华为配置基于VLAN限速示例
组网图形
| 流量类型 | CIR(kbps) | PIR(kbps) | DSCP优先级 |
|---|---|---|---|
| 语音 | 2000 | 10000 | 46 |
| 视频 | 4000 | 10000 | 30 |
| 数据 | 4000 | 10000 | 14 |
^^^
流分类简介
除了ACL之外,MQC配置中的流分类定义了大量的二三层匹配规则,如VLAN ID、802.1p优先级、DSCP优先级、源MAC、目的MAC等,设备可以通过配置不同的流分类规则将报文进行分类,并配置限速、统计或者镜像等流行为,以实现不同的策略。
本例就是在流分类中匹配不同的VLAN ID,并对符合规则的报文分别配置不同的限速带宽,以达到对不同的业务流量分配不同带宽的目的。
配置注意事项
- 本举例适用的产品包括:
- S2752EI、S2710-SI、S2720-EI、S2750-EI
- S3700-SI、S3700-EI、S3700-HI
- S5700-LI、S5700S-LI、S5700-SI、S5700-EI、S5700-HI、S5710-C-LI、S5710-X-LI、S5710-EI、S5710-HI、S5720-LI、S5720S-LI、S5720-SI、S5720S-SI、S5720I-SI、S5720-EI、S5720-HI、S5730-HI、S5730-SI、S5730S-EI、S5731-H、S5731-S、S5731S-S、S5731S-H、S5731-H-K、S5732-H、S5732-H-K、S2730S-S、S5735-L-I、S5735-L1、S300、S5735-L、S5735S-L1、S5735S-L、S5735S-L-M、S500、S5735-S、S5735S-S、S5735-S-I、S5735S-H、S5736-S
- S6700-EI、S6720-LI、S6720S-LI、S6720-SI、S6720S-SI、S6720-EI、S6720S-EI、S6720-HI、S6730-H、S6730-S、S6730S-S、S6730S-H、S6730-H-K
- S7703、S7706、S7712、S7710、S7703 PoE、S7706 PoE、S7905、S7908、S9703、S9706、S9712
-
本举例中产品的默认适用版本请参见“案例适用的产品和版本说明”中的表1。
如需了解交换机软件配套详细信息,请点击Info-Finder,在选择产品系列或产品型号后,在“硬件中心”进行查询。
S5731-L和S5731S-L属于远端模块,不支持Web管理、YANG和命令行,仅支持通过中心交换机对其下发配置,相关操作请参见《S300, S500, S2700, S5700, S6700 V200R022C00 配置指南-设备管理》中的“智能极简园区网络配置(小行星方案)”。
组网需求
Switch通过接口GE2/0/1与路由器互连,企业可经由Switch和路由器访问网络,如图1所示。
语音业务对应的VLAN ID为120,视频业务对应的VLAN ID为110,数据业务对应的VLAN ID为100。
在Switch上需要对不同业务的报文分别进行流量监管,以将流量限制在一个合理的范围之内,并保证各业务的带宽需求。
不同业务对于服务质量的需求不同,语音业务对服务质量要求最高,视频业务次之,数据业务要求最低,所以在Switch中还需要重标记不同业务报文的DSCP优先级,以便于路由器按照报文的不同优先级分别进行处理,保证各种业务的服务质量。
具体配置需求如表1所示。
配置思路
采用如下的思路配置MQC实现流量监管:
- 创建VLAN,并配置各接口,使企业能够通过Switch访问网络。
- 在Switch上配置基于VLAN ID进行流分类的匹配规则。
- 在Switch上配置流行为,对报文进行流量监管并且重标记报文的DSCP优先级。
- 在Switch上配置流量监管策略,绑定已配置的流行为和流分类,并应用到Switch与LSW连接的接口上。
操作步骤
- 创建VLAN并配置各接口
# 在Switch上创建VLAN 100、110、120。 <HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 110 120 # 将接口GE1/0/1、GE2/0/1的接入类型分别配置为trunk,并分别将接口GE1/0/1和GE2/0/1加入VLAN 100、VLAN 110、VLAN 120。 [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 110 120 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 2/0/1 [Switch-GigabitEthernet2/0/1] port link-type trunk [Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 110 120 [Switch-GigabitEthernet2/0/1] quit - 配置流分类
# 在Switch上创建流分类c1~c3,对不同业务流按照其VLAN ID进行分类。 [Switch] traffic classifier c1 operator and [Switch-classifier-c1] if-match vlan-id 120 //匹配VLAN ID为120的报文 [Switch-classifier-c1] quit [Switch] traffic classifier c2 operator and [Switch-classifier-c2] if-match vlan-id 110 //匹配VLAN ID为110的报文 [Switch-classifier-c2] quit [Switch] traffic classifier c3 operator and [Switch-classifier-c3] if-match vlan-id 100 //匹配VLAN ID为100的报文 [Switch-classifier-c3] quit - 配置流量监管行为
# 在Switch上创建流行为b1~b3,对不同业务流进行流量监管以及重标记优先级,并配置流量统计功能。 [Switch] traffic behavior b1 [Switch-behavior-b1] car cir 2000 pir 10000 green pass //对VLAN ID为120的报文限速为2000kbit/s [Switch-behavior-b1] remark dscp 46 //对VLAN ID为120的报文重标记其DSCP优先级为46 [Switch-behavior-b1] statistic enable //配置流量统计功能 [Switch-behavior-b1] quit [Switch] traffic behavior b2 [Switch-behavior-b2] car cir 4000 pir 10000 green pass [Switch-behavior-b2] remark dscp 30 [Switch-behavior-b2] statistic enable [Switch-behavior-b2] quit [Switch] traffic behavior b3 [Switch-behavior-b3] car cir 4000 pir 10000 green pass [Switch-behavior-b3] remark dscp 14 [Switch-behavior-b3] statistic enable [Switch-behavior-b3] quit - 配置流量监管策略并应用到接口上
# 在Switch上创建流策略p1,将流分类和对应的流行为进行绑定并将流策略应用到接口GE1/0/1入方向上,对报文进行流量监管和重标记。 [Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] classifier c2 behavior b2 [Switch-trafficpolicy-p1] classifier c3 behavior b3 [Switch-trafficpolicy-p1] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound [Switch-GigabitEthernet1/0/1] quit - 验证配置结果
# 查看流分类的配置信息。 [Switch] display traffic classifier user-defined User Defined Classifier Information: Classifier: c2 Precedence: 10 Operator: AND Rule(s) : if-match vlan-id 110 Classifier: c3 Precedence: 15 Operator: AND Rule(s) : if-match vlan-id 100 Classifier: c1 Precedence: 5 Operator: AND Rule(s) : if-match vlan-id 120 Total classifier number is 3 # 查看流策略的配置信息,以流策略p1为例。 [Switch] display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Classifier: c2 Operator: AND Behavior: b2 Permit Committed Access Rate: CIR 4000 (Kbps), PIR 10000 (Kbps), CBS 500000 (byte), PBS 1250000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard Remark: Remark DSCP af33 Statistic: enable Classifier: c3 Operator: AND Behavior: b3 Permit Committed Access Rate: CIR 4000 (Kbps), PIR 10000 (Kbps), CBS 500000 (byte), PBS 1250000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard Remark: Remark DSCP af13 Statistic: enable Classifier: c1 Operator: AND Behavior: b1 Permit Committed Access Rate: CIR 2000 (Kbps), PIR 10000 (Kbps), CBS 250000 (byte), PBS 1250000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard Remark: Remark DSCP ef Statistic: enable # 查看在接口上应用的流策略信息。以接口GE1/0/1上的语音业务报文为例,当报文速率大于10000kbit/s时会出现丢包,语音业务报文的速率被限制在10000kbit/s。 [Switch] display traffic policy statistics interface gigabitethernet 1/0/1 inbound verbose classifier-base class c1 Interface: GigabitEthernet1/0/1 Traffic policy inbound: p1 Rule number: 3 Current status: success Statistics interval: 300 --------------------------------------------------------------------- Board : 1 --------------------------------------------------------------------- Matched | Packets: 49,491 | Bytes: - | Rate(pps): 0 | Rate(bps): - --------------------------------------------------------------------- Passed | Packets: 40,971 | Bytes: - | Rate(pps): 0 | Rate(bps): - --------------------------------------------------------------------- Dropped | Packets: 8,520 | Bytes: - | Rate(pps): 0 | Rate(bps): - --------------------------------------------------------------------- Filter | Packets: 0 | Bytes: - --------------------------------------------------------------------- Car | Packets: 8,520 | Bytes: - ---------------------------------------------------------------------
配置文件
Switch的配置文件
#
sysname Switch
#
vlan batch 100 110 120
#
traffic classifier c1 operator and precedence 5
if-match vlan-id 120
traffic classifier c2 operator and precedence 10
if-match vlan-id 110
traffic classifier c3 operator and precedence 15
if-match vlan-id 100
#
traffic behavior b1
permit
car cir 2000 pir 10000 cbs 250000 pbs 1250000 mode color-blind green pass yellow pass red discard
remark dscp ef
statistic enable
traffic behavior b2
permit
car cir 4000 pir 10000 cbs 500000 pbs 1250000 mode color-blind green pass yellow pass red discard
remark dscp af33
statistic enable
traffic behavior b3
permit
car cir 4000 pir 10000 cbs 500000 pbs 1250000 mode color-blind green pass yellow pass red discard
remark dscp af13
statistic enable
#
traffic policy p1 match-order config
classifier c1 behavior b1
classifier c2 behavior b2
classifier c3 behavior b3
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100 110 120
traffic-policy p1 inbound
#
interface GigabitEthernet2/0/1
port link-type trunk
port trunk allow-pass vlan 100 110 120
#
return
