H3C S9500 Series Operating instructions

Type
Operating instructions
Operation Manual – QoS
H3C S9500 Series Routing Switches Table of Contents
i
Table of Contents
Chapter 1 QoS Configuration.......................................................................................................1-1
1.1 QoS Overview....................................................................................................................1-1
1.1.1 Introduction..............................................................................................................1-1
1.1.2 Terminology.............................................................................................................1-1
1.2 QoS Configuration Task List..............................................................................................1-5
1.2.1 Configuring Service Parameter Allocation Rule......................................................1-7
1.2.2 Configuring Traffic Policing.....................................................................................1-9
1.2.3 Configuring Traffic Shaping...................................................................................1-12
1.2.4 Configuring Traffic Priority.....................................................................................1-13
1.2.5 Configuring Traffic Redirecting..............................................................................1-15
1.2.6 Configuring Queue Scheduling.............................................................................1-17
1.2.7 Configuring WRED Parameters............................................................................1-18
1.2.8 Configuring Traffic Mirroring..................................................................................1-20
1.2.9 Configuring Port Mirroring.....................................................................................1-22
1.2.10 Configuring Traffic Accounting............................................................................1-23
1.3 Displaying and Debugging QoS Configuration................................................................1-24
1.4 QoS Configuration Examples ..........................................................................................1-26
1.4.1 Traffic Policing Configuration Example.................................................................1-26
1.4.2 Traffic Shaping Configuration Example ................................................................1-27
1.4.3 Port Mirroring Configuration Example................................................................... 1-27
1.4.4 Traffic Priority Marking Configuration Example..................................................... 1-28
1.4.5 Traffic Redirecting Configuration Example (I).......................................................1-29
1.4.6 Traffic Redirecting Configuration Example (II)......................................................1-30
1.4.7 Queue Scheduling Configuration Example...........................................................1-32
1.4.8 WRED Parameters Configuration Example..........................................................1-34
1.4.9 Traffic Accounting Configuration Example............................................................1-35
Chapter 2 Port Tokens Configuration .........................................................................................2-1
2.1 Overview............................................................................................................................2-1
2.2 Port Tokens Configuration.................................................................................................2-1
2.2.1 Configuration Prerequisites.....................................................................................2-1
2.2.2 Configuring the Number of Tokens for Port or Port Queue ....................................2-2
2.3 Port Tokens Configuration Example..................................................................................2-2
Chapter 3 WAN-QoS Configuration.............................................................................................3-1
3.1 Overview............................................................................................................................3-1
3.2 Configuring WAN-QoS.......................................................................................................3-1
3.3 WAN-QoS Configuration Example.....................................................................................3-2
Operation Manual – QoS
H3C S9500 Series Routing Switches Table of Contents
ii
Chapter 4 Logon User ACL Control Configuration....................................................................4-1
4.1 Logon User ACL Control Overview....................................................................................4-1
4.2 Configuring ACL for Telnet/SSH Users .............................................................................4-1
4.2.1 Configuration Prerequisites.....................................................................................4-1
4.2.2 Configuration Tasks ................................................................................................4-2
4.3 Layer 2 ACL Control Configuration Example.....................................................................4-4
4.4 Basic ACL Control Configuration Example........................................................................4-4
4.5 Applying an ACL for SNMP Users.....................................................................................4-5
4.5.1 Configuration Prerequisites.....................................................................................4-5
4.5.2 Configuration Tasks ................................................................................................4-5
4.6 ACL Control over SNMP Users Configuration Example....................................................4-8
Chapter 5 VLAN-ACL Configuration............................................................................................5-1
5.1 VLAN-ACL Overview.........................................................................................................5-1
5.2 VLAN-ACL Configuration...................................................................................................5-1
5.2.1 Configuration Prerequisites.....................................................................................5-1
5.2.2 Configuring a VLAN-ACL........................................................................................5-1
5.3 VLAN-ACL Configuration Examples..................................................................................5-4
5.3.1 VLAN-ACL Traffic Redirecting Configuration Example...........................................5-4
5.3.2 VLAN-ACL Traffic Policing Configuration Example ................................................5-5
Chapter 6 EACL Configuration ....................................................................................................6-1
6.1 EACL Overview..................................................................................................................6-1
6.2 EACL Configuration Task List............................................................................................6-1
6.2.1 Configuring EACL-BT Rate Limit ............................................................................6-1
6.2.2 Configuring EACL-reflexive ACL.............................................................................6-3
6.2.3 Configuring EACL-Outgoing ACL............................................................................6-5
6.2.4 Configuring EACL-Incoming ACL............................................................................6-6
6.3 Configuration Example ......................................................................................................6-7
6.3.1 Reflexive ACL Configuration Example....................................................................6-7
6.3.2 EACL BT Rate Limit Configuration Example ..........................................................6-8
Chapter 7 Global ACL Configuration...........................................................................................7-1
7.1 Global ACL Overview ........................................................................................................7-1
7.2 Global ACL Configuration..................................................................................................7-2
7.3 Global ACL Configuration Example...................................................................................7-3
Chapter 8 WAN-ACL Configuration.............................................................................................8-1
8.1 Overview............................................................................................................................8-1
8.2 Configuring WAN-ACL.......................................................................................................8-1
8.3 WAN-ACL Configuration Example.....................................................................................8-4
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-1
Chapter 1 QoS Configuration
When configuring QoS, go to these sections for information you are interested in:
z QoS Overview
z QoS Configuration Task List
z Displaying and Debugging QoS Configuration
z QoS Configuration Examples
1.1 QoS Overview
1.1.1 Introduction
Conventional packet network treats all packets equally. Each switch/router processes
all packets in First-in-First-out (FIFO) mode and then transfers them to the destination
in the best effort, but it provides no commitment and guarantee to such transmission
performance as delay and jitter.
With fast growth of computer networks, more and more data like voice and video that
are sensitive to bandwidth, delay and jitter are transmitted over the network. This
makes growing demands on quality of service (QoS) of networks.
Ethernet technology is a widely-used network technology dominant for independent
LANs and many LANs based on Ethernet are organic parts of the Internet. In addition,
Ethernet access is becoming one of the major access modes for Internet users.
Therefore it is inevitable to consider Ethernet QoS if we want to achieve point-to-point
global QoS solution. Ethernet switching devices then naturally need to provide different
QoS guarantee for different types of services, especially for those which are sensitive
to delay and jitter.
1.1.2 Terminology
I. Flow
Flow refers to a group of packets passing thought a switch.
II. Traffic classification
Traffic classification is the technology that identifies the packets with a specified
attribute according to a specific rule. Classification rule refers to a packet filtering rule
configured by an administrator. A classification rule can be very simple. For example,
the switch can identify the packets of different priority levels according to the ToS (type
of service) field in the packet headers. It can also be very complex. For example, it may
contain information of the link layer (Layer 2), network layer (Layer 3) and transport
layer (Layer 4) and the switch classifies packets according to such information as MAC
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-2
address, IP protocol, source address, destination address and port ID. Classification
rule often is limited to the information encapsulated at the packet header, rarely using
packet contents.
III. Packet filtering
Packet filtering refers to filtering operation applied to traffic flow. For example, the deny
operation drops the traffic flow which matches the classification rule and allows other
traffic to pass. Ethernet switches use complex classification rules, so that traffic flow
can be filtered purposefully to enhance network security.
There are two key steps in packet filtering:
Step 1: Classify the traffic at the port according to a specific rule.
Step 2: Run filtering operation (denying or permitting) to the identified traffic. By default,
permit operation is selected.
IV. Traffic policing
QoS can police traffic at the ingress port, to provide better services with the limited
network resources.
V. Redirection
You can re-specify forwarding direction for packets, based on QoS policy.
VI. Traffic priority
Ethernet switches can provide priority tags, including ToS, DSCP, 802.1p, and so on,
for specific packets. These priority tags are respectively applicable to different QoS
models.
The following describes IP priority, ToS priority, DSCP priority, EXP priority and 802.1p
priority.
1) IP priority, ToS priority, DSCP priority and EXP priority
Figure 1-1 DS field and ToS byte
As shown in
Figure 1-1, the ToS field in the IP header contains 8 bits. The first three bits
represent IP priority, in the range of 0 to 7; bits 3-6 stand for ToS priority, in the range of
0 to 15. RFC2474 redefines the ToS field in IP packets as DS (differentiated services)
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-3
field. The first six bits denote DSCP (differentiated services codepoint) priority, in the
range of 0 to 63, and the latter two bits are reserved. EXP priority, a number ranging
from 0 to 7 which is obtained by a mapping of the first three bits (bit 0 to 2) of DSCP
priority, lies in MPLS (multiprotocol label switching) header.
2) 802.1p priority
802.1p priority is stored in the header of Layer 2 packets and is suitable for the case
where only Layer 2 QoS guarantee, not L3 header analysis, is required.
Figure 1-2 Ethernet frame with 802.1Q tag header
In the above figure, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag
header after the source address in Ethernet header.
The 802.1Q tag header contains a 2-byte tag protocol identifier (TPID), with the default
value 0x8100, and a 2-byte tag control information (TCI). The TPID is newly defined by
IEEE to indicate that a packet is 802.1Q tagged. The TCI field consists of the User
Priority, CFI, and VLAN ID fields.
The User Priority field in TCI stands for 802.1p priority, which consists of three bits.
There are eight priority levels, numbered as 0 to 7, for determining to send which
packets first when switch congestion takes place. Since their applications are defined in
detail in the 802.1p Recommendation, they are named as 802.1p priority levels.
VII. Queue scheduling
Queue scheduling is used to resolve problems of resource contention by many packets.
These algorithms are often used in queue scheduling: strict priority (SP) algorithm and
weighted round Robin (WRR) algorithm.
1) SP algorithm
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-4
Packets sent via this
interface
Classify
dequeue
High priority
Low priority
Queue 7
Queue 0
Packets sent
Sending
queue
Queue 1
Queue 6
Queue 5~2
Figure 1-3 Priority queues
SP algorithm is designed for key services. One of the characteristics of key services is
these services should be processed preferentially to minimize response delay in event
of congestion. For example, there are eight output queues at the port, numbered
respectively as 7 to 0, with priority levels in descending order.
In SP mode, the system first sends those packets of higher priority in strict accordance
with priority order. Only when packets in high priority queue are all sent can those in
lower priority queue be sent. This manner of putting key-service packets into high
priority queues and non-key service packets into low priority queues does ensure that
key-service packets are sent first, while non-key service packets are sent during the
interval when no key-service packets need processed.
SP algorithm also has its disadvantages: If high priority queues are full, then packets
from the low priority queues may not be forwarded.
2) WRR algorithm
Each port supports eight output queues except that port of the GV48D/GP48D/XP4
non-wire-speed board only supports four queues. In WRR mode, the system processes
the queues by turn, so every queue can have a service period.
See the case where the port supports eight output queues. Every queue is assigned
with a weight value (respectively numbered as w7, w6, w5, w4, w3, w2, w1, and w0),
which indicates the weight in obtaining resources. For a 100 Mbps port, the weight
values are set as 50, 30, 10, 10, 50, 30, 10 and 10 (corresponding respectively to w7,
w6, w5, w4, w3, w2, w1, and w0). The even the queue with the lowest priority can be
allocated with a 5 Mbps bandwidth.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-5
Another merit for WRR algorithm: Though the queues are scheduled by turn, they are
not configured with fixed time quantum. If a queue has no packets, the system
immediately schedules the next queue. Then bandwidth resources can be fully utilized.
VIII. Traffic mirroring
Traffic mirroring duplicates the specified packets to CPU, a port, or a NetStream board
for packet analysis and monitoring.
IX. Port mirroring
Port mirroring duplicates all packets at a specified port to the monitor port for network
test and troubleshooting.
X. Flow-based traffic accounting
The system can collect traffic statistics based on flow for further analysis.
1.2 QoS Configuration Task List
Complete the following tasks to perform QoS configuration:
z Configuring Service Parameter Allocation Rule
z Configuring Traffic Policing
z Configuring Traffic Shaping
z Configuring Traffic Priority
z Configuring Traffic Redirecting
z Configuring Queue Scheduling
z Configuring Traffic Mirroring
z Configuring Port Mirroring
z Configuring Traffic Accounting
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-6
 Note:
z Before initiating any of these QoS configuration tasks, you should first define the
corresponding ACL. Then you can achieve packet filtering just by activating the right
ACL.
z To configure packet filtering, you need only to activate corresponding ACL. For
more information, see ACL Configuration in the QoS ACL Volume.
z In QoS configuration (including packet filtering, traffic policing, priority marking,
traffic redirecting, traffic mirroring, and traffic accounting), if the specified advanced
ACL has been occupied by IDS, QoS action cannot be delivered normally.
z The four ports (numbered 0 to 3) on an XP4B or XP4CA board each support four
queues (queue 0 to 3) and support the configuration for queue scheduling.
z On an XP4B or XP4CA board, the following configurations can only be performed
on port 0 and 2: applying user-defined flow template, port local precedence, packet
filtering, priority marking, traffic policing, traffic redirecting, traffic mirroring, and
traffic accounting. When such a configuration is performed on port 0, it takes effect
on both port 0 and 1. Likewise, when such a configuration is performed on port 2, it
takes effect on both port 2 and 3.
z With traffic policing configured on a XP4B or XP4CA board, port 0 and 1 share the
same bandwidth, and port 2 and 3 do likewise. That is, port 0 and 1 share the traffic
parameter settings on port 0, and port 2 and 3 share the traffic parameter settings
on port 2.
z On an XP4B or XP4CA board, executing the traffic-statistic command on port 0
will collect traffic statistics on both port 0 and 1, and executing the command on port
2 will collect traffic statistics on both port 2 and 3.
z Ports on XP4B and XP4CA boards do not support traffic shaping (traffic-shape).
Caution:
z The syntax of the QoS configuration command used for service processor boards
(LSB1NATB0 boards in the context of this document) is somewhat different from
that for interface boards. See related description in the manual.
z The service processor boards now supported by the S9500 series have no egress
interface. Therefore, they do not support the configuration commands in Ethernet
port view.
z Service processor boards do not support Layer 2 ACL.
Some of QoS terms are listed in the following table.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-7
Table 1-1 QoS terms
Term Remarks
CoS
It has the same meaning as 802.1p priority. Both refer to the
priority at packet header, with the value ranging from 0 to 7.
Service parameters
Switch allocates a set of parameters, which are used in
achieving QoS functions, upon receiving a packet. Four
items are included: 802.1p priority, DSCP priority, local
precedence, and drop precedence.
Drop-precedence
One of service parameters, ranging from 0 to 2. Drop
precedence is allocated when the switch receives the packet
and may be when the packet is processed. Allocating drop
precedence to the packet is also called coloring the packet:
the packet with drop precedence 2 as red, that with drop
precedence 1 as yellow and that with drop precedence 0 as
green. Drop precedence is referred to when switch needs to
drop packets in its congestion.
Conform-Level
The result calculated from the user-defined CIR, CBS, EBS,
PIR and actual traffic when the switch runs traffic policing, in
the range of 0 to 2. The parameter is used to select the
remark service parameters, such as remark-cos and
remark-drop, in traffic policing by means of the traffic-limit
command. The packets with different conform-levels query
different mapping tables. The conform-level of the packets
whose traffic is smaller than cir is 0, the conform-level of the
packets whose traffic is bigger than cir and smaller than pir is
1, and the conform-level of the packets whose traffic is
bigger than pir is 2. It is also involved in the DSCP + Conform
level-service parameter mapping table which is used in
re-allocating service parameters to a packet with the
traffic-priority command. Then conform level must be 0.
1.2.1 Configuring Service Parameter Allocation Rule
QoS is based on service parameters, a set of parameters for a packet, including 802.1p
priority (CoS priority), DSCP priority, EXP priority, local precedence and drop
precedence.
After receiving a packet, the switch allocates a set of service parameters to it according
to a specific rule. The switch first gets its local precedence and drop precedence
according to the packet 802.1p priority value, by searching in the CoS-to-local
precedence mapping table and the CoS-to-drop precedence mapping table. Default
values are available for the two mapping tables, but you can also configure the
mapping tables according to your needs. If the switch fails to allocate a local
precedence for the packet, it uses the local precedence of the receiving port as the CoS
value to search the CoS-to-local precedence mapping table for the local precedence of
the packet. Then the switch inversely searches the default CoS-to-local precedence
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-8
mapping table to obtain the CoS value and searches the CoS-to-drop precedence
mapping table to obtain the drop precedence for the packet.
 Note:
z To assign a local precedence to the tagged packets received on a port based on the
802.1p field, you must assign a local precedence (or port priority) with the priority
command to the port instead of using the default port priority, that is, 0.
z A tagged packet received on a port will be assigned a local precedence based on its
802.1p if the local precedence of the port is not zero or if the traffic-priority
command is configured to have the system to do so.
z If the CoS-to-local precedence mapping table is modified, you need to re-assign a
local precedence to each port for the new mapping table to take effect on untagged
packets.
I. Configuring mapping tables
Perform the following configurations in system view.
To do... Use the command...
Configure the CoS-to-drop
precedence mapping table
qos cos-drop-precedence-map
cos0-map-drop-prec cos1-map-drop-prec
cos2-map-drop-prec cos3-map-drop-prec
cos4-map-drop-prec cos5-map-drop-prec
cos6-map-drop-prec cos7-map-drop-prec
Restore the default values of
CoS-to-drop precedence mapping
table
undo qos cos-drop-precedence-map
Configure the CoS-to-local
precedence mapping table
qos cos-local-precedence-map
cos0-map-local-prec cos1-map-local-prec
cos2-map-local-prec cos3-map-local-prec
cos4-map-local-prec cos5-map-local-prec
cos6-map-local-prec cos7-map-local-prec
Restore the default values of
CoS-to-local precedence mapping
table
undo qos cos-local-precedence-map
By default, the switch uses the default mapping tables to assign drop precedence and
local precedence to received packets.
II. Configuring local precedence on a port
Perform the following configurations in Ethernet port view.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-9
To do... Use the command...
Configure local precedence on a port priority priority-level
Restore the default local precedence on a port
undo priority
1.2.2 Configuring Traffic Policing
Traffic policing performs per-flow rate limiting. In case the rate of a regulated traffic flow
exceeds the specified traffic specifications, the switch drops the exceeding packets,
reassigns service parameters for the traffic flow, or takes other actions as configured.
Traffic policing actions include reassigning service parameters for traffic with a certain
conform level based on the DSCP-to-services mapping table or the EXP-to-services
mapping table for the conform level and reassigning 802.1p priority based on the local
precedence-to-802.1p mapping table for the conform level. You can edit these mapping
tables or use the default ones.
I. Configuring mapping tables
Perform the following configurations in the specified views.
To do... Use the command...
Enter conform level view (in system
view)
qos conform-level conform-level-value
Configure the DSCP-to-services
mapping table for the conform level (in
conform level view)
dscp dscp-list : dscp-value exp-value
cos-value local-precedence-value
drop-precedence
Restore the default DSCP-to-services
mapping table for the conform level (in
conform level view)
undo dscp dscp-list
Configure the EXP-to-services mapping
table for the conform level (in conform
level view)
exp exp-list : dscp-value exp-value
cos-value local-precedence-value
drop-precedence
Restore the default EXP-to-services
mapping table for the conform level (in
conform level view)
undo exp exp-list
Configure the local
precedence-to-802.1p mapping table for
the conform level (in conform level view)
local-precedence cos-value0
cos-value1 cos-value2 cos-value3
cos-value4 cos-value5 cos-value6
cos-value7
Restore the default local
precedence-to-802.1p mapping table for
the conform level (in conform level view)
undo local-precedence
The system provides default mapping tables.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-10
II. Configuring traffic parameters (optional)
Use the following command to set the traffic parameters required before configuring
traffic policing on service processor boards.
Caution:
This operation is not required for configuring traffic policing on common boards.
Perform the following configuration in system view.
To do... Use the command...
Configure traffic parameters
traffic-params traffic-index cir committed-info-rate
cbs committed-base-size ebs exceed-base-size [ pir
peak-info-rate ]
III. Configuring traffic policing
The purpose of this configuration task is to implement traffic policing on ACL-matched
data streams, and then take normal actions on data streams within the traffic limit and
take other actions (discarding packets, for example) on those exceeding the limit.
For interface boards, perform the following configurations in Ethernet port view.
To do... Use the command...
Configure traffic policing which only
applies IP group ACL
traffic-limit inbound ip-group { acl-number |
acl-name } [ rule rule [ system-index index ] ]
[ tc-index index ] cir cbs ebs [ pir ] [ conform
{ { remark-cos | remark-drop-priority } * |
remark-policed-service } ] [ exceed
{ forward | drop } ]
Remove traffic policing setting
which only applies IP group ACL
undo traffic-limit inbound ip-group
{ acl-number | acl-name } [ rule rule ]
Configure traffic policing which
applies IP group ACL and link
group ACL at same time
traffic-limit inbound ip-group { acl-number |
acl-name } { rule rule link-group { acl-number
| acl-name } [ rule rule [ system-index
index ] ] | link-group { acl-number | acl-name }
rule rule } [ tc-index index ] cir cbs ebs [ pir ]
[ conform { { remark-cos |
remark-drop-priority } * |
remark-policed-service } ] [ exceed
{ forward | drop } ]
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-11
To do... Use the command...
Remove traffic policing setting
which applies IP group ACL and
link group ACL at same time
undo traffic-limit inbound ip-group
{ acl-number | acl-name } { rule rule
link-group { acl-number | acl-name } [ rule
rule ] | link-group { acl-number | acl-name }
rule rule }
Configure traffic policing which only
applies link group ACL
traffic-limit inbound link-group
{ acl-number | acl-name } [ rule rule
[ system-index index ] ] [ tc-index index ] cir
cbs ebs [ pir ] [ conform { { remark-cos |
remark-drop-priority } * |
remark-policed-service } ] [ exceed
{ forward | drop } ]
Remove traffic policing setting
which only applies link group ACL
undo traffic-limit inbound link-group
{ acl-number | acl-name } [ rule rule ]
 Note:
It is required that CIR is less than or equal to PIR and CBS is less than or equal to EBS.
You are recommended to configure CBS and EBS to numbers that are 100 to 150 times
of CIR.
For service processor boards, perform the following configurations in VLAN view.
To do... Use the command...
Configure traffic policing which
only applies IP group ACL
traffic-limit inbound ip-group { acl-number |
acl-name } [ rule rule [ system-index index ] ]
traffic-index index ] [ conform { { remark-cos |
remark-policed-service } ] [ exceed { forward |
drop } ] slot slot-id
Remove traffic policing setting
which only applies IP group ACL
undo traffic-limit inbound ip-group
{ acl-number | acl-name } [ rule rule ] slot slot-id
Caution:
z Before executing the traffic-limit command on a service processor board, you must
first configure traffic redirecting in Ethernet port view to redirect the packets of a
specific VLAN to the service processor board.
z Before configuring traffic policing, you must first define corresponding ACLs and
configure the DSCP + Conform level-service parameters mapping table and the
Local precedence + Conform level-802.1p priority mapping table.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-12
You must first define the corresponding ACL and configure the DSCP + Conform
level-service parameters mapping table and Local precedence + Conform level
mapping table before starting this configuration.
This configuration achieves traffic policing for the packets that match the ACL. If the
traffic rate threshold is exceeded, corresponding measures will be taken, for example,
dropping excessive packets.
system-index index: Specifies a system index for the specified ACL rule. By default,
when an ACL rule is applied, the system will automatically assign a globally unique
index to the rule for the purpose to retrieve the rule later. You can also use the two
parameters to specify a system index when using the command to apply an ACL rule.
But the index you specified may change when the system is running. Generally, you are
not recommended to manually specify the system index.
tc-index index here is traffic policing index. If you configure the same index for different
ACL rules during setting traffic policing, then the sum of traffic shall be limited by the
traffic policing-related parameters predefined. For example, if CIR (committed
information rate) of the traffic that matches ACL 1 is set to 10 kbps and that for ACL 2 to
10 kbps, and their traffic policing indexes are the same, then the average rate of the
traffic that matches ACL 1 and ACL 2 shall be limited to 10 kbps.
 Note:
z When you specify the same tc-index for different traffics, the traffic policing-related
parameter settings must be consistent with each other. Otherwise, the system will
prompt an error.
z For boards with C or D suffix in their names, if the remark-cos keyword is used,
both remark-cos and remark-drop-priority will take effect.
z The index specified by the tc-index keyword should be in the range of 0 to 12288,
where 0 directs the system to automatically assign an index.
See the corresponding Command Manual for details of the commands.
1.2.3 Configuring Traffic Shaping
Traffic shaping controls the rate of outbound packets, to ensure they are sent at
relatively average rates. Traffic shaping measure tries to match packet transmission
rate with the capacity of downstream devices. Its major difference from traffic policing is:
Traffic shaping buffers packets at over-threshold rates to make them sent at average
rates, while traffic policing drops excessive packets. Therefore, traffic shaping may
increase transmission delay, but not for traffic policing.
Perform the following configurations in Ethernet port view.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-13
To do... Use the command...
Configure traffic shaping
traffic-shape [ queue queue-id ]
max-rate burst-size
Remove traffic shaping setting undo traffic-shape [ queue queue-id ]
The switch supports traffic shaping based on port, that is, all traffic on the port is shaped.
It also supports traffic shaping for a specific queue. You can choose to achieve one of
them by selecting different parameters in the command.
See the corresponding Command Manual for details of the commands.
1.2.4 Configuring Traffic Priority
This configuration re-marks priority value for the packets that match the ACL in these
ways: using the service parameters allocated by the switch, re-allocating service
parameters by searching the mapping table based on the packet DSCP value,
re-allocating service parameters by searching the mapping table based on the
specified DSCP or EXP value, customizing service parameters for the packets.
For interface boards, perform the following configurations in Ethernet port view.
To do... Use the command...
Configure traffic priority which
only applies IP group ACL
traffic-priority inbound ip-group { acl-number
| acl-name } [ rule rule [ system-index index ] ]
{ auto | remark-policed-service { trust-dscp |
dscp dscp-value | untrusted dscp dscp-value
cos cos-value local-precedence
local-precedence drop-priority drop-level } }
Remove traffic priority setting
which only applies IP group ACL
undo traffic-priority inbound ip-group
{ acl-number | acl-name } [ rule rule ]
Configure traffic priority which
applies IP group ACL and link
group ACL at same time
traffic-priority inbound ip-group { acl-number
| acl-name } { rule rule link-group { acl-number |
acl-name } [ rule rule [ system-index index ] ] |
link-group { acl-number | acl-name } rule rule }
{ auto | remark-policed-service { trust-dscp |
dscp dscp-value | untrusted dscp dscp-value
cos cos-value local-precedence
local-precedence drop-priority drop-level } }
Remove traffic priority setting
which applies IP group ACL and
link group ACL at same time
undo traffic-priority inbound ip-group
{ acl-number | acl-name } { rule rule link-group
{ acl-number | acl-name } [ rule rule ] |
link-group { acl-number | acl-name } rule rule }
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-14
To do... Use the command...
Configure traffic priority which
only applies link group ACL
traffic-priority inbound link-group
{ acl-number | acl-name } [ rule rule
[ system-index index ] ] { auto |
remark-policed-service { trust-dscp | dscp
dscp-value | untrusted dscp dscp-value cos
cos-value local-precedence local-precedence
drop-priority drop-level } }
Remove traffic priority setting
which only applies link group
ACL
undo traffic-priority inbound link-group
{ acl-number | acl-name } [ rule rule ]
For service processor boards, perform the following configurations in VLAN view.
To do... Use the command...
Mark the packets
matching Layer 3 ACL
rule with priority
traffic-priority inbound ip-group { acl-number |
acl-name } { rule rule { system-index index |
{ remark-policed-service { trust-dscp | dscp
dscp-value | untrusted dscp dscp-value cos cos-value
local-precedence local-precedence drop-priority
drop-level [ slot slot-id ] } | auto [ slot slot-id ] } } | { auto
[ slot slot-id ] } | { remark-policed-service { trust-dscp
| dscp dscp-value | { untrusted dscp dscp-value cos
cos-value local-precedence local-precedence
drop-priority drop-level } [ slot slot-id ] } } }
Remove the mark
undo traffic-priority inbound ip-group { acl-number |
acl-name } [ rule rule ] [ slot slot-id ]
Caution:
z Before executing the traffic-priority command on a service processor board, you
must first configure traffic redirecting in Ethernet port view to redirect the packets of
a specific VLAN to the service processor board.
z Before performing this configuration, you must first define the ACLs and configure
the DSCP-to-services mapping tables and the EXP-to-services mapping tables. For
configuration of the mapping tables, refer to section
Configuring Traffic Policing.
Normally, when applying a rule, the system assigns a globally unique index to it for later
retrieval. Alternatively, you can choose to assign a system index to an ACL rule with this
command. However, as this value may change while the system is running, you are not
encouraged to manually assign system indexes to ACL rules.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-15
 Note:
z For MPLS packets, the dscp-value argument defines not only a DSCP priority but
also an EXP (the three high-order bits of the value). When the S9500 switch is used
as an ingress PE device, for IP packets, EXP is matched according to the
DSCP-to-services mapping table for the conform level of the packets; and for TCP
and UDP packets, the value of EXP is the lower 3 bits of dscp-value. When the
S9500 switch is used as an ingress P device, the value of EXP is the lower 3 bits of
the dscp-value.
z For priority marking actions, the DSCP-to-services mapping table or
EXP-to-services mapping table for conform level 0 applies.
See the corresponding command manual for details on the commands.
1.2.5 Configuring Traffic Redirecting
Traffic redirecting changes packet forwarding direction. You can redirect packets to
CPU, an Ethernet port, an RPR logical interface, an aggregation group, a smart link
group, an IP address, or a board.
For interface boards, perform the following configurations in Ethernet port view.
To do... Use the command...
Configure traffic
redirecting which only
applies IP group ACL
traffic-redirect inbound ip-group { acl-number |
acl-name } [ rule rule [ system-index index ] ] { cpu |
interface interface-type interface-number destination-vlan
[ l2-vpn | l3-vpn ] | link-aggregation group groupid
destination-vlan | smart-link group groupid
destination-vlan | next-hop ip-addr1 [ ip-addr2 ] [ invalid
{ forward | drop } ] | slot slot-id { vlanid | designated-vlan
vlanid } [ join-vlan ] }
Remove traffic
redirecting setting
which only applies IP
group ACL
undo traffic-redirect inbound ip-group { acl-number |
acl-name } [ rule rule ]
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-16
To do... Use the command...
Configure traffic
redirecting which
applies IP group ACL
and link group ACL at
same time
traffic-redirect inbound ip-group { acl-number |
acl-name } rule rule link-group { acl-number | acl-name }
[ rule rule ] { cpu | interface interface-type
interface-number destination-vlan [ l2-vpn | l3-vpn ] |
link-aggregation group groupid destination-vlan |
smart-link group groupid destination-vlan | next-hop
ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ] | slot
slot-id designated-vlan vlanid [ join-vlan ] }
Or
traffic-redirect inbound ip-group { acl-number |
acl-name } link-group { acl-number | acl-name } rule rule
{ cpu | interface interface-type interface-number
destination-vlan [ l2-vpn | l3-vpn ] | link-aggregation
group groupid destination-vlan | smart-link group
groupid destination-vlan | next-hop ip-addr1 [ ip-addr2 ]
[ invalid { forward | drop } ] | slot slot-id designated-vlan
vlanid [ join-vlan ] }
Remove traffic
redirecting setting
which applies IP group
ACL and link group
ACL at same time
undo traffic-redirect inbound ip-group { acl-number |
acl-name } { rule rule link-group { acl-number | acl-name }
[ rule rule ] | link-group { acl-number | acl-name } rule
rule } or
undo traffic-redirect inbound link-group { acl-number |
acl-name } { rule rule ip-group { acl-number | acl-name } |
ip-group { acl-number | acl-name } rule rule }
Configure traffic
redirecting which only
applies link group ACL
traffic-redirect inbound link-group { acl-number |
acl-name } [ rule rule [ system-index index ] ] { cpu |
interface interface-type interface-number destination-vlan
[ l2-vpn | l3-vpn ] | link-aggregation group groupid
destination-vlan | smart-link group groupid
destination-vlan | next-hop ip-addr1 [ ip-addr2 ] [ invalid
{ forward | drop } ] | slot slot-id designated-vlan vlanid
[ join-vlan ] }
Remove traffic
redirecting setting
which only applies link
group ACL
undo traffic-redirect inbound link-group { acl-number |
acl-name } [ rule rule ]
Caution:
When the traffic is redirected to a NAT board with the vlanid argument specified, the
port is allowed to exit the specified VLAN (by using the undo command or performing
intermix). If a port leaves a VLAN by accident, you are recommended to remove the
traffic redirecting configuration, add the port to the VLAN again, and then redirect the
traffic to the NAT board with the vlanid argument specified.
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-17
For service processor boards, perform the following configurations in VLAN view.
To do... Use the command...
Configure traffic redirecting on
packets matching Layer 3
ACL rule.
traffic-redirect inbound ip-group { acl-number |
acl-name } { { rule rule { cpu [ slot slot-id ] |
next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward |
drop } ] | system-index index { cpu [ slot slot-id ] |
next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward |
drop } } } | { cpu [ slot slot-id ] } | { next-hop
ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ]
[ slot slot-id ] } }
Remove this traffic redirecting
configuration on the packets
matching Layer 3 ACL rule.
undo traffic-redirect inbound ip-group
{ acl-number | acl-name } [ rule rule ] [ slot slot-id ]
The system-index index keyword-argument combination here is the system index for
an ACL rule. When delivering a rule, the system assigns a globally unique index to it, for
convenience of later retrieval. You can also assign a system index for it when delivering
an ACL rule with this command, but the index value may change while the system is
running. However, you are not recommended to assign a system index if not urgently
necessary.
 Note:
z Traffic redirecting setting is only available for the permitted rules in the ACL.
z The packet redirected to the CPU cannot be forwarded normally.
z You can achieve policy route by selecting the next-hop keyword.
z Before executing the traffic-redirect command on a service processor board, you
must first configure traffic redirecting in Ethernet port view to redirect the packets in
Layer 3 to the service processor board and specific VLAN.
z Multicast packets are not allowed to be redirected to the service processor boards.
See the corresponding Command Manual for details of the commands.
1.2.6 Configuring Queue Scheduling
Each port supports eight output queues except that ports of GV48D/GP48D/XP4
non-wire-speed boards only support four queues. The switch puts the packets into the
queues according to the local precedence of packets. Queue scheduling is used to
resolve problems of resource contention by many packets. The switch supports SP
algorithm and WRR algorithm.
Different output queues at the port may use different algorithms. The switch supports
three scheduling modes:
Operation Manual – QoS
H3C S9500 Series Routing Switches Chapter 1 QoS Configuration
1-18
1) All-SP scheduling mode
2) All-WRR mode: A queue is selected from each of the two WRR groups during
scheduling, and then the two queues are compared for priority. The queue with
higher priority will be scheduled. After scheduling, another queue is selected from
the WRR group containing the queue with higher priority, and the newly selected
queue will be compared with the previously selected queue that has lower priority.
3) SP plus WRR mode: The output queues are put into different scheduling groups.
SP group uses SP algorithm, WRR groups use WRR algorithm. The select one
queue respectively from SP group, WRR group 1 and WRR group 2 and schedule
them using SP algorithm.
Perform the following configurations in Ethernet port view.
To do... Use the command...
Configuring queue scheduling
queue-scheduler wrr { group1 { queue-id
queue-weight } &<1-8> | group2 { queue-id
queue-weight } &<1-8> } *
Restore the default setting undo queue-scheduler [ queue-id ] &<1-8>
By default, the switch uses all-SP mode, so those queues not configured with WRR
algorithm are SP mode.
See the corresponding Command Manual for details of the commands.
1.2.7 Configuring WRED Parameters
In the case of network congestion, the switch drops packets to release system
resources. And then no packets are put into long-delay queues.
The switch allocates drop precedence for it when receiving a packet (also called
coloring the packet). Drop precedence ranges from 0 to 2, with 2 for red, 1 for yellow,
and 0 for green. In congestion, red packets will be first dropped, and green packets last.
You can configure drop parameters and thresholds by queue or drop precedence.
The following two drop modes are available:
1) Tail drop mode: Different queues (red, yellow and red) are allocated with different
drop thresholds. When these thresholds are exceeded respectively, excessive
packets will be dropped.
2) WRED drop mode: Drop precedence is taken into account in drop action. When
only min-thresholds of red, yellow and green packets are exceeded, excessive
packets are dropped randomly at given probability. But when max-thresholds of
red, yellow and green packets are exceeded, all excessive packets will be
dropped.
You must first configure WRED parameters for every output queue in defining drop
precedence.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76

H3C S9500 Series Operating instructions

Type
Operating instructions

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI