H3C S9500 Series Operating instructions

Operation Manual – QoS

H3C S9500 Series Routing Switches Table of Contents

i

Table of Contents

Chapter 1 QoS Configuration.......................................................................................................1-1

1.1 QoS Overview....................................................................................................................1-1

1.1.1 Introduction..............................................................................................................1-1

1.1.2 Terminology.............................................................................................................1-1

1.2 QoS Configuration Task List..............................................................................................1-5

1.2.1 Configuring Service Parameter Allocation Rule......................................................1-7

1.2.2 Configuring Traffic Policing.....................................................................................1-9

1.2.3 Configuring Traffic Shaping...................................................................................1-12

1.2.4 Configuring Traffic Priority.....................................................................................1-13

1.2.5 Configuring Traffic Redirecting..............................................................................1-15

1.2.6 Configuring Queue Scheduling.............................................................................1-17

1.2.7 Configuring WRED Parameters............................................................................1-18

1.2.8 Configuring Traffic Mirroring..................................................................................1-20

1.2.9 Configuring Port Mirroring.....................................................................................1-22

1.2.10 Configuring Traffic Accounting............................................................................1-23

1.3 Displaying and Debugging QoS Configuration................................................................1-24

1.4 QoS Configuration Examples ..........................................................................................1-26

1.4.1 Traffic Policing Configuration Example.................................................................1-26

1.4.2 Traffic Shaping Configuration Example ................................................................1-27

1.4.3 Port Mirroring Configuration Example................................................................... 1-27

1.4.4 Traffic Priority Marking Configuration Example..................................................... 1-28

1.4.5 Traffic Redirecting Configuration Example (I).......................................................1-29

1.4.6 Traffic Redirecting Configuration Example (II)......................................................1-30

1.4.7 Queue Scheduling Configuration Example...........................................................1-32

1.4.8 WRED Parameters Configuration Example..........................................................1-34

1.4.9 Traffic Accounting Configuration Example............................................................1-35

Chapter 2 Port Tokens Configuration .........................................................................................2-1

2.1 Overview............................................................................................................................2-1

2.2 Port Tokens Configuration.................................................................................................2-1

2.2.1 Configuration Prerequisites.....................................................................................2-1

2.2.2 Configuring the Number of Tokens for Port or Port Queue ....................................2-2

2.3 Port Tokens Configuration Example..................................................................................2-2

Chapter 3 WAN-QoS Configuration.............................................................................................3-1

3.1 Overview............................................................................................................................3-1

3.2 Configuring WAN-QoS.......................................................................................................3-1

3.3 WAN-QoS Configuration Example.....................................................................................3-2

Operation Manual – QoS

H3C S9500 Series Routing Switches Table of Contents

ii

Chapter 4 Logon User ACL Control Configuration....................................................................4-1

4.1 Logon User ACL Control Overview....................................................................................4-1

4.2 Configuring ACL for Telnet/SSH Users .............................................................................4-1

4.2.1 Configuration Prerequisites.....................................................................................4-1

4.2.2 Configuration Tasks ................................................................................................4-2

4.3 Layer 2 ACL Control Configuration Example.....................................................................4-4

4.4 Basic ACL Control Configuration Example........................................................................4-4

4.5 Applying an ACL for SNMP Users.....................................................................................4-5

4.5.1 Configuration Prerequisites.....................................................................................4-5

4.5.2 Configuration Tasks ................................................................................................4-5

4.6 ACL Control over SNMP Users Configuration Example....................................................4-8

Chapter 5 VLAN-ACL Configuration............................................................................................5-1

5.1 VLAN-ACL Overview.........................................................................................................5-1

5.2 VLAN-ACL Configuration...................................................................................................5-1

5.2.1 Configuration Prerequisites.....................................................................................5-1

5.2.2 Configuring a VLAN-ACL........................................................................................5-1

5.3 VLAN-ACL Configuration Examples..................................................................................5-4

5.3.1 VLAN-ACL Traffic Redirecting Configuration Example...........................................5-4

5.3.2 VLAN-ACL Traffic Policing Configuration Example ................................................5-5

Chapter 6 EACL Configuration ....................................................................................................6-1

6.1 EACL Overview..................................................................................................................6-1

6.2 EACL Configuration Task List............................................................................................6-1

6.2.1 Configuring EACL-BT Rate Limit ............................................................................6-1

6.2.2 Configuring EACL-reflexive ACL.............................................................................6-3

6.2.3 Configuring EACL-Outgoing ACL............................................................................6-5

6.2.4 Configuring EACL-Incoming ACL............................................................................6-6

6.3 Configuration Example ......................................................................................................6-7

6.3.1 Reflexive ACL Configuration Example....................................................................6-7

6.3.2 EACL BT Rate Limit Configuration Example ..........................................................6-8

Chapter 7 Global ACL Configuration...........................................................................................7-1

7.1 Global ACL Overview ........................................................................................................7-1

7.2 Global ACL Configuration..................................................................................................7-2

7.3 Global ACL Configuration Example...................................................................................7-3

Chapter 8 WAN-ACL Configuration.............................................................................................8-1

8.1 Overview............................................................................................................................8-1

8.2 Configuring WAN-ACL.......................................................................................................8-1

8.3 WAN-ACL Configuration Example.....................................................................................8-4

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-1

Chapter 1 QoS Configuration

When configuring QoS, go to these sections for information you are interested in:

z QoS Overview

z QoS Configuration Task List

z Displaying and Debugging QoS Configuration

z QoS Configuration Examples

1.1 QoS Overview

1.1.1 Introduction

Conventional packet network treats all packets equally. Each switch/router processes

all packets in First-in-First-out (FIFO) mode and then transfers them to the destination

in the best effort, but it provides no commitment and guarantee to such transmission

performance as delay and jitter.

With fast growth of computer networks, more and more data like voice and video that

are sensitive to bandwidth, delay and jitter are transmitted over the network. This

makes growing demands on quality of service (QoS) of networks.

Ethernet technology is a widely-used network technology dominant for independent

LANs and many LANs based on Ethernet are organic parts of the Internet. In addition,

Ethernet access is becoming one of the major access modes for Internet users.

Therefore it is inevitable to consider Ethernet QoS if we want to achieve point-to-point

global QoS solution. Ethernet switching devices then naturally need to provide different

QoS guarantee for different types of services, especially for those which are sensitive

to delay and jitter.

1.1.2 Terminology

I. Flow

Flow refers to a group of packets passing thought a switch.

II. Traffic classification

Traffic classification is the technology that identifies the packets with a specified

attribute according to a specific rule. Classification rule refers to a packet filtering rule

configured by an administrator. A classification rule can be very simple. For example,

the switch can identify the packets of different priority levels according to the ToS (type

of service) field in the packet headers. It can also be very complex. For example, it may

contain information of the link layer (Layer 2), network layer (Layer 3) and transport

layer (Layer 4) and the switch classifies packets according to such information as MAC

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-2

address, IP protocol, source address, destination address and port ID. Classification

rule often is limited to the information encapsulated at the packet header, rarely using

packet contents.

III. Packet filtering

Packet filtering refers to filtering operation applied to traffic flow. For example, the deny

operation drops the traffic flow which matches the classification rule and allows other

traffic to pass. Ethernet switches use complex classification rules, so that traffic flow

can be filtered purposefully to enhance network security.

There are two key steps in packet filtering:

Step 1: Classify the traffic at the port according to a specific rule.

Step 2: Run filtering operation (denying or permitting) to the identified traffic. By default,

permit operation is selected.

IV. Traffic policing

QoS can police traffic at the ingress port, to provide better services with the limited

network resources.

V. Redirection

You can re-specify forwarding direction for packets, based on QoS policy.

VI. Traffic priority

Ethernet switches can provide priority tags, including ToS, DSCP, 802.1p, and so on,

for specific packets. These priority tags are respectively applicable to different QoS

models.

The following describes IP priority, ToS priority, DSCP priority, EXP priority and 802.1p

priority.

1) IP priority, ToS priority, DSCP priority and EXP priority

Figure 1-1 DS field and ToS byte

As shown in

Figure 1-1, the ToS field in the IP header contains 8 bits. The first three bits

represent IP priority, in the range of 0 to 7; bits 3-6 stand for ToS priority, in the range of

0 to 15. RFC2474 redefines the ToS field in IP packets as DS (differentiated services)

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-3

field. The first six bits denote DSCP (differentiated services codepoint) priority, in the

range of 0 to 63, and the latter two bits are reserved. EXP priority, a number ranging

from 0 to 7 which is obtained by a mapping of the first three bits (bit 0 to 2) of DSCP

priority, lies in MPLS (multiprotocol label switching) header.

2) 802.1p priority

802.1p priority is stored in the header of Layer 2 packets and is suitable for the case

where only Layer 2 QoS guarantee, not L3 header analysis, is required.

Figure 1-2 Ethernet frame with 802.1Q tag header

In the above figure, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag

header after the source address in Ethernet header.

The 802.1Q tag header contains a 2-byte tag protocol identifier (TPID), with the default

value 0x8100, and a 2-byte tag control information (TCI). The TPID is newly defined by

IEEE to indicate that a packet is 802.1Q tagged. The TCI field consists of the User

Priority, CFI, and VLAN ID fields.

The User Priority field in TCI stands for 802.1p priority, which consists of three bits.

There are eight priority levels, numbered as 0 to 7, for determining to send which

packets first when switch congestion takes place. Since their applications are defined in

detail in the 802.1p Recommendation, they are named as 802.1p priority levels.

VII. Queue scheduling

Queue scheduling is used to resolve problems of resource contention by many packets.

These algorithms are often used in queue scheduling: strict priority (SP) algorithm and

weighted round Robin (WRR) algorithm.

1) SP algorithm

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-4

Packets sent via this

interface

Classify

dequeue

High priority

Low priority

Queue 7

Queue 0

Packets sent

Sending

queue

Queue 1

Queue 6

Queue 5～2

Figure 1-3 Priority queues

SP algorithm is designed for key services. One of the characteristics of key services is

these services should be processed preferentially to minimize response delay in event

of congestion. For example, there are eight output queues at the port, numbered

respectively as 7 to 0, with priority levels in descending order.

In SP mode, the system first sends those packets of higher priority in strict accordance

with priority order. Only when packets in high priority queue are all sent can those in

lower priority queue be sent. This manner of putting key-service packets into high

priority queues and non-key service packets into low priority queues does ensure that

key-service packets are sent first, while non-key service packets are sent during the

interval when no key-service packets need processed.

SP algorithm also has its disadvantages: If high priority queues are full, then packets

from the low priority queues may not be forwarded.

2) WRR algorithm

Each port supports eight output queues except that port of the GV48D/GP48D/XP4

non-wire-speed board only supports four queues. In WRR mode, the system processes

the queues by turn, so every queue can have a service period.

See the case where the port supports eight output queues. Every queue is assigned

with a weight value (respectively numbered as w7, w6, w5, w4, w3, w2, w1, and w0),

which indicates the weight in obtaining resources. For a 100 Mbps port, the weight

values are set as 50, 30, 10, 10, 50, 30, 10 and 10 (corresponding respectively to w7,

w6, w5, w4, w3, w2, w1, and w0). The even the queue with the lowest priority can be

allocated with a 5 Mbps bandwidth.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-5

Another merit for WRR algorithm: Though the queues are scheduled by turn, they are

not configured with fixed time quantum. If a queue has no packets, the system

immediately schedules the next queue. Then bandwidth resources can be fully utilized.

VIII. Traffic mirroring

Traffic mirroring duplicates the specified packets to CPU, a port, or a NetStream board

for packet analysis and monitoring.

IX. Port mirroring

Port mirroring duplicates all packets at a specified port to the monitor port for network

test and troubleshooting.

X. Flow-based traffic accounting

The system can collect traffic statistics based on flow for further analysis.

1.2 QoS Configuration Task List

Complete the following tasks to perform QoS configuration:

z Configuring Service Parameter Allocation Rule

z Configuring Traffic Policing

z Configuring Traffic Shaping

z Configuring Traffic Priority

z Configuring Traffic Redirecting

z Configuring Queue Scheduling

z Configuring Traffic Mirroring

z Configuring Port Mirroring

z Configuring Traffic Accounting

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-6

 Note:

z Before initiating any of these QoS configuration tasks, you should first define the

corresponding ACL. Then you can achieve packet filtering just by activating the right

ACL.

z To configure packet filtering, you need only to activate corresponding ACL. For

more information, see ACL Configuration in the QoS ACL Volume.

z In QoS configuration (including packet filtering, traffic policing, priority marking,

traffic redirecting, traffic mirroring, and traffic accounting), if the specified advanced

ACL has been occupied by IDS, QoS action cannot be delivered normally.

z The four ports (numbered 0 to 3) on an XP4B or XP4CA board each support four

queues (queue 0 to 3) and support the configuration for queue scheduling.

z On an XP4B or XP4CA board, the following configurations can only be performed

on port 0 and 2: applying user-defined flow template, port local precedence, packet

filtering, priority marking, traffic policing, traffic redirecting, traffic mirroring, and

traffic accounting. When such a configuration is performed on port 0, it takes effect

on both port 0 and 1. Likewise, when such a configuration is performed on port 2, it

takes effect on both port 2 and 3.

z With traffic policing configured on a XP4B or XP4CA board, port 0 and 1 share the

same bandwidth, and port 2 and 3 do likewise. That is, port 0 and 1 share the traffic

parameter settings on port 0, and port 2 and 3 share the traffic parameter settings

on port 2.

z On an XP4B or XP4CA board, executing the traffic-statistic command on port 0

will collect traffic statistics on both port 0 and 1, and executing the command on port

2 will collect traffic statistics on both port 2 and 3.

z Ports on XP4B and XP4CA boards do not support traffic shaping (traffic-shape).

Caution:

z The syntax of the QoS configuration command used for service processor boards

(LSB1NATB0 boards in the context of this document) is somewhat different from

that for interface boards. See related description in the manual.

z The service processor boards now supported by the S9500 series have no egress

interface. Therefore, they do not support the configuration commands in Ethernet

port view.

z Service processor boards do not support Layer 2 ACL.

Some of QoS terms are listed in the following table.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-7

Table 1-1 QoS terms

Term Remarks

CoS

It has the same meaning as 802.1p priority. Both refer to the

priority at packet header, with the value ranging from 0 to 7.

Service parameters

Switch allocates a set of parameters, which are used in

achieving QoS functions, upon receiving a packet. Four

items are included: 802.1p priority, DSCP priority, local

precedence, and drop precedence.

Drop-precedence

One of service parameters, ranging from 0 to 2. Drop

precedence is allocated when the switch receives the packet

and may be when the packet is processed. Allocating drop

precedence to the packet is also called coloring the packet:

the packet with drop precedence 2 as red, that with drop

precedence 1 as yellow and that with drop precedence 0 as

green. Drop precedence is referred to when switch needs to

drop packets in its congestion.

Conform-Level

The result calculated from the user-defined CIR, CBS, EBS,

PIR and actual traffic when the switch runs traffic policing, in

the range of 0 to 2. The parameter is used to select the

remark service parameters, such as remark-cos and

remark-drop, in traffic policing by means of the traffic-limit

command. The packets with different conform-levels query

different mapping tables. The conform-level of the packets

whose traffic is smaller than cir is 0, the conform-level of the

packets whose traffic is bigger than cir and smaller than pir is

1, and the conform-level of the packets whose traffic is

bigger than pir is 2. It is also involved in the DSCP + Conform

level-service parameter mapping table which is used in

re-allocating service parameters to a packet with the

traffic-priority command. Then conform level must be 0.

1.2.1 Configuring Service Parameter Allocation Rule

QoS is based on service parameters, a set of parameters for a packet, including 802.1p

priority (CoS priority), DSCP priority, EXP priority, local precedence and drop

precedence.

After receiving a packet, the switch allocates a set of service parameters to it according

to a specific rule. The switch first gets its local precedence and drop precedence

according to the packet 802.1p priority value, by searching in the CoS-to-local

precedence mapping table and the CoS-to-drop precedence mapping table. Default

values are available for the two mapping tables, but you can also configure the

mapping tables according to your needs. If the switch fails to allocate a local

precedence for the packet, it uses the local precedence of the receiving port as the CoS

value to search the CoS-to-local precedence mapping table for the local precedence of

the packet. Then the switch inversely searches the default CoS-to-local precedence

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-8

mapping table to obtain the CoS value and searches the CoS-to-drop precedence

mapping table to obtain the drop precedence for the packet.

 Note:

z To assign a local precedence to the tagged packets received on a port based on the

802.1p field, you must assign a local precedence (or port priority) with the priority

command to the port instead of using the default port priority, that is, 0.

z A tagged packet received on a port will be assigned a local precedence based on its

802.1p if the local precedence of the port is not zero or if the traffic-priority

command is configured to have the system to do so.

z If the CoS-to-local precedence mapping table is modified, you need to re-assign a

local precedence to each port for the new mapping table to take effect on untagged

packets.

I. Configuring mapping tables

Perform the following configurations in system view.

To do... Use the command...

Configure the CoS-to-drop

precedence mapping table

qos cos-drop-precedence-map

cos0-map-drop-prec cos1-map-drop-prec

cos2-map-drop-prec cos3-map-drop-prec

cos4-map-drop-prec cos5-map-drop-prec

cos6-map-drop-prec cos7-map-drop-prec

Restore the default values of

CoS-to-drop precedence mapping

table

undo qos cos-drop-precedence-map

Configure the CoS-to-local

precedence mapping table

qos cos-local-precedence-map

cos0-map-local-prec cos1-map-local-prec

cos2-map-local-prec cos3-map-local-prec

cos4-map-local-prec cos5-map-local-prec

cos6-map-local-prec cos7-map-local-prec

Restore the default values of

CoS-to-local precedence mapping

table

undo qos cos-local-precedence-map

By default, the switch uses the default mapping tables to assign drop precedence and

local precedence to received packets.

II. Configuring local precedence on a port

Perform the following configurations in Ethernet port view.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-9

To do... Use the command...

Configure local precedence on a port priority priority-level

Restore the default local precedence on a port

undo priority

1.2.2 Configuring Traffic Policing

Traffic policing performs per-flow rate limiting. In case the rate of a regulated traffic flow

exceeds the specified traffic specifications, the switch drops the exceeding packets,

reassigns service parameters for the traffic flow, or takes other actions as configured.

Traffic policing actions include reassigning service parameters for traffic with a certain

conform level based on the DSCP-to-services mapping table or the EXP-to-services

mapping table for the conform level and reassigning 802.1p priority based on the local

precedence-to-802.1p mapping table for the conform level. You can edit these mapping

tables or use the default ones.

I. Configuring mapping tables

Perform the following configurations in the specified views.

To do... Use the command...

Enter conform level view (in system

view)

qos conform-level conform-level-value

Configure the DSCP-to-services

mapping table for the conform level (in

conform level view)

dscp dscp-list : dscp-value exp-value

cos-value local-precedence-value

drop-precedence

Restore the default DSCP-to-services

mapping table for the conform level (in

conform level view)

undo dscp dscp-list

Configure the EXP-to-services mapping

table for the conform level (in conform

level view)

exp exp-list : dscp-value exp-value

cos-value local-precedence-value

drop-precedence

Restore the default EXP-to-services

mapping table for the conform level (in

conform level view)

undo exp exp-list

Configure the local

precedence-to-802.1p mapping table for

the conform level (in conform level view)

local-precedence cos-value0

cos-value1 cos-value2 cos-value3

cos-value4 cos-value5 cos-value6

cos-value7

Restore the default local

precedence-to-802.1p mapping table for

the conform level (in conform level view)

undo local-precedence

The system provides default mapping tables.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-10

II. Configuring traffic parameters (optional)

Use the following command to set the traffic parameters required before configuring

traffic policing on service processor boards.

Caution:

This operation is not required for configuring traffic policing on common boards.

Perform the following configuration in system view.

To do... Use the command...

Configure traffic parameters

traffic-params traffic-index cir committed-info-rate

cbs committed-base-size ebs exceed-base-size [ pir

peak-info-rate ]

III. Configuring traffic policing

The purpose of this configuration task is to implement traffic policing on ACL-matched

data streams, and then take normal actions on data streams within the traffic limit and

take other actions (discarding packets, for example) on those exceeding the limit.

For interface boards, perform the following configurations in Ethernet port view.

To do... Use the command...

Configure traffic policing which only

applies IP group ACL

traffic-limit inbound ip-group { acl-number |

acl-name } [ rule rule [ system-index index ] ]

[ tc-index index ] cir cbs ebs [ pir ] [ conform

{ { remark-cos | remark-drop-priority } * |

remark-policed-service } ] [ exceed

{ forward | drop } ]

Remove traffic policing setting

which only applies IP group ACL

undo traffic-limit inbound ip-group

{ acl-number | acl-name } [ rule rule ]

Configure traffic policing which

applies IP group ACL and link

group ACL at same time

traffic-limit inbound ip-group { acl-number |

acl-name } { rule rule link-group { acl-number

| acl-name } [ rule rule [ system-index

index ] ] | link-group { acl-number | acl-name }

rule rule } [ tc-index index ] cir cbs ebs [ pir ]

[ conform { { remark-cos |

remark-drop-priority } * |

remark-policed-service } ] [ exceed

{ forward | drop } ]

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-11

To do... Use the command...

Remove traffic policing setting

which applies IP group ACL and

link group ACL at same time

undo traffic-limit inbound ip-group

{ acl-number | acl-name } { rule rule

link-group { acl-number | acl-name } [ rule

rule ] | link-group { acl-number | acl-name }

rule rule }

Configure traffic policing which only

applies link group ACL

traffic-limit inbound link-group

{ acl-number | acl-name } [ rule rule

[ system-index index ] ] [ tc-index index ] cir

cbs ebs [ pir ] [ conform { { remark-cos |

remark-drop-priority } * |

remark-policed-service } ] [ exceed

{ forward | drop } ]

Remove traffic policing setting

which only applies link group ACL

undo traffic-limit inbound link-group

{ acl-number | acl-name } [ rule rule ]

 Note:

It is required that CIR is less than or equal to PIR and CBS is less than or equal to EBS.

You are recommended to configure CBS and EBS to numbers that are 100 to 150 times

of CIR.

For service processor boards, perform the following configurations in VLAN view.

To do... Use the command...

Configure traffic policing which

only applies IP group ACL

traffic-limit inbound ip-group { acl-number |

acl-name } [ rule rule [ system-index index ] ]

traffic-index index ] [ conform { { remark-cos |

remark-policed-service } ] [ exceed { forward |

drop } ] slot slot-id

Remove traffic policing setting

which only applies IP group ACL

undo traffic-limit inbound ip-group

{ acl-number | acl-name } [ rule rule ] slot slot-id

Caution:

z Before executing the traffic-limit command on a service processor board, you must

first configure traffic redirecting in Ethernet port view to redirect the packets of a

specific VLAN to the service processor board.

z Before configuring traffic policing, you must first define corresponding ACLs and

configure the DSCP + Conform level-service parameters mapping table and the

Local precedence + Conform level-802.1p priority mapping table.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-12

You must first define the corresponding ACL and configure the DSCP + Conform

level-service parameters mapping table and Local precedence + Conform level

mapping table before starting this configuration.

This configuration achieves traffic policing for the packets that match the ACL. If the

traffic rate threshold is exceeded, corresponding measures will be taken, for example,

dropping excessive packets.

system-index index: Specifies a system index for the specified ACL rule. By default,

when an ACL rule is applied, the system will automatically assign a globally unique

index to the rule for the purpose to retrieve the rule later. You can also use the two

parameters to specify a system index when using the command to apply an ACL rule.

But the index you specified may change when the system is running. Generally, you are

not recommended to manually specify the system index.

tc-index index here is traffic policing index. If you configure the same index for different

ACL rules during setting traffic policing, then the sum of traffic shall be limited by the

traffic policing-related parameters predefined. For example, if CIR (committed

information rate) of the traffic that matches ACL 1 is set to 10 kbps and that for ACL 2 to

10 kbps, and their traffic policing indexes are the same, then the average rate of the

traffic that matches ACL 1 and ACL 2 shall be limited to 10 kbps.

 Note:

z When you specify the same tc-index for different traffics, the traffic policing-related

parameter settings must be consistent with each other. Otherwise, the system will

prompt an error.

z For boards with C or D suffix in their names, if the remark-cos keyword is used,

both remark-cos and remark-drop-priority will take effect.

z The index specified by the tc-index keyword should be in the range of 0 to 12288,

where 0 directs the system to automatically assign an index.

See the corresponding Command Manual for details of the commands.

1.2.3 Configuring Traffic Shaping

Traffic shaping controls the rate of outbound packets, to ensure they are sent at

relatively average rates. Traffic shaping measure tries to match packet transmission

rate with the capacity of downstream devices. Its major difference from traffic policing is:

Traffic shaping buffers packets at over-threshold rates to make them sent at average

rates, while traffic policing drops excessive packets. Therefore, traffic shaping may

increase transmission delay, but not for traffic policing.

Perform the following configurations in Ethernet port view.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-13

To do... Use the command...

Configure traffic shaping

traffic-shape [ queue queue-id ]

max-rate burst-size

Remove traffic shaping setting undo traffic-shape [ queue queue-id ]

The switch supports traffic shaping based on port, that is, all traffic on the port is shaped.

It also supports traffic shaping for a specific queue. You can choose to achieve one of

them by selecting different parameters in the command.

See the corresponding Command Manual for details of the commands.

1.2.4 Configuring Traffic Priority

This configuration re-marks priority value for the packets that match the ACL in these

ways: using the service parameters allocated by the switch, re-allocating service

parameters by searching the mapping table based on the packet DSCP value,

re-allocating service parameters by searching the mapping table based on the

specified DSCP or EXP value, customizing service parameters for the packets.

For interface boards, perform the following configurations in Ethernet port view.

To do... Use the command...

Configure traffic priority which

only applies IP group ACL

traffic-priority inbound ip-group { acl-number

| acl-name } [ rule rule [ system-index index ] ]

{ auto | remark-policed-service { trust-dscp |

dscp dscp-value | untrusted dscp dscp-value

cos cos-value local-precedence

local-precedence drop-priority drop-level } }

Remove traffic priority setting

which only applies IP group ACL

undo traffic-priority inbound ip-group

{ acl-number | acl-name } [ rule rule ]

Configure traffic priority which

applies IP group ACL and link

group ACL at same time

traffic-priority inbound ip-group { acl-number

| acl-name } { rule rule link-group { acl-number |

acl-name } [ rule rule [ system-index index ] ] |

link-group { acl-number | acl-name } rule rule }

{ auto | remark-policed-service { trust-dscp |

dscp dscp-value | untrusted dscp dscp-value

cos cos-value local-precedence

local-precedence drop-priority drop-level } }

Remove traffic priority setting

which applies IP group ACL and

link group ACL at same time

undo traffic-priority inbound ip-group

{ acl-number | acl-name } { rule rule link-group

{ acl-number | acl-name } [ rule rule ] |

link-group { acl-number | acl-name } rule rule }

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-14

To do... Use the command...

Configure traffic priority which

only applies link group ACL

traffic-priority inbound link-group

{ acl-number | acl-name } [ rule rule

[ system-index index ] ] { auto |

remark-policed-service { trust-dscp | dscp

dscp-value | untrusted dscp dscp-value cos

cos-value local-precedence local-precedence

drop-priority drop-level } }

Remove traffic priority setting

which only applies link group

ACL

undo traffic-priority inbound link-group

{ acl-number | acl-name } [ rule rule ]

For service processor boards, perform the following configurations in VLAN view.

To do... Use the command...

Mark the packets

matching Layer 3 ACL

rule with priority

traffic-priority inbound ip-group { acl-number |

acl-name } { rule rule { system-index index |

{ remark-policed-service { trust-dscp | dscp

dscp-value | untrusted dscp dscp-value cos cos-value

local-precedence local-precedence drop-priority

drop-level [ slot slot-id ] } | auto [ slot slot-id ] } } | { auto

[ slot slot-id ] } | { remark-policed-service { trust-dscp

| dscp dscp-value | { untrusted dscp dscp-value cos

cos-value local-precedence local-precedence

drop-priority drop-level } [ slot slot-id ] } } }

Remove the mark

undo traffic-priority inbound ip-group { acl-number |

acl-name } [ rule rule ] [ slot slot-id ]

Caution:

z Before executing the traffic-priority command on a service processor board, you

must first configure traffic redirecting in Ethernet port view to redirect the packets of

a specific VLAN to the service processor board.

z Before performing this configuration, you must first define the ACLs and configure

the DSCP-to-services mapping tables and the EXP-to-services mapping tables. For

configuration of the mapping tables, refer to section

Configuring Traffic Policing.

Normally, when applying a rule, the system assigns a globally unique index to it for later

retrieval. Alternatively, you can choose to assign a system index to an ACL rule with this

command. However, as this value may change while the system is running, you are not

encouraged to manually assign system indexes to ACL rules.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-15

 Note:

z For MPLS packets, the dscp-value argument defines not only a DSCP priority but

also an EXP (the three high-order bits of the value). When the S9500 switch is used

as an ingress PE device, for IP packets, EXP is matched according to the

DSCP-to-services mapping table for the conform level of the packets; and for TCP

and UDP packets, the value of EXP is the lower 3 bits of dscp-value. When the

S9500 switch is used as an ingress P device, the value of EXP is the lower 3 bits of

the dscp-value.

z For priority marking actions, the DSCP-to-services mapping table or

EXP-to-services mapping table for conform level 0 applies.

See the corresponding command manual for details on the commands.

1.2.5 Configuring Traffic Redirecting

Traffic redirecting changes packet forwarding direction. You can redirect packets to

CPU, an Ethernet port, an RPR logical interface, an aggregation group, a smart link

group, an IP address, or a board.

For interface boards, perform the following configurations in Ethernet port view.

To do... Use the command...

Configure traffic

redirecting which only

applies IP group ACL

traffic-redirect inbound ip-group { acl-number |

acl-name } [ rule rule [ system-index index ] ] { cpu |

interface interface-type interface-number destination-vlan

[ l2-vpn | l3-vpn ] | link-aggregation group groupid

destination-vlan | smart-link group groupid

destination-vlan | next-hop ip-addr1 [ ip-addr2 ] [ invalid

{ forward | drop } ] | slot slot-id { vlanid | designated-vlan

vlanid } [ join-vlan ] }

Remove traffic

redirecting setting

which only applies IP

group ACL

undo traffic-redirect inbound ip-group { acl-number |

acl-name } [ rule rule ]

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-16

To do... Use the command...

Configure traffic

redirecting which

applies IP group ACL

and link group ACL at

same time

traffic-redirect inbound ip-group { acl-number |

acl-name } rule rule link-group { acl-number | acl-name }

[ rule rule ] { cpu | interface interface-type

interface-number destination-vlan [ l2-vpn | l3-vpn ] |

link-aggregation group groupid destination-vlan |

smart-link group groupid destination-vlan | next-hop

ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ] | slot

slot-id designated-vlan vlanid [ join-vlan ] }

Or

traffic-redirect inbound ip-group { acl-number |

acl-name } link-group { acl-number | acl-name } rule rule

{ cpu | interface interface-type interface-number

destination-vlan [ l2-vpn | l3-vpn ] | link-aggregation

group groupid destination-vlan | smart-link group

groupid destination-vlan | next-hop ip-addr1 [ ip-addr2 ]

[ invalid { forward | drop } ] | slot slot-id designated-vlan

vlanid [ join-vlan ] }

Remove traffic

redirecting setting

which applies IP group

ACL and link group

ACL at same time

undo traffic-redirect inbound ip-group { acl-number |

acl-name } { rule rule link-group { acl-number | acl-name }

[ rule rule ] | link-group { acl-number | acl-name } rule

rule } or

undo traffic-redirect inbound link-group { acl-number |

acl-name } { rule rule ip-group { acl-number | acl-name } |

ip-group { acl-number | acl-name } rule rule }

Configure traffic

redirecting which only

applies link group ACL

traffic-redirect inbound link-group { acl-number |

acl-name } [ rule rule [ system-index index ] ] { cpu |

interface interface-type interface-number destination-vlan

[ l2-vpn | l3-vpn ] | link-aggregation group groupid

destination-vlan | smart-link group groupid

destination-vlan | next-hop ip-addr1 [ ip-addr2 ] [ invalid

{ forward | drop } ] | slot slot-id designated-vlan vlanid

[ join-vlan ] }

Remove traffic

redirecting setting

which only applies link

group ACL

undo traffic-redirect inbound link-group { acl-number |

acl-name } [ rule rule ]

Caution:

When the traffic is redirected to a NAT board with the vlanid argument specified, the

port is allowed to exit the specified VLAN (by using the undo command or performing

intermix). If a port leaves a VLAN by accident, you are recommended to remove the

traffic redirecting configuration, add the port to the VLAN again, and then redirect the

traffic to the NAT board with the vlanid argument specified.

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-17

For service processor boards, perform the following configurations in VLAN view.

To do... Use the command...

Configure traffic redirecting on

packets matching Layer 3

ACL rule.

traffic-redirect inbound ip-group { acl-number |

acl-name } { { rule rule { cpu [ slot slot-id ] |

next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward |

drop } ] | system-index index { cpu [ slot slot-id ] |

next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward |

drop } } } | { cpu [ slot slot-id ] } | { next-hop

ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ]

[ slot slot-id ] } }

Remove this traffic redirecting

configuration on the packets

matching Layer 3 ACL rule.

undo traffic-redirect inbound ip-group

{ acl-number | acl-name } [ rule rule ] [ slot slot-id ]

The system-index index keyword-argument combination here is the system index for

an ACL rule. When delivering a rule, the system assigns a globally unique index to it, for

convenience of later retrieval. You can also assign a system index for it when delivering

an ACL rule with this command, but the index value may change while the system is

running. However, you are not recommended to assign a system index if not urgently

necessary.

 Note:

z Traffic redirecting setting is only available for the permitted rules in the ACL.

z The packet redirected to the CPU cannot be forwarded normally.

z You can achieve policy route by selecting the next-hop keyword.

z Before executing the traffic-redirect command on a service processor board, you

must first configure traffic redirecting in Ethernet port view to redirect the packets in

Layer 3 to the service processor board and specific VLAN.

z Multicast packets are not allowed to be redirected to the service processor boards.

See the corresponding Command Manual for details of the commands.

1.2.6 Configuring Queue Scheduling

Each port supports eight output queues except that ports of GV48D/GP48D/XP4

non-wire-speed boards only support four queues. The switch puts the packets into the

queues according to the local precedence of packets. Queue scheduling is used to

resolve problems of resource contention by many packets. The switch supports SP

algorithm and WRR algorithm.

Different output queues at the port may use different algorithms. The switch supports

three scheduling modes:

Operation Manual – QoS

H3C S9500 Series Routing Switches Chapter 1 QoS Configuration

1-18

1) All-SP scheduling mode

2) All-WRR mode: A queue is selected from each of the two WRR groups during

scheduling, and then the two queues are compared for priority. The queue with

higher priority will be scheduled. After scheduling, another queue is selected from

the WRR group containing the queue with higher priority, and the newly selected

queue will be compared with the previously selected queue that has lower priority.

3) SP plus WRR mode: The output queues are put into different scheduling groups.

SP group uses SP algorithm, WRR groups use WRR algorithm. The select one

queue respectively from SP group, WRR group 1 and WRR group 2 and schedule

them using SP algorithm.

Perform the following configurations in Ethernet port view.

To do... Use the command...

Configuring queue scheduling

queue-scheduler wrr { group1 { queue-id

queue-weight } &<1-8> | group2 { queue-id

queue-weight } &<1-8> } *

Restore the default setting undo queue-scheduler [ queue-id ] &<1-8>

By default, the switch uses all-SP mode, so those queues not configured with WRR

algorithm are SP mode.

See the corresponding Command Manual for details of the commands.

1.2.7 Configuring WRED Parameters

In the case of network congestion, the switch drops packets to release system

resources. And then no packets are put into long-delay queues.

The switch allocates drop precedence for it when receiving a packet (also called

coloring the packet). Drop precedence ranges from 0 to 2, with 2 for red, 1 for yellow,

and 0 for green. In congestion, red packets will be first dropped, and green packets last.

You can configure drop parameters and thresholds by queue or drop precedence.

The following two drop modes are available:

1) Tail drop mode: Different queues (red, yellow and red) are allocated with different

drop thresholds. When these thresholds are exceeded respectively, excessive

packets will be dropped.

2) WRED drop mode: Drop precedence is taken into account in drop action. When

only min-thresholds of red, yellow and green packets are exceeded, excessive

packets are dropped randomly at given probability. But when max-thresholds of

red, yellow and green packets are exceeded, all excessive packets will be

dropped.

You must first configure WRED parameters for every output queue in defining drop

precedence.

Page is loading ...

H3C S9500 Series Operating instructions

H3C S9500 Series Operating instructions

Related papers

Other documents