1.16 Configuring QoS
1.16.2 Configuring Traffic Management Based on ACL
The ACL can be used to implement flexible traffic classification according to user requirements. After traffic classification based on ACL is completed, you can perform QoS for the traffic streams.
Configuring the Limitation on the Traffic Matching an ACL Rule
This topic describes how to limit the traffic matching an ACL rule on a specified port, and process the traffic that exceeds the limit, such as adding the DSCP tag or dropping the packet directly.
Prerequisite
The ACL and the rule of the ACL must be configured and the port for traffic limit must work in the normal state.
Background Information
l The traffic statistics are only effective for the permit rules of an ACL. l The limited traffic must be an integer multiple of 64 kbit/s.
Procedure
Step 1 Run the traffic-limit command to limit the traffic matching an ACL rule on a specified port. Run this command to set the action to be taken when the traffic received on the port exceeds the limit value. Two options are available:
l drop: Drop the traffic that exceeds the limit value.
l remark-dscp value: To set the DSCP priority for the traffic that exceeds the limit value, use this parameter.
Step 2 Run the display qos-info traffic-limit port command to query the traffic limit information on the specified port.
----End
Example
To limit the traffic that matches ACL 2001 received on port 0/2/0 to 512 kbit/s and add the DSCP priority tag (af1) to packets that exceed the limit, do as follows:
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port
0/2/0
//"af1" represents a dscp type: Assured Forwarding 1 service (10). huawei(config)#display qos-info traffic-limit port 0/2/0
traffic-limit: port 0/2/0: Inbound:
Matches: Acl 2001 rule 5 running Target rate: 512 Kbps
Exceed action: remark-dscp af1
Adding a Priority Tag to the Traffic Matching an ACL Rule
This topic describes how to add a priority tag to the traffic matching an ACL rule on a specified port so that the traffic can obtain the service that matches the specified priority. The priority tag type can be ToS, DSCP, or 802.1p.
Prerequisite
The ACL and the sub-rule of the ACL must be configured and the port for traffic limit must work in the normal state.
Background Information
l The traffic statistics are only valid to permit rules of an ACL.
l The ToS and the DSCP priorities are mutually exclusive. Therefore, they cannot be configured at the same time.
Procedure
Step 1 Run the traffic-priority command to add a priority tag to the traffic matching an ACL rule on a specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority. ----End
Example
To add a priority tag to the traffic that matches ACL 2001 received on port 0/2/0, and the DSCP priority and local priority of the traffic are 10 (af1) and 0 respectively, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/2/0
huawei(config)#display qos-info traffic-priority port 0/2/0
traffic-priority: port 0/2/0: Inbound: Matches: Acl 2001 rule 5 running Priority action: dscp af1 local-precedence 0
Enabling the Statistics Collection of the Traffic Matching an ACL Rule
This topic describes how to enable the statistics collection of the traffic matching an ACL rule, thus analyzing and monitoring the traffic.
Prerequisite
The ACL and the sub-rule of the ACL must be configured and the port for traffic statistics must work in the normal state.
Background Information
The traffic statistics are only valid to permit rules of an ACL.
Procedure
Step 1 Run the traffic-statistic command to enable the statistics collection of the traffic matching an ACL rule on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the statistics information about the traffic matching an ACL rule on a specified port.
----End
Example
To enable the statistics collection of the traffic that matches ACL 2001 received on port 0/7/0, do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/7/0 huawei(config)#display qos-info traffic-statistic port 0/7/0 traffic-statistic:
port 0/7/0: Inbound:
Matches: Acl 2001 rule 5 running 0 packet
Related Operation
Table 1-17 lists the related operations for enabling the statistics collection of the traffic matching an ACL rule.
Table 1-17 Related operation for enabling the statistics collection of the traffic matching an ACL rule
Operation Run the Command...
Clear the statistics of the traffic matching an ACL rule on a specified port
reset traffic-statistic
Disable the statistics collection of the traffic matching an ACL rule
undo traffic-statistic
Enabling the Mirroring of the Traffic Matching an ACL Rule
This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port. Mirroring does not affect packet receipt and transmission on the mirroring source port. You can
monitor the traffic of the mirroring source port by analyzing the traffic that passes the mirroring destination port.
Prerequisite
The ACL and the rule of the ACL must be configured and the port for traffic mirroring must work in the normal state.
Background Information
l The traffic statistics are only valid to permit rules of an ACL. l The destination mirroring port cannot be an aggregation port.
l The system supports only one mirroring destination port and the mirroring destination port must be the upstream port.
Procedure
Step 1 Run the traffic-mirror command to enable the mirroring of the traffic matching an ACL rule on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the mirroring information about the traffic matching an ACL rule on a specified port.
----End
Example
To mirror the traffic that matches ACL 2001 received on port 0/2/0 to port 0/7/0, do as follows: huawei(config)#traffic-mirror inbound ip-group 2001 port 0/2/0 to port 0/7/0 huawei(config)#display qos-info traffic-mirror port 0/2/0 traffic-mirror: port 0/2/0: Inbound: Matches: Acl 2001 rule 5 running Mirror to: port 0/7/0
Enabling the Redirection of the Traffic Matching an ACL Rule
This topic describes how to redirect the traffic matching an ACL rule on a specified port. After this operation is executed successfully, the original port does not forward the traffic matching the ACL rule, but the specified port forwards the traffic.
Prerequisites
The ACL and the rule of the ACL must be configured and the port for redirection must work in the normal state.
Context
l Currently, the service ports support only redirection of the traffic matching the ACL rule to upstream ports. The upstream ports support only redirection of the traffic matching the ACL rule to ports of the same type.
Procedure
Step 1 Run the traffic-redirect command to redirect the traffic matching an ACL rule on a specified port.
Step 2 Run the display qos-info traffic-redirect port command to query the redirection information about the traffic matching an ACL rule on a specified port.
----End
Example
To redirect the traffic that matches ACL 2001 received on port 0/7/0 to port 0/7/1, do as follows: huawei(config)#traffic-redirect inbound ip-group 2001 port 0/7/0 to port 0/7/1 huawei(config)#display qos-info traffic-redirect port 0/7/0
traffic-redirect: port 0/7/0:
Inbound: Matches: Acl 2001 rule 5 running Redirected to: port 0/7/1