NE5000E V800R003C00 Configuration Guide - QoS 01(PDF)

HUAWEI NetEngine5000E Core RouterV800R003C00

Configuration Guide - QoS

Issue 01

Date 2012-06-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 01 (2012-06-30) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

About This Document

Intended AudienceThis document provides the basic concepts, configuration procedures, and configurationexamples in different application scenarios of the QoS feature supported by the NE5000E device.

This document describes how to configure the QoS feature.

This document is intended for:

l Data configuration engineersl Commissioning engineersl Network monitoring engineersl System maintenance engineers

Related Versions (Optional)The following table lists the product versions related to this document.

Product Name Version

HUAWEI NetEngine5000ECore Router

V800R003C00

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a high level of risk, which if notavoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk, whichif not avoided, could result in minor or moderate injury.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS About This Document


ii

Symbol Description

Indicates a potentially hazardous situation, which if notavoided, could result in equipment damage, data loss,performance degradation, or unexpected results.

Indicates a tip that may help you solve a problem or save time.

Provides additional information to emphasize or supplementimportant points of the main text.

Command Conventions (Optional)The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated byvertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated byvertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated byvertical bars. A minimum of one item or a maximum of allitems can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated byvertical bars. Several items or no item can be selected.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Change HistoryUpdates between document issues are cumulative. Therefore, the latest document issue containsall updates made in previous issues.

Changes in Issue 01 (2012-06-30)

The initial commercial release.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS About This Document


iii

Contents

About This Document.....................................................................................................................ii

1 QoS Overview................................................................................................................................11.1 Introduction to QoS............................................................................................................................................2

1.1.1 Traditional Packets Transmission Application..........................................................................................21.1.2 New Applications Requirements...............................................................................................................2

1.2 End-to-End QoS Model......................................................................................................................................31.2.1 Best-Effort Service Model.........................................................................................................................31.2.2 Integrated Service Model...........................................................................................................................31.2.3 Differentiated Service Model....................................................................................................................4

2 Traffic Policing, Traffic Shaping, and Interface-based Rate Limit.....................................92.1 Introduction to Traffic Policing, Traffic Shaping, and Interface Rate Limit....................................................112.2 Traffic Policing, Traffic Shaping and Interface Rate Limit Supported by the NE5000E................................152.3 Configuring Interface-Based Traffic Policing..................................................................................................152.4 Configuring Traffic Policing Based on Complex Traffic Classification..........................................................17

2.4.1 Defining Traffic Classifiers.....................................................................................................................182.4.2 Defining a Traffic Behavior and Configuring Traffic Policing Actions.................................................202.4.3 Defining a Traffic Policy.........................................................................................................................212.4.4 Applying a Traffic Policy........................................................................................................................212.4.5 Checking the Configuration.....................................................................................................................22

2.5 Configuring Traffic Shaping............................................................................................................................242.6 Configuring Interface-based Rate Limit...........................................................................................................282.7 Maintaining Traffic Policing, Traffic Shaping and Interface-based Rate limit................................................29

2.7.1 Clearing Statistics on CAR......................................................................................................................292.8 Configuration Examples...................................................................................................................................30

2.8.1 Example for Configuring Traffic Policing, Traffic Shaping, and Interface-based Rate Limit................30

3 Congestion Avoidance Configuration.....................................................................................353.1 Introduction to Congestion Avoidance.............................................................................................................363.2 Congestion Avoidance Supported by the NE5000E.........................................................................................373.3 Configuring WRED..........................................................................................................................................37

3.3.1 Configuring WRED Templates...............................................................................................................383.3.2 Applying WRED.....................................................................................................................................393.3.3 Checking the Configuration.....................................................................................................................40

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS Contents


iv

3.4 Configuration Example.....................................................................................................................................413.4.1 Example for Configuring Congestion Avoidance...................................................................................41

4 Class-based QoS Configuration...............................................................................................444.1 Class-based QoS Overview..............................................................................................................................464.2 Class-based QoS Supported by the NE5000E..................................................................................................484.3 Configuring CTC-based Traffic Policies for IP Packets..................................................................................48

4.3.1 Defining a Traffic Classifier....................................................................................................................494.3.2 Defining a Traffic Behavior and Configuring Actions............................................................................524.3.3 Defining a Policy and Specifying a Behavior for a Classifier in the Policy............................................564.3.4 Applying a Traffic Policy........................................................................................................................574.3.5 Enabling the Statistical Function of a Traffic Policy..............................................................................584.3.6 Checking the Configuration.....................................................................................................................59

4.4 Configuring Priority Mappings for IP Packets.................................................................................................604.5 Configuring CTC-based Traffic Policies for VLAN Packets...........................................................................64

4.5.1 Configuring Rules for Mapping VLAN Frame Priorities.......................................................................654.5.2 Configuring VLAN Priorities..................................................................................................................664.5.3 Defining a Traffic Policy and Specifying Its Traffic Behaviors..............................................................664.5.4 Applying a Traffic Policy........................................................................................................................674.5.5 Enabling the Statistical Function of a Traffic Policy..............................................................................684.5.6 Checking the Configuration.....................................................................................................................69

4.6 Configuring Priority Mappings for VLAN Packets.........................................................................................704.7 Configuring Priority Mappings for MPLS Packets..........................................................................................724.8 Maintaining Class-based QoS Configuration...................................................................................................74

4.8.1 Clearing Statistics of a Traffic Policy......................................................................................................744.9 Configuration Example.....................................................................................................................................75

4.9.1 Example for Configuring a Traffic Policy Based on Complex Traffic Classification............................754.9.2 Example for Configuring CTC-based Traffic Policies for VLAN Packets.............................................844.9.3 Example for Configuring Priority Mappings for VLAN Packets Traffic Based on Simple TrafficClassification....................................................................................................................................................864.9.4 Example for Configuring Priority Mappings Based on Simple Traffic Classification (MPLS).............90

5 QPPB Configuration...................................................................................................................945.1 QPPB Overview...............................................................................................................................................955.2 QPPB Supported by the NE5000E...................................................................................................................955.3 Configuring Source-Based QPPB....................................................................................................................97

5.3.1 Configuring Routing Policies on a BGP Route Sender...........................................................................995.3.2 Configuring Routing Policies on a BGP Route Receiver......................................................................1005.3.3 Configuring Traffic Behaviors on a Route Receiver.............................................................................1025.3.4 Configuring QPPB Local Policies on a BGP Route Receiver...............................................................1035.3.5 Applying a QPPB Local Policy to an Interface.....................................................................................1035.3.6 Checking the Configuration...................................................................................................................104

5.4 Configuring Destination-Based QPPB...........................................................................................................1055.4.1 Configuring Routing Policies on a BGP Route Sender.........................................................................107



v

5.4.2 Configuring Routing Policies on a BGP Route Receiver......................................................................1085.4.3 Configuring Traffic Behaviors on a Route Receiver.............................................................................1095.4.4 Configuring QPPB Local Policies on a BGP Route Receiver...............................................................1105.4.5 Applying a QPPB Local Policy to an Interface.....................................................................................1115.4.6 Checking the Configuration...................................................................................................................112

5.5 Maintaining QPPB..........................................................................................................................................1135.5.1 Clearing Statistics About a QPPB Policy..............................................................................................113

5.6 Configuration Examples.................................................................................................................................1135.6.1 Example for Configuring QPPB............................................................................................................113

6 MPLS DiffServ-Mode Configuration....................................................................................1206.1 MPLS DiffServ Models Overview.................................................................................................................1216.2 MPLS Pipe/Short Pipe Supported by the NE5000E.......................................................................................1246.3 Configuring the Uniform/Pipe Mode for MPLS TE......................................................................................1246.4 Configuring the Uniform/Pipe Mode for the MPLS Penultimate Hop..........................................................1256.5 Configuring the Pipe/Short Pipe Mode for VPNs..........................................................................................1266.6 Configuration Examples.................................................................................................................................127

6.6.1 Examples for Configuring MPLS Diff-Serv Modes..............................................................................127



vi

1 QoS Overview

About This Chapter

This chapter describes the performance measurement of services provided by the serviceprovider. It also introduces some QoS solutions, such as RSVP and Diff-Serv Model.

1.1 Introduction to QoSThis section describes the basic concepts of the Quality of Service (QoS), traditional packetdelivery services, new demands resulting from new services, and QoS features supported by theproduct.

1.2 End-to-End QoS ModelThis section describes the end-to-end service of QoS.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS 1 QoS Overview


1

1.1 Introduction to QoSThis section describes the basic concepts of the Quality of Service (QoS), traditional packetdelivery services, new demands resulting from new services, and QoS features supported by theproduct.

Quality of service (QoS) is used to assess the ability of the supplier to meet the customerdemands. In the Internet, QoS is used to assess the ability of the network to transmit packets.The network provides a wide variety of services and therefore, QoS should be assessed fromdifferent aspects.

QoS generally refers to the analysis of the issues related to the process of sending packets suchas, bandwidth, delay, jitter, and packet loss ratio.

1.1.1 Traditional Packets Transmission Application

It is difficult to ensure QoS in the traditional IP network. Because routers in the network handleall the packets equally and adopt First In First Out (FIFO) method to transfer packets. Resourcesused for forwarding packets are allocated based on the arrival sequence of the packets.

All packets share the bandwidth of networks and routers. Resources are allocated according tothe arrival time of the packets. This policy is called best effort (BE) . The device in this modetries its best to transmit packets to the destination. The BE mode, however, does not ensure anyimprovement in delay time, jitter, packet loss ratio, and high reliability.

The traditional BE mode applies only to services such as World Wide Web (WWW), file transfer,and email, which have no specific request for bandwidth and jitter.

1.1.2 New Applications Requirements

With the rapid development of the network, increasing number of networks are connected to theInternet. The Internet expands greatly in size, scope, and users. The use of the Internet as aplatform for data transmission and implementation of various applications is on the rise. Further,the service providers also want to develop new services for more profits.

Apart from traditional applications such as WWW, email, and File Transfer Protocol (FTP), theInternet has expanded to accommodate other services such as E-learning, telemedicine,videophone, videoconference, and video on demand. Enterprise users want to connect theirbranches in different areas through VPN technologies to implement applications such asaccessing corporate databases or managing remote devices through Telnet.

These new applications put forward special requirements for bandwidth, delay, and jitter. Forexample, videoconference and video on demand require high bandwidth, low delay, and lowjitter. Telnet stresses on low delay and priority handling in the event of congestion.

As new services spring up, the number of requests for the service capability of IP networks hasbeen on the rise. Users expect improved service transmission to the destination and also betterquality of services. For example, IP networks are expected to provide dedicated bandwidth,reduce packet loss ratio, avoid network congestion, control network flow, and set the preferenceof packets to provide different QoS for various services.

All these demand better service capability from the network, and QoS is just an answer to therequirements.



2

1.2 End-to-End QoS ModelThis section describes the end-to-end service of QoS.

Different service models are provided for user services to ensure QoS according to users'requirements and the quality of the network. The common service models are as follows:

l Best-Effort service modell Integrated service modell Differentiated service model

1.2.1 Best-Effort Service ModelThe BE service model is applicable to the services that are insensitive to the delay and has lowerrequirements for reliability. BE is realized through the FIFO mechanism.

Best-Effort is an indiscriminate and the simplest service model. Application programs can,without notifying the network or obtaining any approval from the network, send any number ofpackets at any time. For the Best-Effort service, the network tries its best to send packets, butcannot ensure the performance such as delay and reliability. The Best-Effort model is the defaultservice model of the Internet and can be applied to most networks, such as FTP and email,through the First-in-First-out (FIFO) queue.

1.2.2 Integrated Service ModelIn the integrated service model, the application program applies to the network for specificservice, and does not send packets until the arrival of confirmation that the network has reservedresources for it.

The integrated service model is called IntServ for short. IntServ is an integrated service modeland can meet various QoS requirements. In this service model, before sending packets, anapplication program needs to apply for specific services through signaling. The applicationprogram first notifies the network of its traffic parameters and the request for special servicequalities such as bandwidth and delay. After receiving the confirmation of the network thatresources have been reserved for packets, the application program begins sending packets. Thesent packets are controlled within the range specified by the flow parameters.

After receiving the request for resources from the application program, the network checks theresource allocation. That is, based on the request and current available resources, the networkdetermines whether to allocate resources for the application program or not. Once the networkconfirms that resources are allocated for the packets, and as long as the packets are controlledwithin the range specified by the flow parameters, the network is certain to meet the QoSrequirements of the application program. The network maintains a state for each flow that isspecified by the source and destination IP addresses, interface number, and protocol number.Based on the state, the network classifies packets and performs traffic policing, queuing, andscheduling to fulfil its commitment to the application program.

Integrated service can provide the following services:

l Guaranteed service: provides the preset bandwidth and delay to meet the requirements ofthe application program. For example, a 10 Bit/s bandwidth and a delay less than one secondcan be provided for Voice over IP (VoIP) services.

l Controlled-load service: If network overload occurs, packets can still be provided with theservice similar to that provided in the absence of network overload. That is, when traffic



3

congestion occurs on the network, less delay and high pass rate are ensured for the packetsof certain application programs.

1.2.3 Differentiated Service ModelIn the differentiated service model, the application program does not need to send its request fornetwork resources before sending packets. Instead, the application program notifies networknodes of its QoS requirements by setting QoS parameters in the IP header.

The differentiated service model is called DiffServ for short. In the model, the applicationprogram does not need to send its request for network resource before sending the packets. Theapplication program informs network nodes of its demand for QoS by using QoS parameters inthe IP packet header. Then routers along the path obtain the demand by analyzing the header ofthe packet.

To implement Diff-Serv, the access router classifies packets and marks the class of service (CoS)in the IP packet header. The downstream routers then identify the CoS and forward the packetson the basis of CoS. Diff-Serv is therefore a class-based QoS solution.

Diff-Serv Model in IP Networkl Diff-Serv Networking

The network node that implements Diff-Serv is called a DS node. A group of DS nodesthat adopt the same service policy and the same per-hop behavior (PHB) is called a DSdomain. See Figure 1-1.DS nodes are classified into the following two modes:– DS border node(DS node1 and DS node2): Connects DS domain with non-DS domain.

This node controls traffic and sets Differentiated Services CodePoint (DSCP) value inpackets according to the Traffic Conditioning Agreement (TCA).

– DS interior node(DS node3): Connects a DS border node with other interior nodes orconnects interior nodes in a DS domain. This node carries out only the simple trafficclassification and traffic control based on the DSCP value.

Figure 1-1 Diff-Serv networking diagram

Non-DS domain Non-DS domain

DS domainDS node1 DS node2

DS node3



4

l DS Field and DSCP

The Type of Service (ToS) octet in IPv4 packet header is defined in RFC791, RFC134, andRFC1349. As shown in Figure 1-2, the ToS octet contains the following fields: Precedence:It is of three bits (bits 0 through 2). It indicates the precedence of the IP packet. D bit: It isof one bit and indicates delay. T bit: It is of one bit and indicates throughput. R bit: It is ofone bit and indicates reliability. C bit: It is of one bit and indicates cost. The highest bit ofToS field has to be 0.The router first checks the IP precedence of packets to implement QoS. The other bits arenot fully used.The ToS octet of IPv4 packet header is redefined in RFC2474, called DS field. As shownin Figure 1-2: Bits 0 through 5 in DS field are used as DSCP. Bit 6 and bit 7 are the reservedbits. Bits 0 through 2 are Class Selector CodePoint (CSCP), which indicate a type of DSCP.DS node selects PHB according to the DSCP value.

Figure 1-2 ToS field and DS field

DSCP

DS Field

CSCP unused

IPv4 ToS

0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7

Precedence DTRC 0

The DSCP field within the DS field is capable of conveying 64 distinct codepoints. Thecodepoint space is divided into three pools as shown in Table 1-1.

Table 1-1 Classification of DSCP

Code Pool Code Space Usage

1 xxxxx0 Standard action

2 xxxx11 EXP/LU (experiment or local use)

3 xxxx01 EXP/LU (can be used as the extended space forfuture standard action)

Code pool 1 (xxxxx0) is used for standard action, code pool 2 (xxxx11) and code pool 3(xxxx01) are used for experiment or future extension.

l Standard PHBThe DS node implements the PHB behavior on the data flow. The network administratorcan configure the mapping from DSCP to PHB. When a packet is received, the DS nodedetects its DSCP to find the mapping from DSCP to PHB. If no matching mapping is found,the DS node selects the default PHB (Best-Effort, DSCP=000000) to forward the packet.All the DS nodes support the default PHB.



5

The following are the four standard PHBs defined by the IETF: Class selector (CS),Expedited forwarding (EF), Assured forwarding (AF) and Best-Effort (BE). The defaultPHB is BE.– CS PHB

Service levels defined by the CS are the same as the IP precedence used on the network.The value of the DSCP is XXX000 where the value of "X" is either 1 or 0. When thevalue of DSCP is 000000, the default PHB is selected.

– EF PHBEF means that the flow rate should never be less than the specified rate from any DSnode. EF PHB cannot be re-marked in DS domain except on border node. New DSCPis required to meet EF PHB features.EF PHB is defined to simulate the forwarding of a virtual leased line in the DS domainto provide the forwarding service with low drop ratio, low delay, and high bandwidth.

– AF PHBAF PHB allows traffic of a user to exceed the order specification agreed by the user andthe ISP. It ensures that traffic within the order specification is forwarded. The trafficexceeding the specification is not simply dropped, but is forwarded at lower servicepriorities.Four classes of AF: AF1, AF2, AF3, and AF4 are defined. Each class of AF can beclassified into three different dropping priorities. AF codepoint AFij indicates AF classis i (1<=i<=4) and the dropping priority is j (1<=j<=3). When providing AF service,the carrier allocates different bandwidth resource for each class of AF.A special requirement for AF PHB is that the traffic control cannot change the packetsequence in a data flow. For instance, in traffic policing, different packets in a serviceflow are marked with different dropping priorities even if the packets belong to the sameAF class. Although the packets in different service flows have different dropping ratio,their sequence remains unchanged. This mechanism is especially applicable to thetransmission of multimedia service.

– BE PHBBE PHB is the traditional IP packet transmission that focuses only on reachability. Allrouters support BE PHB.

l Recommended DSCPDifferent DS domains can have self-defined mapping from DSCP to PHB. RFC2474recommends code values for BE, EF, AFij, and Class Selector Codepoints (CSCP). CSCPis designed to be compatible with IPv4 precedence model.– BE: DSCP=000000– EF: DSCP=101110– AFij codepoint

AFij codepoint is shown in Table 1-2.

Table 1-2 AF codepoint

ServiceClass

Low DroppingPriority, j=1

MediumDropping Priority,j=2

High DroppingPriority, j=3

AF(i=4) 100010 100100 100110



6

ServiceClass

Low DroppingPriority, j=1

MediumDropping Priority,j=2

High DroppingPriority, j=3

AF(i=3) 011010 011100 011110

AF(i=2) 010010 010100 010110

AF(i=1) 001010 001100 001110

In traffic policing:– If j=1, the packet color is marked as green.– If j=2, the packet color is marked as yellow.– If j=3, the packet color is marked as red.

The first three bits of the same AF class are identical. For example, the first threebits of AF1j are 001; that of AF3j are 011, that of AF4j are 100. Bit 3 and bit 4indicate the dropping priority which has three valid values including 01, 10, and 11.The greater the Bit value, the higher the dropping priority.

– Class selector codepointIn the Diff-Serv standard, the CSCP is defined to make the DSCP compatible withthe precedence field of the IPv4 packet header. The routers identify the priority ofthe packets through IP precedence. The IP precedence and the CSCP parametersmap with each other. The user should configure the values for these parameters. InCSCP, the higher the value of DSCP=xxx000 is, the lower the forwarding delay ofPHB is.The default mapping between CSCP and IPv4 precedence is shown in Table 1-3.

Table 1-3 The default mapping between IPv4 precedence and CSCP

IPv4Precedence

CSCP (inbinary)

CSCP (in dotteddecimal)

ServiceClass

0 000000 0 BE

1 001000 8 AF1

2 010000 16 AF2

3 011000 24 AF3

4 100000 32 AF4

5 101000 40 EF

6 110000 48 EF

7 111000 56 EF



7

Diff-Serv Model in the MPLS Networkl EXP field

Defined in RFC3032, MPLS packet header is shown in Figure 1-3. EXP field is of threebits. Its value ranges from 0 to 7 and indicates the traffic type. By default, EXP correspondsto IPv4 priority.

Figure 1-3 Position of EXP field

EXP 20 21 22 230 1 2 3..... 31

LABEL TTL

MPLS Header

S

l Processing QoS Traffic in MPLS Domain

– Processing QoS Traffic on the Ingress DeviceOn the Ingress device of MPLS domain, you can limit the data flow by setting theCommitted Access Rate (CAR) to ensure that the data flow complies with MPLSbandwidth regulations. Besides, you can assign different priorities to the IP packetsaccording to certain policies.One-to-one mapping can be achieved since the IP precedence field and the EXP fieldare both 3 bits. In Diff-Serv domain, however, the DSCP field of IP packet is 6 bits,which is different from the length of EXP and thus leads to many-to-one mapping. It isdefined that the first 3 bits of DSCP (that is, CSCP) are mapped with EXP.

– Processing QoS Traffic on the Device in the MPLS DomainWhen forwarding the MPLS label, the LSR in MPLS carries out queue schedulingaccording to the EXP field in the labels of packets that are received. This ensures thatpackets with higher priority enjoy better service.

– Processing QoS Traffic on the Egress DeviceOn the Egress device of MPLS domain, you need to map EXP field to DSCP field ofIP packet. By standard, the first 3 bits of DSCP (that is, CSCP) take the value of EXP,and the last 3 bits take 0.

It should be noted that QoS is an end-to-end solution, while MPLS only ensures that data canenjoy the services regulated in SLA. After the data enters the IP network, IP network ensuresQoS.



8

2 Traffic Policing, Traffic Shaping, andInterface-based Rate Limit

About This Chapter

This section describes the basic concepts and implementation of traffic policing, traffic shaping,and interface rate limit.

2.1 Introduction to Traffic Policing, Traffic Shaping, and Interface Rate LimitTraffic policing, traffic shaping, and interface rate limit are three key factors in implementingQoS. Traffic policing controls the total traffic and burst traffic that enter or leave a network froma specified link; traffic shaping controls the total traffic and burst traffic that are forwarded froma network to a specified link; interface rate limit implements traffic control by limiting the ratesat which traffic is received and sent by an interface. These three QoS factors work together toensure the stability of a network.

2.2 Traffic Policing, Traffic Shaping and Interface Rate Limit Supported by the NE5000EIn the NE5000E, traffic policing, traffic shaping, and interface rate limit are implemented bymeans of CAR, buffer, and token bucket. Using the preceding methods, devices can bufferpackets and can therefore implement traffic policing and traffic shaping.

2.3 Configuring Interface-Based Traffic PolicingBy means of traffic policing, the total traffic and burst traffic that enter or leave a network froma specified link can be controlled. Where pre-defined conditions are met, for example, the trafficvolume from a specified link is too huge, traffic policing controls the traffic from the specifiedlink accordingly, for example, by dropping some packets or lowering the priority of processingpackets from the specified link.

2.4 Configuring Traffic Policing Based on Complex Traffic ClassificationThis section describes how to configure traffic policing based on the complex trafficclassification (CTC), which is also called the CTC-based traffic policing.

2.5 Configuring Traffic ShapingThe function of traffic shaping is similar to that of traffic policing. Traffic shaping mainly bufferspackets that need to be dropped by traffic policing by means of buffer and token bucket.

2.6 Configuring Interface-based Rate LimitThis section describes how to control the rate at which traffic is forwarded on an interface byconfiguring interface-based rate limit.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS

2 Traffic Policing, Traffic Shaping, and Interface-based RateLimit


9

2.7 Maintaining Traffic Policing, Traffic Shaping and Interface-based Rate limitThis section describes how to clear statistics on traffic policing, shaping and interface-based ratelimit.

2.8 Configuration ExamplesThis section provides detailed examples for configuring traffic policing, traffic shaping, andinterface rate limit in terms of application scenarios and configuration commands.




10

2.1 Introduction to Traffic Policing, Traffic Shaping, andInterface Rate Limit

Traffic policing, traffic shaping, and interface rate limit are three key factors in implementingQoS. Traffic policing controls the total traffic and burst traffic that enter or leave a network froma specified link; traffic shaping controls the total traffic and burst traffic that are forwarded froma network to a specified link; interface rate limit implements traffic control by limiting the ratesat which traffic is received and sent by an interface. These three QoS factors work together toensure the stability of a network.

Traffic PolicingTraffic policing (TP) is used to monitor the volume of the traffic that enters a network and keepit within a reasonable range. In addition, TP optimizes network resources and protects theinterests of carriers by penalizing the traffic that exceeds the rate limit.

l CARThe common method is to restrict the traffic rate of certain types of packets throughCommitted Access Rate (CAR). For example, Hypertext Transfer Protocol (HTTP) packetscan be kept from taking up more than 50% of the network bandwidth. Packets are firstclassified according to pre-defined matching rules. Packets that comply with the specifiedrate limit are forwarded directly. Packets that exceed the specifications are dropped or havetheir priorities re-marked.

l Token BucketCAR uses token buckets (TBs) to implement traffic policing, as shown in Figure 2-1. Thetoken bucket can be regarded as a container of tokens with a pre-defined capacity. Thesystem puts tokens into the bucket at a defined rate. If the token bucket is full, no moretokens can be added.

Figure 2-1 Traffic policing according to CAR

The packets sent throughthis interface Continue to forward

the packets

Token bucket

Put tokens to the bucket at adefined rate

Classification

Dropped packets

The process is as follows:




11

1. As long as there are enough tokens in the bucket, packets are forwarded, with thenumber of tokens in the bucket decreasing based on the length of the packets.

2. If the token bucket does not hold enough tokens for sending packets, packets aredropped or have their priority values re-marked.

– Traffic policing with a single token bucket

A single token bucket can implement traffic policing where traffic measurementis relatively simple. When a single token bucket is used, packets are forwardedbased on the availability of tokens in the token bucket. One token is used to forwardone byte of data. If there are enough tokens available to forward a packet, the packetis regarded as conforming and is marked green. Otherwise, the packet is regardedas nonconforming or over the limit, and is marked red.

The following are the two parameters used in traffic policing with a single tokenbucket:

– Committed Information Rate (CIR): the rate at which tokens are put into thebucket, that is, the permitted average traffic rate at which packets are forwarded.

– Committed Burst Size (CBS): the size of the token bucket, that is, the maximumtraffic size that is allowed for each burst. The burst size must be set greater thanthe maximum packet length.

Each time a packet arrives, the packet is measured. If there are enough tokens inthe bucket, it indicates that the traffic rate is within the allowed range. In this case,the number of tokens equal to the byte size of the forwarded packet. If there arenot enough tokens in the bucket, it indicates that too many tokens are required andthe traffic rate is beyond the allowed range.

– Traffic policing with two token buckets

You can use two token buckets to measure traffic in more complex conditions andimplement more flexible traffic policing. These two buckets are called the C bucketand the P bucket. Tokens are put into the C bucket at a rate of the CIR and its sizeis called CBS. Tokens are put into the P bucket places tokens at a rate of PeakInformation Rate (PIR) and its size is called Peak Burst Size (PBS). Each time thetraffic is measured, the following rules are applied:

– If there are enough tokens in the C bucket, packets are marked green.

– If there are not enough tokens in the C bucket but enough tokens in the P bucket,packets are marked yellow.

– If tokens in neither of the buckets are enough, packets are marked red.

The parameters used in traffic policing with two token buckets are described asfollows:

– CIR: the rate at which tokens are put into the C bucket, that is, the permittedaverage traffic rate of C bucket.

– CBS: the capacity of the C bucket, that is, the maximum amount of trafficallowed by the C bucket on a instantaneous basis.

– PIR: the rate at which tokens are put into the P bucket, that is, the permittedaverage traffic rate of P bucket.

– PBS: the capacity of the P bucket, that is, the maximum amount of trafficallowed by the P bucket on a instantaneous basis.

The NE5000E uses two algorithms, that is, srTCM and trTCM, to implement trafficpolicing with two token buckets. The algorithms have two working modes, Color-




12

blind and Color-aware. The color-blind mode is more commonly used. For details,refer to "QoS Overview."

l Traffic Policing Action

According to different measurement results, TP implements the pre-configured policingactions, which are described as follows:

– Pass: Forwards the packets evaluated as "conforming" or re-forwards the service markedDifferentiated Services Code Point (DSCP) for Diff-Serv.

– Discard: Drops the packets evaluated as "nonconforming."

– Remark: Changes the precedence of a packet that is evaluated as "nonconforming" andthen forwards it.

l Statistical Function

It is necessary to control and measure users' traffic on a network. But the traditional methodof statistics based on the interface has the following disadvantages:

– Of the upstream traffic, only the traffic before CAR operation can be measured. It isimpossible to measure the actual traffic of users and the packet loss that occurs whenthe traffic rate exceeds the bandwidth limit.

– Of the downstream traffic, only the interface traffic after CAR operation at the egresscan be measured. Forwarded and dropped traffic cannot be measured.

To analyze how users' traffic exceeds the limit, carriers have to collect statistics again afterCAR before being able to advise users to buy a higher bandwidth based on statistical data.

With the interface-based CAR statistics function, the NE5000E can measure and recordthe traffic after upstream CAR operation, that is, the actual access traffic of a company useror an Internet bar, as well as the forwarded and dropped packets after downstream CARoperation. This can help carriers better understand users' network traffic.

Traffic Shaping

Traffic shaping (TS) is a pro-active way to adjust the traffic output rate. A typical applicationof TS is to control the volume and burst of outgoing traffic based on the network connection.Thus the packets can be transmitted at a uniform rate.

TS is implemented by using the buffer and token bucket. As shown in Figure 2-2, afterclassification, packets are processed as follows:

l Packets that do not go through traffic shaping are directly forwarded.

l For the packets that go through traffic shaping, when no General Traffic Shaping (GTS)queue exists, the length of packets is compared with the number of tokens in the tokenbucket. If there are enough tokens for these packets, the packets are sent. If there are notenough tokens, the GTS queue is enabled where packets are cached. Tokens are put in thetoken bucket at the user-defined rate, and packets in the GTS queue are removed and sentperiodically. As packets are sent, the number of tokens reduces based on the byte size ofpackets. During this course of sending packets, the byte size of packets is compared withthe number of tokens in the token bucket. The number of tokens in the token bucket stopsdecreasing when all the packets in the GTS queue are sent or can no longer be sent.

l When the GTS queue exists, packets that go through traffic shaping enter the queue directly,waiting to be scheduled at fixed intervals by the GTS queue.

l If the GTS queue is full when new packets arrive at the queue, the packets are dropped.




13

Figure 2-2 Traffic shaping process

Packets sent through this interface

Continue to forward

Token bucket

Put tokens to the bucket at a defined rate

Classification

Dropped packets

Queue

As shown in Figure 2-3, Router A sends packets to Router B. Router B performs TP on thepackets, and directly drops the nonconforming packets.

Figure 2-3 Traffic shaping diagram

Physical line

RouterA RouterB

To reduce the number of packets that are unnecessarily dropped, you can implement TS on theoutput interface of Router A. Packets beyond the traffic limit set by TS are cached in Router A.When able to send the next batch of packets, TS gets the cached packets from the buffered queuesand sends them out. In this way, all the packets sent to Router B conform with its trafficregulation.

The main differences between TS and TP are as follows:

l TS buffers the packets which exceed the traffic limits. When there are enough tokens inthe token bucket, these buffered packets are sent out at a uniform rate.

l TS may increase delay but TP causes almost no extra delay in packet forwarding.




14

Interface-based Rate LimitTS is supported in the IP layer and takes effect only on the packets that pass through the IP layer.If users demand to limit the rate of all the packets sent by an interface, Limit-Rate (LR) ispreferred.

Compared with TS, LR can restrict all packets that pass through a physical interface or a tunnelinterface.

2.2 Traffic Policing, Traffic Shaping and Interface RateLimit Supported by the NE5000E

In the NE5000E, traffic policing, traffic shaping, and interface rate limit are implemented bymeans of CAR, buffer, and token bucket. Using the preceding methods, devices can bufferpackets and can therefore implement traffic policing and traffic shaping.

The NE5000E supports traffic policing and shaping, and interface rate limit, including:

l Interface-based traffic policing using the statistical function of CAR. Traffic after the CARoperation can be measured.

l Traffic policing on the basis of complex traffic classification (CTC). The class of service(CoS) and color of a packet are re-marked after traffic policing.

l Traffic shaping for the outgoing traffic on interfaces.l Interface rate limit on the outbound.

2.3 Configuring Interface-Based Traffic PolicingBy means of traffic policing, the total traffic and burst traffic that enter or leave a network froma specified link can be controlled. Where pre-defined conditions are met, for example, the trafficvolume from a specified link is too huge, traffic policing controls the traffic from the specifiedlink accordingly, for example, by dropping some packets or lowering the priority of processingpackets from the specified link.

Applicable EnvironmentIf users' traffic is not limited, continuous burst data from numerous users can make the networkcongested. To fully utilize network resources and better serve more users, the traffic of usersmust be limited. Traffic policing is a traffic control method that limits network traffic and controlthe usage of network resources by monitoring traffic specifications on the network. Trafficpolicing can be implemented on both inbound interfaces and outbound interfaces.

Interface-based traffic policing controls all traffic that enters an interface without consideringthe types of packet. This method is used on the router located at the core of a network. Therouter has the following features in interface-based traffic policing.

NOTE

l The router supports the querying of CAR statistics only on POS interfaces, GE interfaces, GE sub-interface, Eth-Trunk interface, Eth-Trunk sub-interfaces and IP-Trunk interface.

l Interface-based traffic policing does not differentiate between unicast, multicast, and broadcast packets.

The NE5000E supports the configuring of traffic policing for both the incoming and outgoingtraffic on a Layer 3 main interface. Traffic policing can be classified into two types: traffic




15

policing using a single token bucket and traffic policing using two token buckets. You can choosethe type of traffic policing based on your network conditions.

l If the network traffic is simple, you can configure the single-bucket traffic policing, usingthe parameters cir and cbs.

l If the network traffic is complex, you can configure the two-bucket traffic policing, usingthe parameters cir, pir, cbs, and pbs.

Pre-configuration TasksBefore configuring the interface-based traffic policing, complete the following tasks:

l Configuring the physical parameters of interfacesl Configuring the link layer attributes of interfaces to ensure their operationl Configuring IP addresses for interfacesl Enabling routing protocols and ensuring that routers interwork with each other

Procedure

Step 1 Run:system-view

The system view is displayed.

Step 2 Run:interface interface-type interface-number

The interface view is displayed.

Step 3 Run:qos car { cir cir-value [ pir pir-value ] } [ cbs cbs-value pbs pbs-value ] [ green { pass [ service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ service-class class color color ] } ] * { inbound | outbound }

The interface is configured with CAR.

NOTE

l If the class of service (CoS) of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-marked only in green.

l Only the pass action is applicable to yellow packets on the LPUE, LPUI, LPUR, and LPUM, and boththe pass and discard actions are applicable to yellow packets on the LPUF-100, LPUI-100, andLPUF-200.

l When an interface is configured with both interface-based CAR and traffic classification-based CARactions, the number of packets and bytes on which traffic classification-based CAR actions areperformed is not counted in the interface-based CAR statistics.

l When both the traffic classification-based CAR and the interface-based CAR are configured, only thetraffic classification-based CAR statistics are collected; when both the broadcast suppression and theinterface-based CAR are configured, only the CAR statistics on broadcast suppression are collected;when CAR is configured for both packets sent to the CPU and packets sent to the interface, only theCAR statistics on packets sent to the CPU are collected.

l Interface-based CAR can not be configured on the member interface of trunk.

Step 4 Run:commit




16

The configuration is committed.

----End

Verify the configuration.

Run the following commands to check the previous configuration.

l Run the display interface [ interface-type [ interface-number ]] command to view thetraffic information of the interface.

l Run the display car statistics interface interface-type interface-number [.sub-interface ]{ inbound | outbound } command to view CAR statistics for the specified direction of theLayer 3 interface.

If the configuration is successful:

you can view statistics on traffic in the specified direction on a specified interface by runningthe display car statistics interface interface-type interface-number [.sub-interface ]{ inbound | outbound } command. The statistics include the amount of passed traffic and therate at which the traffic is forwarded, in packets and bytes, and the amount of discarded trafficand the rate at which the traffic is discarded, in packets and bytes.

<HUAWEI> display car statistics interface pos 1/0/0 outboundinterface Pos1/0/0 outbound Committed Access Rate: CIR 200(Kbps), PIR 0(Kbps), CBS 400(byte), PBS 500(byte) Conform Action: pass Yellow Action: pass Exceed Action: discard Passed: 840 bytes, 15 packets Dropped: 56 bytes, 1 packets Last 30 seconds passed rate: 0 bps, 0 pps Last 30 seconds dropped rate: 0 bps, 0 pps

2.4 Configuring Traffic Policing Based on Complex TrafficClassification

This section describes how to configure traffic policing based on the complex trafficclassification (CTC), which is also called the CTC-based traffic policing.

Applicable Environment

There are a large number of users in the network and they send data constantly. If users' trafficis not limited, continuous burst data from numerous users can make the network congested. Asa result, the running and service quality of the network are affected to a great extent.

To ensure the availability of bandwidth resources regardless of whether the network is idle orcongested, traffic control needs to be implemented on one or several types of packet. You cancombine complex traffic classification and traffic control to configure CTC-based trafficpolicing policies. Then, apply the policies to the inbound interface to restrict the traffic of thespecific packets within a reasonable range. In this manner, limited network resources are betterutilized.




17

NOTE

Complex traffic classification refers to classifying packets according to the source IP address, source portnumber, protocol number, destination IP address, and destination port number. It is usually configured atthe edge of the network.

Pre-configuration TasksBefore configuring CTC-based traffic policing, you need to complete the following tasks:

l Configuring the physical parameters of interfacesl Configuring the link layer attributes of interfaces to ensure their normal operationl Configuring IP addresses for interfacesl Enabling the routing protocol for communication between devices

Configuration Procedures

Figure 2-4 Flowchart of configuring CTC-based traffic policing

MandatoryprocedureOptional procedure

Defining a Traffic Classifier

Defining a Traffic Behavior and Configuring Actions

Defining a Policy and Specifying a Behavior for a

Classifier in the Policy

Applying a Traffic Policy

2.4.1 Defining Traffic ClassifiersYou need to configure traffic classification before configuring traffic class-based QoS. Thetraffic classification can be configured based on ACL, IP precedence, protocol type, MACaddress, protocol address, and so on.

ContextDo as follows on the router:

Procedurel Defining traffic classifiers based on Layer 3 or Layer 4 information

NOTE

If traffic is classed on the basis of Layer 3 or Layer 4 information, traffic policies can be applied toonly Layer 3 interface.




18

1. Run:system-view

The system view is displayed.2. Run:

traffic classifier classifier-name [ operator { and | or } ]

A traffic classifier is defined and the traffic classifier view is displayed.3. Define desired matching rules on the router according to your requirements.

– To set a matching rule to classify traffic based on the ACL number, run the if-match [ ipv6 ] acl { acl-number | name acl-name } command.

– To set a matching rule to classify traffic based on the DSCP value, run the if-match [ ipv6 ] dscp dscp-value command.

– To set a matching rule to classify traffic based on the TCP flag, run the if-matchtcp syn-flag tcpflag-value command.

– To set a matching rule to classify traffic based on the IP precedence, run the if-match ip-precedence ip-precedence command.

– To define a matching rule to classify traffic based on the MPLS EXP value, runthe if-match mpls-exp exp-value command.

– To match all packets, run the if-match [ ipv6 ] any command.– To define a matching rule to classify traffic based on the value of the next IPv6

header, run the if-match ipv6 next-header command.– To set a matching rule to classify traffic based on the source IPv6 address, run the

if-match ipv6 source-address ipv6-address prefix-length command.– To set a matching rule to classify traffic based on the destination IPv6 address, run

the if-match ipv6 destination-address ipv6-address prefix-length command.NOTE

To match IPv6 packets, you must specify the key word ipv6 when you choose a matching rulein Step 3. A matching rule defined to match packets based on source or destination addressesis valid with IPv6 packets, but not with IPv4 packets.

If you set more than one matching rule for the same classifier, you can set their logicalrelations by specifying the parameter operator in Step 2.

– and: A packet belongs to the class defined by the classifier only when it matchesall the rules.

– or: A packet belongs to the class defined by the classifier if it matches one of therules.

By default, the value of the logic operator of the rules is or.4. Run:

commit

The configuration is committed.l Defining traffic classifiers based on Layer 2 information

NOTE

If traffic is classed on the basis of Layer 2 information, the key word link-layer must be specifiedin the command line when a traffic policy is applied.

1. Run:system-view




19



A traffic classifier is defined and the traffic classifier view is displayed.3. Define desired matching rules on the router according to your requirements.

– To set a matching rule to classify traffic based on the source MAC address, runthe if-match source-mac mac-address command.

– To set a matching rule to classify traffic based on the destination MAC address,run the if-match destination-mac mac-address command.

– To set a matching rule to classify traffic based on the 8021p value of VLANpackets, run the if-match 8021p 8021p-value command.

If you set more than one matching rule for the same classifier, you can set their logicalrelations by specifying the parameter operator in Step 2. For detailed instructions,refer to the previous section.

4. Run:commit


----End

2.4.2 Defining a Traffic Behavior and Configuring Traffic PolicingActions

Configure traffic policing actions for difference traffic classifier.


Procedure



Step 2 Run:traffic behavior behavior-name

A traffic behavior is configured and the traffic behavior view is displayed.

Step 3 Run:car { cir cir-value [ pir pir-value ] } [ cbs cbs-value pbs pbs-value ] [ green { discard | pass [ service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ service-class class color color ] } ] *

A traffic policing action is configured.

NOTE

The discard action can be applied to packets colored yellow only on the LPUF-100 and LPUI-100. Thediscard action cannot be applied to packets colored green.




20

In Step 3, choose parameters according to your requirement:

l To configure traffic policing with a single token bucket, select cir and cbs, and set the valueof pbs to 0.

l To configure traffic policing with double token buckets, select cir, cbs, and pbs.l To configure traffic policing with dual rates and dual token buckets, select cir, pir, cbs, and

pbs.

Step 4 Run:commit


----End

Follow-up ProcedureThe NE5000E supports the re-marking of the priority and color of packets after traffic policing.If the class of service value of a packet is re-marked to EF, BE, CS6, or CS7, its color can onlybe re-marked to green.

2.4.3 Defining a Traffic PolicyAfter traffic classifiers and traffic behaviors are defined, traffic classifiers and traffic behaviorsneed to be associated to form traffic policies.


Procedure



Step 2 Run:traffic policy policy-name

A traffic policy is defined and the traffic policy view is displayed.

Step 3 Run:classifier classifier-name behavior behavior-name [ precedence precedence-value ]

A traffic behavior is associated with a specified traffic class in the traffic policy.

Step 4 Run:commit


----End

2.4.4 Applying a Traffic PolicyA class-based policy does not take effect unless it is applied to an interface.




21

Procedure





Step 3 Run:traffic-policy policy-name { inbound [ link-layer | mpls-layer ] | outbound [ link-layer ] }

A traffic policy is applied to the interface.

NOTE

On the LPUE and LPUI, the traffic policy can be applied only to the upstream IPv6 packets on an interface.

If you specify link-layer, the router first performs rule-matching according to Layer 2information and implements a corresponding traffic action. If Layer 2 information of a packetdoes not match the traffic rule, the system performs rule-matching according to Layer 3information and implements a corresponding traffic action.

If you specify the keyword mpls-layer, a router performs complex traffic classification basedon the MPLS information of the packets.

By default, the NE5000E performs complex traffic classification based on Layer 3 or Layer 4information and other information.

When applying a traffic policy to a Layer 3 interface, you can perform traffic classification basedon Layer 2, Layer 3, or Layer 4 information about packets.

In Step 3, you can select the corresponding parameter as required.

l To perform complex traffic classification based on Layer 2 information about packets, selectthe parameter link-layer.

l To configure complex traffic classification for the incoming traffic, select the parameterinbound.

l To configure complex traffic classification for the outgoing traffic, select the parameteroutbound.

Step 4 Run:commit


----End

2.4.5 Checking the ConfigurationAfter CTC-based traffic policing is successfully configured, you can view the traffic classifiers,traffic behaviors, binding between traffic classifiers and behaviors in the specified traffic policy,configured traffic policies and their application, and configured queues and their application.




22

Procedurel Run the display interface [ interface-type [ interface-number ] ] command to view the

information about the traffic on the interface.l Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]

command to view information about the configured traffic behaviors.l Run the display traffic classifier { system-defined | user-defined } [ classifier-name ]

command to view information about the configured traffic classifiers.l Run the display traffic policy { system-defined | user-defined } [ policy-name

[ classifier classifier-name ] ] command to view information about the association betweenall or the specified traffic classifiers and traffic behaviors in traffic policies.

----End

ExampleIf the configuration is successful:

l The names of the configured traffic behaviors and the configured actions are displayed ifyou run the display traffic behavior command.<HUAWEI> display traffic behavior user-defined User Defined Behavior Information: Behavior: database Description: Redirecting: Redirect ip-nextHop 20.13.9.3 Behavior: huawei Marking: Remark ip precedence 4 Committed Access Rate: CIR 1000 (Kbps), PIR 0 (Kbps), CBS 10000 (byte), PBS 0 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discard

l The names of the configured traffic classifiers, matching rules, and the logical relationshipbetween the matching rules are displayed if you run the display traffic classifier command.<HUAWEI> display traffic classifier user-defined User Defined Classifier Information: Classifier: database Description: Operator: or Rule(s) : if-match acl 3000 Classifier: huawei Operator: and Rule(s) : if-match ip-precedence 3

l The name of the configured traffic policy and the associations between the configuredtraffic classifiers and the configured traffic behaviors are displayed if you run the displaytraffic policy command.<HUAWEI> display traffic policy user-defined User Defined Traffic Policy Information: Policy: test Description: Step: 5 Share-mode Classifier: test Precedence: 5 Behavior: test Committed Access Rate: CIR 1000 (Kbps), PIR 0 (Kbps), CBS 33333 (byte), PBS 33332 (byte) Conform Action: pass




23

Yellow Action: pass Exceed Action: pass Marking: remark ip-precedence 5 Redirecting: redirect ip-nextHop 1.1.1.1 interface GigabitEthernet3/0/0 Classifier: default-class Precedence: 65535 Behavior: be -none-

2.5 Configuring Traffic ShapingThe function of traffic shaping is similar to that of traffic policing. Traffic shaping mainly bufferspackets that need to be dropped by traffic policing by means of buffer and token bucket.

Applicable EnvironmentWhen the traffic load on the network is quite heavy, nonconforming packets are directlydiscarded. If the data traffic sent from the upstream device is too much, the downstream networkmay be congested or a great number of packets are directly dropped. To prevent this situation,you can configure traffic shaping (TS) on the outbound interface of the upstream router to limitthe traffic and prevent bursts from a connection on a network. In this manner, packets can betransmitted at an even rate. This improves the allocation of bandwidth resources between theupstream network and the downstream network.

Traffic shaping is usually carried out using buffers and token buckets. Therefore, when the ratefor sending packets is too high, the packets that exceed the specifications are not directly dropped.Instead, such packets are placed in buffer queues. With the control of token buckets, bufferedpackets are sent at an even rate when the network is idle based on queue scheduling priorities.In this manner, the retransmission in case of packet dropping is prevented.

NOTE

Differentiated service (DiffServ) is mainly used to guarantee the bandwidth for behavior aggregate (BA)data streams. The NE5000E allocates resources to the services of different classes such as expeditedforwarding (EF) and assured forwarding (AF) through the predefined queue scheduling mechanism. Usersdo not need to configure queue management.

Currently, the NE5000E supports traffic shaping only for the outgoing traffic on interfaces.

Pre-configuration TasksBefore configuring traffic shaping, complete the following tasks:


Procedurel Configuring Traffic Shaping in the Interface View

1. Run:system-view





24

2. Run:interface interface-type interface-number


3. Run:qos queue service-class [ priority priority ] [ cir { cir-value | cir-percentage percentage } ] [ pir { pir-value | pir-percentage percentage } ] outbound

The Class of Service (CoS), Committed Information Rate (CIR), and Peak InformationRate (PIR) are set.

NOTE

By default, the respective values of cir-percentage for BE, AF1, AF2, AF3, AF4, EF, CS6and CS7 queues are 10, 10, 10, 15, 15, 10, 5 and 5. The remaining 20% bandwidth is reservedby the system. The sum of the values of cir-percentage for all types of queues cannot exceed100%. That is, the sum of the configured bandwidth cannot exceed the interface bandwidth.Otherwise, the system prompts a bandwidth error.

If the network does not have a certain type of traffic, it is recommended that the value of cir-percentage for this type of queue be set to 0 so that the system does not reserve bandwidth fortraffic of this type. For example, if no AF2 traffic exists on the network, run the qos queueaf2 cir cir-percentage 0 outbound command.

When the CIR is 0 and the PIR is not 0 for a WFQ queue, most packets are dropped if trafficis congested; packets are properly forwarded if traffic is not congested. When the PIR is not 0for a PQ queue, the CIR can be set to any value, and packets are properly forwarded regardlessof whether traffic congestion occurs.

4. Run:commit


l Configuring Traffic Shaping for MTI in the Slot View

1. Run:system-view


2. Run:slot slot-id

The slot view is displayed.

3. Run:port shaping shaping-value bind mtunnel

Traffic shaping is configured for MTI that is bound to the distributed multicast VPN.

4. Run:commit


----End

Checking the Configuration

Run the following commands to check the previous configuration.




25

l Run the display interface [ interface-type [ interface-number ] ] command to viewinformation about the traffic on the interface.

l Run the display qos queue configuration interface interface-type interface-numberoutbound command to view information about the configurations of QoS queues on theinterface.

l Run the display qos queue [ interface interface-type interface-number [ service-class ] ]command to view information about the statistics about all queues or the queue with aspecific CoS on the interface.

NOTE

In the case of the NE5000E, you can view statistics on QoS queues by running the display qos queuecommand only if all boards on the NE5000E are LPUE, LPUI, LPUF-100, LPUI-100, LPUR, LPUM,LPUF-200.

By using the display qos queue configuration interface interface-type interface-numberoutbound command, you can view information about the configurations of QoS queues on aspecified interface.<HUAWEI> display qos queue configuration interface gigabitethernet 1/0/0 outbound GigabitEthernet1/0/0be current configuration: Priority: 1 CirValue: 100 CirPercent: 10 PirValue: 1000 PirPercent: 100

af1 current configuration: Priority: 1 CirValue: 100 CirPercent: 10 PirValue: 1000 PirPercent: 100




ef current configuration: Priority: 0 CirValue: 100 CirPercent: 10 PirValue: 1000 PirPercent: 100

cs6 current configuration: Priority: 0 CirValue: 50 CirPercent: 5




26

PirValue: 1000 PirPercent: 100

cs7 current configuration: Priority: 0 CirValue: 50 CirPercent: 5 PirValue: 1000 PirPercent: 100

By using the display qos queue [ interface interface-type interface-number [ service-class ] ]command, you can view information about the statistics about all queues or the queue with aspecific CoS on a specified interface.<HUAWEI> display qos queue The interface :GigabitEthernet3/0/0 [be] Pass: 0 packets, 0 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps

[af1] Pass: 13,120 packets, 1,364,480 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps

[af2] Pass: 0 packets, 0 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps



[ef] Pass: 0 packets, 0 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps

[cs6] Pass: 0 packets, 0 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate:




27

0 pps, 0 bps

[cs7] Pass: 26,267 packets, 2,731,768 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps

2.6 Configuring Interface-based Rate LimitThis section describes how to control the rate at which traffic is forwarded on an interface byconfiguring interface-based rate limit.

Applicable EnvironmentTo avoid network congestion, you can configure the interface-based rate limit to control the totaltraffic on physical interfaces.

Interface-based rate limit applies to only outgoing traffic on interfaces.

Pre-configuration TasksBefore configuring interface-based rate limit, complete the following tasks:

l Configuring the physical parameters of interfacesl Configuring the link layer attributes of interfaces to ensure their normal operationl Configuring IP addresses for interfaces

Procedure





Step 3 Run:qos lr cir cir-value

Interface-based rate limit is configured.

Step 4 Run:commit


----End

Checking the ConfigurationRun the following commands to check the previous configuration.




28

l Run the display interface [ interface-type interface-number ] command to viewinformation about the traffic on the interface.

l <HUAWEI> display interface gigabitethernet 1/0/1GigabitEthernet1/0/1 current state : UP Line protocol current state : UP Last line protocol up time : 2010-10-25 17:34:51Description: HUAWEI, GigabitEthernet1/0/1 Interface (ifindex: 6, vr: 0)Route Port,The Maximum Transmit Unit is 1500 Internet Address is 1.0.0.1/24IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0002-0002-0002The Vendor PN is PD100-TXLEB The Vendor Name is Santur Corp. Transceiver max BW: 43000Mbps, Transceiver Mode: single modeWaveLength: 0nm, Transmission Distance: 10000mRx Optical Power: -40.00dBmTx Optical Power: -40.00dBmLoopback: none, LAN full-duplex mode, Pause Flowcontrol: Receive Enable and Send EnableLast physical up time : 2010-10-25 17:27:25Last physical down time : 2010-10-25 17:17:24Current system time: 2010-10-25 18:11:44 Statistics last cleared:never Last 300 seconds input rate 25600 bits/sec, 0 packets/sec Last 300 seconds output rate 25600 bits/sec, 0 packets/sec Input: 960300 bytes, 100 packets Output: 960200 bytes, 100 packets Input: Unicast: 100 packets, Multicast: 0 packets Broadcast: 0 packets, JumboOctets: 0 packets CRC: 0 packets, Symbol: 0 packets Overrun: 0 packets, InRangeLength: 0 packets LongPacket: 100 packets, Jabber: 0 packets, Alignment: 0 packets Fragment: 0 packets, Undersized Frame: 0 packets RxPause: 0 packets Output: Unicast: 100 packets, Multicast: 0 packets Broadcast: 0 packets, JumboOctets: 100 packets Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets System: 0 packets, Overruns: 0 packets TxPause: 0 packets Last 300 seconds input utility rate: 0.01% Last 300 seconds output utility rate: 0.01%

2.7 Maintaining Traffic Policing, Traffic Shaping andInterface-based Rate limit

This section describes how to clear statistics on traffic policing, shaping and interface-based ratelimit.

2.7.1 Clearing Statistics on CARThis section describes how to clear statistics on CAR.

ContextTo clear CAR statistics of a specified interface, run the following reset commands in the userview.




29

Procedurel Run the reset car statistics interface interface-type interface-number [.sub-interface ]

{ inbound | outbound } command to clear CAR statistics for the specified direction of thespecified Layer 3 interface.

l Run the reset counters qos queue [ interface interface-type interface-number [ service-class ] ] command to clear the statistics on QoS queue scheduling of all types of queue ora specified type of queue on the specified interface.

----End

2.8 Configuration ExamplesThis section provides detailed examples for configuring traffic policing, traffic shaping, andinterface rate limit in terms of application scenarios and configuration commands.

2.8.1 Example for Configuring Traffic Policing, Traffic Shaping,and Interface-based Rate Limit

This part takes the traffic control scenario of the NE5000E as an example. It describes how toconfigure traffic policing, traffic shaping, and interface rate limit to control the overall trafficvolume that is received or forwarded, and to control the rate of specified packets.

Networking Requirements

CAUTIONOn a single NE5000E, an interface is numbered in the format of slot number/card number/interface number. In the multi-chassis scenario, an interface is numbered in the format of chassisID/slot number/card number/interface number. This requires the chassis ID to be specified alongwith the slot number.

POS 3/0/0 of Router A is connected to POS 1/0/0 of Router B. Server, PC1, and PC2 can accessthe Internet through Router A and Router B.

Server, PC1, and GE 1/0/0 of Router A are on the same network segment. PC2 and GE 2/0/0 ofRouter A are on the same network segment.

The traffic from Server and PC1 to GE 1/0/0 is controlled on Router A as follows:

l A bandwidth of up to 6 Mbit/s is assured for the traffic from Server. The default bandwidthis 5 Mbit/s. For traffic whose rate exceeds 5 Mbit/s but is less than or equal to 6 Mbit/s,packets are normally forwarded. When the traffic rate exceeds 6 Mbit/s, the nonconformingtraffic is treated and forwarded as BE traffic flows.

l The rate limit on the traffic from PC1 is 2 Mbit/s. When the traffic rate exceeds the ratelimit, the nonconforming traffic is dropped.

In addition, the POS 3/0/0 and POS 2/0/0 respectively on Router A and Router B have thefollowing requirements for sending and receiving packets:




30

l The rate of the EF traffic arriving at Router B through POS 3/0/0 of Router A is limited to20 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic is dropped.

l The rate of the EF traffic arriving at the Internet through POS 2/0/0 of Router B is limitedto 30 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic isdropped.

l The rate of the total traffic arriving at the Internet through POS 2/0/0 of Router B is limitedto 50 Mbit/s. When the traffic rate exceeds the rate limit, the nonconforming traffic isdropped.

Figure 2-5 Networking diagram for configuring traffic shaping

Ethernet

POS3/0/02.1.1.2/24

GE1/0/0

POS1/0/02.1.1.3/24

RouterB

RouterA

Server PC1

POS2/0/02.2.2.1/241.1.1.1/8 1.1.1.2/8

PC2

GE2/0/0

Internet

Configuration Notes

During the configuration, pay attention to the following:

l If the CoS of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-markedonly in green.

l To display the statistics about a traffic policy, you can enable statistics for the traffic policyby running the statistics enable command.

Configuration Roadmap

The configuration roadmap is as follows:

1. On the inbound interface GE 1/0/0 of Router A, configure CTC-based traffic policing fortraffic from Server and PC1.

2. On the outbound interface POS 3/0/0 of Router A, configure traffic shaping so that the rateof the traffic that arrives at Router B is limited to 20 Mbit/s.

3. On the outbound interface POS 2/0/0 of Router B, configure traffic shaping so that the rateof the traffic from POS 2/0/0 to the Internet is limited to 30 Mbit/s. In the traffic shaping,CS6 and CS7 traffic undergoes the Weighted Fair Queuing (WFQ) queue scheduling. Thebandwidth percentages of AF1, AF2, AF3, AF4, and BE traffic at the CIR are respectively5%, 5%, 10%, 10%, and 40%; the percentages of EF traffic at CIR and PIR are respectively20% and 30%.




31

4. On the outbound interface POS 2/0/0 of Router B, configure interface-based rate limit sothat the rate of the traffic from this interface is limited to 50 Mbit/s.

Data PreparationTo complete the configuration, you need the following data:

l ACL numbers, traffic classifier names, traffic behavior names, traffic policy names, andthe interfaces where the traffic policies are applied, for the traffic of Server and PC1

l CIR, PIR, CBS, and PBSl Interface where traffic shaping is configured and the traffic rate for traffic shapingl Traffic rate for traffic shaping and the interface where traffic shaping is configured

Procedure

Step 1 Configure IP addresses for interfaces (The detailed configuration is not mentioned here).

Step 2 Configure Router A.

# Configure ACL rules for matching data flows from Server and PC1.

<routerA> system-view[~routerA] acl number 2001[~routerA-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0[~routerA-acl-basic-2001]commit[~routerA-acl-basic-2001] quit[~routerA] acl number 2002[~routerA-acl-basic-2002] rule permit source 1.1.1.2 0.0.0.0[~routerA-acl-basic-2002] commit[~routerA-acl-basic-2002] quit

# Configure traffic classifiers and define ACL-based traffic classifier matching rules.

[~routerA] traffic classifier class1[~routerA-classifier-class1] if-match acl 2001[~routerA-classifier-class1] commit[~routerA-classifier-class1] quit[~routerA] traffic classifier class2[~routerA-classifier-class2] if-match acl 2002[~routerA-classifier-class2] commit[~routerA-classifier-class2] quit

# Define a traffic behavior. Set the bandwidth for the traffic from Server to 5 Mbit/s and themaximum bandwidth to 6 Mbit/s. For traffic whose rate exceeds 5 Mbit/s but is lower than orequal to 6 Mbit/s, the traffic is directly forwarded. When the traffic rate exceeds 6 Mbit/s, thenonconforming traffic is treated and forwarded as BE traffic flows.

[~routerA] traffic behavior behavior1[~routerA-behavior-behavior1] car cir 5000 pir 6000 green pass yellow pass red pass service-class be color green[~routerA-behavior-behavior1] commit[~routerA-behavior-behavior1] quit

# Define a traffic behavior. Set the rate limit on the traffic from PC1 to 2 Mbit/s. When the trafficrate exceeds 2 Mbit/s, the nonconforming traffic is dropped.

[~routerA] traffic behavior behavior2[~routerA-behavior-behavior2] car cir 2000 green pass yellow discard red discard[~routerA-behavior-behavior2] commit[~routerA-behavior-behavior2] quit

# Define a traffic policy to associate traffic classifiers with traffic behaviors.




32

[~routerA] traffic policy policy1[~routerA-trafficpolicy-policy1] classifier class1 behavior behavior1[~routerA-trafficpolicy-policy1] classifier class2 behavior behavior2[~routerA-trafficpolicy-policy1] commit[~routerA-trafficpolicy-policy1] quit

# Apply the traffic policy to GE 1/0/0.

[~routerA] interface gigabitethernet 1/0/0[~routerA-GigabitEthernet1/0/0] undo shutdown[~routerA-GigabitEthernet1/0/0] traffic-policy policy1 inbound[~routerA-GigabitEthernet1/0/0] commit

# Configure traffic shaping on POS 3/0/0 of Router A to shape the traffic sent from this interface(dropping traffic whose rate is greater than 20 Mbit/s) so that the packet loss ratio on POS 1/0/0of Router B is lowered.

[~routerA] interface pos 3/0/0[~routerA-Pos3/0/0] undo shutdown[~routerA-Pos3/0/0] qos queue ef cir 20 outbound[~routerA-Pos3/0/0] commit

Step 3 Configure traffic shaping on POS 2/0/0 of Router B.<routerB> system-view[~routerB] interface pos2/0/0[~routerB-Pos2/0/0] undo shutdown[~routerB-Pos2/0/0] qos queue cs6 priority 1 outbound[~routerB-Pos2/0/0] qos queue cs7 priority 1 outbound[~routerB-Pos2/0/0] qos queue af1 cir cir-percentage 5 outbound[~routerB-Pos2/0/0] qos queue af2 cir cir-percentage 5 outbound[~routerB-Pos2/0/0] qos queue af3 cir cir-percentage 10 outbound[~routerB-Pos2/0/0] qos queue af4 cir cir-percentage 10 outbound[~routerB-Pos2/0/0] qos queue ef cir cir-percentage 20 pir pir-percentage 30 outbound[~routerB-Pos2/0/0] qos queue be cir cir-percentage 40 outbound[~routerB-Pos2/0/0] commit[~routerB-Pos2/0/0] return

Step 4 Configure interface-based rate limit on POS 2/0/0 of Router B to limit the rate of the traffic fromthis interface to the Internet.[~routerB] interface pos2/0/0[~routerB-Pos2/0/0] qos lr cir 50[~routerB-Pos2/0/0] commit[~routerB-Pos2/0/0] return

Step 5 Verify the configuration.Run the display interface and display qos queue interface pos 2/0/0 commands to viewinterface-based traffic statistics on Router B.

----End

Configuration Filesl Configuration file of Router A

# sysname routerA#acl number 2001 rule 5 permit source 1.1.1.1 0acl number 2002 rule 5 permit source 1.1.1.2 0#traffic classifier class1 operator or if-match acl 2001traffic classifier class2 operator or if-match acl 2002




33

#traffic behavior behavior1 car cir 5000 pir 6000 green pass yellow pass red pass service-class be color greentraffic behavior behavior2 car cir 2000 green pass yellow discard red discard#traffic policy policy1 classifier class1 behavior behavior1 precedence 5 classifier class2 behavior behavior2 precedence 10#interface GigabitEthernet1/0/0 undo shutdown ip address 1.1.1.3 255.255.255.0 traffic-policy policy1 inbound#interface Pos3/0/0 undo shutdown ip address 2.1.1.2 255.255.255.0 qos queue ef cir 20 outbound#ospf 1 area 0.0.0.0 network 1.1.1.0 0.255.255.255 network 2.1.1.0 0.0.0.255#return

l Configuration file of Router B# sysname routerB#interface Pos 2/0/0 undo shutdown ip address 2.2.2.1 255.255.255.0qos queue cs6 priority 1 outbound qos queue cs7 priority 1 outbound qos queue af1 cir cir-percentage 5 outbound qos queue af2 cir cir-percentage 5 outbound qos queue af3 cir cir-percentage 10 outbound qos queue af4 cir cir-percentage 10 outbound qos queue ef cir cir-percentage 20 pir pir-percentage 20 outbound qos queue be cir cir-percentage 40 outbound qos lr cir 50#ospf 1 area 0.0.0.0 network 2.2.2.0 0.0.0.255 network 2.1.1.0 0.0.0.255#return




34

3 Congestion Avoidance Configuration

About This Chapter

This chapter describes how to avoid congestion on the network through bandwidth adjustment,and provides several traffic discard policies in case of congestion on the network.

NOTE

This feature is supported only by physical system (PS).

3.1 Introduction to Congestion AvoidanceCongestion avoidance is a traffic control mechanism that is used to prevent the network frombeing overloaded by means of traffic scheduling. With this mechanism, the router can monitorthe usage of network resources and discard packets when the network congestion is intensifying.The traditional packet discard mechanism uses the Tail-Drop method, which may lead to globalTCP synchronization. RED and WRED, however, are free from global TCP synchronization.

3.2 Congestion Avoidance Supported by the NE5000EThe congestion avoidance mechanism supported by the NE5000E is implemented by using theWRED algorithm, which identifies QoS information contained in the packet header, includingthe IP precedence, DSCP, and MPLS EXP. The WRED algorithm can set the queue length filtercoefficient and discard probability of traffic based on its precedence, DSCP, or MPLS EXP. Inthis manner, packets with different priorities are treated differently.

3.3 Configuring WREDUsing WRED, you can set thresholds for random packet discard. This can avoid the situation inwhich the rates of multiple TCP connections are lowered at the same time, thus avoiding TCPglobal synchronization.

3.4 Configuration ExampleThis section describes congestion avoidance in terms of its application scenarios andconfiguration commands.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS 3 Congestion Avoidance Configuration


35

3.1 Introduction to Congestion AvoidanceCongestion avoidance is a traffic control mechanism that is used to prevent the network frombeing overloaded by means of traffic scheduling. With this mechanism, the router can monitorthe usage of network resources and discard packets when the network congestion is intensifying.The traditional packet discard mechanism uses the Tail-Drop method, which may lead to globalTCP synchronization. RED and WRED, however, are free from global TCP synchronization.

Congestion avoidance is a traffic control mechanism used to avoid network overload by adjustingnetwork traffic. With this mechanism, the router can monitor the usage of network resourcesand discard packets when the network congestion intensifies.

Compared with the end-to-end traffic control, congestion avoidance involves the traffic load ofmore service flows in the router. When dropping packets, the router can cooperate with trafficcontrol actions on the source end, such as TCP traffic control, to adjust the load of the networkto a reasonable state.

Traditional Packet-Dropping PolicyIn the traditional tail-drop policy, all the newly received packets are dropped when a queuereaches its maximum length.

This method may lead to global TCP synchronization. When queues drop the packets of severalTCP connections at the same time, the TCP connections start to adjust their trafficsimultaneously. There is a possibility that all the TCP connection sources begin the slow startprocess to perform congestion avoidance. Then, all the TCP connection sources start to buildup traffic, causing the traffic to peak at a certain time. As a result of global TCP synchronization,traffic on the network fluctuates cyclically.

RED and WREDRandom Early Detection (RED) or WRED algorithms are used to avoid the global TCPsynchronization.

The RED algorithm sets the upper and lower limits for each queue and specifies the followingrules:

l When the length of a queue is below the lower limit, no packet is dropped.l When the length of a queue exceeds the upper limit, all the incoming packets are dropped.l When the length of a queue is between the lower and upper limits, the incoming packets

are dropped randomly. A random number is set for each received packet. The randomnumber is compared with the drop probability of the current queue, and the packet isdropped when the random number is larger than the drop probability. The longer the queue,the higher the discard probability.

Unlike RED, the random number in WRED is based on the IP precedence of IP packets. WREDkeeps a lower drop probability for the packet that has a higher IP precedence.

RED and WRED employ the random packet drop policy to avoid global TCP synchronization.When the packets of a TCP connection are dropped and sent at a lower rate, the packets of otherTCP connections are still being sent at a relatively higher rate. There are always some TCPconnections whose packets are sent at a relatively higher rate, improving the utilization ofnetwork bandwidth.



36

If packets of a queue are dropped by directly comparing the length of the queue with the upperand lower limits (which set the absolute length threshold of the queue), burst data is given unfairtreatment and the transmission of data stream is affected. The average queue length is used toset the relative value for comparing the queue length threshold and average queue length. Theaverage length of a queue is the average length of the queue through a low pass filter. It reflectsqueue changes and is not sensitive to burst changes in the queue length, thus avoiding the unfairtreatment for burst data streams.

Using Weighted Fair Queuing (WFQ), you can set the minimum threshold, maximum thresholdand packet discard probability for every queue to provide different drop policies for differentclasses of packets.

The relationship between WRED and queue mechanism is shown in Figure 3-1.

Figure 3-1 Relationship between the WRED and queue mechanism

Packets sent throught this interface

Classification

sent packets

sent queueDispatching

Dropped packets

WRED Drop queue1 weight1

queue2 weight2

queueN-1 weightN-1

queueN weightN

…………

3.2 Congestion Avoidance Supported by the NE5000EThe congestion avoidance mechanism supported by the NE5000E is implemented by using theWRED algorithm, which identifies QoS information contained in the packet header, includingthe IP precedence, DSCP, and MPLS EXP. The WRED algorithm can set the queue length filtercoefficient and discard probability of traffic based on its precedence, DSCP, or MPLS EXP. Inthis manner, packets with different priorities are treated differently.

The NE5000E adopts the Weighted Random Early Detection (WRED) algorithm to implementcongestion avoidance by applying WRED templates to various types of service.

3.3 Configuring WREDUsing WRED, you can set thresholds for random packet discard. This can avoid the situation inwhich the rates of multiple TCP connections are lowered at the same time, thus avoiding TCPglobal synchronization.



37

Applicable EnvironmentDue to limited memory resources, packets that exceed specifications are traditionally discardedin the case of network congestion. When a large number of TCP packets are discarded, TCPconnections will time out. As a result, TCP slow start and congestion avoidance are triggeredso as to reduce the forwarding of packets by TCP. When the packets of several TCP connectionsare discarded at the same time, slow start and congestion avoidance of the TCP connectionsoccur simultaneously, leading to what is called the global TCP synchronization. Thus, these TCPconnections simultaneously send fewer packets to the queue so that the rate of incoming packetsis lower than the rate of outgoing packets, reducing the bandwidth usage.

To avoid global TCP synchronization, you can set queues to discard packets randomly by usingthe WRED mechanism. Random packet discarding of WRED can prevent multiple TCPconnections from reducing their transmit rates at the same time, thus avoiding global TCPsynchronization. In addition, the bandwidth can be efficiently utilized.

NOTE

WRED is usually used together with WFQ.

Pre-configuration TasksBefore configuring WRED, complete the following tasks:



Figure 3-2 Flowchart of configuring WRED


Applying WRED

Configuring WRED Templates

3.3.1 Configuring WRED TemplatesConfigure the lower percentage threshold, upper percentage threshold, and discardingprobability for packets of different colors in WRED templates.

ContextWith a WRED template, you can set the parameters for processing packets of three colors, thatis, red, yellow, and green. Generally, green packets have the smallest discarding probability andthe highest thresholds (both lower and higher); yellow packets have the medium discarding



38

probability and thresholds; the red packets have the highest discarding probability and the lowestthresholds.

By configuring a WRED template, you can set the upper threshold, lower threshold, anddiscarding probability for queues.

l When the length of a queue is below the lower percentage threshold, no packet is dropped.l When the length of a queue is between the lower and upper percentage thresholds, incoming

packets are dropped randomly. The longer the queue, the higher the discarding probability.l When the length of a queue exceeds the upper percentage threshold, all the incoming

packets are dropped.

You can configure limits and discarding probability for packets of every color.

By default, the system provides a maximum of eight class queue WRED templates. Amongthem, one is the default template (the lower percentage threshold, the upper percentage thresholdand the discarding percentage are all 100) and the other seven templates can be created by users.

NOTE

l If you do not configure a port-wred object, the system uses the default tail-drop policy.l You can configure the smallest upper and lower percentage thresholds for the queue containing red

packets, medium upper and lower percentage thresholds for the queue containing yellow packets, andthe highest upper and lower percentage thresholds for the queue containing green packets.

l In actual configurations, it is recommended that the lower percentage threshold for WRED start from50%, with the thresholds for packets of different colors being adjusted accordingly. The recommendeddiscarding probability is 100%.

Do as follows on the router:

Procedure



Step 2 Run:wred wred-name

A WRED template is created, and the WRED template view is displayed.

Step 3 Run:color { green | yellow | red } low-limit low-limit-percentage high-limit high-limit-percent discard-percent discard-percent

The lower percentage threshold, upper percentage threshold, and discarding probability are setfor packets of different colors.

Step 4 Run:commit


----End

3.3.2 Applying WREDApply the configured WRED templates to the specified type of service.



39

Context

Do as follows on the router that is configured with WRED templates.

Procedure



Step 2 Run:queue service-type wred wred-name [ high-speed | low-speed ]

A WRED template is applied to the specified type of service.

Step 3 Run:commit


----End

3.3.3 Checking the ConfigurationCheck the configuration information of configured WRED.

Procedurel Running the display wred configuration [ verbose [ wred-name ] ] command, you can

view the discard parameters of the specified WRED template.

l Running the display queue configuration command, you can view the WRED templatesthat are applied to all types of service.

----End

Example

Run the display wred configuration [ verbose [ wred-name ] ] command to view the parametersof the specified WRED template.<HUAWEI> display wred configuration verbose template wred name : template color low-limit high-limit discard-percent green 70 100 100 yellow 60 90 100 red 50 80 100

Run the display queue configuration command to view the WRED templates that are appliedto all types of service.<HUAWEI> display queue configuration queue be wred template queue af1 wred test high-speed queue af3 wred test low-speed



40

3.4 Configuration ExampleThis section describes congestion avoidance in terms of its application scenarios andconfiguration commands.

3.4.1 Example for Configuring Congestion AvoidanceThis part describes how to configure congestion avoidance in a typical application scenarios.The device monitors the use of network resources, and starts to discard packets when itdetermines that congestion is intensifying.



As shown in Figure 3-3, Router A sends data to Router C through Router B. The data consistsof mission-critical data, voice data, and non-mission-critical data. On Router B, the rate of theinbound interface POS1/0/0 on is greater than that of the outbound interface GE 2/0/0. Therefore,congestion may occur on GE 2/0/0 and may be intensifying.

When congestion intensifies on the network, packets need to be dropped based on their servicelevel.

In this scenario, WRED and queue scheduling need to be configured on Router B.

Figure 3-3 Networking diagram of configuring congestion avoidance

RouterA RouterB RouterC

POS1/0/0 GE2/0/0

Configuration Notes

When configuring congestion avoidance, pay attention to the following:

None.





41

1. Configure a WRED template to set the lower threshold, upper threshold, and discardingpercentage for discarding packets.

2. On Router B, configure WRED templates for class queues of varying service levels.

Data Preparation

To complete the configuration, you need the following data:

l WRED template name, lower and upper thresholds, discarding percentage, and packet colorin each queue

l Service levels of class queues to which WRED discarding policies are applied

Procedure

Step 1 Configure WRED templates on Router B.<routerB> system-view[~routerB] wred pw[~routerB-wred-queue-template-pw] color green low-limit 80 high-limit 100 discard-percentage 100[~routerB-wred-queue-template-pw] color yellow low-limit 70 high-limit 90 discard-percentage 100[~routerB-wred-queue-template-pw] color red low-limit 60 high-limit 80 discard-percentage 100[~routerB-wred-queue-template-pw] commit[~routerB-wred-queue-template-pw] quit[~routerB] wred pw1[~routerB-wred-queue-template-pw1] color green low-limit 70 high-limit 100 discard-percentage 100[~routerB-wred-queue-template-pw1] color yellow low-limit 60 high-limit 90 discard-percentage 100[~routerB-wred-queue-template-pw1] color red low-limit 50 high-limit 80 discard-percentage 100[~routerB-wred-queue-template-pw1] commit[~routerB-wred-queue-template-pw1] quit[~routerB] wred pw2[~routerB-wred-queue-template-pw2] color green low-limit 60 high-limit 90 discard-percentage 100[~routerB-wred-queue-template-pw2] color yellow low-limit 50 high-limit 80 discard-percentage 100[~routerB-wred-queue-template-pw2] color red low-limit 40 high-limit 70 discard-percentage 100[~routerB-wred-queue-template-pw2] commit[~routerB-wred-queue-template-pw2] quit

After the preceding configuration, you can run the display wred configuration verbosecommand to view the parameters of the configured WRED templates.

<routerB> display wred configuration verbose wred name : pw color low-limit high-limit discard-percent green 80 100 100 yellow 70 90 100 red 60 80 100 wred name : pw1 color low-limit high-limit discard-percent green 70 100 100 yellow 60 90 100 red 50 80 100 wred name : pw2 color low-limit high-limit discard-percent green 60 90 100 yellow 50 80 100 red 40 70 100



42

Step 2 On Router B apply WRED templates to class queues of varying service levels.<routerB> system-view[~routerB] queue ef wred pw[~routerB] queue af1 wred pw1[~routerB] queue af3 wred pw1[~routerB] queue be wred pw2[~routerB] commit[~routerB] return

After the preceding configuration, run the display queue configuration command to view theWRED templates that are applied to all types of service.

<routerB> display queue configuration queue ef wred pw queue af1 wred pw1 queue af3 wred pw1 queue be wred pw2

Step 3 Verify the configuration.

When there is traffic transiting the network, run the display qos queue [ interface interface-type interface-number [ service-class ] ] command on Router B. The command output showsthat the traffic volumes of varying service levels increase rapidly. With the rapid increase intraffic volume, the volume of discarded traffic also increases rapidly according to the configuredWRED discarding parameters.

----End

Configuration Filel Configuration file of Router B

# sysname routerB#wred pw color green low-limit 80 high-limit 100 discard-percentage 100 color yellow low-limit 70 high-limit 90 discard-percentage 100 color red low-limit 60 high-limit 80 discard-percentage 100wred pw1 color green low-limit 70 high-limit 100 discard-percentage 100 color yellow low-limit 60 high-limit 90 discard-percentage 100 color red low-limit 50 high-limit 80 discard-percentage 100wred pw2 color green low-limit 60 high-limit 90 discard-percentage 100 color yellow low-limit 50 high-limit 80 discard-percentage 100 color red low-limit 40 high-limit 70 discard-percentage 100#queue ef wred pwqueue af1 wred pw1queue af3 wred pw1queue be wred pw2#interface pos1/0/0 ip address 10.1.1.1 255.255.255.0 undo shutdown#interface GigabitEthernet2/0/0 ip address 20.1.1.1 255.255.255.0 undo shutdown#return



43

4 Class-based QoS Configuration

About This Chapter

This chapter describes the configuration of traffic policy based on complex traffic classificationas well as the priority mapping in simple traffic classification. In addition, this chapter alsoprovides configuration examples.

4.1 Class-based QoS OverviewClass-based QoS classifies traffic according to certain rules and associates traffic classes withspecified traffic behaviors, forming various traffic policies. Through the application of thesepolicies on interfaces, class-based traffic policing, traffic shaping, congestion management, andprecedence re-marking are implemented.

4.2 Class-based QoS Supported by the NE5000EThe NE5000E supports the use of class-based QoS in implementing traffic policing, trafficshaping, congestion management, and precedence re-marking.

4.3 Configuring CTC-based Traffic Policies for IP PacketsThis section describes how to configure CTC-based traffic policies for IP packets and applicableenvironment.

4.4 Configuring Priority Mappings for IP PacketsThis section describes how to configure priority mappings for IP packets and the applicationenvironment of this function.

4.5 Configuring CTC-based Traffic Policies for VLAN PacketsThis section describes how to configure CTC-based traffic policies for VLAN packets.

4.6 Configuring Priority Mappings for VLAN PacketsThis section describes how to configure priority mappings for VLAN packets and the applicationenvironment of this function.

4.7 Configuring Priority Mappings for MPLS PacketsThis section describes how to configure priority mappings for MPLS packets and the applicationenvironment of this function.

4.8 Maintaining Class-based QoS ConfigurationThis section describes how to clear statistics of traffic policies.

4.9 Configuration Example

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS 4 Class-based QoS Configuration


44

This section provides typical examples for configuring class-based QoS.



45

4.1 Class-based QoS OverviewClass-based QoS classifies traffic according to certain rules and associates traffic classes withspecified traffic behaviors, forming various traffic policies. Through the application of thesepolicies on interfaces, class-based traffic policing, traffic shaping, congestion management, andprecedence re-marking are implemented.

The NE5000E supports Diff-Serv and provides standard forwarding services such as EF and AFfor users. These forwarding services are implemented on the basis of traffic managementmeasures such as traffic classification, traffic policing, traffic shaping, and congestionavoidance.

The NE5000E supports traffic policies with the above measures and mapping between QoSfields in the IP header and the MPLS header.

Traffic policies include CTC-based traffic policies, traffic policies based on simple trafficclassification, and internal traffic policies of the router.

l Using CTC-based traffic policies, the system implements traffic policing, re-marking,packet filtering, policy-based routing, and traffic sampling according to the class of thetraffic. CTC-based traffic policies are generally configured on the router at the edge of aDiffServ domain.

l Traffic policies based on simple traffic classification re-set the service level, color, anddiscarding priority according to the tags carried by packets. Simple traffic classification isgenerally configured on the router that is located near the core of a network.

l Internal traffic policies on the router control the traffic from the LPU to the MPU andtherefore ensure that the MPU is in a secure and stable state.

NOTE

l DiffServ is mainly used to guarantee the bandwidth for behavior aggregate (BA) data streams. TheNE5000E allocates resources to the services of different classes such as expedited forwarding (EF) andassured forwarding (AF) through the predefined queue scheduling mechanism. Users do not need toconfigure queue management.

l The priority of CTC-based traffic policies is higher than that of traffic policies based on simple trafficclassification.

Traffic ClassificationTraffic classification is used to identify packets that have the same characteristics according tospecific rules. It is the basis for providing differentiated services. Traffic classification consistsof complex traffic classification and simple traffic classification:

l Simple traffic classificationThe simple traffic classification refers to classifying packets according to the IP precedenceor DSCP value of the IP packet, the EXP value of the MPLS packet, or the 802.1p priorityof the VLAN packet. It is used to simply identify the traffic that has the specific precedenceor class of service.

l Complex traffic classificationThe complex traffic classification refers to classifying packets according to more complexrules, for example, the rules combining the link layer, the network layer, and the transportlayer information such as the source MAC address, destination MAC address, source IPaddress, destination IP address, acl number, protocol type, and TCP/UDP port number.



46

Traffic BehaviorTraffic classification is the basis of providing differentiated services. Traffic classification ismeaningful only after it is associated with traffic control actions.

The NE5000E supports the following traffic actions and the combination of these traffic actions:

l Deny/PermitDeny/Permit is the simplest traffic control action. It enables the NE5000E to control trafficby discarding packets or allowing packets to pass through.

l MarkThis traffic control action is used to set the precedence field in a packet. The precedencefield in a packet varies with the network type. For example, packets carry the 802.1p fieldin the VLAN, the DSCP field in the DiffServ network, and the EXP field in the MPLSnetwork. Therefore, the router must be able to mark the precedences of packets accordingto their network types.Usually, devices at the border of a network mark the precedence of the incoming packets.Devices inside the network provide corresponding QoS services according to theprecedences marked by border devices, or re-mark the precedences according to its ownstandard.

l RedirectThe redirect action indicates that the device does not forward packets according to theoriginal destination addresses of the packets but forwards the packets to a specified nexthop or Label Switched Path (LSP). In this manner, policy-based routing is implemented.

l Traffic policingIt is a traffic control action used to limit the traffic and the resource used by the traffic bymonitoring the volume of the traffic. With traffic policing, the router can discard, re-markthe color or precedence of, or implement other QoS measures over the packets that exceedthe specifications.

l SecurityIt refers to implementing such measures as Unicast Reverse Path Forwarding (URPF), portmirroring, or traffic statistics on packets.Security actions are not QoS measures but can be used together with QoS actions to improvethe security of the network.

Precedence MappingThe precedence field in a packet varies with the network type. For example, a packet carries the802.1p field in the VLAN, the DSCP field in the Diff-Serv network, and the EXP field in theMPLS network. When a packet passes through different networks, the gateway must beconfigured with mappings between various types of precedence values to retain the originalprecedence of the packet.

When the NE5000E serves as the gateway joining different networks, the external precedencesin the packets arriving at the NE5000E are all mapped to the internal precedences of theNE5000E. When the NE5000E sends out these packets, the internal precedences are mappedback to the original external precedences of the packets.



47

4.2 Class-based QoS Supported by the NE5000EThe NE5000E supports the use of class-based QoS in implementing traffic policing, trafficshaping, congestion management, and precedence re-marking.

The NE5000E supports class-based QoS to carry out:

l Traffic policing based on complex traffic classification, re-marking, policy-based routing,load balancing, URPF, NetStream, and mirroring.

l Mapping of priorities of services between networks based on simple traffic classification.

4.3 Configuring CTC-based Traffic Policies for IP PacketsThis section describes how to configure CTC-based traffic policies for IP packets and applicableenvironment.

Applicable EnvironmentTo manage or limit the traffic that goes into or flows in a network according to the class ofservice, you need to configure QoS traffic policies based on the complex traffic classification.That is, you need to provide differentiated services according to parameters such as DSCP,protocol type, IP address, or port number in the packet. In this way, traffic from different users,such as voice services, video services, and data services can be served differently in terms ofbandwidth, delay, and precedence.

CTC-based traffic policies are usually configured on the router located at the edge of the network,whereas traffic policies that are based on simple traffic classification are configured on therouter located near the core of a network.

Pre-configuration TasksBefore configuring CTC-based traffic policies for IP packets, you need to complete the followingtasks:




48


Figure 4-1 Flowchart of configuring CTC-based traffic policies for IP packets

Enabling the Statistical Function of a Traffic

Policy


Defining a Traffic Classifier

Defining a Traffic Behavior and Configuring Actions

Defining a Policy and Specifying a Behavior for a

Classifier in the Policy


4.3.1 Defining a Traffic ClassifierYou need to configure traffic classification before configuring class-based QoS. The trafficclassification can be configured based on ACL, IP precedence, protocol type, MAC address,protocol address, and so on.

Procedurel Defining traffic classifiers based on Layer 3 or Layer 4 information


1. Run:system-view


2. Run:traffic classifier classifier-name [ operator { and | or } ]

A traffic classifier is defined and the traffic classifier view is displayed.

3. Choose the required matching rule according to your needs:


– To define a matching rule to classify traffic based on a DSCP value, run the if-match [ ipv6 ] dscp dscp-value command.

– To define a matching rule to classify traffic based on the TCP flag value, run theif-match tcp syn-flag tcpflag-value command.



49

– To define a matching rule to classify traffic based on the precedence of an IP packet,run the if-match ip-precedence ip-precedence command.

– To define a matching rule to classify traffic based on the MPLS EXP value, runthe if-match mpls-exp exp-value command.

– To define a matching rule to all packets, run the if-match [ ipv6 ] any command.– To define a matching rule to classify traffic based on the value of the next IPv6

header, run the if-match ipv6 next-header command.– To set a matching rule to classify traffic based on the source IPv6 address, run the

if-match ipv6 source-address ipv6-address prefix-length command.– To define a matching rule to classify traffic based on a destination IPv6 address,

run the if-match ipv6 destination-address ipv6-address prefix-length command.

NOTE

For IPv6 packets, you need to specify the keyword ipv6 when defining a matching rule inStep 3. A matching rule defined to match packets based on source or destination addressesis valid with IPv6 packets, but not with IPv4 packets.

You can define different ACL rules as required, including protocol type, source address,destination address, and ToS in packets. The if-match acl command filters packetsaccording to ACL rules defined in the rule command and then performs traffic actionsaccordingly.

If you define multiple matching rules in one traffic classifier, you can set the logicalrelationship between the matching rules by specifying the parameter operator in Step2.

– and: A packet belongs to the classifier only when it matches all the rules.– or: A packet belongs to the classifier if it matches any one of the rules.

By default, the value of the logic operator of the rules is or.4. Run:

commit

The configuration is committed.l Defining traffic classifiers based on Layer 2 information


1. Run:system-view



The traffic class is defined and the traffic class view is displayed.3. Define desired matching rules on the router according to your requirements.


– To set a matching rule to classify VLAN packets based on the 802.1p priority, runthe if-match 8021p 8021p-value command.

– To set a matching rule to classify traffic based on the source MAC address, runthe if-match source-mac mac-address command.



50

– To set a matching rule to classify traffic based on the destination MAC address,run the if-match destination-mac mac-address command.

If you set more than one matching rule for the same classifier, you can set their logicalrelations by specifying the parameter operator in Step 2. For detailed instructions,refer to the previous section.

If multiple traffic classifiers are configured in one traffic policy, the traffic behaviorscorresponding to these traffic classifiers are implemented in different orders.– When multiple traffic classifiers match the different fields of an IP packets, the

traffic behavior of the traffic classifier that is first bound to a traffic policy ispreferentially implemented.For example, as shown in Table 4-1, Policy 1 defines two traffic classifiers andtheir corresponding traffic behaviors. If a packet matches all the two trafficclassification rules, behavior 1 is performed on the packet. That is, the 802.1p valueof the packet is re-marked to 1.

Table 4-1 Traffic classifiers and behaviors defined in Policy 1

TrafficClassifier Matching Rule

TrafficBehavior Traffic Action

Classifier 1 Matching thedestination MACaddress

Behavior 1 Re-marking the8021p value to 1

Classifier 3 Matching the sourceMAC address


– Multiple traffic rules can match the same field of an IP packet, but no packet can

match multiple traffic classifiers once. This means that only the traffic action inthe traffic classifier that matches the traffic rule is performed on the packet.For example, as shown in Table 4-2, Policy 2 defines three traffic classifiers andtheir corresponding traffic behaviors. Multiple traffic rules can match the fields ofthe same IP packet, but no packet can match multiple traffic rules once. This meansthat only the traffic action in the traffic classifier that matches the traffic rule isperformed on the packet.




Classifier 1 Matching thedestination MACaddress 1-1-1






51





– Multiple traffic classifiers can match the same protocol field or different protocolfields.

– Traffic classifiers matching the fields of the same IP packet do not conflict.

– If traffic classifiers in a traffic policy match different fields of an IP packet, thetraffic behavior in the traffic classifier that is first bound to the traffic policy isperformed.For example, as shown in Table 4-3, Policy 3 defines three traffic classifiersand their corresponding traffic behaviors. In Policy 3, Classifier 1 and Classifier3 match the same IP packet field, but do not conflict with each other. When apacket matches both Classifier 1 and Classifier 2, the traffic behavior inClassifier 1 is performed on the packet. when a packet matches both Classifier2 and Classifier 3, the traffic behavior in Classifier 2 is performed on the packet.






Classifier 2 Matching the sourceMAC address 2-2-2




4. Run:

commit


----End

4.3.2 Defining a Traffic Behavior and Configuring ActionsThis section describes the traffic behaviors support by NE5000E and how to configure.

Context

The NE5000E supports various types of traffic behaviors. You can choose one or more behaviorsto meet your requirements.



52

Procedurel Configuring Packet Filtering Actions


1. Run:system-view


traffic behavior behavior-name

A traffic behavior is configured and the traffic behavior view is displayed.3. Run:

permit/deny

Packets are allowed or forbidden to pass.

NOTE

If both the if-match any and deny parameters are configured in a complex traffic classificationrule, the device discards all packets, including protocol packets, that flow through an interface.Therefore, use caution when configuring both the if-match any and deny parameters in a trafficclassification rule.

If the permit or deny action is configured in both the rule command and the traffic behaviorview, only packets that are permitted by the rule command are processed according to theconfigured traffic behavior. If the deny action is configured in either the rule command or thetraffic behavior view, all matched packets are discarded.

4. Run:commit

The configuration is committed.l Configuring Traffic Policing Actions


1. Run:system-view




car { cir cir-value [ pir pir-value ] } [ cbs cbs-value pbs pbs-value ] [ green { discard | pass [ service-class class color color ] } | yellow { discard | pass [ service-class class color color ] } | red { discard | pass [ service-class class color color ] } ] *

A traffic policing action is configured.

After you configure a traffic policing action for a traffic policy, the traffic policy canbe applied to both incoming and outgoing traffic on an interface.

The original qos car command that is configured on an interfaces affected after atraffic policy configured with traffic policing action is applied to the interface.



53

This command is cyclic in nature. That is, if this command is configured for multipletimes, only the last configuration takes effect.

NOTE

If the CoS of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-marked onlyin green.

Only the pass action is applicable to yellow packets on the LPUE, LPUI, LPUR, and LPUM,and both the pass and discard actions are applicable to yellow packets on the LPUF-100,LPUI-100, and LPUF-200.

4. Run:commit


l Setting the Forcible traffic classification


1. Run:system-view




service-class service-class color color

Packets with a certain CoS are colored.4. Run:

commit


l Setting the Packet Precedence


1. Run:system-view



A traffic behavior is configured and the traffic behavior view is displayed.3. Configure the router as follows:

– To re-mark the precedence of IP packets, run the remark ip-precedence ip-precedence command.

– To re-mark the DSCP value of IP packets, run the remark [ ipv6 ] dscp dscp-value command.

– To re-mark the precedence of VLAN packets, run the remark 8021p 8021p-value command.



54

NOTE

To re-mark the DSCP value of IPv6 packets, run the remark ipv6 dscp dscp-value command.

The remark 8021p 8021p-value command takes effect with only incoming traffic on therouter.

4. Run:commit

The configuration is committed.l Setting Packet Forwarding Actions

CAUTIONl Redirecting of packets to the public network LSP can be configured only on the ingress

node of the MPLS network, and cannot be configured on other nodes such as transit oregress.

l Redirecting of packets to the public network LSP can be configured for only single-tagged MPLS packets.


1. Run:system-view



A traffic behavior is configured and the traffic behavior view is displayed.3. Configure the router as follows:

– To directly forward packets without redirecting them, run the permit command inthe traffic behavior view.

– To directly drop packets without redirecting them, run the deny command in thetraffic behavior view.

– To redirect packets to a single next hop, run the redirect ip-nexthop ip-address[ interface interface-type interface-number [.subinterface-number] ] command.

– To redirect packets to multiple next hops, run the redirect ipv4-multinhp nhpip-address interface interface-type interface-number { nhp ip-address interfaceinterface-type interface-number } &<1-16> [ loadbalance ] command.

– To redirect IP packets to the public network LSP, run the redirect lsp public dest-ipv4-address [ nexthop-address | interface interface-type interface-number[.subinterface-number] | secondary ] command.

– To redirect packets to a specified VPN group, run the redirect vpn-group vpn-group-name command.



55

NOTE

To redirect IPv6 packets to a single next hop, run the redirect ipv6-nexthop command.

To redirect IPv6 packets to multiple hop, run the redirect ipv6-multinhp command.

When the redirection policy in the traffic behavior is a Discard policy, the IP address andoutbound interface of the next hop must be specified. When the redirection policy in the trafficbehavior is a Forward policy, the IP address of the next hop must be specified.

In IPv6 application, the IP address of the next hop specified for a Discard policy must be anIPv6 link-local address or an IPv6 unicast address; the IP address of the next hop specified fora Forward policy can be only an IPv6 unicast address.

The action deny and other traffic actions are mutually exclusive. Traffic that isconfigured with the deny action cannot be further processed unless the traffic isconfigured with the permit action.

4. Run:commit

The configuration is committed.l Configuring the Load Balancing Mode


1. Run:system-view




load-balance flow

The load balancing mode is set to be flow-by-flow.4. Run:

commit


----End

4.3.3 Defining a Policy and Specifying a Behavior for a Classifier inthe Policy

After traffic classifiers and traffic behaviors are defined, traffic classifiers and traffic behaviorsneed to be associated to form traffic policies.


Procedure




56





A traffic behavior is specified for the specified traffic classifier in the traffic policy and theprecedence of the traffic policy is also specified.

Step 4 (Option) Run:step step-number

The step between policies is specified.

Step 5 Run:commit


----End



Procedure







NOTE

On the LPUE and LPUI, the traffic policy can be applied only to the upstream IPv6 packets on an interface.




57


NOTE

The keyword mpls-layer is supported on the inbound interface of the LPUI-100, and LPUF-100.

By default, the router performs complex traffic classification based on Layer 3 or Layer 4information and other information.

Step 4 Run:commit


----End

4.3.5 Enabling the Statistical Function of a Traffic PolicyThe statistical function of a traffic policy should be enabled when check the statistic information.

ContextDo as follows on the router that is configured with traffic policies:

Procedure




The view of a specified traffic policy is displayed.

Step 3 Run:statistics enable

The statistical function of the traffic policy is enabled.

Step 4 Run:share-mode

The shared mode is specified for the traffic policy.



58

NOTE

Step 3 is optional. To save memory, the statistical function of traffic policies is disabled by default. Todisplay the statistics about a traffic policy, you can enable statistics for the traffic policy by running thestatistics enable command.

Step 4 is optional. The default attribute of a policy is shared.

l After a traffic policy is applied to an interface, you cannot change the mode of the traffic policy, whetherits attribute is shared or unshared. Before changing the shared or unshared mode of the traffic policy,you must disable the traffic policy on the interface.

l If a shared traffic policy is applied to different interfaces, this shared traffic policy collects statisticson the traffic of all the interfaces as a whole. That is, the shared traffic policy does not collect statisticson the traffic of interfaces individually.

l If an unshared traffic policy is applied to different interfaces, this unshared traffic policy collectsstatistics on the traffic of the interfaces individually.

l A traffic policy collects statistics on incoming traffic and outgoing traffic individually, whether itsattribute is shared or unshared.

Step 5 Run:commit


----End

4.3.6 Checking the ConfigurationAfter class-based QoS is successfully configured, you can view the traffic classifiers, trafficbehaviors, binding between traffic classifiers and behaviors in the specified traffic policy,configured traffic policies and their application, and configured queues and their application.

Procedurel Run the display interface [ interface-type [ interface-number ] ] command to view the

information about the traffic on the interface.l Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]

command to view information about the configured traffic behaviors.l Run the display traffic classifier { system-defined | user-defined } [ classifier-name ]

command to view information about the configured traffic classifiers.l Run the display traffic policy { system-defined | user-defined } [ policy-name

[ classifier classifier-name ] ] command to view information about the association betweenall or the specified traffic classifiers and traffic behaviors in traffic policies.

l Run the display traffic policy statistics interface interface-type interface-number [ .sub-interface ] { inbound | outbound } [ verbose { classifier-based | rule-based } [ classclass-name ] ] command to view traffic statistics of traffic policies that are configured onthe interface.

----End


l Running the display traffic behavior command, you can view the name of the configuredtraffic behavior and its actions.



59

l Running the display traffic classifier command, you can view the name of the configuredtraffic classifier and its matching rules, as well as the logic operator of the rules.

l Running the display traffic policy command, you can view the association between trafficclassifiers and traffic behaviors in a traffic policy.

l Running the display traffic policy statistics command, you can view the traffic statisticsof traffic policies that are configured on the interface.<HUAWEI> display traffic policy statistics interface gigabitethernet 1/0/0 inbound

Info: The statistics is shared because the policy is shared.Interface: GigabitEthernet1/0/0 Traffic policy inbound: test Traffic policy applied at 2007-08-30 18:30:20 Statistics enabled at 2007-08-30 18:30:20Statistics last cleared: NeverRule number: 7 IPv4, 1 IPv6 Current status: OK!Item Packets Bytes-------------------------------------------------------------------Matched 1,000 100,000 +--Passed 500 50,000 +--Dropped 500 50,000Missed 500 50,000

Last 30 seconds rateItem pps bps-------------------------------------------------------------------Matched 1,000 100,000 +--Passed 500 50,000 +--Dropped 500 50,000Missed 500 50,000

4.4 Configuring Priority Mappings for IP PacketsThis section describes how to configure priority mappings for IP packets and the applicationenvironment of this function.

Context

Traffic policy based on simple traffic classification is used to map the precedence of traffic onone type of network to another type. That is, to transmit the traffic in the other network accordingto the original precedence.

When the NE5000E serves as the border router for different networks, the original externalpriorities (DSCP values) in the IP packets that go into the NE5000E are all mapped to the internalpriorities of the router represented by service classes of DiffServ and colors. When theNE5000E sends out the packet, the internal priority is mapped back to the external priority.

Simple traffic classification is usually implemented on the core devices of the network. It canbe implemented on both physical and logical interfaces. If implemented on the logical interface,simple traffic classification can limit traffic congestion on member ports of the logical interfaceand restrict the precedence of packets on the logical interface.

A Diff-Serv (DS) domain is a group of Diff-Serv nodes that adopt the same service policies andimplement the same PHB aggregate.

The precedence of packets is usually accepted or re-defined on the core router. On the borderrouter in the IP domain or MPLS domain, DSCP and EXP also need to be mapped.



60

The simple traffic classification can map the internal precedence to the external precedence, andthe external precedence to the internal precedence. However, mapping between traffic of thesame type, for example, IP traffic or MPLS traffic, is not supported.

NOTE

Using the qos default-service-class command, you can configure the upstream traffic on the interface toenter the specific queues and provide service. By default, the traffic enters the queues with the service classas BE. After this command is run, other packets cannot be enabled to enter the queues, and simple trafficclassification cannot be enabled.




Procedure



Step 2 Run:diffserv domain { ds-domain-name | default }

A DS domain is defined and the DS domain view is displayed.

Step 3 Define traffic policies on the router based on the actual situation.l To define a traffic policy for incoming IP traffic, run the ip-dscp-inbound dscp-value phb

service-class [ color ] command.l To define a traffic policy for outgoing IP traffic, run the ip-dscp-outbound service-class

color map dscp-value command.

The system predefines a domain named default for IP packets. You are not allowed to deletethe default domain.

If the priority mapping in Step 3 is not set in the DS domain, the system uses the default mapping.The default domain describes the default mappings between the DSCP values, QoS serviceclasses, and colors for IP packets. You can change the mappings in as required. In the defaultdomain, the DSCP values of the packets from an upstream device are mapped to QoS serviceclasses and colors. Their mappings are shown in Table 4-4. The QoS service classes and colorsof the packets entering a downstream device are mapped to DSCP values. Their mappings areshown in Table 4-5.



61

Table 4-4 Default mappings between DSCP values and service classes in the default domain

DSCP Service Color DSCP Service Color

00 BE Green 32 AF4 Green

01 BE Green 33 BE Green



04 BE Green 36 AF4 Yellow


06 BE Green 38 AF4 Red


08 AF1 Green 40 EF Green


10 AF1 Green 42 BE Green


12 AF1 Yellow 44 BE Green


14 AF1 Red 46 EF Green


16 AF2 Green 48 CS6 Green






22 AF2 Red 54 BE Green









62

DSCP Service Color DSCP Service Color


30 AF3 Red 62 BE Green


Table 4-5 shows the default mappings between internal service classes, colors, and DSCP valuesfor IP packets.

Table 4-5 Default mappings between service classes and DSCP values

Service Color DSCP

BE Green 0

AF1 Green 10

AF1 Yellow 12

AF1 Red 14

AF2 Green 18

AF2 Yellow 20

AF2 Red 22

AF3 Green 26

AF3 Yellow 28

AF3 Red 30

AF4 Green 34

AF4 Yellow 36

AF4 Red 38

EF Green 46

CS6 Green 48

CS7 Green 56

Step 4 Run:commit


Step 5 Run:quit

Return to the system view.



63



Step 7 Run:trust upstream { ds-domain-name | default }

The DS domain is bound to the interface, and simple traffic classification is enabled on theinterface.

Step 8 Run:commit


----End

4.5 Configuring CTC-based Traffic Policies for VLANPackets

This section describes how to configure CTC-based traffic policies for VLAN packets.

Applicable EnvironmentTo manage or limit the traffic that goes into or flows in a network according to the class ofservice, you need to configure QoS traffic policies based on the complex traffic classification.That is, you need to provide differentiated services according to the VLAN attributes of packets.In this way, traffic from different users, such as voice services, video services, and data servicescan be served differently in terms of bandwidth, delay, and precedence. After VLAN QoS isused for the traffic entering the VLAN network, the traffic can either retain its QoS attributesof the previous network, or has its QoS attributes modified according to the configurations ofthe VLAN. In this manner, the traffic continues to be transmitted in the VLAN network.

CTC-based traffic policies are usually configured on the router located at the edge of the network,whereas traffic policies that are based on simple traffic classification are configured on therouter located near the core of a network.

Pre-configuration TasksBefore configuring CTC-based traffic policies for VLAN packets, you need to complete thefollowing tasks:

l Configuring physical parameters on interfacesl Configuring link-layer attributes on interfacesl Assigning IP addresses to interfaces



64


Figure 4-2 Flowchart of configuring CTC-based traffic policies for VLAN packets

Enabling the Statistical Function of a Traffic

Policy


Configuring Rules for Mapping VLAN Frame Priorities

Configuring VLAN Priorities

Defining a Traffic Policy and Specifying Its Traffic Behaviors


4.5.1 Configuring Rules for Mapping VLAN Frame PrioritiesThis section describes how to configure the rule for mapping VLAN frame priorities.


Procedure



Step 2 Run:traffic classifier classifier-name [ operator { and | or } ]

A traffic classifier is created and the traffic classifier view is displayed.

Step 3 Run:if-match 8021p 8021p-value

A rule for mapping the 802.1p values of VLAN packets is defined.

Step 4 Run:commit


----End



65

4.5.2 Configuring VLAN PrioritiesThis section describes how to configure the VLAN priorities.

Context


Procedure





Step 3 Run:remark 8021p 8021p-value

The 802.1p value for VLAN packets is configured.

Step 4 Run:commit


----End

4.5.3 Defining a Traffic Policy and Specifying Its Traffic BehaviorsAfter traffic classifiers and traffic behaviors are defined, traffic classifiers and traffic behaviorsneed to be associated to form traffic policies.

Context


Procedure








66

A traffic behavior is specified for the specified traffic classifier in the traffic policy and theprecedence of the traffic policy is also specified.

Step 4 (Option) Run:step step-number

The step between policies is specified.

Step 5 Run:commit


----End


Context


Procedure









NOTE

The keyword mpls-layer is supported on the inbound interface of the LPUI-100, and LPUF-100.

By default, the router performs complex traffic classification based on Layer 3 or Layer 4information and other information.

Step 4 Run:commit



67


----End

4.5.5 Enabling the Statistical Function of a Traffic PolicyThe statistical function of a traffic policy should be enabled when check the statistic information.

ContextDo as follows on the router that is configured with traffic policies:

Procedure




The view of a specified traffic policy is displayed.

Step 3 Run:statistics enable

The statistical function of the traffic policy is enabled.

Step 4 Run:share-mode

The shared mode is specified for the traffic policy.

NOTE

Step 3 is optional. To save memory, the statistical function of traffic policies is disabled by default. Todisplay the statistics about a traffic policy, you can enable statistics for the traffic policy by running thestatistics enable command.

Step 4 is optional. The default attribute of a policy is shared.

l After a traffic policy is applied to an interface, you cannot change the mode of the traffic policy, whetherits attribute is shared or unshared. Before changing the shared or unshared mode of the traffic policy,you must disable the traffic policy on the interface.

l If a shared traffic policy is applied to different interfaces, this shared traffic policy collects statisticson the traffic of all the interfaces as a whole. That is, the shared traffic policy does not collect statisticson the traffic of interfaces individually.

l If an unshared traffic policy is applied to different interfaces, this unshared traffic policy collectsstatistics on the traffic of the interfaces individually.

l A traffic policy collects statistics on incoming traffic and outgoing traffic individually, whether itsattribute is shared or unshared.

Step 5 Run:commit


----End



68

4.5.6 Checking the ConfigurationAfter VLAN QoS is successfully configured, you can view the traffic classifiers, trafficbehaviors, binding between traffic classifiers and behaviors in the specified traffic policy,configured traffic policies and their application, and configured queues and their application.

Procedurel Run the display interface [ interface-type [ interface-number ] ] [ | { begin | exclude |

include } regular-expression ] command to view the information about the traffic on theinterface.

l Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]command to view information about the configured traffic behaviors.

l Run the display traffic classifier { system-defined | user-defined } [ classifier-name ]command to view information about the configured traffic classifiers.

l Run the display traffic policy { system-defined | user-defined } [ policy-name[ classifier classifier-name ] ] command to view information about the association betweenall or the specified traffic classifiers and traffic behaviors in traffic policies.

l Run the display traffic policy statistics interface interface-type interface-number [ .sub-interface ] { inbound | outbound } [ verbose { classifier-based | rule-based} [ classclass-name ] ] command to view traffic statistics of traffic policies that are configured onthe interface.

----End


l Running the display traffic behavior command, you can view the name of the configuredtraffic behavior and its actions.

l Running the display traffic classifier command, you can view the name of the configuredtraffic classifier and its matching rules, as well as the logic operator of the rules.

l Running the display traffic policy command, you can view the association between trafficclassifiers and traffic behaviors in a traffic policy.

l Running the display traffic policy statistics command, you can view the traffic statisticsof traffic policies that are configured on the interface.<HUAWEI> display traffic policy statistics interface gigabitethernet 1/0/0 inboundInfo: The statistics is shared because the policy is shared.Interface: GigabitEthernet1/0/0 Traffic policy inbound: policy1Traffic policy applied at 2007-08-30 18:30:20 Statistics enabled at 2007-08-30 18:30:20Statistics last cleared: NeverRule number: 7 IPv4, 1 IPv6 Current status: OK!Item Packets Bytes-------------------------------------------------------------------Matched 1000 100000 +--Passed N/A N/A +--Dropped N/A N/AMissed 500 50000Last 30 seconds rateItem pps bps-------------------------------------------------------------------



69

Matched 1000 100000 +--Passed N/A N/A +--Dropped N/A N/AMissed 500 50000

4.6 Configuring Priority Mappings for VLAN PacketsThis section describes how to configure priority mappings for VLAN packets and the applicationenvironment of this function.

Context

Traffic policy based on simple traffic classification is used to map the precedence of traffic onone type of network to another type. That is, to transmit the traffic in the other network accordingto the original precedence.

When the NE5000E serves as the border router for different networks, the original externalpriorities (802.1p values) in the VLAN packets that go into the NE5000E are all mapped to theinternal priorities of the router represented by service classes of DiffServ and colors. When theNE5000E sends out the packet, the internal priority is mapped back to the external priority.

NOTE

If unified scheduling is required for all upstream traffic on an interface, you can run the qos default-service-class command to configure the upstream traffic on the interface to enter the specific queues and providecorresponding services.

By default, the traffic enters the queues with the service class as BE. After this command is run, otherpackets cannot be enabled to enter the queues, and simple traffic classification cannot be enabled.

Pre-configuration Tasks

Before configuring traffic shaping, complete the following tasks:

l Configuring the physical parameters of interfaces

l Configuring the link layer attributes of interfaces to ensure their normal operation

l Configuring IP addresses for interfaces

l Enabling the routing protocol for communication between devices

Procedure





Step 3 Define traffic policies on the router based on the actual situation.

l To define a traffic policy for incoming VLAN traffic, run the 8021p-inbound 8021p-valuephb service-class [ color ] command.



70

l To define a traffic policy for outgoing VLAN traffic, run the 8021p-outbound service-class color map 8021p-value command.

The default domain is predefined by the system for VLAN packets and can not be deleted. Thedefault domain describes the default mappings from the 802.1p priorities of VLAN packets toQoS service classes and colors, or from QoS service classes and colors to the 802.1p prioritiesof VLAN packets. You can change the mappings in the default domain. The 802.1p prioritiesof the packets from an upstream device are mapped to QoS service classes and colors. Theirmappings are shown in Table 4-6; the QoS service classes and colors of the packets entering adownstream device are mapped to 802.1p priorities. Their mappings are shown in Table 4-7.

Table 4-6 Mappings from 802.1p priorities to QoS service classes and colors in the defaultdomain

802.1p Service Color 802.1p Service Color





Table 4-7 Mappings from QoS service classes and colors to 802.1p priorities in the defaultdomain

Service Color 802.1p

BE Green 0

AF1 Green, Yellow, Red 1




EF Green 5

CS6 Green 6

CS7 Green 7

Step 4 Run:commit


Step 5 Run:quit




71

Step 6 Run:interface gigabitethernet interface-number.subnumber

The sub-interface view is displayed.


A DS domain is bount to the interface.

Step 8 Run:trust 8021p

Simple traffic classification based on 802.1p is enabled.

NOTE

l The trust 8021p command can be configured only on Ethernet sub-interfaces, including Eth-Trunksub-interfaces.

l Before configuring the trust 8021p command on an interface, run the trust upstream command tobind a DS domain to the interface. Otherwise, the trust 8021p command does not take effect.

After you add an interface to a DS domain, the traffic policy configured for the DS domain is automaticallyapplied to the incoming and outgoing traffic on the interface.

Step 9 Run:commit


----End

4.7 Configuring Priority Mappings for MPLS PacketsThis section describes how to configure priority mappings for MPLS packets and the applicationenvironment of this function.

ContextTraffic policy based on simple traffic classification is used to map the precedence of traffic onone type of network to another type. That is, to transmit the traffic in the other network accordingto the original precedence.

When the NE5000E serves as the border router for different networks, the original externalpriorities (EXP values) in the MPLS packets that go into the NE5000E are all mapped to theinternal priorities of the router represented by service classes of DiffServ and colors. When theNE5000E sends out the packet, the internal priority is mapped back to the external priority.

Generally, the priority mappings of MPLS packets are configured on the core device of thenetwork.


l Configuring the physical parameters of interfacesl Configuring the link layer attributes of interfaces to ensure their normal operation



72

l Configuring IP addresses for interfacesl Enabling the routing protocol for communication between devices

Procedure





Step 3 Define traffic policies on the router based on the actual situation.l To define a traffic policy for incoming MPLS traffic, run the mpls-exp-inbound exp phb

service-class [ color ] command.l To define a traffic policy for outgoing MPLS traffic, run the mpls-exp-outbound service-

class color map exp-value command.

The system predefines a default domain. If you do not configure priority mappings in Step 3 forthe DS domain, the system uses the default mappings. The default domain describes the defaultmappings from the EXP values of MPLS packets to QoS service classes and colors, or from QoSservice classes and colors to the EXP values of MPLS packets. You can change the mappingsin the default domain. The EXP values of the packets from an upstream device are mapped toQoS service classes and colors. Their mappings are shown in Table 4-8. The QoS service classesand colors of the packets entering a downstream device are mapped to EXP values. Theirmappings are shown in Table 4-9.

The default mappings between the EXP values of MPLS packets and QoS service classes areshown in Table 4-8.

Table 4-8 Default mappings between the EXP values the QoS service classes

EXP Service Color EXP Service Color





The default mappings between the EXP values of MPLS packets and QoS service classes areshown in Table 4-9.

Table 4-9 The default mappings between the EXP valueS and QoS service classes

Service Color MPLS EXP

BE Green 0



73

Service Color MPLS EXP





EF Green 5

CS6 Green 6

CS7 Green 7

Step 4 Run:commit


Step 5 Run:quit





The DS domain is bound to the interface, and simple traffic classification is enabled on theinterface.

Step 8 Run:commit


----End

4.8 Maintaining Class-based QoS ConfigurationThis section describes how to clear statistics of traffic policies.

4.8.1 Clearing Statistics of a Traffic PolicyThis section describes the command for clearing statistics of a traffic policy.



74

Context

CAUTIONOnce deleted, statistics cannot be restored. Therefore, use caution when deleting statistics.

Procedure

Step 1 To clear the statistics of a traffic policy on an interface, run the reset traffic policy statisticsinterface interface-typeinterface-number [.sub-interface ] { inbound | outbound } commandin the user view.

----End

4.9 Configuration ExampleThis section provides typical examples for configuring class-based QoS.

4.9.1 Example for Configuring a Traffic Policy Based on ComplexTraffic Classification

This part describes the configuration and application of traffic classifiers and traffic behaviorsin the context of traffic policy based on complex traffic classification.



As shown in Figure 4-3, PE1, P, and PE2 are routers on an MPLS backbone network. CE1 andCE2 are access routers on the edge of the backbone network. Three users from the local networkaccess the Internet through CE1.

l On CE1, the CIR of the traffic of the user from the network segment 1.1.1.0 is limited to10 Mbit/s and the CBS is limited to 150000 bytes.



l On CE1, the DSCP values of the service packets from the three network segments are re-marked to 40, 26, and 0.



75

l PE1 accesses the MPLS backbone network at the CIR of 15 Mbit/s, the CBS of 300000bytes, the PIR of 20 Mbit/s, and the PBS of 500000 bytes.

l On CE1, the CIR, CBS, and PIR of the UDP protocol packets (except DNS, SNMP, SNMPTrap, and Syslog packets) are respectively limited to 5 Mbit/s, 100000 bytes, and 15 Mbit/s.

Figure 4-3 Diagram for configuring a traffic policy based on complex traffic classification

GE4/0/0

GE3/0/0

GE1/0/0

GE2/0/0

PE1 PE2

GE1/0/020.1.1.2/24

11.11.11.11/32 22.22.22.22/32

POS2/0/0100.1.1.1/24

POS2/0/0110.1.1.1/24

10.1.1.1/24

PGE1/0/010.1.1.2/24

33.33.33.33/32

POS1/0/0100.1.1.2/24 POS2/0/0

110.1.1.2/24

1.1.1.0

2.1.1.0

3.1.1.0

CE1CE2

Loopback0 Loopback0 Loopback0

GE2/0/020.1.1.1/24

Configuration Notes

When configuring traffic policies based on complex traffic classification, pay attention to thefollowing:

l If both the if-match any and deny parameters are configured in the complex trafficclassification rules on an interface, all packets, including protocol packets, are discardedby the interface. Therefore, use caution when configuring both the if-match any anddeny parameters in a traffic classification rule.

l If the permit or deny parameter is configured in both the rule command and the trafficbehavior view, only packets that are permitted are further processed according to theconfigured traffic behavior. If the deny action is configured in either the rule command orthe traffic behavior view, all matched packets are discarded.





76

1. Define ACL rules.2. Configure traffic classifiers.3. Configure traffic behaviors.4. Configure traffic policies.5. Apply the traffic policies to interfaces.


l ACL numbers 2001, 2002, 2003, 3001, and 3002l Re-marked DSCP values 40, 26, and 0 for the packets from the three network segmentsl CIRs of the traffic from users belonging to the three network segments, which are

respectively 10 Mbit/s, 5 Mbit/s, and 2 Mbit/s, with their respective CBSs being 150000bytes, 100000 bytes, and 100000 bytes

l CIR of the UDP protocol packets (except DNS, SNMP, SNMP Trap, and Syslog packets)on CE1, which is 5 Mbit/s, the CBS, which is 100000 bytes, and the PIR, which is 15 Mbit/s

l CIR of PE1, which is 15 Mbit/s; the CBS, which is 300000 bytes; the PIR, which is 20Mbit/s; and the PBS, which is 500000 bytes.

l Traffic classifier name, traffic behavior name, traffic policy name, and the interface numberwhere the traffic policy is applied

Procedure

Step 1 Configure the IP addresses for the interfaces, routes, and basic MPLS functions (detail omittedhere).

Step 2 Configure complex traffic classification on CE1 to control the traffic that accesses CE1 fromthe three local networks.

# Define ACL rules.

<CE1> system-view[~CE1] acl number 2001[~CE1-acl-basic-2001] rule permit source 1.1.1.0 0.0.0.255[~CE1-acl-basic-2001] commit[~CE1-acl-basic-2001] quit[~CE1] acl number 2002[~CE1-acl-basic-2002] rule permit source 2.1.1.0 0.0.0.255[~CE1-acl-basic-2002] commit[~CE1-acl-basic-2002] quit[~CE1] acl number 2003[~CE1-acl-basic-2003] rule permit source 3.1.1.0 0.0.0.255[~CE1-acl-basic-2003] commit[~CE1-acl-basic-2003] quit[~CE1] acl number 3001[~CE1-acl-basic-3001] rule 0 permit udp destination-port eq dns[~CE1-acl-basic-3001] rule 1 permit udp destination-port eq snmp[~CE1-acl-basic-3001] rule 2 permit udp destination-port eq snmptrap[~CE1-acl-basic-3001] rule 3 permit udp destination-port eq syslog [~CE1-acl-basic-3001] commit[~CE1-acl-basic-3001] quit[~CE1] acl number 3002[~CE1-acl-basic-3002] rule 4 permit udp [~CE1-acl-basic-3002] commit[~CE1-acl-basic-3002] quit



77

# Configure traffic classifiers and define ACL-based matching rules.[~CE1] traffic classifier a[~CE1-classifier-a] if-match acl 2001[~CE1-classifier-a] commit[~CE1-classifier-a] quit[~CE1] traffic classifier b[~CE1-classifier-b] if-match acl 2002[~CE1-classifier-b] commit[~CE1-classifier-b] quit[~CE1] traffic classifier c[~CE1-classifier-c] if-match acl 2003[~CE1-classifier-c] commit[~CE1-classifier-c] quit[~CE1]traffic classifier udplimit[~CE1-classifier-udplimit] if-match acl 3001[~CE1-classifier-udplimit] commit[~CE1-classifier-udplimit] quit[~CE1] traffic classifier udplimit1[~CE1-classifier-udplimit1] if-match acl 3002[~CE1-classifier-udplimit1] commit[~CE1-classifier-udplimit1] quit

After the configuration is complete, run the display traffic classifier command to view theconfiguration of the traffic classifiers.[~CE1] display traffic classifier user-definedUser Defined Classifier Information: Classifier: a Description: Operator: or Rule(s): if-match acl 2001 Classifier: b Description: Operator: or Rule(s): if-match acl 2002 Classifier: c Description: Operator: or Rule(s): if-match acl 2003 Classifier: udplimit Description: Operator: or Rule(s) : if-match acl 3001 Classifier: udplimit1 Description: Operator: or Rule(s) : if-match acl 3002

# Define traffic behaviors, and configure traffic policing and DSCP values to be re-marked.[~CE1] traffic behavior e[~CE1-behavior-e] car cir 10000 cbs 150000 pbs 0[~CE1-behavior-e] remark dscp 40[~CE1-behavior-e] commit[~CE1-behavior-e] quit[~CE1] traffic behavior f[~CE1-behavior-f] car cir 5000 cbs 100000 pbs 0[~CE1-behavior-f] remark dscp 26[~CE1-behavior-f] commit[~CE1-behavior-f] quit[~CE1] traffic behavior g[~CE1-behavior-g] car cir 2000 cbs 100000 pbs 0[~CE1-behavior-g] remark dscp 0[~CE1-behavior-g] commit



78

[~CE1-behavior-g] quit[~CE1] traffic behavior udplimit[~CE1-behavior-udplimit] permit[~CE1-behavior-udplimit] commit[~CE1-behavior-udplimit] quit[~CE1] traffic behavior udplimit1[~CE1-behavior-udplimit1] car cir 15000 pir 20000 cbs 300000 pbs 500000 green pass yellow pass red discard[~CE1-behavior-udplimit1] commit[~CE1-behavior-udplimit1] quit

# Define traffic policies and associate traffic classifiers and traffic behaviors.

[~CE1] traffic policy 1[~CE1-trafficpolicy-1] classifier a behavior e[~CE1-trafficpolicy-1] commit[~CE1-trafficpolicy-1] quit[~CE1] traffic policy 2[~CE1-trafficpolicy-2] classifier b behavior f[~CE1-trafficpolicy-2] commit[~CE1-trafficpolicy-2] quit[~CE1] traffic policy 3[~CE1-trafficpolicy-3] classifier c behavior g[~CE1-trafficpolicy-3] commit[~CE1-trafficpolicy-3] quit[~CE1] traffic policy udplimit[~CE1-trafficpolicy-udplimit] classifier udplimit behavior udplimit[~CE1-trafficpolicy-udplimit] classifier udplimit1 behavior udplimit1[~CE1-trafficpolicy-3] commit[~CE1-trafficpolicy-3] quit

After the preceding configuration, run the display traffic policy command to view theconfiguration of the traffic policies, traffic classifiers defined in the traffic policies, and the trafficbehaviors associated with traffic classifiers.

[~CE1] display traffic policy user-definedUser Defined Traffic Policy Information:Policy: 1 Description: Step: 5 Share-mode Classifier: a Precedence: 5 Behavior: e Committed Access Rate: CIR 10000 (Kbps), PIR 0 (Kbps), CBS 15000 (byte), PBS 0 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discard Marking: Remark DSCP cs5 Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: 2 Description: Step: 5 Share-mode Classifier: b Precedence: 5 Behavior: f Committed Access Rate: CIR 5000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discard Marking: Remark DSCP af31 Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: 3 Description:



79

Step: 5 Share-mode Classifier: c Precedence: 5 Behavior: g Committed Access Rate: CIR 2000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discard Marking: Remark DSCP default Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: udplimit Description: Step: 5 Share-mode Classifier: udplimit Precedence: 5 Behavior: udplimit -none- Classifier: udplimit1 Precedence: 10 Behavior: udplimit1 Committed Access Rate: CIR 15000 (Kbps), PIR 20000 (Kbps), CBS 300000 (byte), PBS 500000 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discard Classifier: default-class Precedence: 65535 Behavior: be -none-

# Apply the traffic policies to the inbound interfaces.

[~CE1] interface gigabitethernet 1/0/0[~CE1-GigabitEthernet1/0/0] undo shutdown[~CE1-GigabitEthernet1/0/0] traffic-policy 1 inbound[~CE1-GigabitEthernet1/0/0] commit[~CE1-GigabitEthernet1/0/0] quit[~CE1] interface gigabitethernet 3/0/0[~CE1-GigabitEthernet3/0/0] undo shutdown[~CE1-GigabitEthernet3/0/0] traffic-policy 2 inbound[~CE1-GigabitEthernet3/0/0] commit[~CE1-GigabitEthernet3/0/0] quit[~CE1] interface gigabitethernet 4/0/0[~CE1-GigabitEthernet4/0/0] undo shutdown[~CE1-GigabitEthernet4/0/0] traffic-policy 3 inbound[~CE1-GigabitEthernet4/0/0] commit[~CE1-GigabitEthernet4/0/0] quit[~CE1] interface gigabitethernet 2/0/0[~CE1-GigabitEthernet2/0/0] undo shutdown[~CE1-GigabitEthernet2/0/0] traffic-policy udplimit outbound[~CE1-GigabitEthernet2/0/0] commit[~CE1-GigabitEthernet2/0/0] quit

Step 3 Configure complex traffic classification on PE1 to control the traffic that goes to the MPLSbackbone network.

# Configure a traffic classifier and define the matching rule.

<PE1> system-view[~PE1] traffic classifier pe[~PE1-classifier-pe] if-match any[~PE1-classifier-pe] commit[~PE1-classifier-pe] quit

After the preceding configuration, you can run the display traffic classifier command to viewthe configuration of the traffic classifier.

[~PE1] display traffic classifier user-definedUser Defined Classifier Information:



80

Classifier: pe Description: Operator: ORRule(s): if-match any

# Define a traffic behavior and configure traffic policing.

[~PE1] traffic behavior pe[~PE1-behavior-pe] car cir 15000 pir 20000 cbs 300000 pbs 500000[~PE1-behavior-pe] commit[~PE1-behavior-pe] quit

# Define a traffic policy to associate the traffic classifier with the traffic behavior.

[~PE1] traffic policy pe[~PE1-trafficpolicy-pe] classifier pe behavior pe[~PE1-trafficpolicy-pe] commit[~PE1-trafficpolicy-pe] quit

After the preceding configuration, run the display traffic policy command to view theconfiguration of the traffic policies, traffic classifiers defined in the traffic policies, and the trafficbehaviors associated with traffic classifiers.

[~PE1] display traffic policy user-definedUser Defined Traffic Policy Information:Policy: pe Description: Step: 5 Share-mode Classifier: pe Precedence: 5 Behavior: pe Committed Access Rate: CIR 15000 (Kbps), PIR 20000 (Kbps), CBS 300000 (byte), PBS 500000 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discard Classifier: default-class Precedence: 65535 Behavior: be -none-

# Apply the traffic policies to the incoming traffic.

[~PE1] interface gigabitethernet 1/0/0[~PE1-GigabitEthernet1/0/0] undo shutdown[~PE1-GigabitEthernet1/0/0] traffic-policy pe inbound[~PE1-GigabitEthernet1/0/0] commit[~PE1-GigabitEthernet1/0/0] quit


Run the display interface command on CE1 and PE1. You can view that the traffic on theinterfaces are regulated according to the configured traffic policies.

----End

Configuration Filesl Configuration file of CE1

# sysname CE1#acl number 2001 rule 5 permit source 1.1.1.0 0.0.0.255acl number 2002 rule 5 permit source 2.1.1.0 0.0.0.255acl number 2003 rule 5 permit source 3.1.1.0 0.0.0.255



81

acl number 3001 rule 0 permit udp destination-port eq dns rule 1 permit udp destination-port eq snmp rule 2 dpermit udp destination-port eq snmptrap rule 3 permit udp destination-port eq syslogacl number 3302 rule 4 permit udp #traffic classifier a operator or if-match acl 2001traffic classifier c operator or if-match acl 2003traffic classifier b operator or if-match acl 2002traffic classifier udp-limit operator or if-match acl 3001traffic classifier udp-limit1 operator or if-match acl 3002#traffic behavior e car cir 10000 cbs 150000 pbs 0 green pass red discard remark dscp cs5traffic behavior g car cir 2000 cbs 100000 pbs 0 green pass red discard remark dscp defaulttraffic behavior f car cir 5000 cbs 100000 pbs 0 green pass red discard remark dscp af31traffic behavior udp-limittraffic behavior udp-limit1 car cir 5000 cbs 100000 pbs 150000 green pass yellow discard red discard #traffic policy 3 classifier c behavior g precedence 5traffic policy 2 classifier b behavior f precedence 5traffic policy 1 classifier a behavior e precedence 5traffic policy udp-limit classifier udp-limit behavior udp-limit precedence 5 classifier udp-limit1 behavior udp-limit1 precedence 10#interface GigabitEthernet1/0/0undo shutdownip address 1.1.1.1 255.255.255.0 traffic-policy 1 inbound#interface GigabitEthernet2/0/0undo shutdownip address 10.1.1.1 255.255.255.0traffic-policy udplimit outbound#interface GigabitEthernet3/0/0undo shutdownip address 2.1.1.1 255.255.255.0 traffic-policy 2 inbound#interface GigabitEthernet4/0/0undo shutdownip address 3.1.1.1 255.255.255.0 traffic-policy 3 inbound#ospf 1 area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 2.1.1.0 0.0.0.255 network 3.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#



82

return l Configuration file of PE1

# sysname PE1#mpls lsr-id 11.11.11.11mpls#mpls ldp#traffic classifier pe operator or if-match any#traffic behavior pe car cir 15000 pir 20000 cbs 300000 pbs 500000 green pass yellow pass red discard#traffic policy pe classifier pe behavior pe#interface GigabitEthernet1/0/0undo shutdownip address 10.1.1.2 255.255.255.0 traffic-policy pe inbound#interface Pos2/0/0undo shutdownip address 100.1.1.1 255.255.255.0mplsmpls ldp#interface LoopBack0 ip address 11.11.11.11 255.255.255.255#ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 100.1.1.0 0.0.0.255 network 11.11.11.11 0.0.0.0#return

l Configuration file of P# sysname P#mpls lsr-id 33.33.33.33mpls#mpls ldp#interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp#interface Pos2/0/0 link-protocol ppp ip address 110.1.1.1 255.255.255.0 mpls mpls ldp#interface LoopBack0 ip address 33.33.33.33 255.255.255.255#ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255



83

network 110.1.1.0 0.0.0.255 network 33.33.33.33 0.0.0.0#return

l Configuration file of PE2# sysname PE2#mpls lsr-id 22.22.22.22mpls#mpls ldp#interface GigabitEthernet1/0/0undo shutdownip address 20.1.1.2 255.255.255.0#interface Pos2/0/0 undo shutdownip address 110.1.1.1 255.255.255.0 mpls mpls ldp#interface LoopBack0 ip address 22.22.22.22 255.255.255.255#ospf 10 area 0.0.0.0 network 110.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 22.22.22.22 0.0.0.0#return

l Configuration file of CE2# sysname CE2#interface GigabitEthernet2/0/0undo shutdown ip address 20.1.1.1 255.255.255.0#ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255#return

4.9.2 Example for Configuring CTC-based Traffic Policies forVLAN Packets

This part is an example for configuring and applying priority mapping rules.





84

As shown in Figure 4-4, Router A and Router B connect to each other through a VLAN. WhenIP packets sent by Router A enter the VLAN, by default, the precedence of these IP packets ismapped to the 802.1p value. When these IP packets (carrying VLAN frame priority) leave theVLAN and arrive at Router B, the VLAN frame priority is mapped to the IP precedenceaccording to the configuration on Router B. Then, these packets are forwarded according to theirIP preference.

Figure 4-4 Networking diagram for configuring VLAN QoS

GE 4/0/0.110.1.1.1/24VLAN 10

RouterA RouterB

GE 2/0/0.110.1.1.2/24

VLAN 10GE 3/0/011.1.1.1.24

11.1.1.0/24

VLANNetwork

Configuration NotesWhen configuring VLAN QoS, pay attention to the following:

l The statistical function of traffic policies is disabled by default. To display the statisticsabout a traffic policy, you can enable statistics for the traffic policy by running the statisticsenable command.

Configuration RoadmapThe configuration roadmap is as follows:

1. Configure the VLAN and routes on Router A and Router B.2. Configure QoS policies on Router B.


l Names of traffic classification, traffic behaviors, and traffic policiesl Preferences for re-marking

Procedure

Step 1 Define a classifier to match packets whose 802.1p value is 2.<HUAWEI> system-view[~HUAWEI] sysname routerB[~routerB] traffic classifier test[~routerB-classifier-test] if-match 8021p 2[~routerB-classifier-test] commit[~routerB-classifier-test] quit

Step 2 Define a traffic behavior to re-mark the IP preference of packets as 4.[~routerB] traffic behavior test[~routerB-behavior-test] remark ip-precedence 4[~routerB-behavior-test] commit



85

[~routerB-behavior-test] quit

Step 3 Define a QoS policy to associate a configured traffic behavior with a specified traffic classifier.[~routerB] traffic policy test[~routerB-trafficpolicy-test] classifier test behavior test[~routerB-trafficpolicy-test] commit[~routerB-trafficpolicy-test] quit

Step 4 Apply the QoS policy to the incoming traffic of GE 2/0/0.1 on Router B.[~routerB] interface Gigabitethernet 2/0/0.1[~routerB-Gigabitethernet2/0/0.1] traffic-policy test inbound link-layer[~routerB-Gigabitethernet2/0/0.1] commit[~routerB-Gigabitethernet2/0/0.1] quit


After the preceding configurations, when packets whose IP preference is 2 are forwarded by GE4/0/0.1 on Router A reach the VLAN, the IP preference 2 is mapped to the VLAN priority 2.After these VLAN frames reach Router B, Router B forwards these VLAN frames as IP packetswith the IP preference of 4 to the network segment 11.1.1.0/24.

----End

Configuration FileConfiguration file of Router B

# sysname routerB#traffic classifier test operator or if-match 8021p 2#traffic behavior test remark ip-precedence 4#traffic policy test classifier test behavior test precedence 5#interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 traffic-policy test inbound link-layer

4.9.3 Example for Configuring Priority Mappings for VLAN PacketsTraffic Based on Simple Traffic Classification

This part describes how to configure simple traffic classification in the context of prioritymappings for VLAN packets.





86

As shown in Figure 4-5, Router A and Router B connect to each other through a VLAN. WhenIP packets from Router A enter the VLAN, the priorities of the IP packets are mapped to thepriorities of VLAN frames according to the default mappings in the DS domain. When packetsfrom the VLAN enter Router B, the priorities of the VLAN packets are mapped according tothe priority mappings in the DS domain set on Router B.

Figure 4-5 Networking diagram for configuring VLAN QoS

POS1/0/0 POS2/0/0

POS1/0/0

POS2/0/0

POS1/0/0

POS2/0/0

RouterA RouterB RouterC

Configuration NotesDuring the configuration, pay attention to the following:

l The trust 8021p command can be configured only on Ethernet sub-interfaces, includingEth-Trunk sub-interfaces. Before configuring the trust 8021p command on an interface,run the trust upstream command to bind a DS domain to the interface. Otherwise, thetrust 8021p command does not take effect.

Configuration RoadmapThe configuration roadmap is as follows:

1. Configure the VLAN and routes on Router A andRouter B.2. Configure the inbound interface of Router A to trust the priorities of packets from an

upstream device.3. Configure priority mappings based on simple traffic classification on the inbound interface

of Router B.


l VLAN IDl 802.1p priorities, the internal service classes and colors of the packets on the router, and

the DSCP values of IP packets to be mapped

Procedure

Step 1 Configure IP addresses for interfaces (detail omitted here).

Step 2 Configure the VLAN on Router A and Router B.

# Configure a sub-interface GE 4/0/0.1 for VLAN communication.

[~routerA] interface gigabitethernet 4/0/0.1[~routerA-GigabitEthernet4/0/0.1] vlan-type dot1q 10 [~routerA-GigabitEthernet4/0/0.1] commit[~routerA-GigabitEthernet4/0/0.1] return



87

# Configure a sub-interface GE 2/0/0.1 for VLAN communication.

<routerB> system-view[~routerB] interface gigabitethernet 2/0/0.1[~routerB-GigabitEthernet2/0/0.1] vlan-type dot1q 10[~routerB-GigabitEthernet2/0/0.1] commit[~routerB-GigabitEthernet2/0/0.1] return

Step 3 Configure a dynamic routing protocol on Router A and Router B. Take Open Shortest Path First(OSPF) as an example.

# Configure Router A.

<routerA> system-view[~routerA] ospf 1[~routerA-ospf-1] area 0.0.0.0[~routerA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [~routerA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[~routerA-ospf-1-area-0.0.0.0] commit[~routerA-ospf-1-area-0.0.0.0] return

# Configure Router B.

<routerB> system-view[~routerB] ospf 1[~routerB-ospf-1] area 0.0.0.0[~routerB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [~routerB-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255[~routerB-ospf-1-area-0.0.0.0] commit[~routerB-ospf-1-area-0.0.0.0] return

Step 4 Enable simple traffic classification on the inbound interface GE 1/0/0 of Router A to map thepriorities of IP packets to the priorities of VLAN frames according to the default mappings.<routerA> system-view[~routerA] interface gigabitethernet 1/0/0[~routerA-GigabitEthernet1/0/0] undo shutdown[~routerA-GigabitEthernet1/0/0] trust upstream default[~routerA-GigabitEthernet1/0/0] commit[~routerA-GigabitEthernet1/0/0] quit[~routerA] interface gigabitethernet 4/0/0.1[~routerA-GigabitEthernet4/0/0.1] trust upstream default[~routerA-GigabitEthernet4/0/0.1] trust 8021p[~routerA-GigabitEthernet4/0/0.1] commit[~routerA-GigabitEthernet4/0/0.1] return

After the configuration is complete, the DSCP values of the IP packets that are sent from anupstream device are mapped on Router A to the 802.1p priorities of VLAN frames according tothe default mappings.

Step 5 On GE 2/0/0.1 of routerB, configure the mapping from the 802.1p priority to IP DSCP field.<routerB> system-view[~routerB] diffserv domain default[~routerB-dsdomain-default] 8021p-inbound 2 phb ef green[~routerB-dsdomain-default] ip-dscp-outbound ef green map 34[~routerB-dsdomain-default] commit[~routerB-dsdomain-default] quit[~routerB] interface gigabitethernet 2/0/0.1[~routerB-GigabitEthernet2/0/0.1] trust upstream default[~routerB-GigabitEthernet2/0/0.1] trust 8021p[~routerB-GigabitEthernet2/0/0.1] commit[~routerB-GigabitEthernet2/0/0.1] return

After the configuration is complete, the VLAN frames with the 802.1p priority being 2 from anupstream device are converted on Router B to IP packets with the DSCP value being 34, theservice classes being AF4, and the packet colors being green. On Router B, the other 802.1p



88

priorities of VLAN frames are mapped to the corresponding DSCP values of IP packetsaccording to the default mappings.


Run the display qos queue interface gigabitethernet 3/0/0 command on Router B. Thestatistics about AF2 packets are not displayed because the mapping from the 802.1p priority of2 to the IP service priority of EF is configured on the inbound interface.<routerB> display qos queue interface gigabitethernet 3/0/0The interface :GigabitEthernet3/0/0 [be] Pass: 18,466,135 packets, 1,735,817,160 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,599 pps, 3,158,306 bps Last 30 seconds discard rate: 0 pps, 0 bps [af1] Pass: 670,712 packets, 63,046,928 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,600 pps, 3,158,400 bps Last 30 seconds discard rate: 0 pps, 0 bps [af2] Pass: 58 packets, 5,684 bytes Discard: 24,478,662 packets, 1,860,378,312 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps [af3] Pass: 58 packets, 684 bytes Discard: 478,662 packets, 186,037,312 bytes Last 30 seconds pass rate: 0 pps, 0 bps Last 30 seconds discard rate: 0 pps, 0 bps [af4] Pass: 670,709 packets, 63,046,646 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,598 pps, 3,158,212 bps Last 30 seconds discard rate: 0 pps, 0 bps [ef] Pass: 670,712 packets, 63,046,928 bytes Discard: 353,802 packets, 406,888,952 bytes Last 30 seconds pass rate: 33,600 pps, 3,158,400 bps Last 30 seconds discard rate: 0 pps, 0 bps [cs6] Pass: 147 packets, 12,667 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,599 pps, 3,258,306 bps Last 30 seconds discard rate: 0 pps, 0 bps [cs7] Pass: 670,708 packets, 63,046,458 bytes Discard: 0 packets, 0 bytes Last 30 seconds pass rate: 33,599 pps, 3,258,306 bps Last 30 seconds discard rate: 0 pps, 0 bps

----End



89


# sysname routerA#interface GigabitEthernet 1/0/0 undo shutdown ip address 20.1.1.1 255.255.255.0 trust upstream default#interface GigabitEthernet4/0/0.1 vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 trust upstream default trust 8021p#ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of Router B# sysname routerB#diffserv domain default 8021p-inbound 2 phb ef green ip-dscp-outbound ef green map 34#interface GigabitEthernet2/0/0.1 vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 trust upstream default trust 8021p #interface GigabitEthernet 3/0/0 undo shutdown ip address 11.1.1.1 255.255.255.0 trust upstream default #ospf 1 area 0.0.0.0 network 11.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

4.9.4 Example for Configuring Priority Mappings Based on SimpleTraffic Classification (MPLS)

This part describes how to configure simple traffic classification in the context of prioritymappings for MPLS packets.



90



MPLS neighbor relationships are established between Router A, Router B, and Router C. WhenIP packets reach Router A, Router A adds MPLS header to these IP packets before transmittingthem to Router C. When these MPLS packets reach Router C, Router C removes their MPLSheaders and forwards them as IP packets.

In this manner, the DSCP value of the IP traffic can be changed to the EXP value of MPLStraffic on Router A, and the EXP value of MPLS traffic can be changed to the DSCP value ofthe IP traffic on Router C.

Figure 4-6 Networking diagram

GE 4/0/0.110.1.1.1/24VLAN 10

RouterA RouterB

GE 2/0/0.110.1.1.2/24

VLAN 10GE 3/0/0

11.1.1.1/24

11.1.1.0/24

VLANnetwork

GE 1/0/020.1.1.1/24

NOTE

l In this configuration example, it is assumed that the three routers have been configured so that RouterA forwards IP traffic as MPLS traffic to Router C, and Router forwards MPLS traffic as IP traffic.

l This example lists only the commands related to QoS.

Configuration Notes

During the configuration, pay attention to the following:

None



1. On the inbound interface POS 1/0/0 of Router A, configure the mapping from the IP DSCPfield to the MPLS EXP field and enable simple traffic classification.

2. On the inbound interface POS 1/0/0 of Router C, configure the mapping from the MPLSEXP field to the IP DSCP field and enable simple traffic classification.



91


MPLS EXP values, the internal service classes and colors of the packets on the router, and theDSCP values of IP packets to be mapped

Procedure

Step 1 Configure basic MPLS functions and routes (detail omitted here).

For detailed configuration, refer to the Chapter "Basic MPLS Configuration" in the HUAWEINetEngine5000E Core Router Configuration Guide - MPLS.

Step 2 Configure the mapping between DSCP field and EXP field at POS1/0/0 on Router A.<routerA> system-view[~routerA] diffserv domain default[~routerA-dsdomain-default] ip-dscp-inbound 18 phb af4 green[~routerA-dsdomain-default] mpls-exp-outbound af4 green map 5[~routerA-dsdomain-default] commit[~routerA-dsdomain-default] quit[~routerA] interface pos 1/0/0[~routerA-Pos1/0/0] undo shutdown[~routerA-Pos1/0/0] trust upstream default[~routerA-Pos1/0/0] commit[~routerA-Pos1/0/0] quit[~routerA] interface pos 2/0/0[~routerA-Pos2/0/0] undo shutdown[~routerA-Pos2/0/0] trust upstream default[~routerA-Pos2/0/0] commit[~routerA-Pos2/0/0] quit

In the preceding configuration, AF2 green packets (DSCP value being 18) are mapped to theinternal service level of AF4 of the router on the inbound interface of Router A. On the outboundinterface, the internal service level of AF4 of the router is mapped to the EF service level (MPLSpriority 5) of the MPLS service. In this manner, the traffic that enters Router A leaves as EFtraffic.

Step 3 Configure the mapping from the MPLS EXP field to the IP DSCP field on POS 1/0/0 of RouterC.<routerC> system-view[~routerC] diffserv domain default[~routerC-dsdomain-default] mpls-exp-inbound 5 phb af3 green[~routerC-dsdomain-default] ip-dscp-outbound af3 green map 32[~routerC-dsdomain-default] commit[~routerC-dsdomain-default] quit[~routerC] interface pos 1/0/0[~routerC-Pos1/0/0] undo shutdown[~routerC-Pos1/0/0] trust upstream default[~routerC-Pos1/0/0] commit[~routerC-Pos1/0/0] quit[~routerC] interface pos 2/0/0[~routerC-Pos2/0/0] undo shutdown[~routerC-Pos2/0/0] trust upstream default[~routerC-Pos2/0/0] commit[~routerC-Pos2/0/0] quit

In the preceding configuration, the MPLS priority 5 is mapped to the internal service level ofAF3 (green packets) of the router on the inbound interface of Router C. On the outboundinterface, the internal service level of AF3 (green packets) of the router is mapped to the DSCPvalue of 32. In this manner, the traffic that enters Router C leaves as AF4 traffic.




92

After the preceding configurations, if traffic is sent from POS 1/0/0 on Router A at 100 Mbit/swith the DSCP value being 18, Router C forwards the traffic at 100 Mbit/s with the DSCP valuebeing 32.

----End


# sysname routerA#diffserv domain default ip-dscp-inbound 18 phb af4 green mpls-exp-outbound af4 green map 5#interface Pos1/0/0 undo shutdown ip address 2.2.2.1 255.255.255.0 trust upstream default#interface Pos2/0/0 undo shutdown ip address 3.3.3.1 255.255.255.0 trust upstream default#return

l Configuration file of Router C# sysname routerC#diffserv domain default ip-dscp-outbound af3 green map 32 mpls-exp-inbound 5 phb af3 green #interface Pos1/0/0 undo shutdown ip address 4.4.4.1 255.255.255.0 trust upstream default#interface Pos2/0/0 undo shutdown ip address 5.5.5.1 255.255.255.0 trust upstream default#return



93

5 QPPB Configuration

About This Chapter

This chapter describes the basic principle and configuration procedures of QPPB, and providesconfiguration examples for QPPB.

5.1 QPPB OverviewQPPB enables a BGP route sender to classify routes by setting BGP attributes.

5.2 QPPB Supported by the NE5000EQPPB configuration on the NE5000E involves destination-based QPPB and source-basedQPPB.

5.3 Configuring Source-Based QPPBSource-based QPPB differentiates routes from different sources and associates differentiatedQoS policies with them.

5.4 Configuring Destination-Based QPPBDestination-based QPPB differentiates routes to different destinations and associatesdifferentiated QoS policies with them.

5.5 Maintaining QPPBThis section describes how to clear statistics about a QPPB local policy.

5.6 Configuration ExamplesThis section provides examples for configuring QPPB, including the application scenario andconfiguration commands.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS 5 QPPB Configuration


94

5.1 QPPB OverviewQPPB enables a BGP route sender to classify routes by setting BGP attributes.

On a large and complex network, a large number of complex traffic classification operations arerequired, and routes cannot be classified based on the community attribute, ACL, IP prefix, orAS_Path. When a network topology keeps changing, configuring or changing routing policiesis difficult or even impossible to implement. Therefore, the QoS Policy Propagation Throughthe Border Gateway Protocol (QPPB) is introduced to reduce configuration workload byconfiguring or changing routing policies only on a BGP route sender.

After QPPB is deployed, a BGP route sender can classify routes and set attributes for BGP routes;a BGP route receiver accordingly applies different QoS policies to different types of BGP routesbased on the set attributes.

QPPB is implemented as follows:

l Before sending BGP routes, a route sender sets a specific attribute, such as the AS_Path,community attribute, or extended community attribute, for BGP routes. These attributesare used to identify BGP routes.

l After receiving the BGP routes, a route receiver performs the following operations:

1. Maps each received BGP route to a QoS local ID or an IP preference based on theAS_Path, community attribute, or extended community attribute.

2. Performs different traffic behaviors for packets transmitted along the routes accordingto their mapped QoS local IDs.A route receiver can define traffic behaviors for the packets transmitted along theroutes based on the following attributes:– ACL– AS-Path list– Community attribute list– Route cost– IP prefix list

3. Creates a QPPB local policy and define the mappings between BGP routes and QoSpolicies in it.

4. Applies the QPPB local policy to an interface.

5.2 QPPB Supported by the NE5000EQPPB configuration on the NE5000E involves destination-based QPPB and source-basedQPPB.

QPPB allows you to classify routes and set attributes for the classified routes on a route senderand configure QoS policies based on the route attributes on a route receiver. You can flexiblydeploy destination-based or source-based QPPB.

Source-Based QPPB Local PoliciesTraffic behaviors defined in a source-based QPPB local policy are applied to traffic transmittedalong the route whose source address meets the matching rule. A source-based QPPB local policy



95

is applicable to the scenario where different traffic policies are required for traffic sent fromdifferent provider networks. You can view the statistics about the traffic that meets the matchingrule. The keyword source indicates that traffic policies are applied to traffic along the routewhose source address meets the matching rule; the keyword destination indicates that trafficpolicies are applied to traffic along the route whose destination address meets the matching rule.

Destination-Based QPPB Local PoliciesTraffic behaviors defined in a destination-based QPPB local policy are applied to traffictransmitted along the route whose destination address meets the matching rule. A destination-based QPPB local policy is applicable to the scenario where different traffic policies are requiredfor traffic sent to different providers. You can view the statistics about the traffic that meets thematching rule.

QPPB Applicationsl QPPB application on an IPv4 network

Figure 5-1 QPPB application on an IPv4 network

RouterA RouterB

ISP1 ISP2

As shown in Figure 5-1, Router B advertises a BGP route with community attribute 100:1 toRouter A. After receiving this route, Router A performs the following operations:

1. Matches routes with community attribute 100:1 defined in the routing policy, sets QoSlocal ID 1 for the matched BGP route, and delivers QoS local ID 1 to the FIB table.

2. Configures a QoS policy and applies QoS behaviors to the traffic along the route thatmatches QoS local ID 1.

3. Creates a QPPB local policy and defines the mappings between BGP routes and QoSpolicies in it.

4. Applies the QPPB local policy to the inbound interface.

Router A checks the destination IP address of the packet destined for Router B and obtainsmapped QoS local ID 1 from the FIB table. Then, Router A applies the QoS policy to the packeton the inbound interface and processes the packet by using relevant QoS behaviors.

l QPPB application on an L3VPN



96

Figure 5-2 QPPB application on an L3VPN

ISP Network

P P

P P

PE1 PE2

Site1 Site2

Site1 Site2

VPN1 VPN1

VPN2 VPN2

CE CE

CECE

VPN1 remote connection

VPN2 remote connection

Figure 5-2 shows the QPPB application on an L3VPN. PE1 connects to multiple VPNs. PE1can set route attributes, such as community attribute, for a specified VPN instance or all VPNinstances on itself before advertising any route. After receiving routes, PE2 defines the mappingsbetween routes and QoS parameters in the FIB table so that corresponding QoS policies can beapplied to the traffic from CEs. In this manner, different VPNs are guaranteed with differentqualities of services.

1. When advertising routes to PE2, PE1 sets community attribute 100:1 for the routes ofVPN1.

2. After receiving the advertised routes, PE2 matches the routes with community attribute100:1 defined in the routing policy, sets QoS local ID 1 for the matched BGP routes, anddelivers QoS local ID 1 to the FIB table.

3. QoS policies are configured on the PE2 interfaces directly connected to CEs to perform theCAR action on the traffic when QoS local ID 1 is matched.

4. A QPPB local policy is created on PE2 and the mappings between BGP routes and QoSpolicies are defined in it.

5. QPPB is enabled on the PE2 interfaces connected to CEs.

When receiving a packet from CE directly connected to PE2, PE2 checks the destination IPaddress of the packet and obtains mapped QoS local ID 1 from the FIB table. Then, PE2 appliesthe QoS policy to the packet on the inbound interface and processes the packet by using relevantQoS behaviors.

5.3 Configuring Source-Based QPPBSource-based QPPB differentiates routes from different sources and associates differentiatedQoS policies with them.

Applicable EnvironmentQPPB is applicable to both IBGP and EBGP and can be configured for one or more ASs.



97

As shown in Figure 5-3, traffic is transmitted from provider B (AS 200) and provider C (AS300) to provider D (AS 400) through provider A (AS 100). providers B and C function as BGProute senders and provider A functions as a BGP route receiver. Based on the traffic controlpolicies signed between providers A, B, and C, provider A needs to implement the CAR actionon the traffic sent from providers B and C.

providers B and C advertise BGP routes carrying the community attribute to provider A. Afterreceiving the BGP routes, provider A matches the routes with the community list, ACL list, orAS_Path list, and configures QoS policy IDs and QoS behaviors for the routes. Source-basedQPPB is enabled on the provider A interface that allows traffic to pass through. Therefore, QPPBlocal policies are applied to all traffic that passes through provider A.

Source-based QPPB is applicable to both incoming and outgoing traffic on a device.

Figure 5-3 Networking diagram for source-based QPPB configuration

AS200

AS300

AS100AS400

RouterA

RouterB

RouterC

RouterD

Pre-configuration TasksBefore configuring source-based QPPB, complete the following tasks:

l Configuring basic BGP functionsl Configuring local network routes advertised by BGPl Configuring interfaces for setting up a BGP connection



98


Figure 5-4 Flowchart for QPPB configuration

Mandatoryprocedure

Optional procedure

Configuring Routing Policies on a BGP Route Sender

Configuring Routing Policies on a BGP Route Receiver

Configuring Traffic Behaviors on a Route Receiver

Configuring QPPB Local Policies

Applying a QPPB Local Policy to an Interface

5.3.1 Configuring Routing Policies on a BGP Route SenderThis section describes how to configure routing policies on a BGP route sender.

ContextDo as follows on a BGP route sender:

Procedure



Step 2 Run:route-policy route-policy-name { permit |deny } node node-number

The node of a routing policy is created, and the view of the routing policy is displayed.

Step 3 Run one of the following commands as required to configure a matching rule for the routingpolicy.l To match an ACL, run the if-match acl { acl-number | name acl-name } command.

NOTE

Only rules of ACLs 2000 to 2999 can be configured as matching rules in the routing policy.

l To match an AS_Path list, run the if-match as-path-filter as-path-filter &<1-16> command.l To match the community attribute list, run the if-match community-filter { basic-comm-

filter-num [ whole-match ] | adv-comm-filter-num }* &<1-16> or if-match community-filter comm-filter-name [ whole-match ] command.



99

l To match a route cost, run the if-match cost cost command.l To match an IP prefix list, run the if-match ip-prefix ip-prefix command.

Step 4 Run one of the following commands as required to set route attributes.l To set an AS_Path attribute, run the apply as-path as-number &<1-10> [ additive ]

command.l To set a community attribute, run the apply community { [ community-number | aa:nn ]

&<1-32> | internet | no-advertise | no-export | no-export-subconfed } * [ additive ]command.

l To set a route cost, run the apply cost { [ apply-type ] cost | inherit } command.

You can set one BGP attribute, such as the AS_Path, community attribute, or extendedcommunity attribute, for the matched BGP routes as required.

Step 5 Run:quit


Step 6 Run:bgp as-number

The BGP view is displayed.

Step 7 Run:peer { ip-address | group-name } route-policy route-policy-name export

The routing policy is applied to the routes that are to be advertised to the peer.

NOTE

Ensure that BGP peer relationships have been set up before the routing policy is applied.

Step 8 Run:peer ip-address advertise-community

The community attribute is advertised to the peer.

By default, the community attribute is not advertised to any peer. To allow the peer to configureQoS policies for the routes with the community attribute, advertise the community attribute tothe peer.

Step 9 Run:commit


----End

5.3.2 Configuring Routing Policies on a BGP Route ReceiverThis section describes how to configure routing policies on a BGP route receiver.

Context

Do as follows on a BGP route receiver:



100

Procedure



Step 2 Run:route-policy route-policy-name { permit | deny } node node-number


Step 3 Run one of the following commands as needed to configure a filtering rule for the routing policyon the BGP route receiver.l To match an AS_Path list, run the if-match as-path-filter as-path-acl-number &<1-16>

command.l To match a community attribute list, run the if-match community-filter { basic-comm-filter-

num [ whole-match ] | ext-comm-filter-num } &<1-16> command.l To match a route cost, run the if-match cost value command.

NOTEThe route attribute configured for a BGP route must be the same as that of the route advertised by a BGProute sender.

Step 4 Perform the following steps as required:

When an LPUF-100 or LPUI-100 is used:

l Run the apply qos-local-id qos-local-id command to apply a QoS policy to the route thatmeets the matching rule in the routing policy.

NOTE

When the QoS policy ID, configured by apply qos-local-id qos-local-id, is applied to QPPB, the IDvalue can be configured within the range of the QoS policy ID value using qos-local-id qos-local-idbehavior behavior-name.

l Run the apply ip-precedence ip-precedence command to apply IP preference to the routethat meets the matching rule in the routing policy.

A routing policy consists of multiple nodes. Each node comprises multiple if-match andapply clauses. The if-match clauses define matching rules of a node. The apply clauses defineQoS behaviors to be performed on the routes that match the matching rule.

You can configure multiple if-match clauses for a node. The relationship between these rulesis "AND". This means that a route passes the filtering only when it meets all the matching rules.

The relationship between routing policy nodes is "OR". That is, if a route matches a node of arouting policy, it matches the routing policy. If none of the routing policy nodes is matched, theroute does not match the routing policy.

Step 5 Run:quit



BGP is enabled and the BGP view is displayed.



101

Step 7 Run:peer ip-address route-policy route-policy-name import

The routing policy is applied to the routes sent from the peer (route sender).

NOTE


Step 8 Run:commit


----End

5.3.3 Configuring Traffic Behaviors on a Route ReceiverYou can configure different traffic behaviors for different traffic classifiers on a BGP receiverto implement differentiated services.

Context

Do as follows on the BGP route receiver:

Procedure





Step 3 Run one of the following commands as needed:l To configure CAR actions, run the car { cir cir-value [ pir pir-value] } [ cbs cbs-value

pbs pbs-value ] [ green { discard | pass [ service-class class color color ] } | yellow{ discard | pass [ service-class class color color ] } | red { discard | pass [ service-classclass color color ] } ]* command.

l To re-mark the DSCP value of an IP packet, run the remark dscp dscp-value command.l To re-configure the precedence of IP packets, run the remark ip-precedence ip-

precedence.l To allow all the packets that meet the matching rule to pass, run the permit command.l To prevent all the packets that meet the matching rule from passing, run the deny command.l To color packets with a certain CoS, run the service-class command.

NOTEThe device supports only five QPPB traffic behaviors: car, permit, deny, remark dscp, and service-class.

----End



102

5.3.4 Configuring QPPB Local Policies on a BGP Route ReceiverQPPB allows QoS policies to be configured for routes that match the BGP community list, ACL,or BGP AS_Path list. After the QPPB local policy is applied to the inbound and outboundinterfaces of traffic, relevant QoS policies are performed on the traffic.

ContextDo as follows on a BGP route receiver:

Procedure



Step 2 Run:qppb local-policy policy-name

A QPPB local policy is created and the QPPB local policy view is displayed.

Step 3 Run:(Optional)statistics enable

Enable QPPB statistics.

Step 4 Run:qos-local-id qos-local-id behavior behavior-name

A QoS local policy ID is bound to a traffic behavior.

This step is needed only when an LPUF-100 or LPUI-100 is used.

NOTE

The device supports a maximum of 30 QPPB local policies.

----End

5.3.5 Applying a QPPB Local Policy to an InterfaceAfter a QPPB local policy is applied to an interface, the associated traffic behavior is performedfor the packets that meet the matching rule.

ContextYou can apply a QPPB local policy to the incoming or outgoing traffic.

BGP routes in QPPB refer to only BGP routes on the public network. Private routes are involvedin the QPPB application on the L3VPN.

NOTEOn the ingress, QPPB is not applicable to downstream traffic on the IP access MPLS tunnel over a publicor private network.




103

ProcedureStep 1 Run:

system-view




Step 3 Run one of the following commands as needed:

When an LPUF-100, LPUI-100, LPUF-200 is used:

l To apply a QPPB local policy to the incoming traffic, run the qppb-policy policy-namesource inbound command on the inbound interface.

l To apply a QPPB local policy to the outgoing traffic, run the qppb-policy qos-local-idsource inbound and qppb-policy policy-name outbound commands on the inbound andoutbound interfaces respectively.

l To apply a QPPB local policy to the ip precedence, run the qppb-policy ip-precedencesource command on the inbound interface.NOTEThe keyword source indicates that policies are applied to traffic along the route whose source addressmeets the matching rule.

----End

5.3.6 Checking the ConfigurationAfter QPPB is configured, you can view QPPB information.

ContextYou can run the display commands in any view to check QPPB running information. For detailsabout QPPB running information, see the chapter "QoS Commands" in the HUAWEINetEngine5000E Core Router Command Reference.

ProcedureStep 1 Run the display qppb local-policy configuration policy-name command to check the

configuration of a specific QPPB local policy.

Step 2 Run the display qppb local-policy statistics interface interface-type interface-number{ inbound | outbound } [ qos-local-id qos-local-id ] command to check the statistics about aspecific QPPB local policy.

----End

ExampleAfter QPPB is configured successfully:

l Run the display qppb local-policy configuration command to view the configuration ofa specific QPPB local policy. For example:



104

<HUAWEI> display qppb local-policy configuration policy1qppb local-policy : policy1 statistics enable qos-loacl-id 1 behavior test

l Run the display qppb local-policy statistics command, you can view statistics about aspecific QPPB local policy. For example:<HUAWEI> display qppb local-policy statistics interface gigabitethernet 2/0/0 outboundInterface: GigabitEthernet2/0/0qppb loacl-policy outbound: policy1qos-local-id 1Item Packets Bytes-------------------------------------------------------------------Matched 0 0

Current CAR statistics: Item Packets Bytes-------------------------------------------------------------------Green 0 0Yellow 0 0Red 0 0Passed 0 0Dropped 0 0

5.4 Configuring Destination-Based QPPBDestination-based QPPB differentiates routes to different destinations and associatesdifferentiated QoS policies with them.

Applicable EnvironmentQPPB is applicable to both IBGP and EBGP and can be configured for one or more ASs.

As shown in Figure 5-5, traffic is transmitted from provider B (AS 200) and provider C (AS300) to provider D (AS 400) through provider A (AS 100). providers B and C function as BGProute senders and provider A functions as a BGP route receiver. Based on the traffic controlpolicies that are signed between providers A and D, provider A needs to limit the rate of thetraffic sent to provider D.

providers B and C advertise BGP routes carrying the community attribute to provider A. Afterreceiving the BGP routes, provider A matches the routes with the community list, ACL list, orAS_Path list, and associates QoS policy IDs with QoS behaviors for the routes. Destination-based QPPB is enabled on the provider A interface that allows traffic to pass through. Therefore,QPPB local policies are applied to all traffic that passes through provider A.

Destination-based QPPB is applicable to both incoming and outgoing traffic on a device.



105

Figure 5-5 Networking diagram for destination-based QPPB configuration

AS200

AS300

AS100AS400

RouterA

RouterB

RouterC

RouterD


Before configuring QPPB, complete the following tasks:

l Configuring basic BGP functions

l Configuring local network routes advertised by BGP

l Configuring interfaces for setting up a BGP connection


Figure 5-6 Flowchart for QPPB configuration

Mandatoryprocedure

Optional procedure

Configuring Routing Policies on a BGP Route Sender

Configuring Routing Policies on a BGP Route Receiver

Configuring Traffic Behaviors on a Route Receiver

Configuring QPPB Local Policies

Applying a QPPB Local Policy to an Interface



106

5.4.1 Configuring Routing Policies on a BGP Route SenderThis section describes how to configure routing policies on a BGP route sender.

ContextDo as follows on a BGP route sender:

Procedure



Step 2 Run:route-policy route-policy-name { permit |deny } node node-number


Step 3 Run one of the following commands as required to configure a matching rule for the routingpolicy.l To match an ACL, run the if-match acl { acl-number | name acl-name } command.

NOTE

Only rules of ACLs 2000 to 2999 can be configured as matching rules in the routing policy.

l To match an AS_Path list, run the if-match as-path-filter as-path-filter &<1-16> command.l To match the community attribute list, run the if-match community-filter { basic-comm-

filter-num [ whole-match ] | adv-comm-filter-num }* &<1-16> or if-match community-filter comm-filter-name [ whole-match ] command.

l To match a route cost, run the if-match cost cost command.l To match an IP prefix list, run the if-match ip-prefix ip-prefix command.

Step 4 Run one of the following commands as required to set route attributes.l To set an AS_Path attribute, run the apply as-path as-number &<1-10> [ additive ]

command.l To set a community attribute, run the apply community { [ community-number | aa:nn ]

&<1-32> | internet | no-advertise | no-export | no-export-subconfed } * [ additive ]command.

l To set a route cost, run the apply cost { [ apply-type ] cost | inherit } command.

You can set one BGP attribute, such as the AS_Path, community attribute, or extendedcommunity attribute, for the matched BGP routes as required.

Step 5 Run:quit



The BGP view is displayed.



107

Step 7 Run:peer { ip-address | group-name } route-policy route-policy-name export

The routing policy is applied to the routes that are to be advertised to the peer.

NOTE


Step 8 Run:peer ip-address advertise-community

The community attribute is advertised to the peer.

By default, the community attribute is not advertised to any peer. To allow the peer to configureQoS policies for the routes with the community attribute, advertise the community attribute tothe peer.

Step 9 Run:commit


----End

5.4.2 Configuring Routing Policies on a BGP Route ReceiverThis section describes how to configure routing policies on a BGP route receiver.


Procedure



Step 2 Run:route-policy route-policy-name { permit | deny } node node-number


Step 3 Run one of the following commands as needed to configure a matching rule for the routing policyon a BGP route receiver.l To match an AS_Path list, run the if-match as-path-filter as-path-acl-number &<1-16>

command.l To match a community attribute list, run the if-match community-filter { basic-comm-filter-

num [ whole-match ] | ext-comm-filter-num } &<1-16> command.l To match a route cost, run the if-match cost value command.

NOTEThe route attribute configured for a BGP route must be the same as that of the route advertised by the BGProute sender.

Step 4 Perform the following steps as required:



108

When an LPUF-100 or LPUI-100 is used:

l Run the apply qos-local-id qos-local-id command to apply a QoS policy to the route thatmeets the matching rule in the routing policy.

NOTE

When the QoS policy ID, configured by apply qos-local-id qos-local-id, is applied to QPPB, the IDvalue can be configured within the range of the QoS policy ID value using qos-local-id qos-local-idbehavior behavior-name.


When an LPUE or LPUI is used:


NOTEYou need to configure IP preference for the route that meets the matching rule in advance.

A routing policy consists of multiple nodes. Each node comprises multiple if-match andapply clauses. The if-match clauses define matching rules of a node. The apply clauses defineQoS behaviors that are to be implemented for the routes that match the matching rule.

You can configure multiple if-match clauses on a node. The relationship between these rules is"AND". This means that a route passes the filtering only when it meets all the matching rules.

The relationship between routing policy nodes is "OR". That is, if a route matches a node of arouting policy, it matches the routing policy. If none of the routing policy nodes is matched, theroute does not match the routing policy.


BGP is enabled and the BGP view is displayed.

Step 6 Run:peer ip-address route-policy route-policy-name import

The routing policy configured on the route receiver is applied to the routes sent from the peer(route sender).

NOTE


Step 7 Run:commit


----End

5.4.3 Configuring Traffic Behaviors on a Route ReceiverYou can configure different traffic behaviors for different traffic classifiers on a BGP receiverto implement differentiated services.



109

ContextDo as follows on the BGP route receiver:

Procedure





Step 3 Run one of the following commands as needed:l To configure CAR actions, run the car { cir cir-value [ pir pir-value] } [ cbs cbs-value

pbs pbs-value ] [ green { discard | pass [ service-class class color color ] } | yellow{ discard | pass [ service-class class color color ] } | red { discard | pass [ service-classclass color color ] } ]* command.

l To re-mark the DSCP value of an IP packet, run the remark dscp dscp-value command.l To re-configure the precedence of IP packets, run the remark ip-precedence ip-

precedence.l To allow all the packets that meet the matching rule to pass, run the permit command.l To prevent all the packets that meet the matching rule from passing, run the deny command.l To color packets with a certain CoS, run the service-class command.

NOTEThe device supports only five QPPB traffic behaviors: car, permit, deny, remark dscp, and service-class.

----End

5.4.4 Configuring QPPB Local Policies on a BGP Route ReceiverQPPB allows QoS policies to be configured for routes that match the BGP community list, ACL,or BGP AS_Path list. After the QPPB local policy is applied to the inbound and outboundinterfaces of traffic, relevant QoS policies are implemented on the traffic.


NOTE

This step is needed only when an LPUE or LPUI is used.

Procedure





110

Step 2 Run:qppb local-policy policy-name

A QPPB local policy is created and the QPPB local policy view is displayed.

Step 3 Run:(Optional)statistics enable

Enable QPPB statistics.

Step 4 Run:qos-local-id qos-local-id behavior behavior-name

A QoS policy is created and a traffic behavior is bound to the QoS local policy ID.

This step is needed only when an LPUF-100 or LPUI-100 is used.

----End

5.4.5 Applying a QPPB Local Policy to an InterfaceAfter a QPPB local policy is applied to an interface, the associated traffic behavior is performedfor the packets that meet the matching rule.

ContextYou can apply a QPPB local policy to the incoming or outgoing traffic.

BGP routes in QPPB refer to only BGP routes on the public network. Private routes are involvedin the QPPB application on the L3VPN.

NOTEOn the ingress, QPPB is not applicable to downstream traffic on the IP access MPLS tunnel over a publicor private network.


Procedure





Step 3 Run one of the following commands as needed to apply a QPPB local policy:

When an LPUF-100, LPUI-100, LPUF-200 is used:

l To apply a QPPB local policy to the incoming traffic, run the qppb-policy policy-namedestination inbound command on the inbound interface.

l To apply a QPPB local policy to the outgoing traffic, run the qppb-policy qos-local-iddestination inbound and qppb-policy policy-name outbound commands on the inboundand outbound interfaces respectively.



111

l To apply a QPPB local policy to the ip precedence, run the qppb-policy ip-precedencedestination command on the inbound interface.

NOTE

The keyword destination indicates that policies are applied to traffic along the route whose destinationaddress meets the matching rule.

When an LPUE or LPUI is used:

To apply a QPPB local policy to the ip precedence, run the qppb-policy ip-precedencedestination command on the inbound interface.

----End

5.4.6 Checking the ConfigurationAfter QPPB is configured, you can view QPPB information.

ContextYou can run the display commands in any view to check QPPB running information. For detailsabout QPPB running information, see the chapter "QoS Commands" in the HUAWEINetEngine5000E Core Router Command Reference.

Procedure

Step 1 Run the display qppb local-policy configuration policy-name command to check theconfiguration of a specific QPPB local policy.

Step 2 Run the display qppb local-policy statistics interface interface-type interface-number{ inbound | outbound } [ qos-local-id qos-local-id ] command to check the statistics about aspecific QPPB local policy.

----End

ExampleAfter QPPB is configured successfully:

l Run the display qppb local-policy configuration command to view the configuration ofa specific QPPB local policy. For example:<HUAWEI> display qppb local-policy configuration policy1qppb local-policy : policy1 statistics enable qos-loacl-id 1 behavior test

l Run the display qppb local-policy statistics command, you can view statistics about aspecific QPPB local policy. For example:<HUAWEI> display qppb local-policy statistics interface gigabitethernet 2/0/0 outboundInterface: GigabitEthernet2/0/0qppb loacl-policy outbound: policy1qos-local-id 1Item Packets Bytes-------------------------------------------------------------------Matched 0 0

Current CAR statistics: Item Packets Bytes



112

-------------------------------------------------------------------Green 0 0Yellow 0 0Red 0 0Passed 0 0Dropped 0 0

5.5 Maintaining QPPBThis section describes how to clear statistics about a QPPB local policy.

5.5.1 Clearing Statistics About a QPPB PolicyThis section describes how to clear statistics about a QPPB policy on an interface.

Context

CAUTIONOnce deleted, statistics cannot be restored. Therefore, exercise caution when deleting statistics.

Procedure

Step 1 Run the reset qppb local-policy statistics interface interface-type interface-number{ inbound | outbound } command in the user view to clear statistics about a QPPB local policyon the specified interface.

----End

5.6 Configuration ExamplesThis section provides examples for configuring QPPB, including the application scenario andconfiguration commands.

5.6.1 Example for Configuring QPPBThis section provides an example for configuring QPPB.



On the network shown in Figure 5-7, router B advertises BGP routes with community attributesto router A, router A matches the community attributes against the community list, associates



113

traffic behaviors with QoS local IDs for the matched routes, and apply a QPPB local policy tothe traffic transmitted along the routes.

Traffic is sent from router B to router C by passing router A. router B functions as a BGP routesender, and router A functions as a BGP route receiver.

It is required that source-based QPPB be applied to the incoming traffic.

Figure 5-7 Networking diagram for configuring QPPB

AS200

AS300

AS100AS400

RouterA

RouterB

RouterC

RouterD

Precautions

None.



1. Configure basic BGP functions.

2. Configure routing policies, set community attributes for the routes to be advertised, andadvertise routes on router B.

3. Apply routing policies, match route attributes, and set QoS local ID on router A.

4. Configure QPPB and apply it to the incoming traffic on router A.

Data Preparation

To complete the configuration, you need the following data:

l IP address of each interface

l Routing policy name, matching rule, and route attribute

l QPPB policy name



114

Procedure

Step 1 Configure basic BGP functions on routerA and routerB.

# Configure loopback interfaces on router A and router B.

<routerA> system-view[~routerA] interface loopback 0[~routerA-LoopBack0] ip address 1.1.1.1 255.255.255.255[~routerA-LoopBack0] return<routerB> system-view[~routerB] interface loopback 0[~routerB-LoopBack0] ip address 2.2.2.2 255.255.255.255

# Configure interfaces connecting router A and router B and interfaces connecting router A androuter C.

<routerA> system-view[~routerA] interface pos 2/0/0[~routerA-Pos2/0/0] undo shutdown[~routerA-Pos2/0/0] ip address 100.1.1.1 255.255.255.0[~routerA-Pos2/0/0] quit[~routerA] interface gigabitethernet 1/0/0[~routerA-GigabitEthernet1/0/0] undo shutdown[~routerA-GigabitEthernet1/0/0] ip address 200.1.1.2 255.255.255.0[~routerA-GigabitEthernet1/0/0] return<routerB> system-view[~routerB] interface pos 1/0/0[~routerB-Pos2/0/0] undo shutdown[~routerB-Pos2/0/0] ip address 100.1.1.2 255.255.255.0[~routerB-Pos2/0/0] return<routerC> system-view[~routerC] interface gigabitethernet1/0/0[~routerC-GigabitEthernet1/0/0] undo shutdown[~routerC-GigabitEthernet1/0/0] ip address 200.1.1.1 255.255.255.0[~routerC-GigabitEthernet1/0/0] return

# Enable OSPF and advertise route information containing the interface addresses.

<routerA> system-view[~routerA] ospf[~routerA-ospf-1] area 0[~routerA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0[~routerA-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255[~routerA-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.255[~routerA-ospf-1-area-0.0.0.0] quit[~routerA-ospf-1] return<routerB> system-view[~routerB] ospf[~routerB-ospf] area 0[~routerB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0[~routerB-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255[~routerB-ospf-1-area-0.0.0.0] quit[~routerB-ospf-1] return<routerC> system-view[~routerC] ospf[~routerC-ospf] area 0[~routerC-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.255[~routerC-ospf-1-area-0.0.0.0] return

# Configure BGP and set up EBGP peer relationships between router A and router B.

<routerA> system-view[~routerA] bgp 100[~routerA-bgp] peer 2.2.2.2 as-number 200[~routerA-bgp] peer 2.2.2.2 ebgp-max-hop 2[~routerA-bgp] peer 2.2.2.2 connect-interface loopback 0[~routerA-bgp] import-route direct[~routerA-bgp] return



115

<routerB> system-view[~routerB] bgp 200[~routerB-bgp] peer 1.1.1.1 as-number 100[~routerB-bgp] peer 1.1.1.1 ebgp-max-hop 2[~routerB-bgp] peer 1.1.1.1 connect-interface loopback 0[~routerB-bgp] import-route direct[~routerB-bgp] return

# Configure BGP and set up an IBGP peer relationship between router A and router C.<routerA> system-view[~routerA] bgp 100[~routerA-bgp] peer 200.1.1.1 as-number 100[~routerA-bgp] import-route direct[~routerA-bgp] quit<routerC> system-view[~routerC] bgp 100[~routerC-bgp] peer 200.1.1.2 as-number 100[~routerC-bgp] import-route direct[~routerC-bgp] quit

After the configuration is complete, router A can communicate with router B and router C.

Step 2 Configure and apply routing policies on router B.

# Configure an IP prefix on routerB.<routerB> system-view[~routerB] ip ip-prefix bb permit 66.1.1.1 32[~routerB] return

# Configure a routing policy on router B.<routerB> system-view[~routerB] route-policy aa permit node 10[~routerB-route-policy] if-match ip-prefix bb[~routerB-route-policy] apply community 10:10[~routerB-route-policy] return

# Configure a policy for advertising routes on router B.<routerB> system-view[~routerB] bgp 200[~routerB-bgp] peer 1.1.1.1 route-policy aa export[~routerB-bgp] peer 1.1.1.1 advertise-community[~routerB-bgp] return

Step 3 Configure a policy for receiving routes on router A, and apply traffic behaviors to the route thatmatches the route attribute.

# Configure a traffic behavior.<routerA> system-view[~routerA] traffic behavior dd[~routerA-behavior-dd] remark dscp af11[~routerA-behavior-dd] return

# Configure a routing policy and apply the traffic behavior to the route that matches the routeattribute.<routerA> system-view[~routerA] ip community-filter 10 permit 10:10[~routerA] route-policy aa permit node 10[~routerA-route-policy] if-match community-filter 10[~routerA-route-policy] apply qos-local-id 1[~routerA-route-policy] return

# Configure a QPPB local policy on router A.<routerA> system-view



116

[~routerA] qppb local-policy ac[~routerA-localpolicy-ac] qos-local-id 1 behavior dd[~routerA-localpolicy-ac] return

# Apply the routing policy to the routes sent from router B on router A.

<routerA> system-view[~routerA] bgp 100[~routerA-bgp] peer 2.2.2.2 route-policy aa import[~routerA-bgp] return

Step 4 Apply the QPPB local policy to the incoming traffic on router A.<routerA> system-view[~routerA] interface pos 2/0/0[~routerA-Pos2/0/0] qppb-policy ac source inbound[~routerA-Pos2/0/0] return


# Display the QPPB local policy information on router A.

[~routerA] display qppb local-policy configuration acqppb local-policy : ac statistics disable qos-local-id 1 behavior dd

----End

Configuration Filesl Configuration file of router A

# sysname routerA#interface GigabitEthernet1/0/0 undo shutdown ip address 200.1.1.2 255.255.255.0#interface Pos2/0/0 undo shutdown link-protocol ppp ip address 100.1.1.1 255.255.255.0 qppb-policy ac source inbound#interface LoopBack0 ip address 1.1.1.1 255.255.255.255#bgp 100 peer 2.2.2.2 as-number 200 peer 2.2.2.2 ebgp-max-hop 2 peer 2.2.2.2 connect-interface LoopBack0 peer 200.1.1.1 as-number 100#ipv4-family unicast undo synchronization import-route direct peer 2.2.2.2 enable peer 2.2.2.2 route-policy aa import peer 200.1.1.1 enable #ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.255 network 200.1.1.0 0.0.0.255#route-policy aa permit node 10 if-match community-filter 10



117

apply qos-local-id 1# ip community-filter 10 permit 10:10#qppb local-policy ac qos-local-id 1 behavior dd return

l Configuration file of router B# sysname routerB#interface Pos2/0/0 undo shutdown link-protocol ppp ip address 100.1.1.2 255.255.255.0#interface LoopBack0 ip address 2.2.2.2 255.255.255.255#interface LoopBack10 ip address 66.1.1.1 255.255.255.255#bgp 200 peer 1.1.1.1 as-number 100 peer 1.1.1.1 ebgp-max-hop 2 peer 1.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization import-route direct peer 1.1.1.1 enable peer 1.1.1.1 route-policy aa export peer 1.1.1.1 advertise-community quit#ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.255#route-policy aa permit node 10 if-match ip-prefix bb apply community 10:10# ip ip-prefix bb index 10 permit 66.1.1.1 32#return

l Configuration file of router C# sysname routerC#interface gigabitethernet1/0/0 undo shutdown ip address 200.1.1.1 255.255.255.0#bgp 100 peer 200.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 200.1.1.2 enable#ospf 1 area 0.0.0.0 network 200.1.1.0 0.0.0.255#



118

return



119

6 MPLS DiffServ-Mode Configuration

About This Chapter

This chapter describes the basic principle of MPLS DiffServ and how to configure MPLSDiffServ, and provides several configuration examples.

6.1 MPLS DiffServ Models Overview

6.2 MPLS Pipe/Short Pipe Supported by the NE5000E

6.3 Configuring the Uniform/Pipe Mode for MPLS TEThis section describes the process of configuring the Uniform/Pipe mode for MPLS TE.

6.4 Configuring the Uniform/Pipe Mode for the MPLS Penultimate HopThis section describes the process of configuring the Uniform/Pipe mode for the MPLSpenultimate hop.

6.5 Configuring the Pipe/Short Pipe Mode for VPNsThis section describes how to configure the DiffServ mode for VPNs.

6.6 Configuration ExamplesThis section provides the examples for configuring MPLS Diff-Serv modes.

HUAWEI NetEngine5000E Core RouterConfiguration Guide - QoS 6 MPLS DiffServ-Mode Configuration


120

6.1 MPLS DiffServ Models Overview

The DSCP field (6 bits) in the header of the IP packet is used to define the Class of Service(CoS). In the MPLS label, the EXP field (3 bits) is also used to define the CoS. See Figure6-1.

Figure 6-1 The DSCP field in the IP packet and the EXP field in the MPLS packet

DSCP unused

0 5 7

CoS

Label SEXP TTL

0 19 22 23 31

CoS

In the MPLS DiffServ model, packets are processed in the following steps:

l When a packet enters the MPLS network, a label is added to the packet. The DSCP fieldin the packet is copied to the EXP field.

l In the MPLS network, the PHB is chosen according to the EXP value in the packet. EachEXP value is mapped with a PHB.

l When the packet leaves the MPLS network, the label is stripped. Then, the PHB is chosenaccording to the DSCP or EXP field. Each DSCP value is also mapped with a PHB.

The MPLS DiffServ model defines the following factors for the packets that pass through anMPLS network: the manner in which the DSCP field and the EXP field are propagated and PHBsuch as CoS and color after the packet leaves the MPLS network. Thus, transmission withdifferentiated QoS is carried out.

In the RFC 3270, three MPLS DiffServ models are defined: Uniform, Pipe, and Short Pipe.

Uniform ModelIn Uniform mode, the priority identifiers of packets are identical on the IP network and MPLSnetwork. This means that the priority identifier of packets on either network is globally valid.

The ingress PE adds a label to the packet by copying the DSCP value to the inner and outer EXPfield. If the outer EXP value is changed in the MPLS network, the change affects the PHBadopted when the packet leaves the MPLS network. That is, the egress PE adopts the PHBaccording to the outer EXP value. See Figure 6-2.



121

Figure 6-2 Uniform model

IP DSCP3

IP DSCP3

MPLSEXP 3

MPLSEXP 3

IP DSCP3

MPLSEXP 3

MPLSEXP 2

IP DSCP3

MPLSEXP 2

IP DSCP2

IP DSCP2

CE CEPE PEP P

MPLS

Pipe ModelIn the Pipe model, the user-defined CoS and color together determine the EXP value that isadded to the MPLS label by the ingress PE. The default mapping between the CoS value andthe EXP value is shown in Table 6-1. If the inner and outer EXP values are changed in the MPLSnetwork, the change is valid only in the MPLS network. The egress PE selects the PHB accordingto the outer EXP value. When the packet leaves the MPLS network, the DSPC value becomeseffective again. See Figure 6-3.

NOTE

The Pipe model does not support the Penultimate Hop Popping of the MPLS label.

Table 6-1 Default mapping between the CoS value and the EXP value

CoS Color MPLS EXP

BE Green 0





EF Green 5

CS6 Green 6

CS7 Green 7



122

Figure 6-3 Pipe model

IP DSCP3

IP DSCP3

MPLSEXP 2

MPLSEXP 2

IP DSCP3

MPLSEXP 2

MPLSEXP 2

IP DSCP3

MPLSEXP 2

IP DSCP3

IP DSCP3

CE CEPE PEP P

MPLS

PHB depends onEXP value

MPLSEXP 2 MPLS

EXP 2

Short Pipe ModelIn the Short Pipe model, the user-defined CoS and color together determine the EXP value thatis added to the MPLS label by the ingress PE. If the inner and outer EXP values are changed inthe MPLS network, the change is valid only in the MPLS network. The egress PE selects thePHB according to the DSCP value. When the packet leaves the MPLS network, the DSPC valuebecomes effective again. See Figure 6-4.

Figure 6-4 Short Pipe model

IP DSCP3

IP DSCP3

MPLSEXP 3

MPLSEXP 2

IP DSCP3

MPLSEXP 3

MPLSEXP 2

IP DSCP3

MPLSEXP 2

IP DSCP3

IP DSCP3

CE CEPE PEP P

MPLS

PHB depends on DSCP valueMPLS

EXP 2



123

6.2 MPLS Pipe/Short Pipe Supported by the NE5000E

The MPLS Pipe/Short Pipe supports queue scheduling based on eight priorities and implementsthe following functions:

l TE supports the configuration of the Uniform/Pipe mode.l The MPLS penultimate hop supports the configuration of the Uniform/Pipe mode.l L3VPN supports the configuration of the Uniform/Pipe/Short Pipe mode.

6.3 Configuring the Uniform/Pipe Mode for MPLS TEThis section describes the process of configuring the Uniform/Pipe mode for MPLS TE.

Applicable EnvironmentTo ensure the scheduling priorities of different MPLS TE services on the MPLS public network,you need to configure the Uniform/Pipe mode.

Pre-configuration TasksBefore configuring the MPLS TE Uniform/Pipe mode, complete the following tasks:

l Configuring physical parameters and link attributes for related interfaces to ensure normaloperation of the interfaces

l Configuring an MPLS TE tunnel between two PEs (For details, see "MPLS TEConfiguration" in the HUAWEI NetEngine5000E Configuration Guide - MPLS.)

NOTE

Before configuring the Uniform/Pipe mode for MPLS TE, check that the MPLS TE is Up.

After the following operations are performed on the user-side tunnel interface on the ingress PE, theconfigured mode takes effect only on the ingress PE. The penultimate node uses the Uniform mode bydefault.

To change the Diff-Serv mode for the penultimate node, see the section "Configuring the Uniform/Pipemode for the MPLS penultimate node".

Procedure



Step 2 Run:interface tunnel interface-number

The view of the user-side tunnel interface is displayed.

Step 3 Run:diffserv-mode { pipe service-class color | uniform }



124

A Diff-Serv mode is set for the MPLS.

Step 4 Run:commit


----End

6.4 Configuring the Uniform/Pipe Mode for the MPLSPenultimate Hop

This section describes the process of configuring the Uniform/Pipe mode for the MPLSpenultimate hop.

Applicable Environment

By default, the Diff-serv mode on the penultimate hop is Uniform. When this mode is enabled,the EXP value of an outer label is copied to the EXP value of an inner label. Using the globalcontrol command diffserv-mode mpls, you can determine whether the EXP value of an outerlabel is copied to the EXP value of an inner label based on the parameters of this command.


Before configuring the Uniform/Pipe model for the MPLS penultimate node, complete thefollowing tasks:

l Configuring physical parameters and link attributes of related interfaces to ensure normaloperation of the interfaces

l Configuring a Uniform/Pipe mode for the MPLS TE penultimate hop, which needs theconfiguration of an MPLS TE tunnel. see "MPLS TE Configuration" in the HUAWEINetEngine5000E Core Router Configuration Guide - MPLS.

NOTE

Do as follows on MPLS LSP or MPLS TE penultimate hop:

Procedure



Step 2 Run:mpls

The MPLS view is displayed.

Step 3 Run:diffserv-mode mpls { pipe | uniform }

The global MPLS Diff-Serv mode is set.



125

NOTE

l The configured mode by running this command take effect only on new LSPs. The reset mpls ldp commandcan be used to re-establish the original LSPs. Then, the configured mode can take effect on the re-establishedLSPs.

l The diffserv-mode mpls command is run only on the penultimate hop to control the copy of the EXP valueof an outer label to the EXP value of an inner label.

l Before the diffserv-mode mpls command is run on the LPUI-100 or LPUF-100, the inbound and outboundinterfaces of the boards need to be configured in the same Diff-Serv domain.

Step 4 Run:commit


----End

6.5 Configuring the Pipe/Short Pipe Mode for VPNsThis section describes how to configure the DiffServ mode for VPNs.

Usage ScenarioMultiple VPNs may use the same MPLS TE tunnel. To allocate priorities to different VPNservices, configure the Pipe/Short Pipe mode for VPNs.

This feature is applicable to the following VPNs:l L3VPNl VLL

NOTE

1. This feature is applicable to both the ingress and egress PEs.

l If both simple traffic classification and the Pipe/Short Pipe mode are configured on the ingress PE,the Pipe/Short Pipe mode preferentially takes effect.

l If the DiffServ mode is set to Pipe/Short Pipe on the PE, simple traffic classification is not required.

l If the DiffServ mode is set to Uniform on the PE, simple traffic classification is required.

2. The DiffServ mode takes effect only on the L3VPN that meets the following conditions:

l When the DiffServ mode is set to Pipe/Short Pipe on the egress PE and simple traffic classificationis configured on the outbound interface, the qos phb disable command must be configured on theoutbound interface of the egress PE.

l When the DiffServ mode is set to Uniform on the egress PE and simple traffic classification isconfigured on the outbound interface, the qos phb disable command is not required on theoutbound interface of the egress PE.

Pre-configuration TasksBefore configuring the VPN Pipe/Short Pipe mode, complete the following tasks:

l Configuring an MPLS TE tunnel between two PEs. For details, see the chapter "MPLS TEconfiguration" in the HUAWEI NetEngine5000E Core Router Configuration Guide -MPLS.

l Configuring VPN services. Different L3VPNs or L2VPNs can be used as required. Fordetails, see HUAWEI NetEngine5000E Core Router Configuration Guide - VPN.



126

l Configuring simple traffic classification or complex traffic classification on the user-sideinterface of the ingress PE. For details, see the chapter "Class-based QoS configuration" inthe HUAWEI NetEngine5000E Core Router Configuration Guide - QoS.

Procedurel Configure the L3VPN DiffServ mode.

1. Run the system-view command to enter the system view.2. Run the ip vpn-instance vpn-instance-name command to create a VPN instance and

enter the VPN instance view.3. Run the diffserv-mode { pipe service-class color | short-pipe service-class color

[ domain ds-name ] | uniform } command to set the DiffServ mode.

l Configure the VLL DiffServ mode.

1. Run the system-view command to enter the system view.2. Run the interface interface-type interface-number command to enter the interface

view.

NOTEThe interface is the user-side interface to which the L2VPN is bound.

3. Run the diffserv-mode { pipe service-class color | short-pipe service-class color[ domain ds-name ] | uniform } command to set the VLL DiffServ mode.

----End

6.6 Configuration ExamplesThis section provides the examples for configuring MPLS Diff-Serv modes.

6.6.1 Examples for Configuring MPLS Diff-Serv Modes


CAUTIONFor the NE5000E, the interface is numbered as slot number/card number/interface number. Forthe NE5000E cluster, the interface is numbered as chassis ID/slot number/card number/interfacenumber. The slot number is chassis ID/slot ID.

As shown in Figure 6-5:

l CE1 and CE3 are in VPN-A.

l CE2 and CE4 are in VPN-B.

l The VPN target attribute of VPN-A is 111:1, and that of VPN-B is 222:2.

l Users in different VPN cannot access each other.

l The MPLS DiffServ mode is set to Pipe on PE1 so that the DSCP values of packets can bemapped to EXP values. No special value is required. The mappings can be configured based



127

on domains. On the egress of the MPLS network, packets are scheduled based on the EXPvalues with the DSCP values unchanged.

Figure 6-5 MPLS Diff-Serv Modes networking diagram

AS: 65440VPN-B

CE4

PE1

P

AS: 65430VPN-A

CE3

GE1/0/010.3.1.1/24

GE1/0/010.3.1.2/24

AS: 65420VPN-B

CE2

AS: 65410VPN-A

CE1

GE1/0/010.1.1.1/24

GE1/0/010.1.1.2/24

POS3/0/0172.1.1.1/24

POS2/0/0172.2.1.1/24

AS: 100

PE2Loopback11.1.1.9/32

Loopback13.3.3.9/32

GE1/0/010.4.1.1/24

GE1/0/010.2.1.1/24

GE2/0/010.4.1.2/24

GE2/0/010.2.1.2/24

POS1/0/0172.1.1.2/24

POS3/0/0172.2.1.2/24

MPLS backbone

Loopback12.2.2.9/32



1. Configure OSPF on the backbone network to enable interworking between PEs.2. Configure the basic MPLS functions and MPLS LDP on the PEs, and establish the MPLS

LSPs between the PEs.3. Configure MP IBGP to exchange the VPN routing information between the PEs.4. Configure the VPN instance on the PE connected with the CE in the backbone network,

and bind the PE interface connected with the CE to the corresponding VPN instance.5. Configure EBGP between the CE and the PE to exchange VPN routing information.6. Configure the Pipe mode on VPN-A and VPN-B, and apply different DiffServ domains to

different VPN instances.

Data Preparation

To configure BGP/MPLS IP VPN, you need the following data:

l MPLS LSR-IDs on the PEs and the Psl RDs of VPN-A and VPN-B



128

l VPN targets of VPN-A and VPN-Bl Different DiffServ domains on PE1 and PE2

Procedure

Step 1 Configure an IGP on the MPLS backbone to allow the PEs and the Ps to reach each other.

# Configure PE1.

<HUAWEI> system-view[~HUAWEI] sysname PE1[~PE1] interface loopback 1[~PE1-LoopBack1] ip address 1.1.1.9 32[~PE1-LoopBack1] quit[~PE1] interface pos3/0/0[~PE1-Pos3/0/0] ip address 172.1.1.1 24[~PE1-Pos3/0/0] quit[~PE1] ospf[~PE1-ospf-1] area 0[~PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[~PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[~PE1-ospf-1-area-0.0.0.0] quit[~PE1-ospf-1] quit

# Configure the P.

<HUAWEI> system-view[~HUAWEI] sysname P[P] interface loopback 1[P-LoopBack1] ip address 2.2.2.9 32[P-LoopBack1] quit[P] interface pos 1/0/0[P-Pos1/0/0] ip address 172.1.1.2 24[P-Pos1/0/0] quit[P] interface pos 2/0/0[P-Pos2/0/0] ip address 172.2.1.1 24[P-Pos2/0/0] quit[P] ospf[P-ospf-1] area 0[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0[P-ospf-1-area-0.0.0.0] quit[P-ospf-1] quit

# Configure PE2.

<HUAWEI> system-view[~HUAWEI] sysname PE2[~PE2] interface loopback 1[~PE2-LoopBack1] ip address 3.3.3.9 32[~PE2-LoopBack1] quit[~PE2] interface pos 3/0/0[~PE2-Pos3/0/0] ip address 172.2.1.2 24[~PE2-Pos3/0/0] quit[~PE2] ospf[~PE2-ospf-1] area 0[~PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255[~PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0[~PE2-ospf-1-area-0.0.0.0] quit[~PE2-ospf-1] quit

After the configuration, the OSPF neighbor relationship should be established between PE1, Pand PE2. After running the display ospf peer command, you can find that the OSPF neighborrelationship is in Full state. Run the display ip routing-table command on the PEs, and you canfind that the PEs have learned the routes of the Loopback1 interface of each other.



129

Use PE1 as an example:

[~PE1] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 172.1.1.2 Pos3/0/0 3.3.3.9/32 OSPF 10 3 D 172.1.1.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.1 Pos3/0/0 172.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Pos3/0/0[~PE1] display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Pos3/0/0)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ]

Step 2 Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone network to set upthe LDP LSP.

# Configure PE1.

[~PE1] mpls lsr-id 1.1.1.9[~PE1] mpls[~PE1-mpls] quit[~PE1] mpls ldp[~PE1-mpls-ldp] quit[~PE1] interface pos 3/0/0[~PE1-Pos3/0/0] mpls[~PE1-Pos3/0/0] mpls ldp[~PE1-Pos3/0/0] quit

# Configure the P.

[P] mpls lsr-id 2.2.2.9[P] mpls[P-mpls] quit[P] mpls ldp[P-mpls-ldp] quit[P] interface pos 1/0/0[P-Pos1/0/0] mpls[P-Pos1/0/0] mpls ldp[P-Pos1/0/0] quit[P] interface pos 2/0/0[P-Pos2/0/0] mpls[P-Pos2/0/0] mpls ldp[P-Pos2/0/0] quit

# Configure PE2.

[~PE2] mpls lsr-id 3.3.3.9[~PE2] mpls[~PE2-mpls] quit[~PE2] mpls ldp[~PE2-mpls-ldp] quit[~PE2] interface pos 3/0/0[~PE2-Pos3/0/0] mpls[~PE2-Pos3/0/0] mpls ldp[~PE2-Pos3/0/0] quit



130

After the configuration, LDP sessions are set up between PE1, P and PE2. After running thedisplay mpls ldp session command on the routers, you can find that the status of the session is"Operational" in the display result. Run the display mpls ldp lsp command, and view the statusof the LDP LSP.

Use PE1 as an example:

[~PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------- PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------- 2.2.2.9:0 Operational DU Passive 0000:00:01 5/5 ------------------------------------------------------------------------- TOTAL: 1 session(s) Found.[~PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0 *1.1.1.9/32 Liberal 2.2.2.9/32 NULL/3 - 172.1.1.2 Pos3/0/0 2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 Pos3/0/0 3.3.3.9/32 NULL/1025 - 172.1.1.2 Pos3/0/0 3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 Pos3/0/0 ------------------------------------------------------------------------------- TOTAL: 5 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is in GR state A '*' before a NextHop means the LSP is FRR LSP

Step 3 Establish the MP-IBGP peer relationship between the PEs.

# Configure PE1.

[~PE1] bgp 100[~PE1-bgp] peer 3.3.3.9 as-number 100[~PE1-bgp] peer 3.3.3.9 connect-interface loopback 1[~PE1-bgp] ipv4-family vpnv4[~PE1-bgp-af-vpnv4] peer 3.3.3.9 enable[~PE1-bgp-af-vpnv4] quit[~PE1-bgp] quit

# Configure PE2.

[~PE2] bgp 100[~PE2-bgp] peer 1.1.1.9 as-number 100[~PE2-bgp] peer 1.1.1.9 connect-interface loopback 1[~PE2-bgp] ipv4-family vpnv4[~PE2-bgp-af-vpnv4] peer 1.1.1.9 enable[~PE2-bgp-af-vpnv4] quit[~PE2-bgp] quit

After the configuration, run the display bgp peer command or the display bgp vpnv4 all peercommand, you can see that the BGP peer relationship is set up between the PE, and the peerstatus is Established.

[~PE1] display bgp vpnv4 all peerBGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv



131

3.3.3.9 4 100 12 18 0 00:09:38 Established 0

Step 4 Configure VPN instances on PEs and bind the instances to the CE interfaces.

# Configure PE1.

[~PE1] ip vpn-instance vpna[~PE1-vpn-instance-vpna] route-distinguisher 100:1[~PE1-vpn-instance-vpna] vpn-target 111:1 both[~PE1-vpn-instance-vpna] quit[~PE1] ip vpn-instance vpnb[~PE1-vpn-instance-vpnb] route-distinguisher 100:2[~PE1-vpn-instance-vpnb] vpn-target 222:2 both[~PE1-vpn-instance-vpnb] quit[~PE1] interface gigabitethernet 1/0/0[~PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna[~PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24[~PE1-GigabitEthernet1/0/0] quit[~PE1] interface gigabitethernet 2/0/0[~PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb[~PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24[~PE1-GigabitEthernet2/0/0] quit

# Configure PE2.

[~PE2] ip vpn-instance vpna[~PE2-vpn-instance-vpna] route-distinguisher 200:1[~PE2-vpn-instance-vpna] vpn-target 111:1 both[~PE2-vpn-instance-vpna] quit[~PE2] ip vpn-instance vpnb[~PE2-vpn-instance-vpnb] route-distinguisher 200:2[~PE2-vpn-instance-vpnb] vpn-target 222:2 both[~PE2-vpn-instance-vpnb] quit[~PE2] interface gigabitethernet 1/0/0[~PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna[~PE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24[~PE2-GigabitEthernet1/0/0] quit[~PE2] interface gigabitethernet 2/0/0[~PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpnb[~PE2-GigabitEthernet2/0/0] ip address 10.4.1.2 24[~PE2-GigabitEthernet2/0/0] quit

# Configure an IP address for the CE interface according to Figure 6-5. Details for theconfiguration procedure are not provided here.

After the configuration, check the configuration of VPN instances by running the display ipvpn-instance verbose command on the PEs. Each PE can successfully ping its own CE.

NOTE

When the interfaces on a PE are bound to the same VPN, you need to specify the source IP address whenyou use the ping command to ping the CE connected to the peer PE. This means that you need to specify-a source-ip-address in the ping -a source-ip-address -vpn-instance vpn-instance-name dest-ip-addresscommand; otherwise, the ping fails.

Use PE1 and CE1 as an example:

[~PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2 VPN-Instance Name and ID : vpna, 1 Create date : 2009/01/21 11:30:35 Up time : 0 days, 00 hours, 05 minutes and 19 seconds Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5



132

Interfaces : GigabitEthernet1/0/0 VPN-Instance Name and ID : vpnb, 2 Create date : 2009/01/21 11:31:18 Up time : 0 days, 00 hours, 04 minutes and 36 seconds Route Distinguisher : 100:2 Export VPN Targets : 222:2 Import VPN Targets : 222:2 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 Interfaces : GigabitEthernet2/0/0[~PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 msReply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms

Step 5 Establish the EBGP peer relationship between the PE and the CE to import VPN routes.

# Configure CE1.

[~CE1] bgp 65410[~CE1-bgp] peer 10.1.1.2 as-number 100[~CE1-bgp] import-route direct

NOTE

The configuration procedures of CE2, CE3 and CE4 are similar to that of CE1.

# Configure PE1.

[~PE1] bgp 100[~PE1-bgp] ipv4-family vpn-instance vpna[~PE1-bgp-vpna] peer 10.1.1.1 as-number 65410[~PE1-bgp-vpna] import-route direct[~PE1-bgp-vpna] quit[~PE1-bgp] ipv4-family vpn-instance vpnb[~PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420[~PE1-bgp-vpnb] import-route direct[~PE1-bgp-vpnb] quit

NOTE

The configuration of PE2 is similar to that of PE1, and the details for the configuration procedure are notprovided here.

After the configuration, run the display bgp vpnv4 vpn-instance peer command on the PE.You can see that the BGP peer relationship is set up between the PE and the CE, and the peerstatus is Established.

Use the peer relationship between PE1 and CE1 as an example.

[~PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 11 9 0 00:06:37 Established 1




133

Running the display ip routing-table vpn-instance command on the PE, you can find the routeto peer CEs.

Use PE1 as an example.

[~PE1] display ip routing-table vpn-instance vpnaRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: vpna Destinations : 3 Routes : 3Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/24 IBGP 255 0 RD 3.3.3.9 Pos3/0/0[~PE1] display ip routing-table vpn-instance vpnbRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: vpnb Destinations : 3 Routes : 3Destination/Mask Proto Pre Cost Flags NextHop Interface 10.2.1.0/24 Direct 0 0 D 10.2.1.2 GigabitEthernet2/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 Pos3/0/0

The CEs in the same VPN can successfully ping each other whereas two CEs in different VPNscannot ping each other.

For example, CE1 can successfully ping CE3 (10.3.1.1/24) but cannot ping CE4 (10.4.1.1/24).

[~CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms --- 10.3.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms [~CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

Step 7 Configure DiffServ on PE1 and PE2, and apply DiffServ domains to different VPN instances.

Configure PE1.

[~PE1] ip vpn-instance vpna[~PE1-vpn-instance-vpna] diffserv-mode pipe af1 green[~PE1-vpn-instance-vpna] quit[~PE1] ip vpn-instance vpnb[~PE1-vpn-instance-vpnb] diffserv-mode pipe be yellow[~PE1-vpn-instance-vpnb] quit

Configure PE2.

[~PE2] ip vpn-instance vpna[~PE2-vpn-instance-vpna] diffserv-mode pipe af1 green[~PE2-vpn-instance-vpna] quit



134

[~PE2] ip vpn-instance vpnb[~PE2-vpn-instance-vpnb] diffserv-mode pipe be yellow[~PE2-vpn-instance-vpnb] quit


You can view the DiffServ mode of the VPN instance after running the display ip vpn-instanceverbose vpna command on the PE.

Use the display on PE1 as an example:

[~PE1] display ip vpn-instance verbose vpnaVPN-Instance Name and ID : vpna, 1 Create date : 2009/11/30 11:08:12 Up time : 0 days, 00 hours, 06 minutes and 32 seconds Route Distinguisher : 200:1 Label Policy : label per route The diffserv-mode Information is : pipe The ttl-mode Information is : pipe Log Interval : 5

----End

Configuration Filesl Configuration file of PE1

# sysname PE1#ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity diffserv-mode pipe af1 green#ip vpn-instance vpnb route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity diffserv-mode pipe be yellow# mpls lsr-id 1.1.1.9 mpls#mpls ldp#interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0#interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpnb ip address 10.2.1.2 255.255.255.0#interface Pos3/0/0 link-protocol pppundo shutdownip address 172.1.1.1 255.255.255.0mplsmpls ldp#interface LoopBack1 ip address 1.1.1.9 255.255.255.255#bgp 100 peer 3.3.3.9 as-number 100



135

peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable# ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct# ipv4-family vpn-instance vpnb peer 10.2.1.1 as-number 65420 import-route direct#ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0#return

l Configuration file of the P# sysname P# mpls lsr-id 2.2.2.9 mpls#mpls ldp#interface Pos1/0/0 link-protocol ppp undo shutdown ip address 172.1.1.2 255.255.255.0 mpls mpls ldp#interface Pos2/0/0 link-protocol ppp undo shutdown ip address 172.2.1.1 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 2.2.2.9 255.255.255.255#ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0#return

l Configuration file of PE2# sysname PE2#ip vpn-instance vpna route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity diffserv-mode pipe af1 green#ip vpn-instance vpnb



136

route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity diffserv-mode pipe be yellow# mpls lsr-id 3.3.3.9 mpls#mpls ldp#interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0#interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0#interface Pos3/0/0 link-protocol ppp undo shutdown ip address 172.2.1.2 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 3.3.3.9 255.255.255.255#bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna peer 10.3.1.1 as-number 65430 import-route direct # ipv4-family vpn-instance vpnb peer 10.4.1.1 as-number 65440 import-route direct#ospf 1 area 0.0.0.0 network 172.2.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0#return

l Configuration file of CE1# sysname CE1#interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0#bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization



137

import-route direct peer 10.1.1.2 enable#return

l Configuration file of CE2# sysname CE2#interface GigabitEthernet1/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0#bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable#return





138

NE5000E V800R003C00 Configuration Guide - QoS 01(PDF)

Documents

Transcript of NE5000E V800R003C00 Configuration Guide - QoS 01(PDF)