22-DPI Configuration Guide

HomeSupportConfigure & DeployConfiguration GuidesH3C MSR1000[2600][3600] Routers Configuration Guides(V9)-R9119-6W10022-DPI Configuration Guide
05-Bandwidth management configuration
Title Size Download
05-Bandwidth management configuration 202.20 KB

Configuring bandwidth management

About bandwidth management

Bandwidth management provides fine-grained control over traffic that flows through the device by using the following information:

·     SSIDs.

·     User profiles.

·     Source and destination security zones.

·     Source and destination IP addresses.

·     Services.

·     Applications.

·     DSCP priorities.

Application scenario

Bandwidth management is used in the following scenarios:

·     Enterprise intranet users need far more bandwidth than the amount of bandwidth leased from an ISP. This creates a bandwidth bottleneck at the intranet egress.

·     The P2P traffic on the intranet egress consumes a majority of the bandwidth resources. As a result, bandwidth cannot be guaranteed for key services.

Bandwidth management allows you to deploy traffic rules on the network egress for different traffic types. Bandwidth management improves bandwidth efficiency and guarantees bandwidth for key services when congestion occurs.

Bandwidth management process

Bandwidth management is implemented through the traffic policy. You can configure traffic profiles and traffic rules in traffic policy view. A traffic profile specifies the guaranteed bandwidth and maximum bandwidth. A traffic rule specifies match criteria to match packets and the traffic profile to apply to matching packets.

As shown in Figure 1, the bandwidth management process is as follows:

1.     The device matches the packet against the match criteria in a traffic rule.

The packet meets a match criterion if it matches any of its match values. A packet does not match a match criterion if it matches none of its match values.

2.     If the packet meets all match criteria in the traffic rule (for the user and user group criteria or application and application group criteria, only one criterion needs to be matched), the packet matches the traffic rule. Otherwise, the packet does not match the traffic rule and continues to be matched by the next traffic rule. If the packet does not match any traffic rule, the packet is forwarded without bandwidth management.

3.     After the packet matches a traffic rule, the interface processes the packet according to the traffic profile (if any) specified for the traffic rule.

If no traffic profile is specified for the traffic rule, the packet is forwarded without bandwidth management.

4.     The traffic profile processes the packet according to its settings.

5.     If the interface is configured with a QoS feature in the outbound direction, the interface performs bandwidth management before performing QoS.

6.     The packet is controlled by the interface bandwidth of the output interface.

Figure 1 Bandwidth management process

 

Traffic rule

Multiple traffic rules can be configured in the traffic policy. For a traffic rule, you can define the match criteria to match packets and specify the traffic profile to apply to matching packets.

Traffic rules support rule nesting, which allows a traffic rule to have a parent traffic rule. A maximum of four nesting levels are supported.

Match criteria in a traffic rule

A traffic rule can have multiple match criteria. You can configure the following match criteria in a traffic rule:

·     Source and destination security zones.

·     Source and destination IP addresses.

·     Services.

·     Applications.

·     DSCP priorities.

One match criterion can contain multiple match values. For example, you can configure multiple applications for an application match criterion.

Action in a traffic rule

You can use a traffic profile for an action in a traffic rule. The device limits the matching traffic according to the settings in the traffic profile.

Match order for parent and child traffic rules

The following rules apply when the device matches a traffic rule with a parent traffic rule:

·     The parent traffic rule is first matched. After the parent traffic rule is matched, the child traffic rule is matched. If the parent traffic rule is not matched, the child traffic rule is ignored and the matching process fails.

·     If both parent and child traffic rules are matched, the traffic profile for the child traffic rule is executed before the traffic profile for the parent traffic rule is executed. If both parent and child traffic rules are about the same parameter, the smaller value for an upper-limit parameter or the larger value for a lower-limit parameter is applied. If only the parent traffic rule is matched, the traffic profile for the parent traffic rule is applied.

Traffic profile

A traffic profile defines bandwidth resources that can be used by a traffic type. The interface bandwidth can be allocated among multiple traffic profiles. You can configure the following bandwidth limit parameters and priority parameters in a traffic profile:

Rate limit mode for a traffic profile

You can limit the traffic rate in one of the following ways:

·     Limit the upstream bandwidth and downstream bandwidth separately.

·     Limit the upstream bandwidth and downstream bandwidth as a whole.

Total bandwidth limits

·     Total guaranteed bandwidth—Guarantees the total minimum bandwidth for key services when congestion occurs.

·     Total maximum bandwidth—Controls the total maximum bandwidth for non-key services to prevent them consuming a large amount of bandwidth.

Per-IP or per-user bandwidth limits

·     Per-IP or per-user guaranteed bandwidth—Guarantees the minimum bandwidth per IP address or per user to provide for bandwidth management at finer granularity.

·     Per-IP or per-user maximum bandwidth—Controls the maximum bandwidth allowed per IP address or per user to provide for bandwidth management at finer granularity.

Per-rule, per-IP, or per-user connection limits

·     Per-rule, per-IP, or per-user connection limits—You can set the connection count limit and connection rate limit to prevent the following situations:

¡     The system resources on the device are exhausted because internal users initiate a large number of connections to external networks in a short time period.

¡     An internal server cannot process normal connection requests because it receives a large number of connection requests in a short time period.

Priority parameters

·     Traffic priority—When an interface is congested with packets of multiple traffic profiles, packets with higher priority are sent first. Packets with the same priority have the same chance of being forwarded.

·     DSCP marking—Modifies the DSCP value in packets. Network devices can classify traffic by using DSCP values and provide different treatment for packets according to the modified DSCP values.

Restrictions: Hardware compatibility with bandwidth management

Hardware

Bandwidth management compatibility

MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK

Yes

MSR810-LMS, MSR810-LUS

No

MSR810-LMS-EA, MSR810-LME

Yes

MSR1004S-5G

Yes

MSR2600-6-X1, MSR2600-10-X1, MSR2600-15-X1

Yes

MSR 2630

Yes

MSR3600-28, MSR3600-51

Yes

MSR3600-28-SI, MSR3600-51-SI

No

MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP

Yes

MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR-EAD-AK770, MSR3610-I-IG, MSR3610-IE-IG

Yes

MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR3620-X1, MSR3640-X1

Yes

MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660

Yes

MSR3610-G, MSR3620-G

Yes

MSR3640-X1-HI

Yes

Hardware

Bandwidth management compatibility

MSR810-W-WiNet, MSR810-LM-WiNet

Yes

MSR830-4LM-WiNet

Yes

MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet

Yes

MSR830-6BHI-WiNet, MSR830-10BHI-WiNet

Yes

MSR2600-6-WiNet, MSR2600-10-X1-WiNet

Yes

MSR2630-WiNet

Yes

MSR3600-28-WiNet

Yes

MSR3610-X1-WiNet

Yes

MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet

Yes

Hardware

Bandwidth management compatibility

MSR2630-XS

Yes

MSR3600-28-XS

Yes

MSR3610-XS

Yes

MSR3620-XS

Yes

MSR3610-I-XS

Yes

MSR3610-IE-XS

Yes

MSR3620-X1-XS

Yes

MSR3640-XS

Yes

MSR3660-XS

Yes

Hardware

Bandwidth management compatibility

MSR810-LM-GL

Yes

MSR810-W-LM-GL

Yes

MSR830-6EI-GL

Yes

MSR830-10EI-GL

Yes

MSR830-6HI-GL

Yes

MSR830-10HI-GL

Yes

MSR1004S-5G-GL

Yes

MSR2600-6-X1-GL

Yes

MSR3600-28-SI-GL

No

Restrictions and guidelines: Bandwidth management configuration

When you configure bandwidth management, follow these restrictions and guidelines:

·     As a best practice, observe the depth-first principle when creating policies. Always create a policy with a smaller management scope before a policy with a larger management scope.

·     An interface with small default expected bandwidth might experience traffic loss if the following conditions exist:

¡     There is a large amount of traffic on the interface.

¡     The interface uses the default expected bandwidth.

To avoid traffic loss, implicitly set the expected bandwidth to a large value for such an interface. For example, you can set the expected bandwidth of a tunnel interface to a value greater than 64 kbps (the default) if there is a large amount of traffic on the interface.

Prerequisites for bandwidth management

Before configuring bandwidth management, complete the following tasks:

·     Configure time ranges (see time range configuration in ACL and QoS Configuration Guide).

·     Configure IP address object groups and service object groups (see object group configuration in Security Configuration Guide).

·     Configure applications (see APR configuration in Security Configuration Guide).

·     Configure security zones (see security zone configuration in Security Configuration Guide).

Bandwidth management tasks at a glance

To configure bandwidth management, perform the following tasks:

1.     Configuring a traffic profile

¡     Creating a traffic profile

¡     Configuring bandwidth limits for the traffic profile

¡     (Optional.) Configuring bandwidth detection for the traffic profile

¡     Setting the reference mode for the traffic profile

¡     (Optional.) Renaming the traffic profile

2.     Configuring a traffic rule

¡     Creating a traffic rule

¡     Configuring match criteria for the traffic rule

¡     Specifying an action for the traffic rule

¡     (Optional.) Specifying a time range for the traffic rule

3.     (Optional.) Managing and maintaining a traffic rule

¡     Copying a traffic rule

¡     Renaming a traffic rule

¡     Moving a traffic rule

¡     Disabling a traffic rule

4.     (Optional.) Enabling bandwidth management statistics collection

Configuring a traffic profile

Creating a traffic profile

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Create a traffic profile and enter traffic profile view.

profile name profile-name

Configuring bandwidth limits for the traffic profile

About this task

A traffic profile defines the bandwidth resources that can be used and takes effect after it is specified for a traffic rule.

Restrictions and guidelines

·     Any two of the following settings are mutually exclusive:

¡     Per-IP maximum bandwidth.

¡     Per-user maximum bandwidth.

¡     Dynamic and even allocation for maximum bandwidth.

The most recent configuration takes effect.

·     The per-IP guaranteed bandwidth setting and per-user guaranteed bandwidth setting are mutually exclusive.

Procedure

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic profile view.

profile name profile-name

4.     Configure bandwidth settings.

¡     Set the total guaranteed bandwidth or maximum bandwidth for the traffic profile.

bandwidth { downstream | total | upstream } { guaranteed | maximum } bandwidth-value

By default, the total guaranteed bandwidth and maximum bandwidth are not set.

The maximum bandwidth must be greater than or equal to the guaranteed bandwidth.

Before you can enable dynamic and even allocation for maximum bandwidth, you must set the total maximum bandwidth.

¡     Set the per-IP or per-user guaranteed bandwidth or maximum bandwidth for the traffic profile.

bandwidth { downstream | total | upstream } { guaranteed | maximum } { per-ip | per-user } bandwidth-value

By default, the per-IP or per-user guaranteed bandwidth and maximum bandwidth are not set.

¡     Set the TCP MSS for the traffic profile.

tcp mss mss-value

By default, the TCP MSS is not set.

5.     Set the per-IP monthly traffic quota.

bandwidth total traffic-quota per-ip monthly quota-value

By default, the amount of traffic used by an IP address per month is not limited.

6.     Enable dynamic and even allocation for maximum bandwidth.

bandwidth average enable

By default, dynamic and even allocation for maximum bandwidth is disabled.

7.     Configure connection limit settings.

¡     Set the connection count limit for the traffic profile.

connection-limit count { per-rule | per-ip | per-user } connection-number

By default, the connection count limit is not set.

¡     Set the connection rate limit for the traffic profile.

connection-limit rate { per-rule | per-ip | per-user } connection-rate

By default, the connection rate limit is not set.

8.     Configure priority settings.

¡     Set the traffic priority for packets of the traffic profile.

traffic-priority priority-value

By default, the traffic priority for packets of a traffic profile is 1.

¡     Mark the DSCP value for packets of the traffic profile.

remark dscp dscp-value

By default, the DSCP value for packets of a traffic profile is not marked.

Configuring bandwidth detection for the traffic profile

About this task

This feature monitors the traffic rates based on source IP addresses in real time to identify the maximum rate and minimum rate of each IP address. If the traffic rate of an IP address exceeds or falls below a user-configured bandwidth threshold, the device sends logs to the log host by using the fast log output feature.

You can configure static bandwidth thresholds or configure the dynamic bandwidth threshold learning feature.

·     Static bandwidth thresholdAllows you to configure a minimum threshold and a maximum threshold.

·     Dynamic threshold learning—Allows the device to obtain minimum and maximum bandwidth thresholds by dynamically learning traffic rates. This feature is useful if you do not know the traffic patterns in a network and cannot determine appropriate bandwidth thresholds. With this feature enabled, the device measures the traffic rates over a user-configured duration and calculates an average rate. Then, the device obtains the minimum and maximum bandwidth thresholds by using the average rate multiplied by the minimum and maximum tolerance values.

If you configure both static bandwidth thresholds and the dynamic bandwidth threshold learning feature for the traffic profile, the following rules apply:

·     Before the device learns the average traffic rate, it uses the static bandwidth thresholds.

·     After the device learns the average traffic rate, it uses the dynamic bandwidth thresholds.

Procedure

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic profile view.

profile name profile-name

4.     Enable per-IP bandwidth threshold detection.

per-ip bandwidth-threshold-detect enable

By default, per-IP threshold bandwidth detection is disabled.

5.     Configure per-IP static bandwidth thresholds.

¡     Set the maximum bandwidth threshold.

per-ip bandwidth-threshold max-value max-value

By default, the maximum bandwidth threshold is not set.

¡     Set the minimum bandwidth threshold.

per-ip bandwidth-threshold min-value min-value

By default, the maximum bandwidth threshold is not set.

6.     Configure per-IP dynamic bandwidth threshold learning.

a.     Enable per-IP dynamic bandwidth threshold learning.

per-ip bandwidth-threshold-learn enable

By default, per-IP dynamic bandwidth threshold learning is disabled.

b.     Set the duration for per-IP dynamic bandwidth threshold learning.

per-ip bandwidth-threshold-learn duration duration-value

By default, the duration for per-IP dynamic bandwidth threshold learning is 1440 minutes (24 hours).

As a best practice, set the learning duration to be longer than 1440 minutes for the device to learn traffic for no less than a whole day.

c.     Set the maximum tolerance value.

per-ip bandwidth-threshold-learn tolerance max-value max-value

By default, the maximum tolerance value is not set.

d.     Set the minimum tolerance value.

per-ip bandwidth-threshold-learn tolerance m min-value min-value

By default, the minimum tolerance value is not set.

Setting the reference mode for the traffic profile

About this task

A traffic profile can be referenced by multiple traffic rules in one of the following ways:

·     per-ruleEach rule that uses the profile can reach the bandwidth limits and connection limits specified in the profile.

·     rule-sharedAll rules that use the profile share the bandwidth limits and connection limits specified in the profile.

Procedure

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic profile view.

profile name profile-name

4.     Set the reference mode for the traffic profile.

profile reference-mode { per-rule | rule-shared }

The default setting is per-rule.

Renaming the traffic profile

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Rename a traffic profile.

profile rename old-name new-name

Configuring a traffic rule

Creating a traffic rule

About this task

For a new traffic rule to inherit the match criteria of an existing traffic rule, specify the existing traffic rule as the parent of the new traffic rule. You can specify traffic profiles for both parent and child traffic rules.

Restrictions and guidelines

A level-4 rule cannot act as a parent rule.

You can specify a parent traffic rule only when creating a traffic rule. You cannot add or modify a parent traffic rule for an existing traffic rule.

Procedure

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     (Optional.) Enable bandwidth management for traffic flows of the IP layer and upper layers.

all-traffic-control enable

By default, bandwidth management is performed only for traffic flows of Layer 4 and upper layers.

Use this feature when there is a large number of IP traffic flows in the network.

4.     Create a traffic rule and enter traffic rule view.

rule [ rule-id ] name rule-name [ parent parent-rule-name ]

You can specify a traffic rule as the parent traffic rule for multiple child traffic rules.

Configuring match criteria for the traffic rule

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic rule view.

Choose one option as needed:

¡     rule rule-id

¡     rule [ rule-id ] name rule-name [ parent parent-rule-name ]

4.     Configure a security zone as a match criterion.

¡     Configure a destination security zone as a match criterion.

destination-zone destination-zone-name

¡     Configure a source security zone as a match criterion.

source-zone source-zone-name

By default, no security zone is used as a match criterion.

5.     Configure an IP address object group as a match criterion.

¡     Configure a destination IP address object group as a match criterion.

destination-address address-set object-group-name

¡     Configure a source IP address object group as a match criterion.

source-address address-set object-group-name

By default, no IP address object group is used as a match criterion.

6.     Configure a service object group as a match criterion.

service object-group-name

By default, no service object group is used as a match criterion.

7.     Configure an application or application group as a match criterion.

application { app application-name | app-group application-group-name }

By default, no application or application group is used as a match criterion.

8.     Configure a DSCP priority as a match criterion.

dscp dscp-value

By default, no DSCP priority is used as a match criterion.

9.     Configure an IPv6 packet attribute as a match criterion.

¡     Configure the flow label attribute as a match criterion

ipv6 flow-label { nonzero | zero }

By default, the flow label attribute is not used as a match criterion.

¡     Configure the extension header attribute as a match criterion

ipv6 extension-header { authentication | destination | encapsulating | fragment | hop-by-hop | routing }

By default, the extension header attribute is not used as a match criterion.

10.     Configure a terminal or terminal group as a match criterion.

¡     Configure a terminal as a match criterion.

terminal terminal-name

By default, no terminal is used as a match criterion.

¡     Configure a terminal group as a match criterion.

terminal-group group-name

By default, no terminal group is used as a match criterion.

Specifying an action for the traffic rule

About this task

If a packet matches a traffic rule, the device performs the action specified in the traffic rule on the packet.

Restrictions and guidelines

When you specify traffic profiles for parent and child traffic rules, make sure the following conditions are met:

·     The maximum bandwidth for a child traffic rule must be smaller than or equal to that for the parent traffic rule.

·     The guaranteed bandwidth for a child traffic rule must be smaller than or equal to that for the parent traffic rule.

·     The traffic profiles cannot be the same for the child and parent traffic rules.

Procedure

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic rule view.

Choose one option as needed:

¡     rule rule-id

¡     rule [ rule-id ] name rule-name [ parent parent-rule-name ]

4.     Specify an action for the traffic rule.

action { deny | none | qos profile profile-name }

The default action is none, which allows matching packets to pass through without bandwidth management.

Specifying a time range for the traffic rule

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic rule view.

Choose one option as needed:

¡     rule rule-id

¡     rule [ rule-id ] name rule-name [ parent parent-rule-name ]

4.     Specify a time range during which the traffic rule is in effect.

time-range time-range-name

By default, a traffic rule is in effect at any time.

Managing and maintaining a traffic rule

Copying a traffic rule

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Copy a traffic rule.

rule copy rule-name new-rule-name

Renaming a traffic rule

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Rename a traffic rule.

rule rename old-rule-name new-rule-name

Moving a traffic rule

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Move a traffic rule to a new position.

rule move rule-name1 { after | before } rule-name2

Disabling a traffic rule

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enter traffic rule view.

Choose one option as needed:

¡     rule rule-id

¡     rule [ rule-id ] name rule-name [ parent parent-rule-name ]

4.     Disable the traffic rule.

disable

By default, a traffic rule is enabled.

Enabling bandwidth management statistics collection

About this task

This feature can collect the following statistics:

·     Traffic statistics, which can be displayed by using the display traffic-policy statistics bandwidth command.

·     Connection limit statistics, which can be displayed by using the display traffic-policy statistics connection-limit command.

·     Rule-hit statistics, which can be displayed by using the display traffic-policy statistics rule-hit command.

Restrictions and guidelines

This feature affects device performance. As a best practice, enable this feature only if you need to view statistics.

Procedure

1.     Enter system view.

system-view

2.     Enter traffic policy view.

traffic-policy

3.     Enable bandwidth management statistics collection.

¡     Enable traffic statistics collection.

statistics bandwidth enable

By default, traffic statistics collection is disabled.

¡     Enable connection limit statistics collection.

statistics connection-limit enable

By default, connection limit statistics collection is disabled.

¡     Enable rule-hit statistics collection.

statistics rule-hit enable

By default, rule-hit statistics collection is disabled.

Display and maintenance commands for bandwidth management

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display traffic statistics for traffic rules.

In standalone mode:

display traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name }

In IRF mode:

display traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name } [ slot slot-number ]

Display connection limit statistics.

In standalone mode:

display traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name } }

In IRF mode:

display traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name } } [ slot slot-number ]

Display rule-hit statistics.

In standalone mode:

display traffic-policy statistics rule-hit [ rule rule-name ]

In IRF mode:

display traffic-policy statistics rule-hit [ rule rule-name ] [ slot slot-number ]

Clear traffic statistics for traffic rules.

In standalone mode:

reset traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name }

In IRF mode:

reset traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name } [ slot slot-number ]

Clear connection limit statistics.

In standalone mode:

reset traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name } }

In IRF mode:

reset traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ name rule-name ] | per-user [ user user-name ] rule rule-name } } [ slot slot-number ]

Clear rule-hit statistics.

In standalone mode:

reset traffic-policy statistics rule-hit [ rule rule-name ]

In IRF mode:

reset traffic-policy statistics rule-hit [ rule rule-name ] [ slot slot-number ]

 

Bandwidth management configuration examples

Example: Configuring a single traffic profile

Network configuration

As shown in Figure 2, configure bandwidth management on the device to meet the following requirements:

·     The maximum bandwidth is limited to 30720 kbps for both upstream and downstream iQiYiPPS application traffic of the host in the intranet.

·     The guaranteed bandwidth is 30720 kbps for both upstream and downstream FTP traffic of the host .

·     The bandwidth of the interface to the Internet is limited to 102400 kbps.

Figure 2 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and object policies. Make sure the network connections are available. (Details not shown.)

2.     Configure traffic profiles:

# Create a traffic profile named aiqiyi, and enter traffic profile view.

<Device> system-view

[Device] traffic-policy

[Device-traffic-policy] profile name aiqiyi

# Set the maximum bandwidth to 30720 kbps for both upstream and downstream traffic.

[Device-traffic-policy-profile-aiqiyi] bandwidth upstream maximum 30720

[Device-traffic-policy-profile-aiqiyi] bandwidth downstream maximum 30720

[Device-traffic-policy-profile-aiqiyi] quit

# Create a traffic profile named profileFTP, and enter traffic profile view.

[Device-traffic-policy] profile name profileFTP

# Set the guaranteed bandwidth to 30720 kbps for both upstream and downstream traffic.

[Device-traffic-policy-profile-profileFTP] bandwidth upstream guaranteed 30720

[Device-traffic-policy-profile-profileFTP] bandwidth downstream guaranteed 30720

[Device-traffic-policy-profile-profileFTP] quit

[Device-traffic-policy] quit

3.     Set the expected bandwidth to 102400 kbps for interface GigabitEthernet 1/0/2.

[Device] interface gigabitethernet 1/0/2

[Device-GigabitEthernet1/0/2] bandwidth 102400

[Device-GigabitEthernet1/0/2] quit

4.     Configure traffic rules:

# Enter traffic policy view.

[Device] traffic-policy

# Create a traffic rule named aiqiyi, and enter traffic rule view.

[Device-traffic-policy] rule name aiqiyi

# Configure the predefined application iQiYiPPS as a match criterion.

[Device-traffic-policy-rule-1-aiqiyi] application app iQiYiPPS

# Specify traffic profile aiqiyi for traffic rule aiqiyi.

[Device-traffic-policy-rule-1-aiqiyi] action qos profile aiqiyi

[Device-traffic-policy-rule-1-aiqiyi] quit

# Create a traffic rule named ruleFTP, and enter traffic rule view.

[Device-traffic-policy] rule name ruleFTP

# Configure the predefined application FTP as a match criterion.

[Device-traffic-policy-rule-2-ruleFTP] application app ftp

# Specify traffic profile profileFTP for traffic rule ruleFTP.

[Device-traffic-policy-rule-2-ruleFTP] action qos profile profileFTP

[Device-traffic-policy-rule-2-ruleFTP] quit

[Device-traffic-policy] quit

Verifying the configuration

# Verify that the iQiYiPPS application traffic rate cannot exceed 30720 kbps and the FTP traffic rate can reach a minimum of 30720 kbps when the total traffic rate on GigabitEthernet 1/0/2 reaches 102400 kbps. (Details not shown.)

Example: Configuring parent/child traffic profiles

Network configuration

As shown in Figure 3, configure bandwidth management on the device to meet the following requirements:

·     The maximum bandwidth is limited to 30720 kbps for both upstream and downstream iQiYiPPS application traffic of the host in the intranet.

·     The guaranteed bandwidth is 30720 kbps for both upstream and downstream FTP traffic of the host .

·     The total traffic rate of the host is limited to 40960 kbps.

Figure 3 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and object policies. Make sure the network connections are available. (Details not shown.)

2.     Configure traffic profiles:

# Create a traffic profile named profile, and enter traffic profile view.

<Device> system-view

[Device] traffic-policy

[Device-traffic-policy] profile name profile

# Set the maximum bandwidth to 40960 kbps for both upstream and downstream traffic.

[Device-traffic-policy-profile-profile] bandwidth upstream maximum 40960

[Device-traffic-policy-profile-profile] bandwidth downstream maximum 40960

[Device-traffic-policy-profile-profile] quit

# Create a traffic profile named aiqiyi, and enter traffic profile view.

[Device-traffic-policy] profile name aiqiyi

# Set the maximum bandwidth to 30720 kbps for both upstream and downstream traffic.

[Device-traffic-policy-profile-aiqiyi] bandwidth upstream maximum 30720

[Device-traffic-policy-profile-aiqiyi] bandwidth downstream maximum 30720

[Device-traffic-policy-profile-aiqiyi] quit

# Create a traffic profile named profileFTP, and enter traffic profile view.

[Device-traffic-policy] profile name profileFTP

# Set the guaranteed bandwidth to 30720 kbps for both upstream and downstream traffic.

[Device-traffic-policy-profile-profileFTP] bandwidth upstream guaranteed 30720

[Device-traffic-policy-profile-profileFTP] bandwidth downstream guaranteed 30720

[Device-traffic-policy-profile-profileFTP] quit

3.     Configure traffic rules:

# Create a traffic rule named rule, and enter traffic rule view.

[Device-traffic-policy] rule name rule

# Specify traffic profile profile for traffic rule rule.

[Device-traffic-policy-rule-1-rule] action qos profile profile

[Device-traffic-policy-rule-1-rule] quit

# Create a traffic rule named aiqiyi, enter traffic rule view, and specify traffic rule rule as its parent rule.

[Device-traffic-policy] rule name aiqiyi parent rule

# Configure the predefined application iQiYiPPS as a match criterion.

[Device-traffic-policy-rule-2-aiqiyi] application app iQiYiPPS

# Specify traffic profile aiqiyi for traffic rule aiqiyi.

[Device-traffic-policy-rule-2-aiqiyi] action qos profile aiqiyi

[Device-traffic-policy-rule-2-aiqiyi] quit

# Create a traffic rule named ruleFTP, enter traffic rule view, and specify traffic rule rule as its parent rule.

[Device-traffic-policy] rule name ruleFTP parent rule

# Configure the  predefined application FTP as a match criterion.

[Device-traffic-policy-rule-3-ruleFTP] application app ftp

# Specify traffic profile profileFTP for traffic rule ruleFTP.

[Device-traffic-policy-rule-3-ruleFTP] action qos profile profileFTP

[Device-traffic-policy-rule-3-ruleFTP] quit

[Device-traffic-policy] quit

Verifying the configuration

# Verify that the total traffic rate of the host is limited to 40960 kbps, and that the iQiYiPPS application traffic rate is limited to 30720 kbps. When congestion occurs, FTP traffic is not affected. (Details not shown.)

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网