight of queue 4: 5

weight of queue 5: 9

weight of queue 6: 13

weight of queue 7: 15

1.11 Configuring Congestion Avoidance

When congestion happens, the switch drops packets as soon as possible to release queue resources and try not to put packets into high-delay queues in order to eliminate congestion. The switch adopts the WRED algorithm for congestion avoidance.

1.11.1 Configuration Prerequisites

l The indexes of queues to be dropped at random, the queue length that starts the drop action, and the drop probability are specified

l The ports that need this configuration are specified

1.11.2 Configuration Procedure

Table 1-16 Configure WRED parameters

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure WRED parameters	wred queue-index qstart probability	Required The WRED function is disabled by default

1.11.3 Configuration Example

l Configure WRED parameters for queue 2 on Ethernet 1/0/1. Packets are dropped at random when the queue length is more than 64 packets, and the drop probability is 20%.

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] wred 2 64 20

1.12 Configuring Traffic Statistics

Refer to section 1.1.12 "Traffic-based Traffic Statistics" for the introduction to traffic statistics.

1.12.1 Configuration Prerequisites

l ACL rules used for traffic identifying are defined. Refer to the ACL module in the manual for defining ACL rules

l The ports that needs this configuration are specified

1.12.2 Configuration Procedure of Traffic Statistics

Table 1-17 Configure traffic statistics

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Use the ACL rules in traffic identifying and perform traffic statistics on the packets matching the ACL rules.	traffic-statistic inbound acl-rule	Required
Display the traffic statistics.	display qos-interface { interface-type interface-number \| unit-id } traffic-statistic	Optional You can execute the display command in any view
Display all the QoS settings of the port	display qos-interface { interface-type interface-number \| unit-id } all

acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in Table 1-9.

1.12.3 Clearing Traffic Statistics Information

Table 1-18 Clear traffic statistics information

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Clear the statistics of the traffic matching the specified ACL rules	reset traffic-statistic inbound acl-rule	Required The function of clearing is effective only when the traffic statistics function is configured

acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in Table 1-9.

1.12.4 Configuration Example

l Ethernet1/0/1 of the switch is connected to the 10.1.1.1/24 network segment

l Perform traffic statistics on packets from the 10.1.1.1/24 network segment

Configuration procedure:

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255

[H3C-acl-basic-2000] quit

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] traffic-statistic inbound ip-group 2000

1.13 QoS Configuration Example

1.13.1 Configuration Example of TP and Port Rate Limit

I. Network requirement

The enterprise network interconnects all the departments through the ports of the Ethernet switch. The salary query server of the financial department is accessed through Ethernet1/0/1 whose IP address is 129.110.1.2. The network requirements are to limit the average rate of outbound traffic within 640 Kbps and set the precedence of packets exceeding the specification to 4.

II. Network diagram

Figure 1-8 QoS configuration example

III. Configuration procedure

& Note:

Only the commands related to QoS/ACL configurations are listed in the following configurations.

1) Define the outbound traffic of the salary query server

# Enter ACL 3000 view.

<H3C> system-view

[H3C] acl number 3000

# Define ACL 3000 rules.

[H3C-acl-adv-3000] rule 1 permit ip source 129.110.1.2 0.0.0.0 destination any

[H3C-acl-adv-3000] quit

2) Limit the outbound traffic of the salary query server

# Limit the average rate of outbound traffic to be within 640 Kbps and set the precedence of packets exceeding the specification to 4.

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] traffic-limit inbound ip-group 3000 640 exceed remark-dscp 4

1.13.2 Configuration Example of Priority Remark

I. Network requirements

Mark ef on the packets that PC1 (whose IP address is 1.0.0.1) sends from 8:00 to 18:00 every day to provide the basis of precedence for the upper-layer devices.

II. Network diagram

Figure 1-9 QoS configuration example

III. Configuration procedure

1) Define the time rang from 8:00 to 18:00

# Define the time rang

<H3C> system-view

[H3C] time-range test 8:00 to 18:00 daily

2) Define the traffic rules of PC packets

# Enter number-identification-based basic ACL view identified.

[H3C] acl number 2000

[H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range test

[H3C-acl-basic-2000] quit

3) Remark ef precedence on the packets that PC1 sends

[H3C-Ethernet1/0/1] traffic-priority inbound ip-group 2000 dscp ef

Chapter 2 QoS Profile Configuration

2.1 Introduction to QoS Profile

The switch can dynamically provide pre-defined QoS functions for one or one group of authenticated user(s) through the combination of QoS profile function and 802.1x authentication function.

After you have passed the 802.1x authentication, the switch dynamically issues the corresponding profiles to your login port according to the matching relationship between the user name and the profile configured on the AAA server.

Currently, the QoS profile function of the switch can provide packet filter, TP, precedence remark functions and so on.

2.1.1 Application Mode of QoS Profile

After the QoS profile function is configured, the switch will dynamically issue the QoS profiles corresponding to you to your access port if you pass the authentication. The processing procedures of the switch in different application modes are described as follows:

l User-based mode: If the source information (source MAC, source IP, or source MAC + source IP) is defined in the traffic rule adopted by the traffic action of the QoS profile, the QoS profile cannot be issued successfully. If the source information is not defined, the switch will create a new traffic rule by adding your source MAC information into the former rule, and then issue all the traffic actions in the QoS profile to the your access port.

l Port-based mode: The switch will issue all the actions in the QoS profile to your access port.

2.2 Introduction to QoS Profile Configurations

Figure 2-1 Diagram for QoS profile configurations

The following table describes the QoS profile configurations:

Table 2-1 Configure QoS profile

Device	Configuration	Configuration link
AAA server	Configure user authentication information	—
AAA server	Configure the matching relationship between the QoS profile and the user name	One QoS profile can match with more than one user.
Switch	Enable the 802.1x authentication function	Refer to 802.1x module in this manual for the related configuration procedure.
	Configure QoS profile	See section 2.3 "Configuring QoS Profile".
	Apply the QoS profile to a port manually	See section 2.4 "Applying the QoS Profile to the Port Manually".

2.3 Configuring QoS Profile

Refer to section 2.1 "Introduction to QoS Profile" for the introduction to QoS profile.

2.3.1 Configuration Prerequisites

l ACL rules used for traffic identifying are defined. Refer to the ACL module in this manual for defining ACL rules

l The global 802.1x authentication function is enabled and 802.1x authentication function is enabled on the user access port

l The type and number of actions in the QoS profile is specified

l The application mode of the QoS profile on the port is specified

2.3.2 Configuration Procedure

Table 2-2 Configure QoS profile

Operation	Command	Description
Enter system view	system-view	—
Enter QoS profile view	qos-profile profile-name	—
Add TP actions	traffic-limit inbound acl-rule target-rate [ exceed action ]	Optional
Add packet filter actions	packet-filter { inbound \| outbound } acl-rule	Optional
Add priority remark actions	traffic-priority { inbound \| outbound } acl-rule { { dscp dscp-value \| ip-precedence { pre-value \| from-cos } } \| cos { pre-value \| from-ipprec } \| local-precedence pre-value }*	Optional
Quit current view	quit	—
Enter Ethernet port view	interface interface-type interface-number	—
Configure the application mode of QoS profile on the current port as port-based	qos-profile port-based	By default, the application mode of QoS profile is user-based. l If MAC-address-based authentication is configured in 802.1x, the application mode of QoS profile must be user-based. l If port-based authentication is configured in 802.1x, the application mode of QoS profile must be port-based.
Display the configurations of QoS profiles	display qos-profile { all \| name profile-name \| interface interface-type interface-number \| user user-name }	Optional You can execute the display command in any view

acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in Table 1-9.

& Note:

If a QoS profile has been applied on a port, you cannot delete this QoS profile.

2.3.3 Configuration Example

I. Network requirements

The switch implements the QoS profile function for the access users.

The user name is someone and its authentication password is hello. It is connected to Ethernet1/0/1 of the switch and belongs to the test163.net domain. Its corresponding QoS profile is “example” and the actions of the QoS profile is to limit the bandwidth of the traffic matching ACL rules to 128 k and remark the DSCP precedence to 46.

II. Network diagram

Figure 2-2 QoS configuration example

III. Configuration procedure

(1) Configuration on the AAA server

# Configure the user authentication information and the matching relationship between the user name and the QoS profile, which will not be detailed here.

(2) Configuration on the switch

# Enable 802.1x.

<H3C> system-view

[H3C] dot1x

[H3C] dot1x interface Ethernet 1/0/1

# Configure the IP address information for the RADIUS server.

[H3C] radius scheme radius1

[H3C-radius-radius1] primary authentication 10.11.1.1

[H3C-radius-radius1] primary accounting 10.11.1.2

[H3C-radius-radius1] secondary authentication 10.11.1.2

[H3C-radius-radius1] secondary accounting 10.11.1.1

# Set the encryption passwords for the switch to exchange packets with the authentication RADIUS servers and accounting RADIUS servers.

[H3C-radius-radius1] key authentication name

[H3C-radius-radius1] key accounting money

# Order the switch to delete the user domain name from the user name and then send the user name to the RADIUS sever.

[H3C-radius-radius1] user-name-format without-domain

[H3C-radius-radius1] quit

# Create the user domain test163.net and specify radius1 as your RADIUS server group.

[H3C] domain test163.net

[H3C-isp-test163.net] radius-scheme radius1

[H3C-isp-test163.net] quit

# Define the ACL rules

[H3C] acl number 3000

[H3C-acl-adv-3000] rule 1 permit ip destination any

[H3C-acl-adv-3000] quit

# Define the QoS profile function

[H3C] qos-profile example

[H3C-qos-profile-example] traffic-limit inbound ip-group 3000 128 exceed drop

[H3C-qos-profile-example] traffic-priority inbound ip-group 3000 dscp 46

2.4 Applying the QoS Profile to the Port Manually

After this configuration, all the traffic actions in the QoS profile will be applied to the current port.

I. Applying the QoS profile to the port in system view

You can apply the profile configurations to one port or more continuous ports manually in system view.

Table 2-3 Apply the QoS profile to the port manually in system view

Operation	Command	Description
Enter system view	system-view	—
Apply the QoS profile to the port manually	apply qos-profile profile-name interface interface-list	Required

II. Applying the QoS profile to the current port in Ethernet port view

Table 2-4 Apply the QoS profile to the port manually

Operation	Command	Description
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Apply the QoS profile to the current port manually	apply qos-profile profile-name	Required

2.5 Displaying QoS Profile

After finishing the configurations mentioned above, you can execute the display command in any view to check the running state of the QoS profile. You can verify the configuration by checking the information on display.

Table 2-5 Display the QoS profile

Operation	Command	Description
Display the configurations of the QoS profile	display qos-profile { all \| name profile-name \| interface interface-type interface-number \| user user-name }	You can execute the display command in any view

H3C S3600 Series Ethernet Switches Operation Manual-Release 1510(V1.04)

1.1.8 TP

I. Traffic evaluation and the token bucket

II. TP

1.1.9 Queue Scheduling Configuration Synchronization on Aggregated Ports

1.1.12 Traffic-based Traffic Statistics

1.2 QoS Supported by S3600 Series

I. Configuration prerequisites

II. Configuration procedure

III. Configuration example

1.4 Setting to Use the Port Priority or Packet Priority

I. Configuration prerequisites

II. Configuration procedure

III. Configuration example

1.5.1 Configuration Prerequisites

1.8 Configuring TP

1.8.2 Configuration Procedure of TP

1.10 Configuring Queue-Scheduling

1.10.3 Configuration Example

1.12.3 Clearing Traffic Statistics Information

1.13 QoS Configuration Example

I. Network requirement

II. Network diagram

III. Configuration procedure

I. Network requirements

II. Network diagram

III. Configuration procedure

2.3.3 Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

I. Applying the QoS profile to the port in system view

II. Applying the QoS profile to the current port in Ethernet port view

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us