H3c s5120-ei switch series acl and qos configuration guide hangzhou h3c technologies co., ltd. Http://www.H3c.Com software version: release 2220 document version: 6w100-20130810
Copyright © 2013, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , h3cs, h3cie, h3cne, aolynk, , h 3 car...
Preface the h3c s5120-ei documentation set includes 10 configuration guides, which describe the software features for the h3c s5120-ei switch series release 2220, and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you a...
Represents a generic switch, such as a layer 2 or layer 3 switch, or a router that supports layer 2 forwarding and other layer 2 features. Port numbering in examples the port numbers in this document are for illustration only and might be unavailable on your device. About the s5120-ei documentation ...
Obtaining documentation you can access the most up-to-date h3c product documentation on the world wide web at http://www.H3c.Com . Click the links on the top navigation bar to obtain different categories of product documentation: [technical support & documents > technical documents] – provides hardw...
I contents configuring acls ························································································································································· 1 overview ···········································································································...
Ii configuration procedure ······································································································································ 20 defining a traffic behavior ···········································································································...
Iii configuration procedure ······································································································································ 47 configuration example ················································································································...
Iv appendix b packet precedences ······························································································································ 71 ip precedence and dscp values ···········································································································...
1 configuring acls unless otherwise stated, acls refer to both ipv4 and ipv6 acls throughout this document. Overview an access control list (acl) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source ip address, destination ip address, and port num...
2 basic or advanced acl, its acl number and name must be unique among all ipv6 acls. You can assign an ipv4 acl and an ipv6 acl the same number and name. Match order the rules in an acl are sorted in a specific order. When a packet matches a rule, the device stops the match process and performs the ...
3 you can also add a rule range remark to indicate the start or end of a range of rules created for the same purpose. A rule range remark always appears above the specified acl rule. If the specified rule has not been created yet, the position of the comment in the acl is as follows: • if the match ...
4 task remarks configuring a basic acl required configure at least one task. Applicable to ipv4 and ipv6 except that simple acls are for ipv6. Configuring an advanced acl configuring an ethernet frame header acl copying an acl optional applicable to ipv4 and ipv6. Configuring packet filtering with a...
11 step command remarks 5. Set the interval for generating and outputting ipv4 packet filtering logs. Acl logging frequence frequence by default, the interval is 0. No ipv4 packet filtering logs are generated. Applying an ipv6 acl for packet filtering step command remarks 1. Enter system view. Syste...
12 configuration example of using acl for device management network requirements as shown in figure 1 , configure acls so that: • host a can telnet to the switch only during the working time (8:30 to 18:00 of every working day). • as a tftp client, the switch can get files from only the server 11.1....
13 2. Limit the access to the tftp server: # create ipv4 basic acl 2001, and configure a rule for the acl to permit only the packets sourced from 11.1.1.100. [switch] acl number 2001 [switch-acl-basic-2001] rule permit source 11.1.1.100 0 [switch-acl-basic-2001] quit # use acl 2001 to control the sw...
14 [devicea-acl-basic-2009] rule permit source 192.168.1.2 0 time-range study logging [devicea-acl-basic-2009] rule deny source any time-range study [devicea-acl-basic-2009] quit # enable the device to generate and output ipv4 packet filtering logs at 10-minute intervals. [devicea] acl logging frequ...
15 [devicea] info-center source default channel 0 log level informational # apply ipv6 acl 2009 to filter incoming packets on gigabitethernet 1/0/1. [devicea] interface gigabitethernet 1/0/1 [devicea-gigabitethernet1/0/1] packet-filter ipv6 2009 inbound [devicea-gigabitethernet1/0/1] quit.
16 qos overview in data communications, quality of service (qos) is a network’s ability to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate. Network resources are scarce. The contention for resources requires that qos prioritize im...
17 qos techniques the qos techniques include traffic classification, traffic policing, traffic shaping, rate limit, congestion management, and congestion avoidance. They address problems that arise at different positions of a network. Figure 4 placement of the qos techniques in a network as shown in...
18 qos configuration approaches you can configure qos in these approaches: • mqc approach • non-mqc approach some features support both approaches, but some support only one. Mqc approach in modular qos configuration (mqc) approach, you configure qos service parameters by using qos policies (see " c...
19 configuring a qos policy overview a qos policy is a set of class-behavior associations and defines the shaping, policing, or other qos actions to take on different classes of traffic. A class is a set of match criteria for identifying traffic and it uses the and or or operator: • and—a packet mus...
20 configuration restrictions and guidelines • if a class that uses the and operator has multiple if-match acl, if-match acl ipv6, if-match customer-vlan-id or if-match service-vlan-id clauses, a packet that matches any of the clauses matches the class. • to successfully execute the traffic behavior...
21 option description dscp dscp-list matches dscp values. The dscp-list argument is a list of up to eight dscp values. A dscp value can be a number from 0 to 63 or any keyword in table 10 . Destination-mac mac-address matches a destination mac address. Customer-dot1p 8021p-list matches the 802.1p pr...
22 defining a policy you associate a behavior with a class in a qos policy to perform the actions defined in the behavior for the class of packets. Configuration restrictions and guidelines • if an acl is referenced by a qos policy for defining traffic match criteria, packets matching the acl are or...
23 applying the qos policy to an interface a policy can be applied to multiple interfaces, but only one policy can be applied in inbound direction of an interface. To apply the qos policy to an interface: step command remarks 1. Enter system view. System-view n/a 2. Enter interface view or port grou...
24 applying the qos policy to a vlan you can apply a qos policy to a vlan to regulate traffic of the vlan. Qos policies cannot be applied to dynamic vlans, such as vlans created by gvrp. To apply the qos policy to a vlan: step command remarks 1. Enter system view. System-view n/a 2. Apply the qos po...
25 • in a qos policy for control planes, if a system index classifier is configured, the associated traffic behavior can contain only the car action or the combination of car and accounting packet actions. In addition, if the car action is configured, only its cir setting can be applied. • in the qo...
26 clear the statistics for the qos policy applied to a control plane. Reset qos policy control-plane slot slot-number [ inbound ] available in user view.
27 configuring priority mapping overview when a packet enters a device, depending on your configuration, the device assigns a set of qos priority parameters to the packet based on either a certain priority field carried in the packet or the port priority of the incoming port. This process is called ...
28 priority trust mode on a port the priority trust mode on a port decides which priority is used for priority mapping table lookup. Port priority was introduced to use for priority mapping in addition to priority fields carried in packets. The switch series provides the following priority trust mod...
29 table 5 priority mapping results of not trusting packet priority (when the default dot1p-lp priority mapping table is used) port priority local precedence queue id 0 (default) 2 2 1 0 0 2 1 1 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 the priority mapping procedure varies with the priority modes. For more inf...
30 figure 6 priority mapping procedure for an ethernet packet note: if 802.1p priority marking is performed for packets, the device performs priority mapping for the packets based on the marked 802.1p priority values according to the flow shown in figure 6 . The dscp marking action does not affect p...
32 step command remarks 2. Enter interface view or port group view. • enter interface view: interface interface-type interface-number • enter port group view: port-group manual port-group-name use either command. Settings in interface view take effect on the current interface. Settings in port group...
33 configuration procedure # assign port priority to gigabitethernet 1/0/1 and gigabitethernet 1/0/2. Make sure that the priority of gigabitethernet 1/0/1 is higher than that of gigabitethernet 1/0/2, and no trusted packet priority type is configured on gigabitethernet 1/0/1 or gigabitethernet 1/0/2...
34 figure 8 network diagram configuration procedure 1. Configure trusting port priority: # set the port priority of gigabitethernet 1/0/1 to 3. System-view [device] interface gigabitethernet 1/0/1 [device-gigabitethernet1/0/1] qos priority 3 [device-gigabitethernet1/0/1] quit # set the port priority...
35 [device-maptbl-dot1p-lp] import 5 export 4 [device-maptbl-dot1p-lp] quit 3. Configure priority marking: # mark the http traffic of the management department, marketing department, and r&d department to the internet with 802.1p priorities 4, 5, and 3, respectively. Use the priority mapping table y...
36 configuring traffic policing, traffic shaping, and rate limit overview traffic policing, traffic shaping, and rate limit are qos technologies that help assign network resources, such as assign bandwidth. They increase network performance and user satisfaction. For example, you can configure a flo...
37 • peak information rate (pir)—rate at which tokens are put into bucket e, which specifies the average packet transmission or forwarding rate allowed by bucket e. • excess burst size (ebs)—size of bucket e, which specifies the transient burst of traffic that bucket e can forward. Cbs is implemente...
38 traffic shaping important: traffic shaping shapes the outbound traffic. Traffic shaping limits the outbound traffic rate by buffering exceeding traffic. You can use traffic shaping to adapt the traffic output rate on a device to the input traffic rate of its connected device to avoid packet loss....
39 the rate limit of a physical interface specifies the maximum rate for forwarding packets (including critical packets). Rate limit also uses token buckets for traffic control. With rate limit configured on an interface, all packets to be sent through the interface are handled by the token bucket a...
40 step command remarks 4. Return to system view. Quit n/a 5. Create a behavior and enter behavior view. Traffic behavior behavior-name n/a 6. Configure a traffic policing action. Car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] ...
41 to configure the rate limit: step command remarks 1. Enter system view. System-view n/a 2. Enter interface view or port group view. • enter interface view: interface interface-type interface-number • enter port group view: port-group manual port-group-name use either command. Settings in interfac...
42 figure 13 network diagram configuration procedures 1. Configure device a: # configure acl 2001 and acl 2002 to match traffic from server and host a, respectively. System-view [devicea] acl number 2001 [devicea-acl-basic-2001] rule permit source 1.1.1.1 0 [devicea-acl-basic-2001] quit [devicea] ac...
43 [devicea-qospolicy-car] quit # apply qos policy car to the incoming traffic of port gigabitethernet 1/0/1. [devicea] interface gigabitethernet 1/0/1 [devicea-gigabitethernet1/0/1] qos apply policy car inbound 2. Configure device b: # configure advanced acl 3001 to match http traffic. System-view ...
44 configuring congestion management overview network congestion degrades service quality on a traditional network. Congestion is a situation where the forwarding rate decreases due to insufficient resources, resulting in extra delay. Congestion is more likely to occur in complex packet switching ci...
45 figure 15 sp queuing in figure 15 , sp queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in descending priority order. In figure 15 , sp queuing classifies four queues on a port into four classes, numbered 3 to 0 in descending priority order. Sp queuing schedules the e...
46 figure 16 wrr queuing assume a port provides eight output queues. Wrr assigns each queue a weight value (represented by w7, w6, w5, w4, w3, w2, w1, or w0) to decide the proportion of resources assigned to the queue. On a 1000 mbps port, you can configure the weight values of wrr queuing to 5, 5, ...
47 • by setting the minimum guaranteed bandwidth, you can make sure that each wfq queue is assured of certain bandwidth. • the assignable bandwidth is allocated based on the weight of each queue (assignable bandwidth = total bandwidth – the sum of minimum guaranteed bandwidth of each queue). For exa...
49 configuration example network requirements • enable byte-count wrr on port gigabitethernet 1/0/1. • assign queues 0 through 7 to the wrr group, with their weights being 1, 2, 4, 6, 8, 10, 12, and 14, respectively. Configuration procedure # enter system view. System-view # configure wrr queuing on...
51 step command remarks 2. Enter interface view or port group view. • enter interface view: interface interface-type interface-number • enter port group view: port-group manual port-group-name use either command. Settings in interface view take effect on the current interface. Settings in port group...
52 configuring sp+wfq queuing configuration procedure to configure sp + wfq queuing: step command remarks 1. Enter system view. System-view n/a 2. Enter interface view or port group view. • enter interface view: interface interface-type interface-number • enter port group view: port-group manual por...
53 [sysname] interface gigabitethernet 1/0/1 [sysname-gigabitethernet1/0/1] qos wfq weight [sysname-gigabitethernet1/0/1] qos wfq 0 group sp [sysname-gigabitethernet1/0/1] qos wfq 1 group sp [sysname-gigabitethernet1/0/1] qos wfq 2 group sp [sysname-gigabitethernet1/0/1] qos wfq 3 group sp [sysname-...
54 configuring traffic filtering traffic filtering filters traffic matching certain criteria. For example, you can filter packets sourced from a specific ip address according to network status. Configuration procedure to configure traffic filtering: step command remarks 1. Enter system view. System-...
55 traffic filtering configuration example network requirements as shown in figure 18 , host is connected to gigabitethernet 1/0/1 of device. Configure traffic filtering to filter the packets with source port being 21, and received on gigabitethernet 1/0/1. Figure 18 network diagram configuration pr...
56 configuring priority marking priority marking sets the priority fields or flag bits of packets to modify the priority of traffic. For example, you can use priority marking to set ip precedence or dscp for a class of ip traffic to change its transmission priority in the network. Priority marking c...
57 important: do not use the remark command together with the car command in a traffic behavior to perform color-based marking. Configuration procedure to configure priority marking: step command remarks 1. Enter system view. System-view n/a 2. Create a class and enter class view. Traffic classifier...
58 local precedence re-marking configuration example network requirements as shown in figure 19 , the company’s enterprise network interconnects hosts with servers through device. The network is described as follows: • host a and host b are connected to gigabitethernet 1/0/1 of device. • the data se...
59 # create advanced acl 3002, and configure a rule to match packets with destination ip address 192.168.0.3. [device] acl number 3002 [device-acl-adv-3002] rule permit ip destination 192.168.0.3 0 [device-acl-adv-3002] quit # create a class named classifier_dbserver, and use acl 3000 as the match c...
60 configuring traffic redirecting traffic redirecting is the action of redirecting the packets matching the specific match criteria to a certain location for processing. The following redirect actions are supported: • redirecting traffic to the cpu—redirects packets that require processing by the c...
61 step command remarks 11. Apply the qos policy. • applying the qos policy to an interface • applying the qos policy to a vlan • applying the qos policy globally • applying the qos policy to the control plane choose one application destination as needed..
62 configuring class-based accounting class-based accounting collects statistics (in packets) on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain ip address. By analyzing the statistics, you can determine whether anomalies hav...
63 class-based accounting configuration example network requirements as shown in figure 20 , host is connected to gigabitethernet 1/0/1 of device a. Configure class-based accounting to collect statistics for traffic sourced from 1.1.1.1/24 and received on gigabitethernet 1/0/1. Figure 20 network dia...
64 operator: and rule(s) : if-match acl 2000 behavior: behavior_1 accounting enable: 28529 (packets).
65 configuring the data buffer overview data buffer the switch series provides the data buffer to buffer packets to be sent out ports to avoid packet loss when bursty traffic causes congestion. The switch controls how a port uses the data buffer by allocating the cell resource and packet resource (c...
66 • on a per-port basis—as illustrated by the vertical lines in figure 21 , the switch automatically divides the dedicated resource among all ports evenly. • on a per-queue basis—as illustrated by the horizontal lines in figure 21 , the dedicated resource of each port is proportionately allocated a...
67 using the burst function to configure the data buffer setup the burst function allows the switch to automatically determine the shared resource size, the minimum guaranteed resource size for each queue, the maximum shared resource size for each queue, and the maximum shared resource size per port...
68 step command remarks 2. Configure the shared resource area of the cell resource in percentage. Buffer egress [ slot slot-number ] cell total-shared ratio ratio optional. By default, the shared resource area of the cell resource is 60%. Configuring the minimum guaranteed resource size for a queue ...
69 allocate the remaining dedicated resource space among all queues that are not manually assigned a minimum guaranteed resource space. For example, if you set the minimum guaranteed resource size to 30% for a queue, the remaining seven queues will each share 10% of the dedicated resource of the por...
70 appendix a default priority mapping tables priority mapping tables for the default dscp-dscp mapping table, an input value yields a target value equal to it. Table 7 default dot1p-lp and dot1p-dp priority mapping tables input priority value dot1p-lp mapping dot1p-dp mapping 802.1p priority (dot1p...
71 appendix b packet precedences ip precedence and dscp values figure 23 tos and ds fields as shown in figure 23 , the tos field in the ipv4 header contains eight bits, where the first three bits (0 to 2) represent ip precedence from 0 to 7; the traffic classes field in the ipv6 header contains eigh...
72 dscp value (decimal) dscp value (binary) description 20 010100 af22 22 010110 af23 26 011010 af31 28 011100 af32 30 011110 af33 34 100010 af41 36 100100 af42 38 100110 af43 8 001000 cs1 16 010000 cs2 24 011000 cs3 32 100000 cs4 40 101000 cs5 48 110000 cs6 56 111000 cs7 0 000000 be (default) 802.1...
73 figure 25 802.1q tag header table 11 description on 802.1p priority 802.1p priority (decimal) 802.1p priority (binary) description 0 000 best-effort 1 001 background 2 010 spare 3 011 excellent-effort 4 100 controlled-load 5 101 video 6 110 voice 7 111 network-management.
74 index a c d i l m n o p q t u a acl configuration task list, 3 applying the qos policy, 22 c changing the port priority of an interface, 31 class-based accounting configuration example, 63 color-based priority marking, 56 configuration example of using acl for device management, 12 configuration ...
75 qos techniques, 17 t traffic filtering configuration example, 55 traffic policing configuration example, 41 u using the burst function to configure the data buffer setup, 67.