Manual Nortel switch

Nortel Ethernet Routing Switch 4500 Series

Configuration Quality ofService

NN47205-504 (322816-B).

Downloaded from www.Manualslib.com manuals search engine

Document status: StandardDocument version: 03.01Document date: 23 November 2007

Copyright 2007, Nortel NetworksAll Rights Reserved.

The information in this document is subject to change without notice. The statements, configurations, technicaldata, and recommendations in this document are believed to be accurate and reliable, but are presented withoutexpress or implied warranty. Users must take full responsibility for their applications of any products specified in thisdocument. The information in this document is proprietary to Nortel Networks.

The software described in this document is furnished under a license agreement and may be used only in accordancewith the terms of that license. The software license agreement is included in this document.

Restricted rights legendUse, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computersoftware, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forthin the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Statement of conditionsIn the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the rightto make changes to the products described in this document without notice.

Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) orcircuit layout(s) described herein.

Nortel Networks software license agreementThis Software License Agreement ("License Agreement") is between you, the end user ("Customer") and NortelNetworks Corporation and its subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THE FOLLOWINGCAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THESOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT.If you do not accept these terms and conditions, return the Software, unused and in the original shipping container,within 30 days of purchase to obtain a credit for the full purchase price.

"Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and iscopyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data,audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all wholeor partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired theSoftware. You obtain no rights other than those granted to you under this License Agreement. You are responsible forthe selection of the Software and for the installation of, use of, and results obtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of theSoftware on only one machine at any one time or to the extent of the activation or authorized usage level, whicheveris applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment("CFE"), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable.Software contains trade secrets and Customer agrees to treat Software as confidential information using the samecare and discretion Customer uses with its own similar information that it does not wish to disclose, publish ordisseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms ofthis Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expresslyauthorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) createderivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensorsof intellectual property to Nortel Networks are beneficiaries of this provision. Upon termination or breach of thelicense by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly returnthe Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other


reasonable means to determine Customers Software activation or usage levels. If suppliers of third party softwareincluded in Software require Nortel Networks to include additional or different terms, Customer agrees to abide bysuch terms provided by Nortel Networks with respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMSALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUTNOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABLITITY AND FITNESS FOR A PARTICULARPURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support ofany kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, theabove exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BELIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, ORDAMAGE TO, CUSTOMERS RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL,PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER INCONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THESOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIRPOSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Suchdeveloper and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitationsor exclusions and, in such event, they may not apply.

4. General

a) If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Softwareavailable under this License Agreement is commercial computer software and commercial computer softwaredocumentation and, in the event Software is licensed for or on behalf of the United States Government, the respectiverights to the software and software documentation are governed by Nortel Networks standard commercial licensein accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R.227.7202 (for DoD entities).

b) Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails tocomply with the terms and conditions of this license. In either event, upon termination, Customer must either returnthe Software to Nortel Networks or certify its destruction.

c) Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customersuse of the Software. Customer agrees to comply with all applicable laws including all applicable export and importlaws and regulations.

d) Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.

e) The terms and conditions of this License Agreement form the complete and exclusive agreement betweenCustomer and Nortel Networks.

f) This License Agreement is governed by the laws of the country in which Customer acquires the Software. Ifthe Software is acquired in the United States, then this License Agreement is governed by the laws of the stateof New York.


5ContentsNew in this release 11Features 11Other changes 11Preface 13Nortel Ethernet Routing Switch 4500 Series 13Publications 14How to get help 15

Chapter 1 An Introduction to Policy-Enabled Networks 17Summary 17

Port-based and Role-based QoS Policies 18QoS overview 18DiffServ Concepts 19QoS components 19Specifying interface groups 20Interface shaping 21Nortel SNA solution 22Rules 22

Classifier definition 22IP classifier elements 23Layer 2 classifier elements 24System classifier elements 24Classifiers and classifier blocks 24

Specifying actions 25Specifying interface action extensions 28Specifying meters 28Trusted, untrusted, and unrestricted interfaces 29Specifying policies 32Packet flow using QoS 34Queue sets 35

Modifying CoS-to-queue priorities 35QoS configuration guidelines 36

Chapter 2 Configuring Quality of Service (QoS) with the CLI 39Displaying QoS Parameters 39

Nortel Ethernet Routing Switch 4500 SeriesConfiguration Quality of Service

NN47205-504 (322816-B) 03.01 Standard5.1 23 November 2007

Copyright 2007, Nortel Networks.


6 Contents

Configuring QoS Access Lists 44qos acl-assign command 44no qos acl-assign command 45qos ip-acl command 45no qos ip-acl command 46qos l2-acl command 46no qos l2-acl command 48

Configuring the CoS-to-Queue Assignments 48qos queue-set-assignment command 48

Configuring QoS Interface Groups 49qos if-assign command 49no qos if-assign command 49qos if-group command 50no qos if-group command 50

Configuring DSCP and 802.1p and Queue Associations 51qos egressmap command 51default qos egressmap command 52qos ingressmap command 52default qos ingress command 52

Configuring QoS for the Nortel SNA solution 53Example: using qos nsna commands 55Deleting a classifier, classifier block, or an entire filter set 56

Configuring QoS Elements, Classifiers, and Classifier Blocks 56qos ip-element command 56no qos ip-element command 57qos l2-element command 58no qos l2-element command 59qos classifier command 59no qos classifier command 60qos classifier-block command 60no qos classifier-block command 61

Configuring QoS system-element 62qos system-element command 62no qos system-element command 63

Configuring QoS Actions 63qos action command 63no qos action command 65

Configuring QoS Interface Action Extensions 65qos if-action-extension command 66no qos if-action-extension command 66

Configuring QoS Meters 67qos meter command 67no qos meter command 68





Contents 7

Configuring QoS Interface Shaper 69qos if-shaper command 69no qos if-shaper command 69

Configuring QoS Policies 70qos policy command 70no qos policy command 71

Maintaining the QoS Agent 72qos agent reset-default command 72qos agent nvram-delay command 72default qos agent nvram-delay 72default qos agent command 73

Chapter 3 Configuring Quality of Service (QoS) with theWeb-based Management Interface 75

Quality of Service Wizards 75QoS Configuration Wizard 76QoS Management Wizard 84QoS Interface Shaper Wizard 89

Configuring an Interface Group 91Creating an Interface Group Configuration 91Displaying Interface ID Table 93Adding or Removing Interface Group Members 93Deleting an Interface Group 95

Configuring 802.1p priority queue assignment 95Configuring 802.1p priority mapping 96Configuring DSCP mapping 98Displaying QoS meter capability 100Displaying QoS shaper capability 101Configuring IP classifier elements 102

Creating an IP classifier element 102Deleting an IP classifier element configuration 104

Configuring Layer 2 classifier elements 104Creating a Layer 2 classifier element configuration 104Deleting a layer 2 classifier element configuration 106

Configuring System Classifier Element 106Classifier Configurations 108

Viewing Existing Classifiers 108Creating a Classifier 109Deleting a classifier 110

Classifier Block Configurations 111Viewing Classifier Blocks 111Creating Classifier Blocks 112Deleting a Classifier Block 112

Configuring QoS actions 113





8 Contents

Creating an Action 113Modifying an action configuration 115Deleting an Action 116

Using the Interface Action Extension 117Creating an Interface Action Extension 117Deleting an interface action extension configuration 118

Using QoS Meters 119Creating a QoS Meter 119Viewing meters 121Deleting a meter 121

Configuring QoS Interface Shaper 121Configuring Interface Shaping parameters 121Deleting Interface Shaping Parameters 123

Configuring QoS policies 123Installing defined filters 124Viewing hardware policy statistics 126Deleting a hardware policy configuration 126

Configuring QoS Policy Agent (QPA) characteristics 127Using QoS diagnostics 129Chapter 4 Configuring Quality of Service (QoS) with the Java

Device Manager (JDM) 135Managing interface groups 135

Displaying interface queues 135Displaying interface groups 136Assigning ports to an interface group 137Deleting ports from an interface group 138Adding interface groups 139Deleting interface groups 139Displaying an interface ID 140Displaying priority queue assignments 142Displaying priority mapping 143Displaying DSCP mappings 144Displaying Meter Capability 145Displaying Shaper Capability 146

Managing QoS rules 147Displaying IP classifier elements 147Adding IP classifier elements 149Deleting IP classifier elements 150Displaying L2 classifier elements 150Adding L2 classifier elements 151Deleting L2 classifier elements 152Displaying System Classifier Elements 153Viewing the System Classifier Pattern 154





Contents 9

Adding System Classifier Elements 155Deleting System Classifier Elements 156Displaying Classifiers 157Adding classifiers 158Deleting classifiers 160Filtering Classifiers 160Displaying Classifier Blocks 161Appending Classifier Blocks 162Adding Classifier Blocks 163Deleting Classifier Blocks 164Filtering Classifier Blocks 164

Managing QoS actions, Interface action extensions, Meters, Policies, InterfaceShapers, and Interface Applications 165

Displaying QoS actions 165Adding QoS actions 167Deleting QoS actions 167Displaying Interface action extensions 168Adding Interface action extensions 169Deleting Interface action extensions 169Displaying QoS meters 170Adding QoS meters 171Deleting QoS meters 171Displaying QoS Interface Shapers 172Adding Interface Shapers 173Deleting an Interface Shaper 174Displaying QoS policies 174Adding QoS policies 177Deleting QoS policies 178

QoS Policy Stats 179Configuring Nortel SNA solution 179

Inserting a classifier 180Deleting a classifier 182Configuring a set 183

QoS agent 185Displaying QoS agent configuration 186Displaying policy class support 186Displaying policy device identification 187Displaying resource allocation 188

Filtering the resource allocation table 190





10 Contents





11

New in this releaseThe following sections detail whats new in Nortel Ethernet Routing Switch4500 Series Configuration - Quality of service (NN47205-504) for release5.1. Features Other changes

FeaturesFor information about changes that are feature-related, see "The NortelSNA solution" (page 22)

Other changesNo other changes.





12 New in this release





13

PrefaceThis guide provides information and instructions to configure and usequality of service (QoS) and IP filtering on the 4500 Series Nortel EthernetRouting Switch.

Before you start the configuration process, consult the documentationincluded with the switch and the product release notes (see " Publications"(page 14)) for errata.

Nortel Ethernet Routing Switch 4500 Series4500 Series Switch Platforms outlines the switches that are part of the 4500Series of Nortel Ethernet Routing Switches

4500 Series Switch Platforms4500 SeriesSwitch Model Key Features

4526FX 24 100BaseFX ports (MTRJ connector) plus 2 10/100/1000SFP combo portsRedundant power slot for DC/DC converter installation

4550T 48 10/100BaseTX RJ-45 ports plus 2 10/100/1000 SFPcombo portsRedundant power slot for DC/DC converter installation

4550TPWR 48 10/100BaseTX RJ-45 ports with Power over Ethernetplus 2 10/100/1000 SFP combo portsIntegrated redundant power connector for RPS 15 cableconnection

4548GT 48 10/100/1000BaseTX RJ-45 ports and 4 shared SFPportsRedundant power slot for DC/DC converter installation

4548GTPWR 48 10/100/1000BaseTX RJ-45 ports with Power overEthernet and 4 shared SFP portsIntegrated redundant power connector for RPS 15 cableconnection

4526T 24 10/100BaseTX RJ-45 ports plus 2 10/100/1000 SFPcombo ports.





14 Preface

4500 SeriesSwitch Model Key Features

4526T-PWR 24 10/100BaseTX RJ-45 ports with Power over Ethernetplus 2 10/100/1000 SFP combo ports.

4526GTX 24 10/100/1000BaseTX RJ-45 ports plus 4 shared10/100/1000 SFP combo ports and 2 10GE XFPs.

4526GTX-PWR 24 10/100/1000BaseTX RJ-45 ports with Power overEthernet plus 4 10/100/1000 SFP combo ports and 2 10GE XFPs.

4524GT 24 10/100/1000Base TX RJ-45 ports plus 4 shared10/100/1000 SFP combo ports.

PublicationsFor more information about the management, configuration, and use of theNortel Ethernet Routing Switch 4500 Series, see the publications listed in"Nortel Ethernet Routing Switch 4500 Series Documentation" (page 14).

Nortel Ethernet Routing Switch 4500 Series DocumentationTitle Description Part NumberNortel Ethernet RoutingSwitch 4500 SeriesRegulatory Information

Regulatory and safety information for theNortel Ethernet Routing Switch 4500 Series.

NN47205-100

Nortel Ethernet RoutingSwitch 4500 SeriesInstallation

Instructions to install a switch in the NortelEthernet Routing Switch 4500 Series. Thisguide also provides an overview of hardwareimportant to the installation, configuration,and maintenance of the switch.

NN47205-300

Nortel Ethernet RoutingSwitch 4500 SeriesRelease Notes - SoftwareRelease 5.0

An overview of new features, fixes, andlimitations of the 4500 Series switches. Alsoincluded are supplementary documentationand document errata.

NN47205-400

Nortel Ethernet RoutingSwitch 4500 SeriesOverview - SystemConfiguration

General instructions to configure switches inthe 4500 Series that are not covered by theother documentation.

NN47205-500

Nortel Ethernet RoutingSwitch 4500 SeriesConfiguration - VLANs,Spanning Tree, andMultiLink Trunking

Instructions to configure spanning andtrunking protocols on 4500 Series switches.

NN47205-501

Nortel Ethernet RoutingSwitch 4500 SeriesConfiguration - SystemMonitoriing

Instructions to configure, implement, and usesystem monitoring on 4500 Series switches.

NN47205-502





How to get help 15

Title Description Part NumberNortel Ethernet RoutingSwitch 4500 SeriesConfiguration - Qualityof Service

Instructions to configure and implement QoSand filtering on 4500 Series switches.

NN47205-504

Nortel Ethernet RoutingSwitch 4500 SeriesConfiguration - SystemMonitoring

Instructions to configure, implement, and usesystem monitoring on 4500 Series switches.

NN47205-505

Installing the NortelEthernet Redundant PowerSupply Unit 15

Instructions to install and use the NortelEthernet RPS 15.

217070-A

DC-DC Converter Modulefor the Baystack 5000Series Switch

Instructions to install and use the DC-DCpower converter.

215081-A

Installing SFP and XFPTransceivers and GBICs

Instructions to install and use smallform-factor pluggable transceivers andgigabit interface converters.

318034-D

Technical documentation and software is available online at the NortelTechnical Support Web site located at http://www.nortel.com/support. Usethe following procedure to access documents or software on the TechnicalSupport web site: If it is not already selected, click the Browse product support tab. From the list provided in the product family box, select Nortel Ethernet

Routing Switch. From the product list, select the desired 4500 Series Switch. From the content list, select Documentation or Software. Click Go.

You can view documents online, download them for future reference, orprint them. All documents accessed on the Technical Support web site arein Adobe Portable Document Format (PDF) format. Use Adobe AcrobatReader to view and print these documents. Adobe Acrobat Reader is afree product of Adobe Systems that you can download from the AdobeWeb site at http://www.adobe.com.

How to get helpIf a service contract is purchased with this Nortel product from a distributoror authorized reseller, contact the technical support for that distributor orreseller for technical assistance.





16 Preface

If a Nortel service program is purchased with this product, contact NortelTechnical Support.The following information is available online: contact information for Nortel Technical Support information about the Nortel Technical Solutions Centers information about the Express Routing Code (ERC) for your product

An Express Routing Code (ERC) is available for many Nortel products.When used, an ERC allows a technical assistance call to be routed to atechnical support personell who specialize in that service or product. TheERC for a particular product or service is available online.

The main Nortel support portal is available at http://www.nortel.com/support





17

Chapter 1An Introduction to Policy-EnabledNetworks

This chapter provides an overview of the Differentiated Services (DiffServ)Quality of Service (QoS) network architecture. The Nortel EthernetRouting Switch 4500 Series provides a Web-based Management Interface,Command Line Interface (CLI), and the Java Device Manager (JDM) toconfigure QoS.

SummarySystem administrators can use Policy-enabled networks to prioritize thenetwork traffic. Prioritizing network traffic provides improved service forselected applications. The system administrators can use QoS, to establishservice level agreements (SLA) with customers of the network.

In general, QoS helps with two network issues: bandwidth andtime-sensitivity. QoS can help you allocate bandwidth to critical applications,and limit bandwidth for noncritical applications. Applications, such as videoand voice, must have a certain amount of bandwidth to work correctly; usingQoS, you can provide that bandwidth, when necessary. Also, you can placea high priority on applications that are sensitive to timing or that cannottolerate delay by assigning that traffic to a high-priority queue.

Nortel Networks uses Differentiated Services (DiffServ) to provide QoSfunctionality. A DiffServ architecture enables service discrimination of trafficflows by offering network resources to high classes at the expense of lowclasses of service. With this architecture you can prioritize or aggregateflows and provides scalable QoS.

Briefly, with DiffServ, you can use policies to identify traffic to forward ordrop, meter, re-mark, and assign to certain interfaces. The system marksthe DiffServ (DS) field of IP packets to define how the packet is treated as itmoves through the network. Flow prioritization is facilitated by identifying,





18 Chapter 1 An Introduction to Policy-Enabled Networks

metering, and re-marking. You can specify a number of policies and eachpolicy can match one or many flows to support complex classificationscenarios.

Port-based and Role-based QoS PoliciesSoftware Release 5.1 supports both port-based and role-based Quality ofService policies. In a port-based Quality of Service environment, applypolicies directly to individual ports. In a role-based Quality of Serviceenvironment, individual ports are first assigned to a role and that role isassigned a policy.

A port-based Quality of Service environment provides more directapplication of Quality of Service policies and eliminates the need to groupports when you assign policies.

You can apply port-based and role-based policies to the same port; however,the switch administrator must divide resources across the individual policies.

QoS overviewDifferentiated services (DiffServ) is a Quality of Service (QoS) networkarchitecture that offers various levels of service for different types ofdata traffic. DiffServ designates a specific level of performance on apacket-by-packet basis, instead of using the best-effort model for datadelivery. Preferential treatment (prioritization) can apply applications thatrequire high performance and reliable service, such as voice and videoover IP.

To differentiate between traffic flows, the DiffServ (DS) field, as definedin RFCs 2474 and 2475, is marked. The DS field in the IP header is anoctet, and the DS architecture uses the first six bits, called the DS codepoint(DSCP). The DSCP marking dictates the forwarding treatment given tothe packet at each hop. This marking occurs at the edge of the DiffServdomain, and is based on the policy or filter for the particular microflow or anaggregate flow. The QoS system also can interact with 802.1p and Layer2 QoS.

Within the DiffServ network, the marked packets are placed in a queueaccording to their marking, which, in turn, determines the per-hop behavior(PHB) of that packet. For example, if a video stream is marked as highpriority, then it is placed in a high-priority queue. As those packets traversethe DiffServ network, the video stream is forwarded before any otherpackets.

To ensure that the traffic stream conforms to the bandwidth assigned,policing within the network is necessary.





QoS components 19

DiffServ ConceptsDiffServ is described in IETF RFCs 2474 and 2475. This architectureis flexible and allows for either end-to-end QoS or intradomain QoS byimplementing complex classification and mapping functions at the networkboundary or access points. Within a DiffServ domain, the packet treatmentis regulated by this classification and mapping.The DiffServ basic elements are implemented within the network and include packet classification functions a small set of per-hop forwarding behaviors traffic metering and marking

Traffic is classified as it enters the DS network, and is then assigned theappropriate PHB based on that classification. Within the IP packet, the 6bits in the DSCP are marked to identify how the packet is treated at eachsubsequent network node.

DiffServ assumes the existence of a Service Level Agreement (SLA)between DS domains that share a border. The SLA defines the profile forthe aggregate traffic flowing from one network to the other, based on policycriteria. In a given traffic direction, the traffic is expected to be metered atthe ingress point of the downstream network.

As the traffic moves within the DiffServ network, policies ensure that traffic,marked by the different DSCPs, is treated according to that marking.

QoS componentsThe Nortel Ethernet Routing Switch 4500 Series supports the followingNortel Networks QoS classes: Critical and Network classes have the highest priority over all other

traffic. Premium class is an end-to-end service functioning similarly to a

virtual leased line. Traffic in this service class is normally guaranteedan agreed-upon peak bandwidth. Traffic requiring this service mustbe shaped at the network boundary in order to undergo a negligibledelay and delay variance. This service class is suitable for real-timeapplications, such as video and voice over IP. The recommended PHBfor this service is the Expedited Forwarding (EF) PHB.

Platinum, Gold, Silver, and Bronze classes use the Assured Forwarding(AF) PHB. These classes are used for real-time, delay-tolerant trafficand non-real-time, mission-critical traffic.

Standard class is the best-effort IP service with an additional, optionaluse of traffic classification that is used at the network boundary to






request a better effort treatment for packets that are in-profile (packetsthat do not break the service agreements between the user and theservice provider).

"Service Classes" (page 20) describes the service classes and theirrequired treatment.

Service ClassesTraffic category Service class Application type Required treatmentReal-time,delay-intolerant,fixed bandwidth

Premium Real-time applicationssuch as video and Voiceover IP (VoIP).

Expedited Forwarding(EF) - end-to-end functionsimilar to a virtual leasedline. Guaranteed agreedpeak bandwidth and 100%priority.

Critical andstandard networkcontrol

Critical and Network Critical and standardnetwork control traffic.

Weighted Round Robin -65% proportion

Real-time,delay-toleranttraffic andnon-real-time,mission-criticaltraffic

Platinum, Gold,Silver, and Bronze

Communicationsrequiring interactionwith additional minimaldelay (such as low-costVoIP). Single humancommunication with nointeraction (such as website streaming video).Transaction processing(such as Telnet, webbrowsing), and. e-mail,FTP, SNMP.

Assured Forwarding (AF)

Non-real time,non-mission-critical

Standard Bulk transfer (such aslarge FTP transfers,after-hours tape backup).

Best-effort delivery. Usesremaining availablebandwidth. Optional use oftraffic classification at thenetwork boundary requestsbetter effort treatment forin-profile packets.

Specifying interface groupsInterface groups are used in the creation of role-based policies. Role-basedpolicies differ from port-based policies in the fact that role-based policiesgroup ports together to apply a common set of rules to them. Alternatively,port-based polices are used to apply rules to one port only.





Interface shaping 21

Each port can belong to only one interface group. The web-based interfacefor QoS uses the term Interface Configurations for this function. One policyreferences only one interface group; however, you can configure severalpolicies to reference the same interface group.

When you move a port to another interface group (role combination), theclassification elements associated with the previous interface group areremoved and the classifications elements associated with the new interfacegroup are installed on the port.

ATTENTIONIf assigning a port that is part of a MultiLink Trunk (MLT) to an interface group,only that port joins the interface group. The other ports in the MLT do not becomepart of the interface group (role combination) automatically.

At factory default, ports are assigned to the default interface group (rolecombination), which is named allQoSPolicyIfcs. Each port is associatedwith the default interface group, until a port is either associated with anotherinterface group or the port is removed from all interface groups. Ports thatare not associated with any interface group are disabled for QoS; theyremain disabled across reboots until that port is assigned to an interfacegroup or the switch is reset to factory defaults (when it is reassigned toallQosPolicyIfcs).

ATTENTIONAll ports must be removed from an interface group before it is deleted. Aninterface group cannot be deleted when it is referenced by a policy.

Interface shapingInterface shaping involves limiting the rate at which all traffic egressingthrough a specific interface is transmitted on to the network.

Interface shaping ensures that the limited bandwidth resources are usedefficiently by the traffic generation rate at egress.

Shaping for each interface provides full control over bandwidth orconsumption on your networks. Shaping interface-based in conjunctionwith ingress flow metering, is a vital component of the overall bandwidthmanagement solution.






ATTENTIONDifferent results can be obtained using meter and shaper with same parameters.This is due to the adding of the VLAN encapsulation, when applicable. Meteringis applied to packets received by a port before adding VLAN encapsulation.Shaping is applied to packets sent on a port, after the port has added the VLANencapsulation to the packet.

Nortel SNA solutionThe Ethernet Routing Switch 4500 Series can be configured as a networkaccess device for the Nortel SNA solution.

Nortel SNA is a protective framework to secure the network completely fromendpoint vulnerability. The Nortel SNA solution addresses endpoint securityand enforces policy compliance. Nortel SNA delivers endpoint security byenabling only trusted, role-based access privileges premised on the securitylevel of the device, user identity, and session context. Nortel SNA enforcespolicy compliance, such as for Sarbanes-Oxley and COBIT, ensuring thatthe required antivirus applications or software patches are installed beforeusers are granted network access.

The Nortel SNA solution provides a policy-based, clientless approachto corporate network access. The Nortel SNA solution provides bothauthentication and enforcement.

For more information about Nortel SNA, see Nortel Security Configurationmanual (NN47205-501_CFSEC).

RulesPacket classifiers identify packets according to a particular content in thepacket header, such as the source address, destination address, sourceport number, destination port number, and other data. Packet classifiersidentify flows for additional processing.Three types of classifier elements can be used to construct a classifier: Layer 2 (L2) classifier elements IP classifier elements System classifier

Classifier definitionA classifier is made up of one or more classifier elements. The classifierelements dictate the classification criteria of the classifiers. Only oneelement of each type, IP or L2 or System Classifier Element, can be used toconstruct a classifier.





Rules 23

"Relationship of classifier elements, classifiers, and classifier blocks" (page23) displays the relationship between the classifier elements, classifiers,and classifier blocks.

Relationship of classifier elements, classifiers, and classifier blocks

The system automatically creates some classifiers on untrusted ports.Additional classifiers are user-created.

IP classifier elementsThe Nortel Ethernet Routing Switch 4500 Series classifies packets basedon the following parameters in the IP header: IPv4/IPv6 address type IPv6 flow identifier IPv4/IPv6 source address/mask IPv4/IPv6 destination address/mask IPv4 protocol type/IPv6 next-header IPv4/IPv6 DSCP value IPv4/IPv6 Layer 4 source port number with TCP/UDP (range of) IPv4/IPv6 Layer 4 destination port number with TCP/UDP (range of)






Layer 2 classifier elementsThe Nortel Ethernet Routing Switch 4500 Series classifies packets basedon the following parameters in the Layer 2 header: source MAC address/mask destination MAC address/mask VLAN ID number (range of) VLAN tag EtherType IEEE 802.1p user priority values

ATTENTIONLayer 2 classifier elements with an Ethernet Type of 0x0800 are treated as anIPv4 classifier, and those with an Ethernet Type of 0x86DD are treated as anIPv6 classifier.

System classifier elementsSystem classifier elements support pattern matching, also referred to asoffset filtering. Offset filtering identifies fields within protocol headers, orportions thereof, on which to identify traffic for additional QoS processing.This eliminates the limitations that arise by supporting only certain protocolheader fields, such as IP source address, IP protocol field, and VLAN IDfor flow classification.

Fully customized classifiers can be created to match non-IP-based traffic,as well as to identify IP-based traffic using non-typical fields in Layers 2, 3,4, and beyond.

The Nortel Ethernet Routing Switch 4500 Series Content Aware Processor(CAE) lookup engine supports selection of 16 bytes within the first 128bytes of the packet.

Classifiers and classifier blocksClassifier elements can be combined into classifiers, and grouped intoclassifier blocks. Classifiers are created by referencing an L2 classifierelement, IP element, a system classifier element, or one of each type.

Each classifier can have a maximum of a single IP classifier element, oneL2 classifier element, one system classifier element or any combination ofone IP, L2 and system classifier element.

Classifiers can be combined into classifier blocks. Each classifier blockhas one or more classifiers.





Specifying actions 25

As classifier blocks are planned, keep in mind that only a single IP classifierelement, a single L2 classifier element, and a single system classifierelement can appear in each classifier. For example, to group five IP classifierelements create five separate classifiers, each with a unique IP classifierelement, and then create a classifier block referencing those five classifiers.

All classifiers that are part of a single classifier block (that is, with the sameblock number) must each filter on identically the same parameters at thepacket level. This includes the same mask, range, and VLAN tag type. Ifthis criterion is not met, an error message is generated when an attemptto create the classifier block, or to add a new member to an existing block,is made. Also, if one of the classifier elements in a classifier block hasassociated actions or meters, then all classifier elements of that classifierblock must also have associated actions or meters (not identical actions ormeters, but also associated actions or meters).

A classifier or classifier block is associated through a policy with interfacegroups. Packets received from any port that is in an interface group areclassified with the same filter criteria.

Each classifier or classifier block is associated with actions that areexecuted when the packet matches the filter criteria in the group. The filtercriteria and the associated actions, metering criteria, and interface groupsare referenced by a policy, which dictates the overall traffic treatment (referto "Flowchart of QoS Actions" (page 26) for an illustration of the traffictreatment).

Classifier elements, through individual classifiers or a classifier block, areassociated with an interface group, action, and metering through a policy.Multiple policies can be applied to a given flow. The policy evaluation orderis determined by the policy precedence. The order of precedence is fromthe highest precedence value to the lowest precedence (that is, a value of7 is evaluated before a value of 6).

ATTENTIONClassifier blocks, not individual classifiers that comprise a block, can beassociated with a meter or action.

In summary, classifiers combine different classifier elements. Classifierblocks combine classifiers to form an unordered set of classification data.Unordered data means that all classifiers associated with a policy areapplied as if simultaneously, with no precedence.

Specifying actions"Flowchart of QoS Actions" (page 26) summarizes how QoS matchespackets with actions.






Flowchart of QoS Actions

"Summary of Allowable Actions" (page 26) shows a summary of theallowable actions for different matching criteria.

Summary of Allowable ActionsActions In-Profile Out-Of-ProfileDrop/transmit X XUpdate DSCP X X





Specifying actions 27

Actions In-Profile Out-Of-ProfileUpdate 802.1p user priority XSet drop precedence X X

The Nortel Ethernet Routing Switch 4500 Series filters collectively directthe system to initiate the following actions on a packet, depending on theconfiguration: Drop Re-mark the packet

Re-mark a new DiffServ Codepoint (DSCP) Re-mark the 802.1p field Assign a drop precedence

ATTENTIONThe 802.1p user priority value, used for out-of-profile packets, is derived fromthe associated in-profile action to prevent reordering at egress of packets froma single flow.

Packets received on an interface are matched against all policies associatedwith that interface. So, potentially, any number of policies--from none tomany--are applied to the packet, depending on the policies associated withthe specific interface. The set of actions applied to the packet is a result ofthe policies associated with that interface, ranging from no actions to manyactions.

For example, if one policy associated with the specific interface specifiesonly a value updating the DSCP value, while another policy associatedwith that same interface specifies only a value for updating the 802.1p userpriority value, both of these actions occur. If conflicts among actions aredetected--for example, if two policies on the specified interface request thatthe DSCP be updated, but specify different values--the value from the policywith the higher precedence is used.

The actions applied to packets include those actions defined fromuser-defined policies and those actions defined from system default policies.The user-defined actions always carry higher precedences than the systemdefault actions. This means that, if user-defined policies do not specifyactions that overlap with the actions associated with system default policies(for example, the DSCP and 802.1p update actions installed on untrustedinterfaces), the default policy actions with the lowest precedence will beincluded in the set of actions to be applied to the identified traffic.






ATTENTIONYou must define an additional wild card rule to enable native Non-Match support.

Specifying interface action extensionsThe interface action extensions add to the base set of actions.

"Summary of allowable interface action extensions" (page 28) shows asummary of the allowable interface action extensions for different matchingcriteria.

Summary of allowable interface action extensionsInterface action extensions In-Profile Out-Of-ProfileSet egress unicast port XSet egress non-unicast port X

The Nortel Ethernet Routing Switch 4500 Series does not initiate an actionextension based packet type. So, user should redirect all incoming traffic,no matter of packet types (both unicast and non-unicast), towards sameport, using interface action extension.

ATTENTIONWhen specifying interface action extensions, you must use both options (Setegress unicast interface and Set egress non-unicast interface). Same portfor both unicast and non-unicast packets redirection should be used.

Specifying metersQoS metering, which operates at ingress, provides different levels of serviceto data streams through user-configurable parameters. A meter is used tomeasure the traffic stream against a traffic profile, which you create. Thus,creating meters yields In-Profile and Out-of-Profile traffic.

Different meters can be associated with different classifiers across a blockof classifiers. Policies can be configured without metering, or policies canbe configured with a single meter or match action that applies to all theclassifiers associated with that policy. Meters and action criteria cannot bedefined in both the policy definition and the individual classifier definition.

A policy can be created with a meter that is applied to all classifiers, anda policy can be created that has meters applied to individual classifiers;however, both types cannot be in the same policy or action.





Trusted, untrusted, and unrestricted interfaces 29

A meter applied to a policy has that metering criteria applied to each portof the interface group (role combination). In other words, the specifiedbandwidth is allocated on each port, not distributed across all ports.

Using meters, a Committed Rate in Kb/s (1000 b/s in each Kb/s) canbe set. All traffic within this Committed Rate is In-Profile. Additionally, aMaximum Burst Rate can be set that specifies an allowed data burst largerthan the Committed Rate for a brief period. After this is set, the systemoffers suggestions in choosing the Duration for this burst. Combined, theseparameters define the In-Profile traffic.

ATTENTIONThe range for the committed rate is 64 to 32000000 Kb/s.

An example of traffic policing is limiting traffic entering a port to a specifiedbandwidth, such as 5000 Kb/s (Committed Rate). Instead of dropping alltraffic that exceeds this threshold, a Maximum Burst Rate can be configuredto exceed the threshold (Committed Rate), for a brief period of time(Duration), without being dropped.

ATTENTIONThe range for the committed rate is 64 to 32000000 Kb/s.

Meter definitions where the committed burst size is too small, based on therequested committed rate, are rejected. The committed burst size can beonly one of the following discrete values (in bytes): 4096 (4K), 8192 (8K),16384 (16K), 32768 (32K), 65536 (64K), 131072 (128K), 262144 (256K),524288 (512K), 1048576 (1024K), 16777216 (16384K), 2097152 (2048K),4194304 (4096K), 8388608 (8192K).

Trusted, untrusted, and unrestricted interfacesNortel Ethernet Routing Switch 4500 Series ports are classified into threecategories: trusted untrusted unrestricted

The classifications of trusted, untrusted, and unrestricted actually apply togroups of ports (interface groups). These three categories are also referredto as interface classes. In your network, trusted ports are usually connectedto the core of the DiffServ network, and untrusted ports are typically accesslinks that are connected to end stations. Unrestricted ports can be eitheraccess links or connected to the core network.






At factory default, all ports are considered untrusted. However, for thoseinterface groups created, the default is unrestricted.Because a port can belong to only one interface group, a port is classifiedas trusted, untrusted, or unrestricted. These types are also referred to asinterface classes.Trusted and untrusted ports are automatically associated with policies thatinitiate default traffic processing. This default processing occurs if: no actions are initiated based on user-defined policy criteria that

matches the traffic.

OR the actions associated with the user-defined policy do not conflict with

the default processing actions.

The default processing of trusted and untrusted interfaces is as follows: Trusted interfaces -- IPv4 traffic received on trusted interfaces is

re-marked at the layer 2 level, that is, the 802.1p user priority value isupdated based on the DSCP value in the packet at ingress and theinstalled DSCP-to-CoS mapping data. The DSCP value is not updated.Remapping occurs, by default, only for standardized DSCP values (forexample, EF, AFXX) and any proprietary Nortel values. The DSCPvalues that are remapped are associated with a non-zero 802.1p userpriority value in the DSCP-to-COS Mapping Table.

Untrusted interfaces -- IPv4 traffic received on untrusted interfaces isre-marked at the layer 3 level--that is, the DSCP value is updated. Thenew DSCP value is determined differently depending on whether thepacket is untagged or tagged: Untagged frames

The DSCP value is derived using the default port priority of theinterface receiving the ingressing packet. This default port priorityis used to perform a lookup in the installed CoS-to-DSCP mappingtable.The 802.1p user priority value is unchanged--that is, the default portpriority determines this value.(Thus, the DSCP value on untagged frames on untrusted interfacesis updated using the default port priority of the ingress interface; theuser sets the default port priority).

Tagged framesThe DSCP value is re-marked to indicate best-effort treatment isall that is required for this traffic.





Trusted, untrusted, and unrestricted interfaces 31

The 802.1p user priority value is updated based on the DSCP-to-CoSmapping data associated with the best effort DSCP, which is 0.

"Default QoS fields by class of interface--IPv4 only" (page 31) shows thedefault guidelines the switch uses to re-mark various fields of IPv4 traffic(and layer 2 traffic matching IPv4) based on the class of the interface.These actions occur if the user does not intervene at all; they are the defaultactions of the switch.

Default QoS fields by class of interface--IPv4 onlyType of filter Action Trusted Untrusted Unrestricted

DSCP Does notchange

Tagged--Updates to 0(Standard)

Untagged--Updates usingmapping table and portsdefault value

Does notchange

IPv4 filtercriteria orLayer 2filter criteriamatching IPv4

IEEE 802.1p

Updates basedon DSCPmapping tablevalue

Updates based on DSCPmapping table value

Does notchange

ATTENTIONThe default for layer 2 non-IP traffic is to pass the traffic through all interfacesclasses with the QoS values for 802.1p and drop precedence unchanged.

The Nortel Ethernet Routing Switch 4500 Series does not trust the DSCP ofIPv4 traffic received from an untrusted port, however, it does trust the DSCPof IPv4 traffic received from a trusted port.L2 non-IP traffic, received on either a trusted port or an untrusted port,traverses the switch with no change.IPv4 traffic, received on a trusted port, has the 802.1p user priority valuere-marked and the drop precedence set, based on the DSCP in the receivedIP packet.If an IPv4 packet is received from a trusted port, and either it does not matchany of the classifier elements installed by the user on this port or it doesmatch a classifier element but is not dropped, the Nortel Ethernet RoutingSwitch 4500 Series uses default system classifiers to change the packetIEEE 802.1p and drop precedence based on the DSCP of the packet.






If an IPv4 packet is received from an untrusted port and it does not matchany one of the classifier elements installed by the user on the port, theNortel Ethernet Routing Switch 4500 Series uses default system classifiersto change the packet DSCP, IEEE 802.1p priority, and drop precedence asfollows: If the packet is tagged, the 802.1p user priority value is derived from the

DSCP-to-CoS mapping table using the best effort DSCP, which is 0. If an IPv4 packet is untagged, the Nortel Ethernet Routing Switch 4500

Series uses the default classifier to change the DSCP based on thedefault IEEE 802.1p priority of the ingress untrusted port to index intothe DSCP-to-CoS mapping table to determine the DSCP value.

System requirements for network service class definitions and mapping toDSCP

DiffServ Code Point(DSCP)

Logicalqueuenumber

Recommendedscheduler

Network serviceclass

CS7, CS6 2 Weighted NetworkEF, CS5 1 Priority PremiumAF1x, CS1 3 Weighted BronzeAF4x, AF3x, AF2x,CS4, CS3, CS2, DF(CSO), all unspecifiedDSCPs

4 Weighted Standard

Specifying policies

ATTENTIONConfigure interface groups (role combinations), classification criteria, actions, andmeters before attempting to reference that data in a policy.

When network traffic attributes match those specified in a traffic pattern, thepolicy instructs the network device to perform a specified action on eachpacket that passes through it. A policy is a set of rules and actions thatare applied to specific ports.When configuring policies, it is important to consider that the policy with thehighest precedence is evaluated first, then the policy with the next lowestprecedence and so on. The valid precedence range for QoS policies is1 to 7. For example, with a precedence of 1 to 7, the system begins theevaluation with 7, moves on to 6, and so forth.





Specifying policies 33

The valid precedence range can change if certain features are enabled.QoS shares resources with other switch applications such as MAC Securityand Port Mirroring. Allocations for non-QoS applications are dynamic. Thefollowing list describes how the precedence range is affected by enablingthese features: When MAC Security is enabled, it uses the highest available

precedence value. When Port Mirroring is enabled using one of the following modes:

Asrc, Adst, AsrcBdst, AsrcBdstOrBsrcAdst, AsrcOrAdst,XrxYtxOrYrxXtx, XrxYtx, and the highest available precedence willbe used by Port-Mirroring.

A policy can reference an individual classifier or a classifier block.A policy is a network traffic-controlling mechanism that monitors thecharacteristics of the traffic (for example, its source, destination, andprotocol), and performs a controlling action on the traffic when certainuser-defined characteristics are matched. A policy action is the effect apolicy has on network traffic that matches the traffic profile of the policy.The policies tie together: Actions Meters Classifier elements or classifiers or classifier blocks Interface groups

The policies, by connecting these user-defined configurations, control thetraffic on the switch.

Ports can be assigned to interface groups that are linked to policies.Port-based policies eliminate the need to create an interface group for asingle port, and are used to directly apply a policy to a single port.

Although a single policy can reference only one interface group, you canconfigure several policies that reference the same interface group. Thepolicies determine the traffic treatment of the flows.

ATTENTIONPolicies can be enabled and disabled. Policies do not have to be deleted to bedisabled. To modify a policy, it must first be deleted and a new policy created.

Statistics can also be tracked for QoS. The Nortel Ethernet Routing Switch4500 Series supports statistics for each policy and for each policy, classifier,or interface statistics tracking.






Packet flow using QoSUsing DiffServ and QoS, a specific performance level for packets can bedesignated. This system allows for network traffic prioritization. However, itrequires some thought to configure the prioritization. A number of policiescan be specified and each policy can match one or many flows, supportingcomplex classification scenarios.

This section contains a very simplified introduction to the many ways toprioritize packets using QoS. In simple terms, the methods of prioritizingpackets depend on the DSCP and the 802.1 priority level and dropprecedence.

The QoS class basically directs which group of packets receives thebest network throughput, which group of packets receives the next bestthroughput, and so on. The level of service for each packet is determinedby the configurable DSCP.

The available levels of QoS classes are currently named Network, Premium,Platinum, Gold, Silver, Bronze, and Standard. The level of service for eachpacket is determined by the configurable DSCP.

Classifier elements, classifiers, and classifier blocks basically sort thepackets by various configurable parameters. These parameters includeVLAN IDs, IP source and subnet address, IP protocol, and many others.

The classifiers/classifier blocks are associated with policies, and policiesare organized into a hierarchy. The policy with the highest precedence isevaluated first. The classifier elements, classifiers, and classifier blocksare associated with interface groups, in that packets from a specific portwill have the same classification parameters as all others in the particularinterface group (role combination).

Meters, operating at ingress, keep the sorted packets within certainparameters. A committed rate of traffic can be configured, allowing a certainsize for a temporary burst, as In-Profile traffic. All other traffic is configuredas Out-of-Profile traffic. If you choose not to meter the flow, you do notconfigure meters.

Actions determine how the traffic is treated.

The overall total of all the interacting QoS factors on a group of packetsis a policy. Policies can be configured that monitor the characteristicsof the traffic and perform a controlling action on the traffic when certainuser-defined characteristics are matched.

"QoS Policy Schematic" (page 35) provides a schematic overview of QoSpolicies.





Queue sets 35

QoS Policy Schematic

Queue setsA QoS queue set is used to logically represent the queuing capabilities thatare associated with an egress QoS interface. A queue set is comprised of anumber of related queuing components that dictate the queuing behaviorsupported by the set itself. These include: Queue service discipline, indicates the means through which queues

(competing for limited transmission bandwidth) and the packets held inthe queues are scheduled for transmission.

Queue bandwidth allocation, indicates the absolute or relative amountof bandwidth that can be consumed by the queues in the set. Whenqueues are serviced using a Weighted Round Robin (WRR) discipline,these values represent the weights associated with the queues.

Queue service order, when multiple service disciplines are in use,the service order indicates service precedence assigned to individualqueues (strict priority) or clusters of queues (WRR).

ATTENTIONEgress queuing and buffering characteristics and the CoS-to-queue priorities arethe same across all QoS ports. The Nortel Ethernet Routing Switch 4500 Serieshas factory default queue set and buffer allocation mode values based on the thefollowing parameters: default queue set: queue set 4 (WRR) buffer allocation mode: Maximum

Modifying CoS-to-queue prioritiesThe association of 802.1p, or CoS, values to each queue within the queueset can be modified. Within the queue set a value of 0 to 7 can be assignedto each queue in the set.






ATTENTIONAny modification to the CoS-to-queue values takes effect immediately; the systemdoes have to be reset to modify these values.

QoS configuration guidelinesClassifiers can be installed that act on traffic destined for the switch, such asICMP Echo Requests (ping) and SNMP messages. If the associated actionis to drop the traffic, the switch is locked from further use.When using QoS on the Ethernet Routing Switch 4500, resources areshared across groups of ports. Each hardware device (ASIC) contains 24 to26 ports (see the following table) and supports the following scaling: Up to 128 classifiers for each mask precedence for each ASIC. Up to 64 meters for each mask precedence for each ASIC. Up to 64 counters for each mask precedence for each ASIC. Up to 8 precedence masks for each port. Up to 16 range checkers for each ASIC.

Model ASIC Device 1 ASIC Device 24526FX Port 1 - 264550T Port 1 - 24 Port 25 - 504550T-PWR Port 1 - 24 Port 25 - 484548GT Port 1 - 24 Port 25 - 484548GT-PWR Port 1 - 24 Port 25 - 484526T Port 1 - 264526T-PWR Port 1 - 264524GT Port 1 - 244526GTX Port 1 - 264526GTX-PWR Port 1 - 26

To view QoS resources, use the NNCLI command show qos diag.Up to 8 policies, composed of up to 128 rules each can be added for eachhardware device (ASIC).

QoS configuration exampleIf you are using QoS on the Ethernet Routing Switch 4500 Series4548GT switch, you can add up to 128 rules to any ports from 1 to 24,using policy preference 7. You can also add another 128 rules to anyports from 25 to 48, using the same policy preference (7).





Queue sets 37

ATTENTIONA maximum of 16 port ranges are supported for each hardware device (ASIC).

Up to 8 policies, composed of up to 128 rules each can be added for eachhardware device (ASIC).Using unrestricted role for ports, traffic will be prioritized based on 802.1ppriority, allowing filters to be configured based on specific application needs.For example, assign all packets marked with DSCP EF priority, such as withVoIP, to the highest priority queue.

Exampleqos if-group name "Trust_VoIP" class unrestrictedno qos if-assign port 2-50qos if-assign port 1 name Trust_VoIPqos ip-element 1 ds-field 46qos classifier 1 set-id 1 name "Trust_VoIP"element-type ip element-id 1qos policy 1 name "Trust_VoIP" if-group "Trust_VoIP"clfr-type classifier clfr-id 1 in-profile-action 7precedence 7 track-statistics





39

Chapter 2Configuring Quality of Service (QoS)with the CLI

This chapter discusses how to configure DiffServ and Quality of Service(QoS) parameters for policy-enabled networks using the Command LineInterface (CLI).

ATTENTIONWhen the ignore value is used in QoS, the system matches all values for thatparameter.

Displaying QoS ParametersQoS parameters are displayed using the show qos command.

The show qos command displays the current QoS policy configuration.

The syntax for the show qos command is

show qos

[acl-assign |if-group |if-assign [port ]|queue-set |queue-set-assignment |

ingressmap |

egressmap [ds | status]|ip-element [user | system | all | ] |





Displaying QoS Parameters 41

Parameter Descriptionip-element [user | system | all| ]

Displays the IP classifier element entries.

user - displays only user-created and defaultentries

system - displays only system entries all - displays user-created, default, and

system entries - displays a particular entry

Default is all.

l2-element [user | system | all|]

Displays the Layer 2 element entries.




Default is all.

system-element [user | system| all | ]

Displays the system classifier element entries.

classifier [user | system | all]

Displays the classifier set entries.




Default is all.





Displaying QoS Parameters 43

Parameter Descriptionmeter [user | system | all |]

Displays the meter entries.

user - displays user-created and defaultentries



Default is all.

if-shaper port Displays the interface shaping parameters.policy [user | system | all |1-65535>]

Displays the policy entries.




Default is all.

statistics Displays the policy and filter statistics values.nsna [classifier | interface |name ]

Displays the nsna entries:

classifier - displays QoS NSNA classifierentries.

interface - displays QoS NSNA interfaceentries.

name - specify the label to display aparticular NSNA template entry.

agent Displays the global QoS parameters.






Parameter Descriptiondiag [mask | resource] Displays the diagnostics entries. Mask displays

the QoS mask precedence use, and resourcedisplays the QoS resource use.

ip-acl Displays the specified IP access list assignmententry.

l2-acl Displays the specified Layer 2 access listassignment entry.

capability [meter | shaper][port ]

Displays QoS meter or shaper port capabilities.

The show qos command is executed in the Privileged EXEC commandmode.

Configuring QoS Access ListsThe CLI commands described in this section allow for the configurationand management of QoS access lists. For information on displaying thisinformation, refer to "Displaying QoS Parameters" (page 39).

qos acl-assign commandThe qos acl-assign command is used to assign ports to an access list.

The syntax for the qos acl-assign command is

qos acl-assign [] [enable][port ]acl-type {ip | l2}name

"qos acl-assign parameters" (page 44) outlines the parameters for thiscommand.

qos acl-assign parametersParameter Description A unique identifier for the access list assignment.enable Enable the access-list assignment entry.port The list of ports assigned to the specified access list.acl-type {ip | l2} The type of access list used; IP or Layer 2.name The name of the access list to be used. Access lists

must be configured before ports can be assigned tothem. Refer to "qos ip-acl command" (page 45) and"qos l2-acl command" (page 46) for information onperforming these tasks.





Configuring QoS Access Lists 45

This command is executed in the Global Configuration command mode.

no qos acl-assign commandThe no qos acl-assign command removes an access list assignment.

The no qos acl-assign enable command disablesan access list assignment.

The syntax for this command is

no qos acl-assign enable

Substitute above with the unique identifier of the accesslist assignment to remove or disable.

Run the no qos acl-assign command in Global Configuration commandmode.

qos ip-acl commandThe qos ip-acl command creates an IP access list.


qos ip-acl name [addr-type ][src-ip ][dst-ip ][ds-field ][{protocol | next_header}][src-port-min

src-port-max ][dst-port-min

dst-port-max ][session-id ][drop-action {enable | disable}][update-dscp ][update-1p ][set-drop-prec {high drop | low drop}][block ]

"qos ip-acl parameters" (page 45) outlines the parameters for this command.qos ip-acl parametersParameter Descriptionname The name assigned to this access list.addr-type The IP address type to use for the access list; range

is ipv4 or ipv6.






Parameter Descriptionsrc-ip The source IP address and mask to use for this access

list, in the form of a.b.c.d/x for IPv4, or x:x:x:x:x:x:x:x/zfor IPv6.

dst-ip The destination IP address to use for this access list.ds-field The DSCP value to use for this access list; range is 0-63.{protocol | next_header}

The protocol type or IP header to use with this accesslist.

src-port-min src-port-max

The minimum and maximum source ports to use withthis access list. Both values must be specified.

dst-port-min dst-port-max

The minimum and maximum destination ports to usewith the access list. Both values must be specified.

session-id The flow ID to use with this access list.drop-action {enable |disable}

The drop action to use for this access list. Enablespecifies to drop packets and disable specifies to notdrop packets.

update-dscp The DSCP value to update for this access list.update-1p The 802.1p value to update for this access list.set-drop-prec{high-drop | low-drop}

The drop precedence to configure for this access list.

block The block name to associate with the access list.


no qos ip-acl commandThe no qos ip-acl command is used to remove an IP access list.


no qos ip-acl

Substitute above with the unique identifier of the IP access listto remove. This value is between 1 and 55000.


qos l2-acl commandThe qos l2-acl command is used to create a Layer 2 access list.


qos l2-acl name





Configuring QoS Access Lists 47

[src-mac ][src-mac-mask][dst-mac ][dst-mac-mask][vlan-min

vlan-max ][vlan-tag ][ethertype ][priority ][drop-action {enable | disable}][update-dscp ][update-1p ][set-drop-prec {high-drop | low-drop}][block ]

"qos l2-acl parameters" (page 47) outlines the parameters for this command.qos l2-acl parametersParameter Descriptionname The name assigned to this access list.src-mac

The source MAC address to use for this access list.

src-mac-mask

The source MAC address mask to use for this accesslist.

[dst-mac ]

The destination MAC address to use for this accesslist.

dst-mac-mask

The destination MAC address mask to use for thisaccess list.

vlan-min vlan-max

The minimum and maximum VLANs to use with thisaccess list. Both values must be specified.

vlan-tag

Specify the VLAN tag classifier criteria: untagged tagged

The default is Ignore.

ethertype The Ethernet protocol type to use with the access list.priority The priority value to use with this access list. Valid

range is 0-7 or all.






Parameter Descriptiondrop-action {enable |disable}

The drop action to use for this access list. Enablespecifies to drop packets and disable specifies to notdrop packets.

update-dscp The DSCP value to update for this access list.update-1p The 802.1p value to update for this access list.set-drop-prec {high-drop| low-drop}

The drop precedence to configure for this access list.

block The block name to associate with the access list.


no qos l2-acl commandThe no qos l2-acl command is used to remove a Layer 2 access list.


no qos l2-acl

Substitute above with the unique identifier of the IP access listto remove. This value is between 1 and 55000.


Configuring the CoS-to-Queue AssignmentsCoS-to-queue assignments can be queried and modified using the followingCLI commands.

qos queue-set-assignment commandThe qos queue-set-assignment command associates the 802.1ppriority values with a specific queue within a specific queue set. Thisassociation determines the egress scheduling treatment that traffic with aspecific 802.1p priority value receives.

ATTENTIONThe Ethernet Routing Switch 4500 supports a fixed queue set size of 4.

The syntax for the qos queue-set-assignment command is

qos queue-set-assignment queue-set 4 1p queue

"qos queue-set-assignment parameters" (page 49) outlines the parametersfor this command.





Configuring QoS Interface Groups 49

qos queue-set-assignment parametersParameter Description1p Enter the 802.1p priority value for which the queue

association is being modified; range is between 0 and 7.queue Enter a number from 1 to 4 to specify the queue within

the identified queue set to assign the 802.1p prioritytraffic at egress.

The qos queue-set-assignment command is executed in the GlobalConfiguration command mode.

Configuring QoS Interface GroupsPorts can be added or deleted to or from an interface group or add ordelete the interface groups themselves. This section covers the followingCLI commands.

qos if-assign commandThe qos if-assign command adds ports to a defined interface group.

The syntax for the qos if-assign command is

qos if-assign [port ] name []

"qos if-assign parameters" (page 49) describes the parameters for thiscommand.

qos if-assign parametersParameter Descriptionport Enter the ports to add to interface group.name Specify name of interface group.

The qos if-assign command is executed in the Interface Configurationcommand mode.

ATTENTIONThe system automatically removes the port from an existing interface group toassign it to a new interface group.

no qos if-assign commandThe no qos if-assign command deletes ports from a defined interfacegroup.

The syntax for the no qos if-assign command is






no qos if-assign [port ]

Substitute port above with the ports to delete from theinterface group.

The no qos if-assign command is executed in the InterfaceConfiguration command mode.

qos if-group commandThe qos if-group command creates interface groups.

The syntax for the qos if-group command is

qos if-group name class "qos if-group parameters" (page 50) outlines the parameters for thiscommand.

qos if-group parametersParameter Descriptionname Enter the name of the interface group; maximum is 32

US-ASCII. Name must begin with a letter a..z or A..Z.class field; QoS:trusted ports;QoS:untrusted ports;QoS: unrestrictedports; interfaces;QoS:interfaces class

Defines a new interface group and specifies the classof traffic received on interfaces associated with thisinterface group: trusted untrusted unrestricted

The qos if-group command is executed in the Global Configurationcommand mode.

no qos if-group commandThe no qos if-group command deletes interface groups.

The syntax for the no qos if-group command is

no qos if-group name

Substitute above with the name of the interface group to delete.

The no qos if-group command is executed in the Global Configurationcommand mode.





Configuring DSCP and 802.1p and Queue Associations 51

ATTENTIONAn interface group referenced by an installed policy cannot be deleted.

Configuring DSCP and 802.1p and Queue Associations.

DSCP, IEEE802.1p priority, and queue set association can be configuredusing the CLI. This section covers the CLI following commands.

qos egressmap commandThe qos egressmap command configures DSCP-to-802.1p priority anddrop precedence associations that are used for assigning these values atpacket egress, based on the DSCP in the received packet.

The syntax for the qos egressmap command is

qos egressmap [name ] [ds ] [1p ][dp ]"qos egressmap parameters" (page 51) outlines the parameters for thiscommand.

qos egressmap parametersParameter Descriptionname Specify the label for the egress mapping.ds Enter the DSCP value used as a lookup key for

802.1p priority and drop precedence at egress whenappropriate; range is between 0 and 63.

1p Enter the 802.1p priority value associated with theDSCP; range is between 0 and 7.

dp

Enter the drop precedence values associated with theDSCP: low-drop high-drop

The qos egressmap command is executed in the Global Configurationcommand mode.






default qos egressmap commandThe default qos egressmap command resets the egress mappingentries to factory default values.

The syntax for the default qos egressmap command is

default qos egressmap

The default qos egressmap command is executed in the GlobalConfiguration command mode.

qos ingressmap commandThe qos ingressmap command configures 802.1p priority-to-DSCPassociations that are used for assigning default values at packet ingressbased on the 802.1p value in the ingressing packet.

The syntax for the qos ingressmap command is

qos ingressmap [name ] 1p ds

"qos ingress

Manual Nortel switch

Documents

Transcript of Manual Nortel switch