Login
- Table of Contents
-
- 09-ACL and QoS Configuration Examples
- 00-S12500_ACL_Configuration_Examples
- 01-S12500_Packet_Filtering_Configuration_Examples
- 02-S12500_Priority_Mapping_and_Priority_Marking_Configuration_Examples
- 03-S12500_Traffic_Policing_Configuration_Examples
- 04-S12500_GTS_Configuration_Examples
- 05-S12500_Queue_Scheduling_Configuration_Examples
- 06-S12500_Control_Plane-Based_QoS_Policy_Configuration_Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-S12500_Traffic_Policing_Configuration_Examples | 135.6 KB |
Contents
General configuration restrictions and guidelines
Example: Configuring common CAR
Example: Configuring aggregate CAR·
Introduction
This document provides examples for configuring traffic policing.
Traffic policing allows you to monitor traffic entering or leaving a network against a traffic contract and take steps to enforce that contract.
Traffic policing can be implemented through aggregate CAR or common CAR. Aggregate CAR polices the traffic flows on multiple ports. The total traffic on these ports must conform to the traffic policing parameters set in the aggregate CAR action.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of traffic policing.
General configuration restrictions and guidelines
When you configure traffic policing, follow these general configuration restrictions and guidelines:
· Make sure the ports referencing the same aggregate CAR action reside on the same forwarding module. If they reside on different forwarding modules, the traffic rate on each forwarding module can reach the bandwidth limit set in the aggregate CAR action.
· When an aggregate CAR action is applied to the same forwarding module, the traffic rate can reach the set bandwidth limit in both the uplink direction and the downlink direction.
· For aggregate CAR, the number of ports and port numbering on a forwarding module vary with card types, as follows:
¡ For 48-port GE cards, the first 24 ports belong to a forwarding module, and the remaining 24 ports belong to another forwarding module.
¡ For 10-GE cards except for LST1XP32REB1,LST1XP32REC1,LST2XP32REB1, LST2XP32REC1, LST2XP32REC2,LST1XP16LEB1, LST1XP16LEC1and LST1XP16LEC2 cards, every two ports (arranged by port number) belong to a forwarding module.
¡ For LST1XP32REB1,LST1XP32REC1,LST2XP32REB1, LST2XP32REC1 and LST2XP32REC2 cards, ports numbered 1, 3, 5, 7, 9, 11, 13, and 15 belong to a forwarding module, ports numbered 17, 19, 21, 23, 25, 27, 29, and 31 belong to a forwarding module, ports numbered 2, 4, 6, 8, 10, 12, 14, and 16 belong to a forwarding module, and ports numbered 18, 20, 22, 24, 26, 28, 30, and 32 belong to a forwarding module.
¡ For LST1XP16LEB1, LST1XP16LEC1 and LST1XP16LEC2 cards, every two separated ports belong to a forwarding module. For example, ports 1 and 3 belong to a forwarding module, ports 2 and 4 belong to a forwarding module, and so on.
Example: Configuring common CAR
Network requirements
As shown in Figure 1, configure common CAR to limit the uplink traffic of the enterprise network user to 1 Mbps and the downlink traffic to 2 Mbps for the enterprise network user 10.0.0.2/24.
Requirements analysis
Because the IP address of the user is fixed, you can classify user traffic by IP address.
Software version used
This configuration example was created and verified on S12500-CMW520-R1825P01.
Configuration procedures
# Configure ACL 3001 to match traffic with source IP address 10.0.0.2.
<Switch> system-view
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip source 10.0.0.2 0
[Switch-acl-adv-3001] quit
# Configure ACL 3002 to match traffic with destination IP address 10.0.0.2.
[Switch] acl number 3002
[Switch-acl-adv-3002] rule permit ip destination 10.0.0.2 0
[Switch-acl-adv-3002] quit
# Create a class named source_hostA, and reference ACL 3001 in the class to match traffic with source IP address 10.0.0.2.
[Switch] traffic classifier source_hostA
[Switch-classifier-source_hostA] if-match acl 3001
[Switch-classifier-source_hostA] quit
# Create a class named destination_hostA, and reference ACL 3002 in the class to match traffic with destination IP address 10.0.0.2.
[Switch] traffic classifier destination_hostA
[Switch-classifier-destination_hostA] if-match acl 3002
[Switch-classifier-destination_hostA] quit
# Create a behavior named uplink, and configure a common CAR action with the CIR set to 1 Mbps for the behavior.
[Switch] traffic behavior uplink
[Switch-behavior-uplink] car cir 1000
[Switch-behavior-uplink] quit
# Create a behavior named downlink, and configure a common CAR action with the CIR set to 2 Mbps for the behavior.
[Switch] traffic behavior downlink
[Switch-behavior-downlink] car cir 2000
[Switch-behavior-downlink] quit
# Create a QoS policy named uplink, and associate class source_hostA with behavior uplink in the policy.
[Switch] qos policy uplink
[Switch-qospolicy-uplink] classifier source_hostA behavior uplink
[Switch-qospolicy-uplink] quit
# Create a QoS policy named downlink, and associate class destination_hostA with behavior downlink in the policy.
[Switch] qos policy downlink
[Switch-qospolicy-downlink] classifier destination_hostA behavior downlink
[Switch-qospolicy-downlink] quit
# Apply the QoS policy uplink to the traffic entering GigabitEthernet 3/0/1 and QoS policy downlink to the traffic leaving GigabitEthernet 3/0/1.
[Switch] interface GigabitEthernet 3/0/1
[Switch-GigabitEthernet3/0/1] undo shutdown
[Switch-GigabitEthernet3/0/1] qos apply policy uplink inbound
[Switch-GigabitEthernet3/0/1] qos apply policy downlink outbound
Verifying the configuration
# Display the QoS policy applied to GigabitEthernet 3/0/1.
[Switch] display qos policy interface GigabitEthernet 3/0/1
Interface: GigabitEthernet3/0/1
Direction: Inbound
Policy: uplink
Classifier: source_hostA
Operator: AND
Rule(s) : If-match acl 3001
Behavior: uplink
Committed Access Rate:
CIR 1000 (kbps), CBS 62500 (byte), EBS 0 (byte)
Red Action: discard
Green : 0(Bytes)
Yellow: 0(Bytes)
Red : 0(Bytes)
Direction: Outbound
Policy: downlink
Classifier: destination_hostA
Operator: AND
Rule(s) : If-match acl 3002
Behavior: downlink
Committed Access Rate:
CIR 2000 (kbps), CBS S125000 (byte), EBS 0 (byte)
Red Action: discard
Green : 0(Bytes)
Yellow: 0(Bytes)
Red : 0(Bytes)
Configuration files
#
acl number 3001
rule 0 permit ip source 10.0.0.2 0
acl number 3002
rule 0 permit ip destination 10.0.0.2 0
#
traffic classifier destination_hostA operator and
if-match acl 3002
traffic classifier source_hostA operator and
if-match acl 3001
#
traffic behavior uplink
car cir 1000 cbs 62500 ebs 0 red discard
traffic behavior downlink
car cir 2000 cbs S125000 ebs 0 red discard
#
qos policy uplink
classifier source_hostA behavior uplink
qos policy downlink
classifier destination_hostA behavior downlink
#
interface GigabitEthernet3/0/1
port link-mode bridge
qos apply policy uplink inbound
qos apply policy downlink outbound
#
Example: Configuring aggregate CAR
Network requirements
As shown in Figure 2, an enterprise network user leases two lines of the service provider for accessing the Internet for high availability sake. The user leases 10 Mbps uplink bandwidth and 10 Mbps downlink bandwidth, and the traffic rate on each link changes from time to time.
Configure aggregate CAR to regulate the total traffic rate on the two links.
Requirements analysis
Because the traffic rate on each link changes from time to time, configure aggregate CAR to limit the total traffic rate on the two links in the uplink and downlink directions.
Software version used
This configuration example was created and verified on S12500-CMW520-R1825P01.
Configuration procedures
1. Configure aggregate CAR for uplink traffic:
# Configure ACL 3001 to match traffic with source IP address 10.0.0.2 or 20.0.0.2.
<Switch> system-view
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip source 10.0.0.2 0
[Switch-acl-adv-3001] rule permit ip source 20.0.0.2 0
[Switch-acl-adv-3001] quit
# Create a class named uplink, and reference ACL 3001 in the class.
[Switch] traffic classifier uplink operator or
[Switch-classifier-uplink] if-match acl 3001
[Switch-classifier-uplink] quit
# Create an aggregate CAR action named uplink, and set the CIR to 10 Mbps for the CAR action.
[Switch] qos car uplink aggregative cir 10000
# Create a traffic behavior named uplink, and reference the aggregate CAR action uplink in the traffic behavior.
[Switch] traffic behavior uplink
[Switch-behavior-uplink] car name uplink
[Switch-behavior-uplink] quit
# Create a QoS policy named uplink, and associate class uplink with behavior uplink in the QoS policy.
[Switch] qos policy uplink
[Switch-qospolicy-uplink] classifier uplink behavior uplink
[Switch-qospolicy-uplink] quit
# Apply the QoS policy uplink to the traffic entering GigabitEthernet 3/0/1 and GigabitEthernet 3/0/5.
[Switch] interface GigabitEthernet 3/0/1
[Switch-GigabitEthernet3/0/1] undo shutdown
[Switch-GigabitEthernet3/0/1] qos apply policy uplink inbound
[Switch-GigabitEthernet3/0/1] quit
[Switch] interface GigabitEthernet 3/0/5
[Switch-GigabitEthernet3/0/5] undo shutdown
[Switch-GigabitEthernet3/0/5] qos apply policy uplink inbound
[Switch-GigabitEthernet3/0/5] quit
2. Configure aggregate CAR for downlink traffic:
# Configure ACL 3002 to match traffic with destination IP address 10.0.0.2 or 20.0.0.2.
[Switch] acl number 3002
[Switch-acl-adv-3002] rule permit ip destination 10.0.0.2 0
[Switch-acl-adv-3002] rule permit ip destination 20.0.0.2 0
[Switch-acl-adv-3002] quit
# Create a class named downlink, and reference ACL 3002 in the class.
[Switch] traffic classifier downlink operator or
[Switch-classifier-downlink] if-match acl 3002
[Switch-classifier-downlink] quit
# Create an aggregate CAR action named downlink, and set the CIR to 10 Mbps for the CAR action.
[Switch] qos car downlink aggregative cir 10000
# Create a traffic behavior named downlink, and reference the aggregate CAR action downlink in the traffic behavior.
[Switch] traffic behavior downlink
[Switch-behavior-downlink] car name downlink
[Switch-behavior-downlink] quit
# Create a QoS policy named downlink, and associate the class downlink with the behavior downlink in the QoS policy.
[Switch] qos policy downlink
[Switch-qospolicy-downlink] classifier downlink behavior downlink
[Switch-qospolicy-downlink] quit
# Apply the QoS policy downlink to the traffic leaving GigabitEthernet 3/0/1 and GigabitEthernet 3/0/5.
[Switch] interface GigabitEthernet 3/0/1
[Switch-GigabitEthernet3/0/1] qos apply policy downlink outbound
[Switch-GigabitEthernet3/0/1] quit
[Switch] interface GigabitEthernet 3/0/5
[Switch-GigabitEthernet3/0/5] qos apply policy downlink outbound
[Switch-GigabitEthernet3/0/5] quit
Verifying the configuration
# Display the QoS policies applied to GigabitEthernet 3/0/1 and GigabitEthernet 3/0/5.
[Switch] display qos policy interface GigabitEthernet 3/0/1
Interface: GigabitEthernet3/0/1
Direction: Inbound
Policy: uplink
Classifier: uplink
Operator: OR
Rule(s) : If-match acl 3001
Behavior: uplink
Committed Access Rate:
Car name uplink
Direction: Outbound
Policy: downlink
Classifier: downlink
Operator: OR
Rule(s) : If-match acl 3002
Behavior: downlink
Committed Access Rate:
Car name downlink
[Switch] display qos policy interface GigabitEthernet 3/0/5
Interface: GigabitEthernet3/0/5
Direction: Inbound
Policy: uplink
Classifier: uplink
Operator: OR
Rule(s) : If-match acl 3001
Behavior: uplink
Committed Access Rate:
Car name uplink
Direction: Outbound
Policy: downlink
Classifier: downlink
Operator: OR
Rule(s) : If-match acl 3002
Behavior: downlink
Committed Access Rate:
Car name downlink
Configuration files
#
qos car uplink aggregative cir 10000 cbs 625000 ebs 0 red discard
qos car downlink aggregative cir 10000 cbs 625000 ebs 0 red discard
#
acl number 3001
rule 0 permit ip source 10.0.0.2 0
rule 5 permit ip source 20.0.0.2 0
acl number 3002
rule 0 permit ip destination 10.0.0.2 0
rule 5 permit ip destination 20.0.0.2 0
#
#
traffic classifier uplink operator or
if-match acl 3001
traffic classifier downlink operator or
if-match acl 3002
#
traffic behavior uplink
car name uplink
traffic behavior downlink
car name downlink
#
qos policy uplink
classifier uplink behavior uplink
qos policy downlink
classifier downlink behavior downlink
#
interface GigabitEthernet3/0/1
port link-mode bridge
qos apply policy uplink inbound
qos apply policy downlink outbound
#
interface GigabitEthernet3/0/5
port link-mode bridge
qos apply policy uplink inbound
qos apply policy downlink outbound
#
Related documentation
· H3C S12500 Routing Switch Series ACL and QoS Configuration Guide
· H3C S12500 Routing Switch Series ACL and QoS Command Reference
