Professional Documents
Culture Documents
V200R001C01
Issue 04
Date 2012-01-06
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Intended Audience
This document describes the concepts and configuration procedures of QoS features on the
AR1200-S, and provides the configuration examples.
This document provides guidance for configuring QoS features.
This document is intended for:
l Data configuration engineers
l Commissioning engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
&<1-n> The parameter before the & sign can be repeated 1 to n times.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Contents
1 QoS Configuration
This chapter describes common QoS functions on interfaces of the AR1200-S: priority mapping,
traffic policing, traffic shaping, congestion management, congestion avoidance, and
Hierarchical Quality of Service (HQoS). It also provides configuration methods and examples.
QoS evaluates the capabilities of the service supplied to meet customer requirements. On the
Internet, QoS is used to evaluate capabilities of a network to transmit packets. The network
provides various services, and QoS evaluates services from different aspects. Generally, QoS
evaluates core items, including the delay, jitter, and packet loss ratio during packet transmission.
Feature Implementation
Feature Implementation
Priority Mapping
Different packets carry different precedence fields. For example, VLAN packets carry the 802.1p
field, IP packets carry the DSCP field. The mappings between priority fields must be configured
on gateways to retain priorities of packets when the packets traverse different networks.
To ensure QoS for different packets, the AR1200-S determines the queues that received packets
enter based on 802.1p priorities or DSCP priorities in packets or the default 802.1p priority of
an interface. The AR1200-S can re-mark packet priorities so that the connected device can
provide differentiated QoS based on precedence fields of the packets.
The AR1200-S sends packets to different interface queues based on the 802.1p priority, and
performs traffic shaping, congestion avoidance, and queue scheduling for the queues. FE
interfaces on the SRU of the AR1200-S support only four queues, whereas other interfaces
support eight queues. The mappings between local priorities and queues on FE interfaces on the
SRU of the AR1200-S are different. Table 1-2 lists the mappings between 802.1p priorities and
queues on FE interfaces of the SRU on the AR1200-S. Table 1-3 lists the mappings between
802.1p priorities and queues on other interfaces.
0 0
1 0
2 1
3 1
4 2
5 2
6 3
7 3
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
Traffic Policing
Traffic policing limits the traffic and resource usage by monitoring the rate limit.
Traffic policing discards the excess traffic to limit traffic within a proper range and to protect
network resources.
Traffic policing limits the traffic entering the Internet Service Provider (ISP).
l Token bucket and traffic measurement
The AR1200-S needs to determine whether the traffic rate exceeds the rate limit before
performing traffic policing. Token buckets are usually used to measure traffic.
With a certain capacity, a token bucket stores tokens. The system places tokens into a token
bucket at the configured rate (one token occupies one bit). If the token bucket is full, excess
tokens overflow and no token is added.
When measuring traffic, a token bucket forwards packets based on the number of tokens
in the token bucket. If there are enough tokens in the token bucket for forwarding packets,
the traffic rate is within the rate limit. Otherwise, the traffic rate is not within the rate limit.
Classification
Token
bucket
Drop
Traffic Shaping
Traffic shaping also limits traffic and resource usage by monitoring the rate limit. It also uses
the token bucket technology to measure traffic.
Traffic shaping adjusts the speed of outgoing traffic so that the downstream device has
capabilities to process traffic.
l Differences between traffic shaping and traffic policing
Traffic policing directly discards the excess packets. Traffic shaping buffers the packets
whose rate is greater than the traffic shaping rate in queues; therefore, traffic shaping
reduces the number of discarded packets. As shown in Figure 1-2, when there are sufficient
tokens in the token bucket, the buffered packets are forwarded at an even rate. If the tokens
are insufficient, packets are buffered continuously. If the number of packets to be buffered
is greater than the queue length, excess packets are discarded.
Packets not
within the rate
limit
Buffer
packets in
queues
Discarded
packets when
the token bucket
is full
Traffic shaping increases the delay because it buffers packets in queues, whereas traffic
policing does not.
l Traffic shaping features supported by the AR1200-S
The AR1200-S supports the following traffic shaping features:
– Traffic shaping on an interface or a sub-interface
Traffic shaping is performed for all the packets that pass through an interface or a sub-
interface.
– Queue-based traffic shaping
Congestion Avoidance
Congestion avoidance is a flow control mechanism. A system configured with congestion
avoidance monitors network resources such as queues and memory buffers. When congestion
occurs or aggravates, the system discards packets.
Congestion avoidance policies include tail drop, Random Early Detection (RED), and Weighted
Random Early Detection (WRED):
l Tail drop
The traditional packet loss policy uses the tail drop method. This method processes all
packets equally without classifying the packets into different types. When congestion
occurs, packets at the end of a queue are discarded until the congestion problem is solved.
This policy leads to global TCP synchronization. When packets of multiple TCP
connections are discarded simultaneously, these TCP connections enter the congestion
avoidance and slow start state. After a while, the peak of these TCP connections occurs.
The volume of traffic varies greatly, affecting link usage.
l RED
The RED technique randomly discards packets to prevent the transmission speed of
multiple TCP connections from being reduced simultaneously.
As specified by the RED algorithm, the upper drop threshold and lower drop threshold are
set. RED processes packets as follows:
– When the queue length is shorter than the lower drop threshold, no packet is discarded.
– When the queue length is longer than the upper drop threshold, all packets are discarded.
– When the queue length is between the lower drop threshold and the upper drop threshold,
incoming packets are discarded randomly. RED generates a random number for each
incoming packet and compares it with the drop probability of the current queue. If the
random number is greater than the drop probability, the packet is discarded. A longer
queue indicates a higher drop probability.
l WRED
WRED also discards packets randomly to prevent global TCP synchronization. WRED,
however, generates random numbers of packets based on packet priorities. WRED discards
packets based on packet priorities, so the drop probability of packets with higher priorities
is low.
By default, the AR1200-S uses tail drop. The AR1200-S supports queue-based WRED and flow-
based RED.
Congestion Management
If a network transmitting both delay-sensitive and delay-insensitive services is congested
intermittently, congestion management is required. However, if a network is always congested,
bandwidth needs to be increased.
Generally, the AR1200-S uses the following queue scheduling mechanisms:
l PQ scheduling
l WRR scheduling
l DRR scheduling
l WFQ scheduling
l PQ+WRR/PQ+DRR/PQ+WFQ scheduling
l CBQ scheduling
l PQ scheduling
Priority queuing (PQ) schedules packets in descending order of priorities. Queues with
lower priories are processed only after all the queues with higher priorities have been
processed.
By using PQ scheduling, the AR1200-S puts packets of delay-sensitive services into queues
with higher priorities and packets of other services into queues with lower priorities. In this
manner, packets of key services can be transmitted first.
PQ scheduling has a disadvantage. If a lot of packets exist in queues with higher priorities
when congestion occurs, packets in queues with lower priorities cannot be transmitted for
a long time.
l WRR scheduling
Weighted Round Robin (WRR) scheduling ensures that packets in all the queues are
scheduled in turn.
For example, eight queues are configured on an interface. Each queue is configured with
a weight: w7, w6, w5, w4, w3, w2, w1, and w0. The weight value represents the percentage
of obtaining resources. The following scenario assumes that the weights of queues on the
100M interface are 50, 50, 30, 30, 10, 10, 10, and 10, which match w7, w6, w5, w4, w3,
w2, w1, and w0. Therefore, the queue with the lowest priority can obtain at least 5 Mbit/s
bandwidth. This ensures that packets in all the queues can be scheduled.
In addition, WRR can dynamically change the time of scheduling packets in queues. For
example, if a queue is empty, WRR ignores this queue and starts to schedule the next queue.
This ensures efficient use of bandwidth.
WRR scheduling has two disadvantages:
– WRR schedules packets based on the number of packets. When the average packet
length in each queue is the same or known, you can obtain the required bandwidth by
setting WRR weight values. When the average packet length in each queue is variable,
you cannot obtain the required bandwidth by setting WRR weight values.
– Delay-sensitive services, such as voice services, cannot be scheduled in a timely
manner.
l DRR scheduling
Implementation of Deficit Round Robin (DRR) is similar to that of WRR.
The difference between DRR and WRR is as follows: WRR schedules packets based on
the number of packets, whereas DRR schedules packets based on the packet length. If the
packet length is too long, DRR allows the negative weight value so that long packets can
be scheduled. In the next round, the queue with the negative weight value is not scheduled
until its weight value becomes positive.
DRR offsets the disadvantages of PQ scheduling and WRR scheduling. That is, in PQ
scheduling, packets in queues with lower priorities cannot be scheduled for a long time; in
WRR scheduling, bandwidth is allocated improperly when the packet length of each queue
is different or variable.
If packets do not match any configured traffic classifiers, packets match the default
traffic classifier defined by the system. You are allowed to configure AF queues and
bandwidth for the default traffic classifier, whereas BE queues are configured in most
situations. BE uses WFQ scheduling so that the system schedules packets matching the
default traffic classifier based on flows.
If the length of a BE queue reaches the maximum value, the tail drop method is used
by default. You can choose to use WRED.
HQoS
The traditional QoS technology schedules packets based on interfaces. An interface, however,
can identify only priorities of different services but cannot identify services of different users.
Packets of the same priority are placed into the same queue on an interface, and compete for the
same queue resource. Therefore, the traditional QoS technology is unable to provide
differentiated services based on types of traffic and users.
As the number of users increases continuously and services develop, users require differentiated
services to have better QoS and gain more profits. Hierarchical QoS (HQoS) implements
hierarchical scheduling based on queues and differentiates services and users. It provides QoS
guarantee and saves network operation and maintenance costs.
l Queues supported by HQoS
The AR1200-S supports three levels of queues, that is, level-3 flow queue (FQ), level-2
subscriber queue (SQ), and level-1 port queue (PQ). The HQoS hierarchy is a tree structure.
The flow queue is taken as the leaf node and the port queue is taken as the root node. When
packets pass through an interface using HQoS, the packets are classified so that they
traverse the branches of the tree. Packets arrive at the top of the tree and are classified on
one of the leaves. Packets then traverse down the tree until they are transmitted out the
interface at the root.
l HQoS implementation
HQoS is implemented by traffic policy nesting supported by the AR1200-S.
A traffic policy can be nested into another traffic policy. That is, the traffic behavior or
action in a traffic policy is a sub traffic policy. When a sub traffic policy is bound to a traffic
policy, the traffic behavior in the traffic policy is taken for packets matching the traffic
classifier associated with the traffic behavior. Then the packets are classified by the sub
traffic policy and the traffic behavior in the sub traffic policy is taken for the classified
packets.
A traffic classifier in the traffic policy differentiates users by using VLAN IDs, PVC
information, and DLCI numbers. That is, the packets that match the traffic classifier in the
traffic policy enter the same subscriber queue.
The traffic classifier in a sub traffic policy differentiates services. That is, the packets that
match the traffic classifier in the sub traffic policy enter the same flow queue.
l HQoS scheduling
HQoS implements hierarchical scheduling and provides good service support. Scheduler
levels are relevant to the topology.
The AR1200-S provides three levels of schedulers, that is, flow queue scheduler, subscriber
queue scheduler, and port queue scheduler. The flow queue scheduler and subscriber queue
scheduler support PQ scheduling, WFQ scheduling, and PQ+WFQ scheduling. The port
queue scheduler uses RR scheduling.
HQoS deployment for enterprise users is used as an example. Enterprise users have VoIP
services, video conference (VC) services, and data services. Each subscriber queue
corresponds to one enterprise user and each flow queue corresponds to a type of services.
By deploying HQoS, the AR1200-S implements the following functions:
– Controlling traffic scheduling among the three types of services of a single enterprise
user
– Controlling total bandwidth of the three types of services of a single enterprise user
– Controlling bandwidth allocation between multiple enterprise users
– Controlling total bandwidth of multiple enterprise users
Applicable Environment
The AR1200-S can determine the queues that packets enter based on packet priorities (802.1p/
DSCP priorities) or the priority of an interface. The AR1200-S can re-mark packet priorities so
that the connected device can provide differentiated QoS based on precedence fields of the
packets.
l When the AR1200-S is configured to trust DSCP priorities of packets, it maps DSCP
priorities to 802.1p priorities based on priority mapping. The AR1200-S also determines
the queues that packets enter, and re-marks packet priorities.
l When the AR1200-S is configured to trust 802.1p priorities of packets or uses the priority
of an interface, it determines the queues that packets enter based on the 802.1p priority and
re-marks packet priorities.
Pre-configuration Tasks
Before configuring priority mapping, complete the following tasks:
l Configuring link layer attributes of interfaces to ensure that these interfaces work properly
l Configuring IP addresses and routing protocols for interfaces to ensure connectivity
Data Preparation
To configure priority mapping, you need the following data.
No. Data
2 Priority of an interface
No. Data
Context
The AR1200-S trusts the following priorities:
l 802.1p priority
– The AR1200-S determines the queues that tagged packets enter based on 802.1p
priorities in the tagged packets and modifies packet priorities.
– The AR1200-S determines the queues that untagged packets enter based on the default
802.1p priority of an interface and modifies packet priorities.
l DSCP priority
The AR1200-S maps DSCP priorities of packets to 802.1p priorities, determines the queues
that packets enter, and modifies packet priorities based on the priority mapping table.
l Priority of an interface
The AR1200-S determines the queues that packets enter based on the priority of the
interface, and modifies packet priorities based on the priority mapping table.
Procedure
Step 1 Run:
system-view
----End
Context
The 802.1p priority is determined by the 3-bit priority field contained in a VLAN tag. The 802.1p
priority is used to provide differentiated services.
The default 802.1p priority of an interface is used in the following situations presented in the
following table.
Interface Configuration Whether a Received Processing Method
Packet Carries a VLAN
Tag
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
port priority priority-value
----End
Context
The AR1200-S performs priority mapping based on packet priorities or the default priority of
an interface. Mappings between priorities can be configured in the priority mapping table.
Procedure
Step 1 Run:
system-view
Step 2 Run:
qos map-table { dot1p-dot1p | dot1p-dscp | dscp-dot1p | dscp-dscp }
Step 3 Run:
input { input-value1 [ to input-value2 ] } &<1-10> output output-value
----End
Prerequisite
All the priority mapping configurations are complete.
Procedure
l Run the display qos map-table [ dot1p-dot1p | dot1p-dscp | dscp-dot1p | dscp-dscp ]
command to view the priority mapping.
----End
Applicable Environment
A network is congested if traffic sent by users is not limited. To make use of limited network
resources, limit the user traffic.
l Interface-based traffic policing limits all the incoming or outgoing service traffic on an
interface.
l Flow-based traffic policing limits incoming or outgoing service traffic matching traffic
classification rules.
Pre-configuration Tasks
Before configuring traffic policing, complete the following tasks:
l Configuring link layer attributes of interfaces to ensure that these interfaces work properly
l Configuring IP addresses and routing protocols for interfaces to ensure connectivity
Data Preparation
To configure interface-based traffic policing, you need the following data.
No. Data
2 CIR value and optional parameters including the PIR value, CBS value, PBS value,
color, and coloring mode
No. Data
No. Data
2 Traffic behavior name and committed access rate (CAR) parameters: CIR value and
optional parameters including the PIR value, CBS value, PBS value, color, and
coloring mode
3 Traffic policy name and interface and direction to which the traffic policy is applied
Context
To limit all the incoming or outgoing traffic on an interface, configure traffic policing on the
interface. If the rate of received or sent packets exceeds the rate limit, packets are discarded.
Procedure
Step 1 Run:
system-view
If the CBS and PBS values are not specified, their values are determined as follows:
l If the PIR value is not set or the PIR and CIR values are the same, the CBS value is 188 times the
CIR value and the PBS value is 313 times the CIR value.
l If the PIR value is set and the PIR and CIR values are different, the CBS value is 125 times the
CIR value and the PBS value is 125 times the PIR value.
When the CBS value is less than the number of bytes in a single packet of a service, packets of the
service are discarded.
l On the LAN side, run:
qos car inbound cir cir-value
NOTE
LAN-side interfaces on the AR1200-S support only traffic policing in the inbound direction.
----End
Context
To limit the rate of incoming or outgoing traffic matching traffic classification rules, configure
flow-based traffic policing. A traffic policy can be applied to multiple interfaces. When the
traffic rate exceeds the rate limit, traffic is discarded. Flow-based traffic policing can implement
differentiated services using complex traffic classification.
Procedure
Step 1 Configure a traffic classifier.
The AR1200-S can classify traffic according to the ACL, Layer 2 information in packets, and
Layer 3 information in packets. Configure a traffic classifier by selecting appropriate traffic
classification rules. For details, see 2.3 Configuring a Traffic Classifier.
Create a traffic behavior and configure the CAR action in the traffic behavior. For details, see
2.4.5 Configuring Traffic Policing.
Create a traffic policy, associate the traffic classifier and traffic behavior with the traffic policy,
and apply the traffic policy to an interface. For details, see 2.5 Configuring a Traffic Policy.
----End
Prerequisite
All the traffic policing configurations are complete.
Procedure
l Checking the interface-based traffic policing configuration
Run the display this command in the interface view to check the traffic policing
configuration on the interface.
l Checking the flow-based traffic policing configuration
– Run the display traffic behavior { system-defined | user-defined } [ behavior-
name ] command to check the traffic behavior configuration.
Example
l Checking the interface-based traffic policing configuration
Run the display this command to check the traffic policing configuration on the interface.
[Huawei-Ethernet0/0/0] display
this
#
interface Ethernet0/0/0
qos car inbound cir
2000
#
return
Applicable Environment
If the bandwidth on the upstream network is different from the bandwidth on the downstream
network, configure traffic shaping on the outbound interface that connects the upstream network
to the downstream network. Traffic shaping ensures that the rate of packets destined for the
downstream network does not exceed the bandwidth of the downstream network, reducing
congestion and packet loss. The AR1200-S supports the following types of traffic shaping:
l Interface-based traffic shaping: shapes all the service traffic on an interface so that the
service traffic can be sent out at an even rate.
l Queue-based traffic shaping: sets different rate limits for queues with different priorities
on an interface.
l Flow-based traffic shaping: sets different rate limits for different types of traffic matching
traffic configuration rules on an interface.
You can configure one or two types of traffic shaping on an interface, but queue-based traffic
shaping and flow-based traffic shaping cannot be configured on the same interface.
NOTE
Queue-based traffic shaping and flow-based traffic shaping cannot be configured simultaneously.
If both interface-based traffic shaping and queue-based traffic shaping are configured on an interface, the
CIR value of interface-based traffic shaping cannot be less than the sum of CIR values of all the queues
on the interface; otherwise, the traffic shaping result may be incorrect. For example, packets in queues with
higher priorities are not scheduled in a timely manner.
If both interface-based traffic shaping and flow-based traffic shaping are configured on an interface, the
CIR value of interface-based traffic shaping cannot be less than the sum of CIR values of all the flows on
the interface; otherwise, the traffic shaping result may be incorrect. For example, packets in queues with
higher priorities are not scheduled in a timely manner.
Traffic shaping can be configured on the logical interface, including the dialer interface, MP-Group
interface, virtual template interface, virtual Ethernet interface, tunnel interface, or the physical interface
corresponding to the virtual interface. If traffic shaping, congestion management, congestion avoidance,
or a combination of them is configured on the virtual interface, the configuration on the virtual interface
takes effect. The configuration on the physical interface, however, does not take effect.
Pre-configuration Tasks
Before configuring traffic shaping, complete the following tasks:
l Configuring link layer attributes of interfaces to ensure that these interfaces work properly
l Configuring IP addresses and routing protocols for interfaces to ensure connectivity
Data Preparation
To configure interface-based traffic shaping, you need the following data.
No. Data
No. Data
1 Number of the interface and index of the queue to which traffic shaping is applied
No. Data
No. Data
2 Traffic behavior name, and CIR value and optional parameters including the PIR
value, PBS value, and queue length
3 Traffic policy name and interface to which the traffic policy is applied
Context
To limit all the outgoing traffic on an interface, configure traffic shaping on the interface. Traffic
shaping buffers the packets whose rate is greater than the traffic shaping rate. When there are
sufficient tokens in the token bucket, the buffered packets are forwarded at an even rate. If queues
are full, packets are discarded.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number[.subinterface-number]
Step 3 Run:
qos gts cir cir-value [ cbs cbs-value ]
By default, traffic shaping is not performed on an interface. When you configure traffic shaping
on an interface without specifying the CBS value, the CBS value is 25 times the CIR value.
----End
Context
To shape packets in each queue on an interface, configure a queue profile and apply it to the
interface. The received packets enter different queues based on priority mapping. Differentiated
services are provided by setting different traffic shaping parameters for queues with different
priorities.
Procedure
Step 1 Run:
system-view
NOTE
The FE interface on the AR1200-S SRU does not support the queue length command.
Step 4 Run:
queue { start-queue-index [ to end-queue-index ] } &<1-10> gts cir cir-value [ cbs
cbs-value ]
----End
Context
To limit all the outgoing traffic of a specified type on an interface, configure flow-based traffic
shaping. A traffic policy can be applied to different interfaces. When the rate of packets matching
the traffic policy exceeds the rate limit, traffic shaping buffers the excess packets. When there
are sufficient tokens in the token bucket, the buffered packets are forwarded at an even rate.
When the token bucket is full, the packets are discarded. Flow-based traffic shaping can
implement differentiated services using complex traffic classification.
Procedure
Step 1 Configure a traffic classifier.
The AR1200-S can classify traffic according to the ACL, Layer 2 information in packets, and
Layer 3 information in packets. Configure a traffic classifier by selecting appropriate traffic
classification rules. For details, see 2.3 Configuring a Traffic Classifier.
Create a traffic behavior and configure the GTS action in the traffic behavior. For details, see
2.4.6 Configuring Traffic Shaping.
Create a traffic policy, associate the traffic classifier and traffic behavior with the traffic policy,
and apply the traffic policy to an interface. For details, see 2.5 Configuring a Traffic Policy.
----End
Prerequisite
All the traffic shaping configurations are complete.
Procedure
l Checking the interface-based traffic shaping configuration
Run the display this command in the interface view to check the traffic shaping
configuration on the interface.
l Checking the queue-based traffic shaping configuration
– Run the display this command in the interface view to check the queue profile bound
to the interface.
– Run the display qos queue-profile [ queue-profile-name ] command to check the queue
profile configuration.
l Checking the flow-based traffic shaping configuration
– Run the display traffic behavior { system-defined | user-defined } [ behavior-
name ] command to check the traffic behavior configuration.
– Run the display traffic classifier { system-defined | user-defined } [ classifier-
name ] command to check the traffic classifier configuration.
– Run the display traffic policy user-defined [ policy-name [ classifier classifier-
name ] ] command to check the traffic policy configuration.
– Run the display traffic-policy policy-name applied-record command to check the
specified traffic policy record.
l Checking the packet statistics on the interface configured with traffic policing
– Run the display qos car statistics interface interface-type interface-number
{ inbound | outbound }or display qos car statistics interface { virtual-template vt-
number | dialer number } virtual-access va-number { inbound | outbound } command
to check the statistics on forwarded and discarded packets on the interface.
----End
Example
l Checking the interface-based traffic shaping configuration
Run the display this command to check the interface-based traffic shaping configuration.
[Huawei-Ethernet0/0/0] display
this
#
interface
Ethernet0/0/0
qos gts cir 2000 cbs
375000
#
return
Run the display qos queue-profile command to check the queue profile configuration.
<Huawei> display qos queue-profile qp1
Queue-profile:qp1
Queue Schedule Weight Length(Bytes/Packets) GTS(CIR/CBS)
------------------------------------------------------------------------------
--------------------
0 DRR 10 2048/4 -/-
1 DRR 10 2048/4 -/-
2 DRR 10 2048/4 -/-
3 DRR 10 2048/4 -/-
4 DRR 10 2048/4 -/-
5 PQ - 512/1 -/-
6 PQ - 512/1 -/-
7 PQ - 512/1 64/10000
Applicable Environment
When congestion occurs on a network, configure congestion management to implement the
following functions:
l Smooth out the delay and jitter.
l Preferentially process packets of delay-sensitive services, such as video services and voice
services.
l Process packets with the same priority uniformly and process packets with different
priorities based on packet priorities among delay-insensitive services, for example, email
services.
The AR1200-S supports queue-based congestion management and class-based congestion
management:
l Queue-based congestion management: When packets enter queues on an interface based
on packet priorities, configure different scheduling modes for queues using a queue profile
so that differentiated services are provided.
l Class-based congestion management: The AR1200-S provides EF, AF, and BE queues and
different scheduling modes for packets matching traffic classifiers so that differentiated
services can be provided.
NOTE
Pre-configuration Tasks
Before configuring congestion management, complete the following tasks:
l Configuring priority mapping
l Configuring priority re-marking based on traffic classification
Data Preparation
To configure queue-based congestion management, you need the following data.
No. Data
No. Data
No. Data
3 Traffic policy name and interface to which the traffic policy is applied
Context
After packets enter queues on an interface based on priority mapping, they are scheduled
according to rules. Interfaces on the AR1200-S support different scheduling modes. PQ queues
are scheduled first, and multiple queues are scheduled in descending order of priorities. After
all the PQ queues are scheduled, the AR1200-S schedules DRR, WFQ, or WRR queues in turn.
LAN-side interface l PQ
l DRR
l WRR
l PQ+DRR
l PQ+WRR
NOTE
FE interfaces of the SRU on theAR1200-S do not
support DRR scheduling. They support the
following scheduling modes:
l PQ
l WRR
l PQ+WRR
WAN-side interface l PQ
l WFQ
l PQ+WFQ
Procedure
Step 1 Run:
system-view
Step 2 Run:
qos queue-profile queue-profile-name
By default, the length of a queue using PQ, DRR, or WRR on the LAN side is 5120 bytes; the
length of a queue using PQ on the WAN side is 40960 bytes; the length of a queue using WFQ
on the WAN side is 131072 bytes.
NOTE
The FE interface on the AR1200-S SRU does not support the queue length command.
NOTE
The FE interface on the AR1200-S SRU does not support the queue weight command.
Step 6 Run:
quit
Step 7 Run:
interface interface-type interface-number[.subinterface-number]
Step 8 Run:
qos queue-profile queue-profile-name
----End
Context
The AR1200-S provides the following queues for data packets matching traffic classification
rules:
l AF: ensures low drop probability of packets when the rate of outgoing service traffic does
not exceed the minimum bandwidth. It is applied to services of heavy traffic that need to
be ensured.
l EF: is applied to services requiring a low delay, low drop probability, and assured
bandwidth. EF is also applied to services occupying low bandwidth, for example, voice
packets. After packets matching traffic classification rules enter EF queues, they are
scheduled in Strict Priority (SP) mode. Packets in other queues are scheduled only after all
the packets in EF queues are scheduled.
l BE: is used with the default traffic classifier. The remaining packets that do not enter AF
or EF queues enter BE queues. BE queues use WFQ scheduling. When a greater number
of queues are configured, WFQ allocates bandwidth more evenly but more resources are
occupied. WFQ is applied to the services insensitive to the delay and packet loss, for
example, Internet access services.
Class-based congestion management, also called CBQ, on the main interface or sub-interface is
exclusive with the queue profile or traffic shaping on the same main interface or sub-interface.
Sub-interface: No Sub-interface: No
Procedure
Step 1 Configure a traffic classifier.
The AR1200-S can classify traffic according to the ACL, Layer 2 information in packets, and
Layer 3 information in packets. Configure a traffic classifier by selecting appropriate traffic
classification rules. For details, see 2.3 Configuring a Traffic Classifier.
Create a traffic behavior and configure flow-based queue scheduling in the traffic behavior. For
details, see 2.4.7 Configuring Congestion Management.
Create a traffic policy, associate the traffic classifier and traffic behavior with the traffic policy,
and apply the traffic policy to an interface. For details, see 2.5 Configuring a Traffic Policy.
----End
Prerequisite
All the congestion management configurations are complete.
Procedure
l Checking the queue-based congestion management configuration
– Run the display this command in the interface view to check the queue profile bound
to the interface.
– Run the display qos queue-profile [ queue-profile-name ] command to check the queue
profile configuration.
l Checking the class-based congestion management configuration
– Run the display traffic behavior { system-defined | user-defined } [ behavior-
name ] command to check the traffic behavior configuration.
– Run the display traffic classifier { system-defined | user-defined } [ classifier-
name ] command to check the traffic classifier configuration.
Example
l Checking the queue-based congestion management configuration
Run the display this command to check the queue profile bound to the interface.
[Huawei-Ethernet0/0/0] display
this
#
interface Ethernet0/0/0
qos queue-profile qp1
#
return
Run the display qos queue-profile command to check the queue profile configuration.
<Huawei> display qos queue-profile qp1
Queue-profile:qp1
Queue Schedule Weight Length(Bytes/Packets) GTS(CIR/CBS)
------------------------------------------------------------------------------
--------------------
0 DRR 10 2048/4 -/-
1 DRR 10 2048/4 -/-
2 DRR 10 2048/4 -/-
3 DRR 10 2048/4 -/-
4 DRR 10 2048/4 -/-
5 PQ - 512/1 -/-
6 PQ - 512/1 -/-
7 PQ - 512/1 64/10000
Applicable Environment
By default, the AR1200-S uses the tail drop method and discards data packets at the end of a
queue when congestion occurs. The tail drop method may cause global Transmission Control
Protocol (TCP) synchronization, and it reduces link usage. The Weighted Random Early
Detection (WRED) can solve these problems.
The AR1200-S supports queue-based congestion avoidance and flow-based congestion
avoidance:
l Queue-based congestion avoidance: In a queue profile, different drop profiles are bound
to queues. Different WRED parameters in drop profiles take effect for queues with different
priorities so that differentiated services are provided.
l Flow-based congestion avoidance: The AR1200-S provides EF, AF, and BE queues for
packets matching traffic classification rules. EF queues can use only tail drop, and AF and
BE queues can bind drop profiles to traffic behaviors so that differentiated services are
provided.
NOTE
Pre-configuration Tasks
Before configuring congestion avoidance, complete the following tasks:
l Configuring priority mapping
l Configuring priority re-marking based on traffic classification
l Configuring congestion management
Data Preparation
To configure queue-based congestion avoidance, you need the following data.
No. Data
No. Data
4 Traffic policy name and interface to which the traffic policy is applied
Context
A drop profile defines WRED parameters and is used to implement congestion avoidance for
queues bound to the drop profile.
After a drop profile is bound to a queue profile, bind the queue profile to an interface so that
WRED parameters in the drop profile take effect on the interface.
The AR1200-S supports WRED based on DSCP priorities or IP priorities:
l The value of an IP precedence ranges from 0 to 7.
l The value of a DSCP priority ranges from 0 to 63.
l Eight DSCP priorities correspond to one IP precedence.
WRED based on DSCP priorities differentiates services in a more refined manner.
NOTE
Drop profiles can be bound to only queues using WFQ on the AR1200-S WAN interfaces.
Procedure
Step 1 Configuring a drop profile
1. Run:
system-view
The drop profile can be an existing drop profile or a new drop profile. You can set the
scheduling mode, queue weight, queue length, and queue shaping in the queue profile.
2. Run:
schedule wfq start-queue-index [ to end-queue-index ]
By default, no queue is bound to a drop profile. All queues use tail drop.
4. Run:
quit
----End
Prerequisite
Class-based congestion management has been configured.
Context
A drop profile defines WRED parameters and is used to implement congestion avoidance for
queues bound to the drop profile.
After a drop profile is bound to a traffic behavior, bind the traffic behavior and traffic classifier
to a traffic policy and apply the traffic policy to an interface so that WRED parameters in the
drop profile take effect on the interface.
NOTE
Congestion avoidance can only be configured on the AR1200-S WAN-side interfaces but not on the LAN-
side interfaces.
A drop profile takes effect for only AF and BE queues; therefore, class-based congestion management must
have been configured before you configure flow-based congestion avoidance.
Procedure
Step 1 Configuring a drop profile
1. Run:
system-view
Create a traffic policy, associate the traffic classifier and traffic behavior with the traffic
policy, and apply the traffic policy to an interface. For details, see 2.5 Configuring a
Traffic Policy.
----End
Prerequisite
All the congestion avoidance configurations are complete.
Procedure
l Checking the queue-based congestion avoidance configuration
– Run the display this command in the interface view to check the queue profile bound
to the interface.
– Run the display this command in the queue profile view to check the drop profile bound
to the queue profile.
– Run the display drop-profile [ drop-profile-name ] command to check the drop profile
configuration.
l Checking the flow-based congestion avoidance configuration
– Run the display traffic behavior { system-defined | user-defined } [ behavior-
name ] command to check the traffic behavior configuration.
– Run the display traffic classifier { system-defined | user-defined } [ classifier-
name ] command to check the traffic classifier configuration.
– Run the display traffic policy user-defined [ policy-name [ classifier classifier-
name ] ] command to check the traffic policy configuration.
– Run the display traffic-policy policy-name applied-record command to check the
specified traffic policy record.
----End
Example
l Checking the queue-based congestion avoidance configuration
Run the display this command to check the queue profile bound to the interface.
[Huawei-Ethernet0/0/0] display
this
#
interface
Ethernet0/0/0
qos queue-profile qp1
#
return
Run the display this command in the queue profile view to check the drop profile bound
to the queue profile qp1.
[Huawei-Ethernet0/0/0] quit
[Huawei] qos queue-profile qp1
[Huawei-qos-queue-profile-qp1] display this
#
qos queue-profile
qp1
queue 2 drop-profile drop-
profile1
schedule wfq 2
#
return
Run the display drop-profile command to check the drop profile configuration.
[Huawei-qos-queue-profile-qp1] quit
[Huawei] quit
<Huawei> display drop-profile drop-profile1
Drop-profile[1]: drop-
profile1
IP-Precedence Low-limit High-limit Discard-
percentage
-----------------------------------------------------------------
0(routine) 30 100
10
1(priority) 30 100
10
2(immediate) 30 100
10
3(flash) 50 80
30
4(flash-override) 30 100
10
5(critical) 30 100
10
6(internet) 30 100
10
7(network) 30 100
10
-----------------------------------------------------------------
Applicable Environment
The traditional QoS technology schedules packets based on interfaces. An interface, however,
can identify only priorities of different services, but cannot identify services of different users.
Packets of the same priority are placed into the same queue on an interface and compete for the
same queue resource. Therefore, the traditional QoS technology is unable to provide
differentiated service based on the type of traffic and the identity of a user.
As the number of users increases continuously and services develop, users require differentiated
services to have better QoS and gain more profits. HQoS implements hierarchical scheduling
based on queues and differentiates services and users. It provides QoS guarantee and saves
network operation and maintenance costs.
The AR1200-S uses traffic policy nesting to implement HQoS. A traffic policy can be nested
into another traffic policy. That is, the traffic behavior or action in a traffic policy is a sub traffic
policy. Table 1-5 lists the traffic classifiers and traffic behaviors allowed in traffic policies when
traffic policy nesting is used.
Table 1-5 Traffic classifiers and traffic behaviors allowed in traffic policies
Traffic Policy Traffic Classifier Traffic Behavior
NOTE
HQoS can only be configured for outgoing traffic on AR1200-S WAN-side interfaces.
Pre-configuration Tasks
Before configuring HQoS, complete the following tasks:
l Configuring link layer attributes of interfaces to ensure that these interfaces work properly
l Configuring IP addresses and routing protocols for interfaces to ensure connectivity
l Configuring priority mapping
l Configuring an ACL if necessary
Data Preparation
To configure HQoS, you need the following data.
No. Data
1 Names of the traffic classifier, traffic behavior, and traffic policy, and related
parameters
2 Names of the traffic classifier, traffic behavior, and sub traffic policy, and related
parameters
Context
The following actions cannot be configured simultaneously in a traffic behavior of a sub traffic
policy because they are exclusive:
l Flow-based traffic shaping
l Class-based congestion management and congestion avoidance
Procedure
Step 1 Configure a traffic classifier.
The AR1200-S can classify traffic according to the ACL, Layer 2 information in packets, and
Layer 3 information in packets. Configure a traffic classifier by selecting appropriate traffic
classification rules. For details, see 2.3 Configuring a Traffic Classifier.
Create a traffic behavior and configure a proper action in the traffic behavior. For details, see
2.4 Configuring a Traffic Behavior.
Step 3 Associate the traffic classifier and the traffic behavior with the traffic policy.
Create a sub traffic policy, and associate the traffic classifier and traffic behavior with the sub
traffic policy. For details, see 2.5 Configuring a Traffic Policy.
----End
Prerequisite
The task of 1.8.2.1 Configuring a Sub Traffic Policy has been complete.
Context
A traffic classifier in the traffic policy can classify traffic only based on VLAN IDs (if-match
vlan-id), PVC information (if-match pvc), and DLCI numbers (if-match dlci).
Traffic shaping must have been configured in the traffic behavior of the traffic policy before
you configure a sub traffic policy. Only traffic shaping and sub traffic policy binding can be
configured in the traffic behavior of the traffic policy.
Procedure
Step 1 Configure a traffic classifier.
Configure a traffic classifier by selecting appropriate traffic classification rules. For details, see
2.3 Configuring a Traffic Classifier.
Step 3 Associate the traffic classifier and the traffic behavior with the traffic policy.
Create a traffic policy, and associate the traffic classifier and traffic behavior with the traffic
policy. For details, see 2.5 Configuring a Traffic Policy.
NOTE
Each traffic policy or sub traffic policy supports a maximum of 1024 pairs of traffic classifiers and traffic
behaviors.
Each traffic behavior in the traffic policy can be bound to only one sub traffic policy, whereas different traffic
behaviors can be bound to different sub traffic policies.
If a traffic policy is bound to multiple pairs of traffic classifiers and traffic behaviors, matching rules in the traffic
classifiers must be different. If matching rules are the same, packets of the same type are processed incorrectly
because different actions are taken for these packets.
----End
Context
NOTE
Traffic policy nesting can only be configured for outgoing traffic on AR1200-S WAN-side interfaces.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number[.subinterface-number]
Step 3 Run:
traffic-policy policy-name outbound
----End
Context
Set traffic policing parameters based on site requirements. For details, see 1.4.2 Configuring
Traffic Policing on an Interface.
The AR1200-S supports traffic policing for flow queues and interface queues.
l The car (traffic behavior view) command configured in a sub traffic policy limits the
traffic rate of flow queues. That is, different rates are set for different services of a user.
l The qos car command configured on an interface only limits the rate of total traffic on the
interface, but does not distinguish users or services.
Context
Set the traffic shaping rate based on site requirements. For details, see 1.5.2 Configuring
Interface-based Traffic Shaping.
The AR1200-S supports three levels of shapers, that is, flow queue shaper, subscriber queue
shaper, and port queue shaper.
l The gts (traffic behavior view) command configured in a sub traffic policy limits the rate
of traffic of flow queues. That is, different rates are set for different services of a user.
l The gts (traffic behavior view) command configured in a traffic policy limits the rate of
traffic of subscriber queues. That is, different rates are set for different services of different
users.
l The qos gts command configured on an interface only limits the rate of total traffic on the
interface, but does not distinguish users or services.
NOTE
If three levels of traffic shaping are configured on an interface, the CIR value of traffic shaping on the
interface must be greater than or equal to the CIR values of all traffic behaviors in the traffic policy on the
interface and its sub-interfaces, and the CIR value of each traffic policy must be greater than or equal to
the CIR values of all traffic behaviors in the sub traffic policy.
Prerequisite
All the HQoS configurations are complete.
Procedure
l Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]
command to check the traffic behavior configuration.
l Run the display traffic classifier { system-defined | user-defined } [ classifier-name ]
command to check the traffic classifier configuration.
l Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ]
command to check the traffic policy configuration.
l Run the display traffic-policy policy-name applied-record command to check the
specified traffic policy record.
l Run the display this command in the interface view to check the configuration of traffic
policing and traffic shaping on the interface.
----End
Example
l For details on how to check the traffic policing configuration on an interface, see 1.4.4
Checking the Configuration.
l For details on how to check the traffic shaping configuration on an interface, see 1.5.5
Checking the Configuration.
l For details on how to check the flow-based congestion avoidance configuration, see 2.3
Configuring a Traffic Classifier, 2.4.11 Checking the Configuration, and 2.5
Configuring a Traffic Policy.
Context
To check whether packets in each queue on an interface are forwarded or discarded because of
congestion, view the statistics on each queue on the interface.
Procedure
l Run the display qos queue statistics interface interface-type interface-number [ queue
queue-index ] or display qos queue statistics interface { virtual-template vt-number |
dialer number } virtual-access va-number [ queue queue-index ] command to view the
queue-based traffic statistics on the interface.
----End
Context
Before recollecting the queue-based traffic statistics on an interface, run the following command
in the user view to clear the existing statistics.
CAUTION
The cleared queue-based traffic statistics cannot be restored. Exercise caution when you run the
command.
Procedure
l Run the reset qos queue statistics interface interface-type interface-number [ queue
queue-index ] or reset qos queue statistics interface { virtual-template vt-number |
Networking Requirements
As shown in Figure 1-3, voice, video, and data services on the LAN side of the enterprise are
connected to Eth0/0/0 and Eth0/0/1 of RouterA through SwitchA and SwitchB, and are sent to
the WAN-side network through GE0/0/1 of RouterA.
RouterA identifies and processes service packets on the LAN side based on 802.1p priorities in
packets. When packets reach the WAN- side network from GE0/0/1, RouterA needs to provide
differentiated services based on DSCP priorities in the packets. A priority mapping table is
configured so that RouterA can re-marks 802.1p priorities with DSCP priorities.
Video
802.1p=5
Data
802.1p=2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces and configure interfaces so that enterprise users
can access the WAN-side network through RouterA.
2. Configure interfaces to trust 802.1p priorities in packets on RouterA.
3. Configure a priority mapping table on RouterA and modify the mappings between 802.1p
priorities and DSCP priorities so that RouterA can re-mark 802.1p priorities with DSCP
priorities.
Data Preparation
To complete the configuration, you need the following data:
l VLAN 20 that the interface of RouterA connected to SwitchA belongs to, IP address
192.168.2.1/24 of VLANIF 20, and 802.1p priority trusted by interfaces
l VLAN 30 that the interface of RouterA connected to SwitchB belongs to, IP address
192.168.3.1/24 of VLANIF 30, and 802.1p priorities trusted by interfaces
l IP address 192.168.4.1/24 of the interface of RouterA connected to the WAN-side interface
l 802.1p priorities 2, 5, and 6 mapped to DSCP priorities 14, 40, and 46 on RouterA
Procedure
Step 1 Create VLANs and configure interfaces.
# Configure Eth0/0/0 and Eth0/0/1 as trunk interfaces, and add Eth0/0/0 to VLAN 20 and
Eth0/0/1 to VLAN 30.
[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] port link-type trunk
[RouterA-Ethernet0/0/0] port trunk allow-pass vlan 20
[RouterA-Ethernet0/0/0] quit
[RouterA] interface ethernet 0/0/1
[RouterA-Ethernet0/0/1] port link-type trunk
[RouterA-Ethernet0/0/1] port trunk allow-pass vlan 30
[RouterA-Ethernet0/0/1] quit
NOTE
Configure the interface of SwitchA connected to RouterA as a trunk interface and add it to VLAN 20.
Configure the interface of SwitchB connected to RouterA as a trunk interface and add it to VLAN 30.
# Create VLANIF 20 and VLANIF 30, assign IP address 192.168.2.1/24 to VLANIF 20, and
assign IP address 192.168.3.1/24 to VLANIF 30.
[RouterA] interface vlanif 20
[RouterA-Vlanif20] ip address 192.168.2.1 24
[RouterA-Vlanif20] quit
[RouterA] interface vlanif 30
[RouterA-Vlanif30] ip address 192.168.3.1 24
[RouterA-Vlanif30] quit
NOTE
Configure RouterB to ensure that there is a reachable route betweenRouterB and RouterA. The
configuration details are not mentioned here.
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 20 30
#
qos map-table dot1p-
dscp
input 2 output
14
input 6 output 46
#
interface
Vlanif20
ip address 192.168.2.1
255.255.255.0
#
interface
Vlanif30
ip address 192.168.3.1
255.255.255.0
#
interface Ethernet0/0/0
port link-type
trunk
port trunk allow-pass vlan
20
trust 8021p
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
30
trust 8021p
#
interface GigabitEthernet0/0/1
ip address 192.168.4.1
255.255.255.0
#
return
Networking Requirements
As shown in Figure 1-4, voice, video, and data services on the LAN side of the enterprise belong
to VLAN 10, VLAN 20, and VLAN 30. The services are transmitted to Eth0/0/0 on RouterA,
and are transmitted to the WAN-side network through GE0/0/1 on RouterA.
Flow-based traffic policing needs to be performed for different service packets on RouterA so
that the service traffic is limited within a proper range and bandwidth is ensured. Interface-based
traffic policing needs to be performed for all incoming traffic on Eth0/0/0 so that the total traffic
of a single enterprise user is limited within a proper range.
Voice
VLAN 10
Eth0/0/0
WAN
VLAN 20 LAN
GE0/0/1
Switch RouterA RouterB
Video VLAN 30
Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces and configure interfaces so that enterprise users
can access the WAN-side network through RouterA.
2. Configure traffic classifiers on RouterA to classify packets based on the VLAN ID.
3. Configure traffic behaviors on RouterA to perform traffic policing for different service
packets from the enterprise.
4. Configure a traffic policy on RouterA, bind the traffic policy to traffic behaviors and traffic
classifiers, and apply the traffic policy to the inbound direction of the interface on
RouterA connected to Switch.
5. Configure interface-based traffic policing to the inbound direction of the interface on
RouterA connected to Switch to limit the rate of all the packets.
Data Preparation
To complete the configuration, you need the following data:
l VLANs allowed by the interface of RouterA connected to the Switch: VLAN 10, VLAN
20, VLAN 30
l IP addresses of VLANIF 10, VLANIF 20, and VLANIF 30: 192.168.1.1/24,
192.168.2.1/24, and 192.168.3.1/24
l IP address 192.168.4.1/24 of the interface of RouterA connected to the WAN-side interface
l Names of traffic classifiers matching service flows
l Traffic policing parameters of different service flows:
– Voice service: CIR value 256 kbit/s, CBS value 48128 bytes, and PBS value 80128
bytes
– Video service: CIR value 4000 kbit/s, CBS value 752000 bytes, and PBS value 1252000
bytes
– Data service: CIR value 2000 kbit/s, CBS value 376000 bytes, and PBS value 626000
bytes
l CIR value of enterprise users: 10000 kbit/s
l Type and number of the interface and the direction to which a traffic policy is applied:
inbound direction of Eth0/0/0 on RouterA
Procedure
Step 1 Create VLANs and configure interfaces.
# Create VLAN 10, VLAN 20, and VLAN 30 on RouterA.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] vlan batch 10 20 30
# Configure Eth0/0/0 as a trunk interface and allow packets from VLAN 10, VLAN 20, and
VLAN 30 to pass through.
[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] port link-type trunk
[RouterA-Ethernet0/0/0] port trunk allow-pass vlan 10 20 30
[RouterA-Ethernet0/0/0] quit
NOTE
# Configure the interface of Switch connected to RouterA as a trunk interface and allow packets from
VLAN 10, VLAN 20, and VLAN 30 to pass through.
# Create VLANIF 10, VLANIF 20, and VLANIF 30, and assign IP addresses 192.168.1.1/24,
192.168.2.1/24, and 192.168.3.1/24 to VLANIF 10, VLANIF 20, and VLANIF 30.
[RouterA] interface vlanif 10
[RouterA-Vlanif10] ip address 192.168.1.1 24
[RouterA-Vlanif10] quit
[RouterA] interface vlanif 20
[RouterA-Vlanif20] ip address 192.168.2.1 24
[RouterA-Vlanif20] quit
[RouterA] interface vlanif 30
[RouterA-Vlanif30] ip address 192.168.3.1 24
[RouterA-Vlanif30] quit
NOTE
Configure RouterB to ensure that there is a reachable route betweenRouterB and RouterA. The
configuration details are not mentioned here.
[RouterA-classifier-c2] quit
[RouterA] traffic classifier c3
[RouterA-classifier-c3] if-match vlan-id 30
[RouterA-classifier-c3] quit
Step 4 Configure a traffic policy and apply the traffic policy to an interface.
# Create a traffic policy p1 on RouterA, bind the traffic policy to the traffic classifiers and the
traffic behaviors, and apply the traffic policy to the inbound direction of Eth0/0/0.
[RouterA] traffic policy p1
[RouterA-trafficpolicy-p1] classifier c1 behavior b1
[RouterA-trafficpolicy-p1] classifier c2 behavior b2
[RouterA-trafficpolicy-p1] classifier c3 behavior b3
[RouterA-trafficpolicy-p1] quit
[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] traffic-policy p1 inbound
Classifier: c3
Operator: OR
Rule(s) : if-match vlan-id 30
Classifier: c1
Operator: OR
Rule(s) : if-match vlan-id 10
Operator: OR
Behavior: b1
Committed Access Rate:
CIR 256 (Kbps), PIR 0 (Kbps), CBS 48128 (byte), PBS 80128 (byte)
Color Mode: color Blind
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
statistic: enable
Classifier: c2
Operator: OR
Behavior: b2
Committed Access Rate:
CIR 4000 (Kbps), PIR 0 (Kbps), CBS 752000 (byte), PBS 1252000 (byte)
Color Mode: color Blind
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
statistic: enable
Classifier: c3
Operator: OR
Behavior: b3
Committed Access Rate:
CIR 2000 (Kbps), PIR 0 (Kbps), CBS 376000 (byte), PBS 626000 (byte)
Color Mode: color Blind
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
statistic: enable
Interface: Ethernet0/0/0
Traffic policy inbound: p1
Rule number: 3
Current status: OK!
Board : 0
Item Packets Bytes
---------------------------------------------------------------------
Matched 0 0
+--Passed 0 0
+--Dropped 0 0
+--Filter 0 0
+--URPF - -
+--CAR 0 0
+--Enqueue 0 0
+--Queue pass 0 0
+--Queue drop 0 0
+--Car 0 -
+--Green packets 0 -
+--Yellow packets 0 -
+--Red packets 0 -
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 10 20
30
#
Networking Requirements
As shown in Figure 1-5, voice, video, and data services on the LAN side of the enterprise are
connected to Eth0/0/0 of RouterA through Switch, and are sent to the WAN-side network through
GE0/0/1 of RouterA.
Different service packets are identified based on 802.1p priorities on the LAN side. RouterA
sends the packets to queues based on 802.1p priorities. When packets reach the WAN-side
network through GE0/0/1, jitter may occur. To prevent jitter and ensure bandwidth of services,
perform the following operations:
l Set the CIR value of the interface to 8000 kbit/s.
l Set the CIR value of voice services to 256 kbit/s and the CBS value to 6400 bytes.
l Set the CIR value of video services to 4000 kbit/s and the CBS value to 100000 bytes.
l Set the CIR value of data services to 2000 kbit/s and the CBS value to 50000 bytes.
Voice
802.1p=6
Eth0/0/0
WAN
802.1p=2 LAN
GE0/0/1
Switch RouterA RouterB
Data
802.1p=5
Video
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces on RouterA and configure interfaces so that
enterprise users can access the WAN-side network through RouterA.
2. Configure interfaces to trust 802.1p priorities in packets on RouterA.
3. Configure interface-based traffic shaping on RouterA to limit the interface bandwidth.
4. Configure queue-based traffic shaping on RouterA to limit the bandwidth of voice, video,
and data services.
Data Preparation
To complete the configuration, you need the following data:
l VLAN 10 that the interface of RouterA connected to Switch belongs to, IP address
192.168.1.1/24 of VLANIF 10, and 802.1p priorities trusted by interfaces
l IP address 192.168.4.1/24 of the interface of RouterA connected to the WAN-side interface
l Interface-based traffic shaping rate
l Queue-based traffic shaping rate
Procedure
Step 1 Create VLANs and configure interfaces.
NOTE
Configure the interface of the Switch connected to RouterA as a trunk interface and add it to VLAN 10.
NOTE
Configure RouterB to ensure that there is a reachable route betweenRouterB and RouterA. The
configuration details are not mentioned here.
# Configure interface-based traffic shaping on RouterA and set the CIR value to 8000 kbit/s.
----End
Configuration Files
l Configuration file of RouterA
sysname RouterA
#
vlan 10
#
qos queue-profile
qp1
queue 2 gts cir 2000 cbs
50000
queue 5 gts cir 4000 cbs
100000
queue 6 gts cir 256 cbs
6400
schedule wfq 0 to 5 pq 6 to
7
#
interface
Vlanif10
ip address 192.168.1.1
255.255.255.0
#
interface Ethernet0/0/0
port link-type
trunk
port trunk allow-pass vlan
10
trust
8021p
#
interface GigabitEthernet0/0/1
ip address 192.168.4.1
255.255.255.0
qos queue-profile
qp1
qos gts cir 8000 cbs
200000
#
return
Networking Requirements
As shown in Figure 1-6, voice, video, and data services on the LAN side of the enterprise are
connected to Eth0/0/0 and Eth0/0/1 of RouterA through SwitchA and SwitchB, and are sent to
the WAN-side network through GE0/0/1 of RouterA.
Packets are marked with different DSCP priorities by SwitchA and SwitchB, and the priorities
of voice, video, and data services are ef, cs5, and af32 and af31. RouterA sends packets to queues
based on DSCP priorities. The rates of Eth0/0/0 and Eth0/0/1 on RouterA are greater than those
of GE0/0/1, congestion may occur on GE0/0/1 in the outbound direction. To reduce the impact
of network congestion and ensure bandwidth for high-priority and low-delay services, set the
related parameters according to the following table.
Video
Data DSCP=38
DSCP=26
DSCP=28
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces on RouterA and configure interfaces so that
enterprise users can access the WAN-side network through RouterA.
2. Configure interfaces to trust DSCP priorities in packets on RouterA.
3. Create drop profiles and set WRED parameters based on the DSCP priority.
4. Create a queue profile and set the scheduling mode and drop mode for each queue.
5. Apply the queue profile to the outbound direction of the interface on RouterA connected
to the WAN-side network to implement congestion avoidance and congestion management.
Data Preparation
To complete the configuration, you need the following data:
l VLAN 20 that the interface of RouterA connected to SwitchA belongs to, IP address
192.168.2.1/24 of VLANIF 20, and DSCP priority trusted by interfaces
l VLAN 30 that the interface of RouterA connected to SwitchB belongs to, IP address
192.168.3.1/24 of VLANIF 30, and DSCP priorities trusted by interfaces
l IP address 192.168.4.1/24 of the interface of RouterA connected to the WAN-side interface
l Names of the drop profiles and WRED parameters
l Name of the queue profile and scheduling mode
l Number of the interface to which the queue profile is applied
Procedure
Step 1 Create VLANs and configure interfaces.
# Configure Eth0/0/0 and Eth0/0/1 to trust DSCP priorities, configure them as trunk interfaces,
and add Eth0/0/0 to VLAN 20 and Eth0/0/1 to VLAN 30.
[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] trust dscp
[RouterA-Ethernet0/0/0] port link-type trunk
[RouterA-Ethernet0/0/0] port trunk allow-pass vlan 20
[RouterA-Ethernet0/0/0] quit
[RouterA] interface ethernet 0/0/1
[RouterA-Ethernet0/0/1] trust dscp
[RouterA-Ethernet0/0/1] port link-type trunk
[RouterA-Ethernet0/0/1] port trunk allow-pass vlan 30
[RouterA-Ethernet0/0/1] quit
NOTE
Configure the interface of SwitchA connected to RouterA as a trunk interface and add it to VLAN 20.
Configure the interface of SwitchB connected to RouterA as a trunk interface and add it to VLAN 30.
# Create VLANIF 20 and VLANIF 30, assign IP address 192.168.2.1/24 to VLANIF 20, and
assign IP address 192.168.3.1/24 to VLANIF 30.
[RouterA] interface vlanif 20
[RouterA-Vlanif20] ip address 192.168.2.1 24
[RouterA-Vlanif20] quit
[RouterA] interface vlanif 30
[RouterA-Vlanif30] ip address 192.168.3.1 24
[RouterA-Vlanif30] quit
NOTE
Configure RouterB to ensure that there is a reachable route betweenRouterB and RouterA. The
configuration details are not mentioned here.
57 30 100 10
58 30 100 10
59 30 100 10
60 30 100 10
61 30 100 10
62 30 100 10
63 30 100 10
-----------------------------------------------------------------
[RouterA] display drop-profile data
Drop-profile[1]: data
DSCP Low-limit High-limit Discard-percentage
-----------------------------------------------------------------
0(default) 30 100 10
1 30 100 10
2 30 100 10
3 30 100 10
4 30 100 10
5 30 100 10
6 30 100 10
7 30 100 10
8(cs1) 30 100 10
9 30 100 10
10(af11) 30 100 10
11 30 100 10
12(af12) 30 100 10
13 30 100 10
14(af13) 30 100 10
15 30 100 10
16(cs2) 30 100 10
17 30 100 10
18(af21) 30 100 10
19 30 100 10
20(af22) 30 100 10
21 30 100 10
22(af23) 30 100 10
23 30 100 10
24(cs3) 30 100 10
25 30 100 10
26(af31) 40 60 40
27 30 100 10
28(af32) 50 70 30
29 30 100 10
30(af33) 30 100 10
31 30 100 10
32(cs4) 30 100 10
33 30 100 10
34(af41) 30 100 10
35 30 100 10
36(af42) 30 100 10
37 30 100 10
38(af43) 60 80 20
39 30 100 10
40(cs5) 30 100 10
41 30 100 10
42 30 100 10
43 30 100 10
44 30 100 10
45 30 100 10
46(ef) 30 100 10
47 30 100 10
48(cs6) 30 100 10
49 30 100 10
50 30 100 10
51 30 100 10
52 30 100 10
53 30 100 10
54 30 100 10
55 30 100 10
56(cs7) 30 100 10
57 30 100 10
58 30 100 10
59 30 100 10
60 30 100 10
61 30 100 10
62 30 100 10
63 30 100 10
-----------------------------------------------------------------
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 20 30
#
drop-profile
data
wred dscp
dscp af31 low-limit 40 high-limit 60 discard-percentage
40
dscp af32 low-limit 50 high-limit 70 discard-percentage
30
#
drop-profile
video
wred dscp
dscp af43 low-limit 60 high-limit 80 discard-percentage
20
#
qos queue-profile queue-
profile1
queue 3 drop-profile
data
queue 4 drop-profile
video
schedule wfq 3 to 4 pq
5
#
interface
Vlanif20
ip address 192.168.2.1
255.255.255.0
#
interface
Vlanif30
ip address 192.168.3.1
255.255.255.0
#
interface Ethernet0/0/0
port link-type
trunk
port trunk allow-pass vlan
20
trust dscp
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
30
trust dscp
#
interface GigabitEthernet0/0/1
ip address 192.168.4.1
255.255.255.0
Networking Requirements
As shown in Figure 1-7, two departments in VPNA and VPNB are connected to the Router
through Switch and are connected to the headquarters through two sub-interfaces of GE0/0/1.
Each department has voice, video, and data service flows.
Packets are marked with different DSCP priorities by Switch, and the priorities of voice, video,
and data services are ef, af21, and af11. Each department needs to set the individual CIR value
and share the maximum bandwidth of the interface. Voice packets need to be processed first,
and bandwidth of video and data packets needs to be ensured.
Voice
Data
VPNA
VLAN 10
Video
LSWA
GE0/0/1.1
Eth0/0/0
LAN Switch WAN
Eth0/0/1 GE0/0/1.2
Router
LSWB
Video
VPNB
Data VLAN 20
Voice
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces and configure interfaces so that enterprise users
can access the WAN-side network through the Router.
2. Configure interfaces to trust DSCP priorities in packets on the Router.
3. Configure sub traffic policies for VPNA and VPNB on the Router, configure traffic
classifiers based on DSCP priorities to send voice packets to EF queues and video and data
packets to AF queues, and bind drop profiles.
4. Configure a traffic policy on the Router, configure traffic classifiers based on VLAN IDs
to shape packets from different VLANs, and bind the traffic policy to the sub traffic policies.
5. Apply the traffic policy to the interface of the Router connected to the WAN-side network
to provide differentiated QoS services.
Data Preparation
To complete the configuration, you need the following data:
l VLAN 10 that Eth0/0/0 of the Router connected to Switch, IP address 192.168.1.1/24 of
VLANIF 10, and DSCP priorities trusted by interfaces
l VLAN 20 that Eth0/0/1 of the Router connected to Switch, IP address 192.168.1.1/24 of
VLNAIF 20, and DSCP priorities trusted by interfaces
l IP address 192.168.3.1/24 of GE0/0/1 on the Router connected to the WAN-side interface,
control VLAN 100 of GE0/0/1.1, its encapsulation mode dot1q, and its IP address
192.168.4.1/24; and control VLAN 200 of GE0/0/1.2, its encapsulation mode dot1q, and
its IP address 192.168.5.1/24
l Names of the drop profiles and WRED parameters
Procedure
Step 1 Create VLANs and configure interfaces.
# Create VLAN 10 and VLAN 20 on the Router.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 10 20
NOTE
Configure the interface of Switch connected to the Router as a trunk interface and add it to VLAN 10 and
VLAN 20.
# Create VLANIF 10 and VLANIF 20, and assign IP addresses 192.168.1.1/24 and
192.168.2.1/24 to VLANIF 10 and VLANIF 20.
[Router] interface vlanif 10
[Router-Vlanif10] ip address 192.168.1.1 24
[Router-Vlanif10] quit
[Router] interface vlanif 20
[Router-Vlanif20] ip address 192.168.2.1 24
[Router-Vlanif20] quit
# Configure the control VLAN of GE0/0/1.1 as VLAN 100, set the encapsulation mode to dot1q,
and assign 192.168.4.1/24 to it. Configure the control VLAN of GE0/0/1.2 as VLAN 200, set
the encapsulation mode to dot1q, and assign 192.168.5.1/24 to it.
[Router] interface gigabitethernet 0/0/1.1
[Router-GigabitEthernet0/0/1.1] ip address 192.168.4.1 24
[Router-GigabitEthernet0/0/1.1] control-vid 1 dot1q-termination
[Router-GigabitEthernet0/0/1.1] dot1q termination vid 100
[Router-GigabitEthernet0/0/1.1] quit
[Router] interface gigabitethernet 0/0/1.2
[Router-GigabitEthernet0/0/1.2] ip address 192.168.5.1 24
[Router-GigabitEthernet0/0/1.2] control-vid 2 dot1q-termination
[Router-GigabitEthernet0/0/1.2] dot1q termination vid 200
[Router-GigabitEthernet0/0/1.2] quit
# Create traffic classifiers data, video, and voice on the Router to classify different service flows
from the enterprise based on DSCP priorities.
[Router] traffic classifier data
[Router-classifier-data] if-match dscp af11
[Router-classifier-data] quit
[Router] traffic classifier video
[Router-classifier-video] if-match dscp af21
[Router-classifier-video] quit
[Router] traffic classifier voice
[Router-classifier-voice] if-match dscp ef
[Router-classifier-voice] quit
# Create traffic behaviors data, video, and voice on the Router to configure congestion
management and congestion avoidance for different service flows of the enterprise.
[Router] traffic behavior data
[Router-behavior-data] queue af bandwidth pct 35
[Router-behavior-data] drop-profile data
[Router-behavior-data] quit
[Router] traffic behavior video
[Router-behavior-video] queue af bandwidth pct 60
[Router-behavior-video] drop-profile video
[Router-behavior-video] quit
[Router] traffic behavior voice
[Router-behavior-voice] queue ef bandwidth pct 5
[Router-behavior-voice] quit
# Define sub traffic policies for VPNA and VPNB on the Router.
[Router] traffic policy vpna-sub
[Router-trafficpolicy-vpna-sub] classifier voice behavior voice
[Router-trafficpolicy-vpna-sub] classifier video behavior video
[Router-trafficpolicy-vpna-sub] classifier data behavior data
[Router-trafficpolicy-vpna-sub] quit
[Router] traffic policy vpnb-sub
[Router-trafficpolicy-vpnb-sub] classifier voice behavior voice
[Router-trafficpolicy-vpnb-sub] classifier video behavior video
[Router-trafficpolicy-vpnb-sub] classifier data behavior data
[Router-trafficpolicy-vpnb-sub] quit
# Configure traffic classifiers vpna and vpnb on the Router to classify different service flows
from the enterprise based on the VLAN ID.
[Router] traffic classifier vpna
[Router-classifier-vpna] if-match vlan-id 100
[Router-classifier-vpna] quit
[Router] traffic classifier vpnb
# Create traffic behaviors vpna and vpnb on the Router to shape packets from different VLANs
and bind them to sub traffic policies.
[Router] traffic behavior vpna
[Router-behavior-vpna] gts cir 20000
[Router-behavior-vpna] traffic-policy vpna-sub
[Router-behavior-vpna] quit
[Router] traffic behavior vpnb
[Router-behavior-vpnb] gts cir 30000
[Router-behavior-vpnb] traffic-policy vpnb-sub
[Router-behavior-vpnb] quit
Classifier: vpnb
Operator: OR
Behavior: vpnb
General Traffic Shape:
CIR 30000 (bps), CBS 15000 (bit), PBS 0 (bit)
Queue length 50 (Packets)
Traffic-policy:
Traffic-policy vpnb-sub
Policy: vpna-sub
Classifier: voice
Operator: OR
Behavior: voice
Expedited Forwarding:
Bandwidth 5 (%)
Classifier: video
Operator: OR
Behavior: video
Assured Forwarding:
Bandwidth 60 (%)
Drop Method: WRED
Drop-profile: video
Classifier: data
Operator: OR
Behavior: data
Assured Forwarding:
Bandwidth 35 (%)
Drop Method: WRED
Drop-profile: data
Policy: vpnb-sub
Classifier: voice
Operator: OR
Behavior: voice
Expedited Forwarding:
Bandwidth 5 (%)
Classifier: video
Operator: OR
Behavior: video
Assured Forwarding:
Bandwidth 60 (%)
Drop Method: WRED
Drop-profile: video
Classifier: data
Operator: OR
Behavior: data
Assured Forwarding:
Bandwidth 35 (%)
Drop Method: WRED
Drop-profile: data
23 30 100 10
24(cs3) 30 100 10
25 30 100 10
26(af31) 30 100 10
27 30 100 10
28(af32) 30 100 10
29 30 100 10
30(af33) 30 100 10
31 30 100 10
32(cs4) 30 100 10
33 30 100 10
34(af41) 30 100 10
35 30 100 10
36(af42) 30 100 10
37 30 100 10
38(af43) 30 100 10
39 30 100 10
40(cs5) 30 100 10
41 30 100 10
42 30 100 10
43 30 100 10
44 30 100 10
45 30 100 10
46(ef) 30 100 10
47 30 100 10
48(cs6) 30 100 10
49 30 100 10
50 30 100 10
51 30 100 10
52 30 100 10
53 30 100 10
54 30 100 10
55 30 100 10
56(cs7) 30 100 10
57 30 100 10
58 30 100 10
59 30 100 10
60 30 100 10
61 30 100 10
62 30 100 10
63 30 100 10
-----------------------------------------------------------------
[Router] display drop-profile data
Drop-profile[2]: data
DSCP Low-limit High-limit Discard-percentage
-----------------------------------------------------------------
0(default) 30 100 10
1 30 100 10
2 30 100 10
3 30 100 10
4 30 100 10
5 30 100 10
6 30 100 10
7 30 100 10
8(cs1) 30 100 10
9 30 100 10
10(af11) 70 85 60
11 30 100 10
12(af12) 30 100 10
13 30 100 10
14(af13) 30 100 10
15 30 100 10
16(cs2) 30 100 10
17 30 100 10
18(af21) 30 100 10
19 30 100 10
20(af22) 30 100 10
21 30 100 10
22(af23) 30 100 10
23 30 100 10
24(cs3) 30 100 10
25 30 100 10
26(af31) 30 100 10
27 30 100 10
28(af32) 30 100 10
29 30 100 10
30(af33) 30 100 10
31 30 100 10
32(cs4) 30 100 10
33 30 100 10
34(af41) 30 100 10
35 30 100 10
36(af42) 30 100 10
37 30 100 10
38(af43) 30 100 10
39 30 100 10
40(cs5) 30 100 10
41 30 100 10
42 30 100 10
43 30 100 10
44 30 100 10
45 30 100 10
46(ef) 30 100 10
47 30 100 10
48(cs6) 30 100 10
49 30 100 10
50 30 100 10
51 30 100 10
52 30 100 10
53 30 100 10
54 30 100 10
55 30 100 10
56(cs7) 30 100 10
57 30 100 10
58 30 100 10
59 30 100 10
60 30 100 10
61 30 100 10
62 30 100 10
63 30 100 10
-----------------------------------------------------------------
----End
Configuration Files
l Configuration file of the Router
sysname Router
#
vlan batch 10
20
#
drop-profile
data
wred dscp
dscp af11 low-limit 70 high-limit 85 discard-percentage
60
#
drop-profile
video
wred dscp
dscp af21 low-limit 80 high-limit 95 discard-percentage
60
#
traffic classifier vpna operator
or
if-match vlan-id
100
interface
Vlanif10
ip address 192.168.1.1
255.255.255.0
#
interface
Vlanif20
ip address 192.168.2.1
255.255.255.0
#
interface Ethernet0/0/0
port link-type
trunk
port trunk allow-pass vlan
10
trust
dscp
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
20
trust
dscp
#
interface GigabitEthernet0/0/1
ip address 192.168.3.1
255.255.255.0
traffic-policy enterprise
outbound
#
interface GigabitEthernet0/0/1.1
control-vid 1 dot1q-
termination
dot1q termination vid
100
ip address 192.168.4.1
255.255.255.0
#
interface GigabitEthernet0/0/1.2
control-vid 2 dot1q-
termination
dot1q termination vid
200
ip address 192.168.5.1
255.255.255.0
#
return
This chapter describes the configuration of a traffic policy and the configurations of the traffic
behavior and traffic classifier in the traffic policy. It also provides configuration examples.
Traffic Classifier
A traffic classifier defines a group of matching rules to classify traffic.
The relationship between rules in a traffic classifier can be AND or OR (the default value is
OR):
l AND: Packets match a traffic classifier only when the packets match all the rules.
l OR: Packets match a traffic classifier as long as the packets match a rule.
Traffic Behavior
A traffic behavior is the action to be performed for packets. Performing complex traffic
classification is to provide differentiated services. Complex traffic classification takes effect
only when it is associated with a traffic control action or a resource allocation action.
Traffic Policy
A traffic policy is a QoS policy configured by binding traffic classifiers to traffic behaviors.
Traffic Classifier
A traffic classifier and an Access Control List (ACL) can classify and match traffic, but they are
different. The difference between the traffic classifier and the ACL is that the traffic classifier
only classifies packets matching rules, but does not take actions on packets. An ACL defines
the deny or permit action to implement access control. In addition, a traffic classifier contains
more matching rules than an ACL. For example, a traffic classifier can match packets based on
the inbound interface, whereas an ACL cannot match packets based on the inbound interface.
Traffic Behavior
The AR1200-S provides the following traffic actions:
l Permit/Deny
The permit/deny action is the simplest traffic control action. The AR1200-S controls
network traffic by forwarding or discarding packets.
l Re-marking
This traffic control action sets the precedence field in a packet. Packets carry different
precedence fields on various networks. For example, packets carry the 802.1p field in a
VLAN, the ToS field on an IP network. Therefore, the AR1200-S is required to mark
precedence fields of packets based on the network type.
Generally, a device at the border of a network needs to re-mark precedence fields of
incoming packets; the device in the core of a network provides corresponding QoS services
based on precedence fields marked by the border device, or re-marks the precedence fields
based on its configuration rule.
l Redirection
This traffic control action redirects packets to the specified next hop address. The AR1200-
S does not forward packets based on the destination IP address.
By using redirection, you can implement policy-based routing (PBR). The policy-based
route is a static route. When the next hop is unavailable, the AR1200-S forwards packets
based on the original forwarding path.
l Traffic policing
This traffic control action limits the volume of traffic and the resources used by the traffic
by monitoring the rate of the traffic. By using traffic policing, the AR1200-S can discard
the packets, re-mark the color or precedence of, or implement other QoS measures over the
packets that exceed the rate limit.
l Traffic shaping
This traffic control action also limits the volume of traffic and the resources used by the
traffic by monitoring the rate of the traffic. Traffic shaping adjusts the speed of outgoing
traffic so that the downstream device has sufficient capabilities to process traffic. This
prevents packet loss and congestion. Traffic shaping controls the volume of outgoing traffic
over a network connection on a network so that the outgoing traffic can be sent out at an
even rate.
l Flow mirroring
This traffic control action copies the specified data packets to a specified destination to
detect and troubleshoot faults on a network. For details, see Configuring Local Flow
Mirroring in the Huawei AR1200-S Series Enterprise Routers Configuration Guide -
Device Management.
l Traffic statistics
This traffic control action collects data packets matching defined complex traffic
classification rules.
The traffic statistics action is not a QoS control measure but can be used with other actions
to improve security of networks and packets.
l Queue scheduling
Queue scheduling involves configurations relevant to queues, including scheduling modes
of Expedited Forwarding (EF), Assured Forwarding (AF), and Weighted Fair Queuing
(WFQ) queues, traffic shaping, and Weighted Random Early Detection (WRED). For
details, see CBQ in 1.2 QoS Features Supported by the AR1200-S.
Traffic Policy
A traffic policy is a QoS policy configured by binding traffic classifiers to traffic behaviors. A
traffic policy can be applied to LAN-side interfaces, WAN-side interfaces, or WAN-side sub-
interfaces.
Traffic Traffic
classifier behavior
Traffic Traffic ......
classifier behavior
Traffic Traffic
classifier behavior
......
Traffic Traffic
classifier behavior
Traffic Traffic ......
classifier behavior
Traffic Traffic
classifier behavior
The AR1200-S supports two layers of traffic policies. A sub traffic policy cannot be nested by
another traffic policy.
The AR1200-S uses traffic policy nesting to implement HQoS. Traffic policy nesting can only
be configured on outbound WAN-side interfaces.
Applicable Environment
A traffic classifier can be used to classify packets based on the following information:
l Layer 2 information such as the VLAN ID in packets, 802.1p priority in packets, source
MAC address, destination MAC address, Layer 2 protocol field, DE field in FR packets,
DLCI in FR packets, PVC information in ATM packets, and ACL 4000 to 4999
l Layer 3 information such as DSCP priority in IP packets, IP precedence in IP packets,
protocol type, and ACL 2000-3999
l Layer 4 information such as the RTP port number and SYN Flag in the TCP packet header
l Inbound interface of packets
A traffic classifier must be bound to a traffic behavior and associated with a traffic policy so
that it can take effect.
Pre-configuration Tasks
Before configuring a traffic classifier, complete the following tasks:
l Configuring link layer attributes of interfaces to ensure that these interfaces work properly
l Configuring IP addresses and routing protocols for interfaces to ensure connectivity
l Configuring an ACL if necessary
Procedure
Step 1 Run:
system-view
Step 2 Run:
traffic classifier classifier-name [ operator { and | or } ]
l and: If rules are ANDed with each other, the packets must match all the non-ACL rules and
one of the ACL rules of the traffic classifier.
l or: Packets need to match only one rule of the traffic classifier.
To define a matching rule for traffic classification based on an ACL, create the ACL first. The AR1200-
S supports the following types of ACLs:
l Basic ACLs. For details on how to create a basic ACL, see Configuring a Basic ACL.
l Advanced ACLs. For details on how to create an advanced ACL, see Configuring an Advanced
ACL.
l Layer 2 ACLs. For details on how to create a Layer 2 ACL, see Configuring a Layer 2 ACL.
l To define a matching rule for classifying all data packets, run the if-match any command.
NOTE
If if-match any and other rules are configured in a traffic classifier simultaneously, packets match only
if-match any.
l To define a matching rule for traffic classification based on the destination MAC address,
run the if-match destination-mac mac-address [ mac-address-mask mac-address-mask ]
command.
l To define a matching rule for traffic classification based on the source MAC address, run the
if-match source-mac mac-address [ mac-address-mask mac-address-mask ] command.
l To define a matching rule for traffic classification based on the DLCI in FR packets, run the
if-match dlci start-dlci-number [ to end-dlci-number ] command.
l To define a matching rule for traffic classification based on the Discard Eligibility (DE) in
FR packets, run the if-match fr-de command.
l To define a matching rule for traffic classification based on the DSCP priority in IP packets,
run the if-match dscp dscp-value &<1-8> command.
l To define a matching rule for traffic classification based on the IP precedence in IP packets,
run the if-match ip-precedence ip-precedence-value &<1-8> command.
NOTE
If the relationship between rules is AND in a traffic classifier, the if-match dscp and if-match ip-
precedence commands cannot be used in the traffic classifier simultaneously.
l To define a matching rule for traffic classification based on the inbound interface, run the
if-match inbound-interface interface-type interface-number command.
l To define a matching rule for traffic classification based on the protocol field in the Ethernet
frame, run the if-match l2-protocol { arp | ip | rarp | protocol-value } command.
l To define a matching rule to classify traffic based on the Layer 3 protocol type in packets,
run the if-match protocol ip command.
l To define a matching rule for traffic classification based on the Permanent Virtual Circuit
(PVC) information in ATM packets, run the if-match pvc vpi-number/vci-number command.
l To define a matching rule for traffic classification based on the RTP port number, run the
if-match rtp start-port start-port-number end-port end-port-number command.
l To define a matching rule for traffic classification based on the SYN Flag in the TCP packet
header, run the if-match tcp syn-flag syn-flag &<1-6> command.
l To define a matching rule for traffic classification based on the VLAN ID, run the if-match
vlan-id start-vlan-id [ to end-vlan-id ] command.
l To define a matching rule for traffic classification based on the inner VLAN ID in QinQ
packets, run the if-match cvlan-id start-cvlan-id [ to end-cvlan-id ] command.
----End
Applicable Environment
A traffic behavior is the action to be performed for packets. Performing complex traffic
classification is to provide differentiated services. Complex traffic classification takes effect
only when it is associated with a traffic control action or a resource allocation action.
A traffic classifier must be bound to a traffic behavior and associated with a traffic policy so
that it can take effect.
A traffic policy containing different traffic behaviors are applied to different types of interfaces
and directions on the AR1200-S. See Table 2-2.
Table 2-2 Limitation on applying a traffic policy containing different traffic behaviors
Traffic Behavior Application Limitation
Pre-configuration Tasks
Before configuring a traffic behavior, complete the following tasks:
l Configuring link layer attributes of interfaces to ensure that these interfaces work properly
l Configuring IP addresses and routing protocols for interfaces to ensure connectivity
Data Preparation
To configure a traffic behavior, you need the following data.
No. Data
Context
By configuring a deny or permit action, the AR1200-S rejects or permits packets matching traffic
classification rules to control the network traffic.
Procedure
Step 1 Run:
system-view
Step 2 Run:
traffic behavior behavior-name
l If the action is set to deny, the packets matching traffic classification rules are discarded. Therefore,
other actions except for the traffic statistics action cannot be configured.
l If the action is set to permit, the permit action is taken for the packets matching traffic classification
rules, and other actions defined in the traffic behavior are taken for these packets.
----End
Context
You can configure redirection in a traffic behavior to implement PBR.
A traffic policy containing the redirection action can be applied to only the inbound direction
of an interface.
If the AR1200-S does not have the ARP entry corresponding to the next hop IP address, it triggers
ARP learning. If no ARP entry is learned, packets are forwarded along the original path. If the
AR1200-S has the ARP entry or learns the ARP entry, packets are forwarded based on the
specified IP address.
NQA diagnoses and locates network faults. Association between NQA and redirection
implements rapid route switchover and ensure correct data traffic forwarding when network
faults occur.
l If the NQA test instance detects a reachable destination IP address, packets are forwarded
based on the specified IP address and redirection takes effect.
l If the NQA test instance detects an unreachable destination IP address, packets are
forwarded along the original path and redirection does not take effect.
NOTE
The NQA test instance must be an ICMP type. For details, see Configuring the ICMP Test and Configuring
Universal Parameters for the NQA Test Instance in NQA Configuration of the Huawei AR1200-S Series
Enterprise Routers Configuration Guide - Network Management.
Procedure
Step 1 Run:
system-view
The packets matching traffic classification rules are redirected to the specified next hop
address and association between redirection and the NQA test instance is configured.
----End
Context
After the re-marking action is configured, the AR1200-S still processes outgoing packets based
on the original priority but the downstream device processes the packets based on the re-marked
priority.
Procedure
Step 1 Run:
system-view
The 802.1p priority of the packets matching traffic classification rules is re-marked.
l Run:
remark cvlan-8021p 8021p-value
The inner 802.1p priority in QinQ packets matching the traffic classification rules is re-
marked.
l Run:
remark dscp { dscp-name | dscp-value }
The DSCP priority of the packets matching traffic classification rules is re-marked.
l Run:
remark fr-de fr-de-value
The local priority of the packets matching traffic classification rules is re-marked.
NOTE
If the traffic behavior is configured with remark 8021p or remark dscp, but not remark local-
precedence, the AR1200-S marks the local priority of packets as 0.
----End
Context
The AR1200-S performs traffic policing for packets matching traffic classification rules, and
discards the excess packets or re-marks the colors or CoS of the excess packets.
NOTE
When the CBS value is less than the number of bytes in a single packet of a service, packets of the service
are discarded.
Procedure
Step 1 Run:
system-view
Step 2 Run:
traffic behavior behavior-name
Step 3 Run:
car cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ share ]
[ green { discard | pass [ remark-8021p 8021p-precedence | remark-dscp dscp-
value ] } ] [ yellow { discard | pass [ remark-8021p 8021p-precedence | remark-
dscp dscp-value ] } ] [ red { discard | pass [ remark-8021p 8021p-precedence |
remark-dscp dscp-value ] } ]
After share is specified, all the rules in a traffic classifier bound to a traffic behavior share CAR
parameters. The system aggregates all the flows and uses the CAR to limit the flows.
----End
Context
Traffic shaping adjusts the rate of outgoing traffic so that the downstream device has capabilities
to process traffic. This prevents packet loss and congestion. Traffic shaping controls the volume
of outgoing traffic over a network connection so that the outgoing traffic can be sent out at an
even rate.
NOTE
A traffic policy containing the traffic shaping action can only be applied to outbound AR1200-S WAN-
side interfaces.
Procedure
Step 1 Run:
system-view
----End
Context
The AR1200-S provides the following queues for data packets matching traffic classification
rules:
l AF: ensures low drop probability of packets when the rate of outgoing service traffic does
not exceed the minimum bandwidth. It is applied to services of heavy traffic that need to
be ensured.
l EF: is applied to services requiring a low delay, low drop probability, and assured
bandwidth. It is also applied to services occupying low bandwidth, for example, voice
packets. After packets matching traffic classification rules enter EF queues, they are
scheduled in Strict Priority (SP) mode. Packets in other queues are scheduled only after all
the packets in EF queues are scheduled.
l BE: is used with the default traffic classifier. The remaining packets that do not enter AF
or EF queues enter BE queues. BE queues use Weighted Fair Queuing (WFQ) scheduling.
When a greater number of queues are configured, WFQ allocates bandwidth more evenly
but more resources are occupied. WFQ is applied to the services insensitive to the delay
and packet loss, for example, Internet access services.
NOTE
A traffic policy containing AF, EF, or BE can only be applied to outbound AR1200-S WAN-side interfaces.
Although you are allowed to configure AF queues and bandwidth for the default traffic classifier,
BE queues are configured in most situations.
l When the default traffic classifier is associated with AF queues:
– The total bandwidth used by AF queues and EF queues cannot exceed the interface
bandwidth.
– EF queues are provided with bandwidth preferentially. AF queues share the remaining
bandwidth based on their weights.
l When the default traffic classifier is associated with BE queues:
– The system allocates 10% of the interface's available bandwidth to BE queues.
– The bandwidth used by AF queues and EF queues cannot exceed 90% of the interface
bandwidth.
– EF queues are provided with bandwidth preferentially. AF and BE queues share the
remaining bandwidth based on their weights.
The system first allocates bandwidth to EF queues. AF queues and BE queues share the
remaining bandwidth based on weights:
l Bandwidth of EF queues: 100 Mbit/s x 50% = 50 Mbit/s
l AF queues: BE queues = 30 Mbit/s:(100 Mbit/s x 10%) = 3:1
l Remaining bandwidth: 100 Mbit/s - 50 Mbit/s = 50 Mbit/s
l AF queues and BE queues share the remaining bandwidth in the proportion of 3:1.
– Bandwidth of AF queues: 50 Mbit/s x [3/(3+1)]= 37.5 Mbit/s
– Bandwidth of BE queues: 50 Mbit/s x [1/(3+1)]= 12.5 Mbit/s
Procedure
Step 1 Run:
system-view
AF is configured for packets of a certain type and the minimum bandwidth is set.
l Run:
queue ef bandwidth { bandwidth [ cbs cbs-value ] | pct percentage }
EF is configured for packets of a certain type and the maximum bandwidth is set.
l Run:
queue wfq [ queue-number total-queue-number ]
The AR1200-S is configured to send packets matching the default traffic classifier to BE
queues in WFQ mode and the number of queues is set.
----End
Follow-up Procedure
Use the queue drop methods based on site requirements.
l Tail drop: Run the queue-length { bytes bytes-value | packets packets-value }* command
to configure tail drop and set the queue length.
l Drop profile: For details on how to configure a drop profile, see 2.4.8 Configuring
Congestion Avoidance.
Context
A drop profile defines WRED parameters and is used to implement congestion avoidance for
queues bound to the drop profile.
After a drop profile is bound to a traffic behavior, bind the traffic behavior and traffic classifier
to a traffic policy and apply the traffic policy to an interface so that WRED parameters in the
drop profile take effect on the interface.
NOTE
A traffic policy containing AF, EF, or BE can only be applied to outbound AR1200-S WAN-side interfaces.
The tail drop method and a drop profile cannot be used in the same traffic behavior. If both the drop-
profile command and the queue-length command are executed, the latter command takes effect.
Procedure
Step 1 Run:
system-view
NOTE
queue af or queue wfq must have been configured in the traffic behavior.
Step 3 Run:
drop-profile drop-profile-name
NOTE
The drop profile has been created and WRED parameters have been set in the drop profile.
----End
Context
A traffic policy can be nested into another traffic policy. That is, the traffic behavior or action
in a traffic policy is a sub traffic policy. When a sub traffic policy is bound to a traffic policy,
the traffic behavior in the traffic policy is taken for packets matching the traffic classifier
associated with the traffic behavior. Then the packets are classified by the sub traffic policy and
the traffic behavior in the sub traffic policy is taken for the classified packets.
The AR1200-S supports two layers of traffic policies. A sub traffic policy cannot be nested by
another traffic policy.
Table 2-4 lists traffic classifiers and traffic behaviors allowed in traffic policies when traffic
policy nesting is used.
Table 2-4 Traffic classifiers and traffic behaviors allowed in traffic policies
Traffic Policy Traffic Classifier Traffic Behavior
NOTE
A traffic policy containing the preceding traffic behaviors can only be applied to outbound AR1200-S
WAN-side interfaces.
Procedure
Step 1 Run:
system-view
NOTE
The traffic shaping action must have been configured in the traffic behavior.
Step 3 Run:
traffic-policy policy-name
NOTE
----End
Context
The display traffic policy statistics command shows the statistics on forwarded packets and
discarded packets on an interface to which a traffic policy has been applied. You can locate faults
according to the command output.
By default, the traffic statistics function is disabled. Before running the display traffic policy
statistics command, ensure that the traffic statistics function has been enabled.
Procedure
Step 1 Run:
system-view
Step 2 Run:
traffic behavior behavior-name
Step 3 Run:
statistic enable
----End
Prerequisite
All the traffic behavior configurations are complete.
Procedure
l Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]
command to check the traffic behavior configuration.
----End
Applicable Environment
A traffic classifier classifies user packets and a traffic behavior defines actions taken for the
packets matching the traffic classifier. A traffic policy is configured by binding traffic classifiers
to traffic behaviors. A traffic policy can be applied to AR1200-S LAN-side interfaces, WAN-
side interfaces, or WAN-side sub-interfaces.
Only one traffic policy can be applied to one direction on an interface, but a traffic policy can
be applied to different directions on different interfaces.
Pre-configuration Tasks
Before configuring a traffic policy, complete the following tasks:
l 2.3 Configuring a Traffic Classifier
l 2.4 Configuring a Traffic Behavior
Procedure
Step 1 Run:
system-view
Step 2 Run:
traffic policy policy-name
Step 3 Run:
classifier classifier-name behavior behavior-name
A traffic classifier and a traffic behavior are associated with the traffic policy.
Step 4 Run:
quit
Step 5 Run:
interface interface-type interface-number[.subinterface-number]
Step 6 Run:
traffic-policy policy-name { inbound | outbound }
A traffic policy is applied to the interface or sub-interface in the inbound or outbound direction.
----End
Context
To check forwarded and discarded packets on an interface to which a traffic policy has been
applied, view the flow-based traffic statistics on the interface.
To view the flow-based traffic statistics, ensure that a traffic policy has been created and the
traffic statistics action has been configured in the traffic policy.
Procedure
Step 1 Run the display traffic policy statistics interface interface-type interface-number [ pvc vpi-
number/vci-number | dlci dlic-number ] { inbound | outbound } [ verbose { classifier-base |
rule-base } [ class classifier-name ] ] or display traffic policy statistics interface { virtual-
template vt-number | dialer number } virtual-access va-number { inbound | outbound }
[ verbose { classifier-base | rule-base } [ class classifier-name ] ] command to view the traffic
statistics on an interface to which a traffic policy has been applied.
----End
Context
Before recollecting the flow-based traffic statistics on an interface, run the following command
in the user view to clear the existing statistics.
To clear the flow-based traffic statistics, ensure that a traffic policy has been created and the
traffic statistics action has been configured in the traffic policy.
CAUTION
The cleared flow-based traffic statistics cannot be restored. Exercise caution when you run the
command.
Procedure
Step 1 Run the reset traffic policy statisticsreset traffic policy statistics interface interface-type
interface-number { inbound | outbound } or reset traffic policy statistics interface { virtual-
----End
Networking Requirements
As shown in Figure 2-2, voice, video, and data services on the LAN side of the enterprise are
connected to Eth0/0/0 and Eth0/0/1 of RouterA through SwitchA and SwitchB, and are sent to
the WAN-side network through GE0/0/1 of RouterA.
Different service packets are identified on the LAN side based on 802.1p priorities in packets.
When packets reach the WAN- side network from GE0/0/1, RouterA needs to provide
differentiated services based on DSCP priorities in the packets. The re-marking action is
configured to re-mark 802.1p priorities with DSCP priorities.
Video
802.1p=5
Data
802.1p=2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces and configure interfaces so that enterprise users
can access the WAN-side network through RouterA.
2. Configure traffic classifiers on RouterA to match packets based on 802.1p priorities.
3. Configure traffic behaviors on RouterA to re-mark 802.1p priorities of packets.
4. Configure a traffic policy on RouterA, bind the configured traffic behaviors and traffic
classifiers to the traffic policy, and apply the traffic policy to Eth0/0/0 and Eth0/0/1 in the
inbound direction.
Data Preparation
To complete the configuration, you need the following data:
l The interface connecting RouterA and SwitchA belongs to VLAN 20 and the IP address
of VLANIF 20 is 192.168.2.1/24.
l The interface connecting RouterA and SwitchB belongs to VLAN 30 and the IP address
of VLANIF 30 is 192.168.3.1/24.
l The IP address of the interface connecting RouterA and the WAN-side interface is
192.168.4.1/24.
l The 802.1p priorities of data, video, and voice packets are 2, 5, and 6, and are re-marked
with DSCP priorities 15, 40, and 50.
l The traffic policy is applied to Eth0/0/0 and Eth0/0/1 in the inbound direction.
Procedure
Step 1 Create VLANs and configure interfaces.
# Create VLAN 20 and VLAN 30 on RouterA.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] vlan batch 20 30
# Configure Eth0/0/0 and Eth0/0/1 as trunk interfaces, and add Eth0/0/0 to VLAN 20 and
Eth0/0/1 to VLAN 30.
[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] port link-type trunk
[RouterA-Ethernet0/0/0] port trunk allow-pass vlan 20
[RouterA-Ethernet0/0/0] quit
[RouterA] interface ethernet 0/0/1
[RouterA-Ethernet0/0/1] port link-type trunk
[RouterA-Ethernet0/0/1] port trunk allow-pass vlan 30
[RouterA-Ethernet0/0/1] quit
NOTE
Configure the interface connecting SwitchA and RouterA as a trunk interface and add it to VLAN 20.
Configure the interface connecting SwitchB and RouterA as a trunk interface and add it to VLAN 30.
# Create VLANIF 20 and VLANIF 30, assign IP address 192.168.2.1/24 to VLANIF 20, and
assign IP address 192.168.3.1/24 to VLANIF 30.
[RouterA] interface vlanif 20
[RouterA-Vlanif20] ip address 192.168.2.1 24
[RouterA-Vlanif20] quit
[RouterA] interface vlanif 30
[RouterA-Vlanif30] ip address 192.168.3.1 24
[RouterA-Vlanif30] quit
NOTE
Configure RouterB to ensure that there is a reachable route between RouterB and RouterA. The
configuration details are not mentioned here.
Step 3 Create and configure traffic behaviors b1, b2, and b3 on RouterA, and re-mark 802.1p priorities
of packets.
[RouterA] traffic behavior b1
[RouterA-behavior-b1] remark dscp 15
[RouterA-behavior-b1] quit
[RouterA] traffic behavior b2
[RouterA-behavior-b2] remark dscp 40
[RouterA-behavior-b2] quit
[RouterA] traffic behavior b3
[RouterA-behavior-b3] remark dscp 50
[RouterA-behavior-b3] quit
Step 4 # Create a traffic policy p1 on RouterA, bind the configured traffic behaviors and traffic
classifiers to the traffic policy, and apply the traffic policy to Eth0/0/0 and Eth0/0/1 in the
inbound direction.
[RouterA] traffic policy p1
[RouterA-trafficpolicy-p1] classifier c1 behavior b1
[RouterA-trafficpolicy-p1] classifier c2 behavior b2
[RouterA-trafficpolicy-p1] classifier c3 behavior b3
[RouterA-trafficpolicy-p1] quit
[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] traffic-policy p1 inbound
[RouterA-Ethernet0/0/0] quit
[RouterA] interface ethernet 0/0/1
[RouterA-Ethernet0/0/1] traffic-policy p1 inbound
[RouterA-Ethernet0/0/1] quit
[RouterA] quit
Classifier: c3
Operator: OR
Rule(s) : if-match 8021p 6
Classifier: c1
Operator: OR
Classifier: c2
Operator: OR
Behavior: b2
Marking:
Remark DSCP cs5
Classifier: c3
Operator: OR
Behavior: b3
Marking:
Remark DSCP 50
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 20 30
#
traffic classifier c3 operator or
if-match 8021p 6
traffic classifier c2 operator or
if-match 8021p 5
traffic classifier c1 operator or
if-match 8021p 2
#
traffic behavior b3
remark dscp 50
traffic behavior b2
remark dscp cs5
traffic behavior b1
remark dscp 15
#
traffic policy
p1
classifier c1 behavior
b1
classifier c2 behavior
b2
classifier c3 behavior b3
#
interface
Vlanif20
ip address 192.168.2.1
255.255.255.0
#
interface
Vlanif30
ip address 192.168.3.1
255.255.255.0
#
interface Ethernet0/0/0
port link-type
trunk
port trunk allow-pass vlan
20
traffic-policy p1
inbound
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
30
traffic-policy p1
inbound
#
interface GigabitEthernet0/0/1
ip address 192.168.4.1
255.255.255.0
#
return
Networking Requirements
As shown in Figure 2-3, the MAC address of PC1 is 0000-0000-0003 and PC1 is connected to
Eth0/0/0 of the Router through the switch. The Router is required to collect statistics on packets
with the source MAC address 0000-0000-0003.
Figure 2-3 Networking diagram of traffic statistics based on complex traffic classification
Eth0/0/0
VLAN 20 WAN
MAC:0000-0000-0003
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure interfaces so that the Router can be connected to the switch and PC1.
2. Configure an ACL to match packets with the source MAC address 0000-0000-0003.
3. Configure a traffic classifier and bind the traffic classifier to the ACL.
4. Configure a traffic behavior to allow the packets matching rules.
5. Configure a traffic policy, bind the traffic policy to the traffic classifier and traffic behavior,
and apply the traffic policy to Eth0/0/0 in the inbound direction so that the Router collects
statistics on packets with the source MAC address 0000-0000-0003.
Data Preparation
To complete the configuration, you need the following data:
l VLAN 20 that the interface connecting the Router and the switch belong to
l ACL 4000
l Traffic classifier c1
l Traffic behavior b1
l Traffic policy p1
Procedure
Step 1 Create a VLAN and configure each interface.
# Create VLAN 20.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan 20
[Router-vlan20] quit
NOTE
Configure the interface connecting the switch and the Router as a trunk interface and add it to VLAN 20.
Configure the interface connecting the switch and PC1 as an access interface and add it to VLAN 20.
Step 2 Create ACL 4000 (a Layer 2 ACL) on the Router to match packets with the source MAC address
0000-0000-0003.
[Router] acl 4000
[Router-acl-L2-4000] rule permit source-mac 0000-0000-0003 ffff-ffff-ffff
[Router-acl-L2-4000] quit
Step 4 Create a traffic behavior b1 on the Router and configure the traffic statistics action in the traffic
behavior.
[Router] traffic behavior b1
[Router-behavior-b1] statistic enable
[Router-behavior-b1] quit
Step 5 Configure a traffic policy and apply the traffic policy to an interface.
# Create a traffic policy p1 on the Router and bind the traffic policy to the traffic classifier and
traffic behavior.
[Router] traffic policy p1
[Router-trafficpolicy-p1] classifier c1 behavior b1
[Router-trafficpolicy-p1] quit
[Router-Ethernet0/0/0] quit
[Router] quit
Interface: Ethernet0/0/0
Traffic policy inbound: p1
Rule number: 1
Current status: OK!
Board : 0
Item Packets Bytes
---------------------------------------------------------------------
Matched 0 0
+--Passed 0 0
+--Dropped 0 0
+--Filter 0 0
+--URPF - -
+--CAR 0 0
+--Enqueue 0 0
+--Queue pass 0 0
+--Queue drop 0 0
+--Car 0 -
+--Green packets 0 -
+--Yellow packets 0 -
+--Red packets 0 -
----End
Configuration Files
l Configuration file of the Router
#
sysname Router
#
vlan batch 20
#
acl number 4000
rule 5 permit source-mac 0000-0000-0003
#
traffic classifier c1 operator or
Networking Requirements
As shown in Figure 2-4, two departments VLAN 10 and VLAN 20 connect to GE1/0/0 and
GE2/0/0 of RouterA.
RouterA can connect to the WAN-side network through the link RouterA→RouterB→
RouterD or RouterA→RouterC→RouterD. The requirements are as follows:
l Packets from the two departments reach the WAN-side network through the two links when
the two links are running properly.
l When a link is faulty, packets from the two departments are forwarded on the other link.
This prevents service interruption for a long time.
l When the link fault is rectified, packets reach the WAN-side network through the two links.
Data
Voice
Video
Video
Voice
Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure interfaces so that enterprise users can access the WAN-side network through
RouterA.
2. Configure a NQA test instance to detect whether the links RouterA→RouterB→RouterD
and RouterA→RouterC→RouterD are running properly.
3. Configure traffic classifiers to match incoming packets.
4. Configure traffic behaviors in which redirection is associated with the NQA test instance.
When the NQA test instance detects that the link RouterA→RouterB→RouterD is running
properly, packets matching the traffic classifier are redirected to 192.168.3.1/24. When the
NQA test instance detects that the link RouterA→RouterC→RouterD is running properly,
packets matching the traffic classifier are redirected to 192.168.4.1/24.
5. Configure traffic policies, bind traffic classifiers and traffic behaviors to the traffic policies,
and apply the traffic policies to interfaces.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l NQA test instance parameters
l Traffic policies vlan10 and vlan20, which are applied to incoming packets on GE1/0/0 and
GE2/0/0
Procedure
Step 1 Configure each interface.
NOTE
The configurations of other interfaces are similar to the configuration of GE1/0/0, and are not mentioned
here.
Configure SwitchA and SwitchB so that they can communicate with RouterA.
# Create traffic behavior vlan20 on RouterA and associate the NQA test instance admin
vlan20 with redirection to the next hop 192.168.4.1/24. When the NQA test instance detects that
the link is running properly, redirection takes effect. When the NQA test instance detects a link
fault, packets are forwarded along the original path.
[RouterA] traffic behavior vlan20
[RouterA-behavior-vlan20] redirect ip-nexthop 192.168.4.1 track nqa admin vlan20
[RouterA-behavior-vlan20] quit
Step 5 Configure traffic policies and apply the traffic policies to interfaces.
# Create traffic policies vlan10 and vlan20 on RouterA and bind the traffic classifier and the
traffic behavior to the traffic policy.
[RouterA] traffic policy vlan10
[RouterA-trafficpolicy-vlan10] classifier vlan10 behavior vlan10
[RouterA-trafficpolicy-vlan10] quit
[RouterA] traffic policy vlan20
[RouterA-trafficpolicy-vlan20] classifier vlan20 behavior vlan20
[RouterA-trafficpolicy-vlan20] quit
# Apply the traffic policy vlan10 to incoming packets on GE1/0/0 and the traffic policy
vlan20 to incoming packets on GE2/0/0.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] traffic-policy vlan10 inbound
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] traffic-policy vlan20 inbound
[RouterA-GigabitEthernet2/0/0] quit
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] display this
#
interface GigabitEthernet2/0/0
ip address 192.168.2.1 255.255.255.0
traffic-policy vlan20 inbound
#
return
Policy: vlan20
Classifier: vlan20
Operator: OR
Behavior: vlan20
Redirect:
Redirect ip-nexthop 192.168.4.1 track nqa admin vlan20
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
traffic classifier vlan10 operator
or
if-match inbound-interface GigabitEthernet1/0/0
traffic classifier vlan20 operator
or
if-match inbound-interface GigabitEthernet2/0/0
#
traffic behavior
vlan10
redirect ip-nexthop 192.168.3.1 track nqa admin
vlan10
traffic behavior
vlan20
redirect ip-nexthop 192.168.4.1 track nqa admin
vlan20
#
traffic policy
vlan10
classifier vlan10 behavior
vlan10
traffic policy
vlan20
classifier vlan20 behavior
vlan20
#
interface GigabitEthernet1/0/0
ip address 192.168.1.1
255.255.255.0
traffic-policy vlan10
inbound
#
interface GigabitEthernet2/0/0
ip address 192.168.2.1
255.255.255.0
traffic-policy vlan20
inbound
#
nqa test-instance admin
vlan10
test-type
icmp
destination-address ipv4
192.168.5.1
frequency 10
start now
nqa test-instance admin
vlan20
test-type
icmp
destination-address ipv4
192.168.6.1
frequency 10
start now
#
return