- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
07-流量監管典型配置舉例
本章節下載: 07-流量監管典型配置舉例 (392.42 KB)
目 錄
本文檔介紹了流量監管的配置舉例。
流量監管就是對流量進行控製,通過監督進入網絡的流量速率,對超出部分的流量進行“懲罰”,使進入的流量被限製在一個合理的範圍之內,以保護網絡資源和運營商的利益。
流量監管分為:聚合CAR和普通CAR。聚合CAR是指能夠對多個端口上的業務流使用同一個CAR進行流量監管,即如果多個端口應用同一聚合CAR,則這些端口的流量之和必須在此聚合CAR設定的流量監管範圍之內。普通CAR與聚合CAR不同,在端口上應用的普通CAR無法實現對多個端口的流量之和進行流量監管,不同端口上應用的普通CAR需要單獨配置。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文假設您已了解流量監管特性。
如圖1所示,某公司網絡通過專線接入Internet,上行帶寬為60Mbps,所有終端設備均以防火牆作為網關設備。現要求使用流量監管功能,對上行至Internet的流量進行分類限速:
· HTTP流量:總上行限速為40Mbps,其中研發部25台主機分配15Mbps上行帶寬;市場部40台主機分配25Mbps上行帶寬。
· 郵件服務器代理所有客戶端向外網發送電子郵件,限製上行帶寬為2Mbps。
· 遠端分支機構可以通過Internet訪問FTP服務器,限製上行的FTP的數據流量不超過10Mbps。
圖1 基於IP地址和協議類型進行流量監管配置組網圖
要實現對不同特征數據流的流量監管,主要是明確匹配各業務數據的類規則。在本例中,需要使用ACL來匹配各種協議或來源的IP報文,並將這些分類規則與不同的流量監管動作進行綁定,即可實現對不同特征的數據進行不同的速率限製。
表1 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7639P01及以上版本 |
|
S10500X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-XS係列交換機 |
Release 7639P01及以上版本 |
|
S7600E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500X-X係列交換機 |
Release 7639P01及以上版本 |
|
S10500係列交換機 |
Release 7639P01及以上版本 |
|
S7600-X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-S係列交換機 |
Release 7639P01及以上版本 |
|
S7500E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500E係列交換機 |
Release 7639P01及以上版本 |
|
S7500X係列交換機 |
Release 7639P01及以上版本 |
|
S7600係列交換機 |
Release 7639P01及以上版本 |
|
S7000ET係列交換機 |
Release 7639P01及以上版本 |
在一個流行為中,流量監管動作不能與重標記優先級(包括本地優先級、丟棄優先級、802.1p優先級、DSCP優先級、IP優先級)的動作同時配置,否則會導致該流行為不能被正常應用。
(1) 配置對研發部HTTP上行流量的限製
# 創建高級IPv4 ACL 3000,匹配研發部發送的HTTP流量(目的TCP端口80)。
<Device> system-view
[Device] acl advanced 3000
[Device-acl-ipv4-adv-3000] rule permit tcp destination-port eq 80 source 192.168.1.0 0.0.0.255
[Device-acl-ipv4-adv-3000] quit
# 創建類rd_http,匹配規則為IPv4 ACL 3000。
[Device] traffic classifier rd_http
[Device-classifier-rd_http] if-match acl 3000
[Device-classifier-rd_http] quit
# 創建流行為rd_http,動作為流量監管,承諾速率15Mbps。
[Device] traffic behavior rd_http
[Device-behavior-rd_http] car cir 15360
[Device-behavior-rd_http] quit
# 創建QoS策略rd_http。
[Device] qos policy rd_http
[Device-qospolicy-rd_http] classifier rd_http behavior rd_http
[Device-qospolicy-rd_http] quit
# 將策略應用到Ten-GigabitEthernet1/0/3端口的入方向。
[Device] interface ten-gigabitethernet 1/0/3
[Device-Ten-GigabitEthernet1/0/3] qos apply policy rd_http inbound
[Device-Ten-GigabitEthernet1/0/3] quit
(2) 配置對市場部HTTP上行流量的限製
# 創建高級IPv4 ACL3001,匹配市場部發送的HTTP流量。
[Device] acl advanced 3001
[Device-acl-ipv4-adv-3001] rule permit tcp destination-port eq 80 source 192.168.2.0 0.0.0.255
[Device-acl-ipv4-adv-3001] quit
# 創建類mkt_http,匹配規則為IPv4 ACL 3001。
[Device] traffic classifier mkt_http
[Device-classifier-mkt_http] if-match acl 3001
[Device-classifier-mkt_http] quit
# 創建流行為mkt_http,動作為流量監管,承諾速率為25Mbps。
[Device] traffic behavior mkt_http
[Device-behavior-mkt_http] car cir 25600
[Device-behavior-mkt_http] quit
# 創建QoS策略mkt_http。
[Device] qos policy mkt_http
[Device-qospolicy-mkt_http] classifier mkt_http behavior mkt_http
[Device-qospolicy-mkt_http] quit
# 將策略應用到Ten-GigabitEthernet1/0/4端口的入方向。
[Device] interface ten-gigabitethernet 1/0/4
[Device-Ten-GigabitEthernet1/0/4] qos apply policy mkt_http inbound
[Device-Ten-GigabitEthernet1/0/4] quit
(3) 配置對郵件服務器發送電子郵件流量的限製
# 創建高級IPv4 ACL 3002,匹配郵件服務器向外發送郵件的數據。
[Device] acl advanced 3002
[Device-acl-ipv4-adv-3002] rule permit tcp destination-port eq smtp source 192.168.10.1 0.0.0.0
[Device-acl-ipv4-adv-3002] quit
# 創建類email,匹配規則為IPv4 ACL 3002。
[Device] traffic classifier email
[Device-classifier-email] if-match acl 3002
[Device-classifier-email] quit
# 創建流行為email,動作為流量監管,承諾速率為2Mbps。
[Device] traffic behavior email
[Device-behavior-email] car cir 2048
[Device-behavior-email] quit
# 創建QoS策略email&ftp。
[Device] qos policy email&ftp
[Device-qospolicy-email&ftp] classifier email behavior email
[Device-qospolicy-email&ftp] quit
(4) 配置對分支機構的FTP流量的限製
# 創建基本IPv4 ACL 2001,匹配FTP服務器發送的報文。
[Device] acl basic 2001
[Device-acl-ipv4-basic-2001] rule permit source 192.168.10.2 0.0.0.0
[Device-acl-ipv4-basic-2001] quit
# 創建類ftp,匹配規則為IPv4 ACL 2001。
[Device] traffic classifier ftp
[Device-classifier-ftp] if-match acl 2001
[Device-classifier-ftp] quit
# 創建流行為ftp,動作為流量監管,承諾速率為10Mbps。
[Device] traffic behavior ftp
[Device-behavior-ftp] car cir 10240
[Device-behavior-ftp] quit
# 在QoS策略email&ftp中為類ftp指定流行為ftp。
[Device] qos policy email&ftp
[Device-qospolicy-email&ftp] classifier ftp behavior ftp
[Device-qospolicy-email&ftp] quit
# 將策略應用到Ten-GigabitEthernet1/0/2端口的入方向。
[Device] interface ten-gigabitethernet 1/0/2
[Device-Ten-GigabitEthernet1/0/2] qos apply policy email&ftp inbound
[Device-Ten-GigabitEthernet1/0/2] quit
# 執行display qos policy interface命令查看端口上QoS策略的應用狀態。
[Device] display qos policy interface
Interface: Ten-GigabitEthernet1/0/2
Direction: Inbound
Policy: email&ftp
Classifier: email
Operator: AND
Rule(s) :
If-match acl 3002
Behavior: email
Committed Access Rate:
CIR 2048 (kbps), CBS 128000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Classifier: ftp
Operator: AND
Rule(s) :
If-match acl 2001
Behavior: ftp
Committed Access Rate:
CIR 10240 (kbps), CBS 640000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Interface: Ten-GigabitEthernet1/0/3
Direction: Inbound
Policy: rd_http
Classifier: rd_http
Operator: AND
Rule(s) :
If-match acl 3000
Behavior: rd_http
Committed Access Rate:
CIR 15360 (kbps), CBS 960000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Interface: Ten-GigabitEthernet1/0/4
Direction: Inbound
Policy: mkt_http
Classifier: mkt_http
Operator: AND
Rule(s) :
If-match acl 3001
Behavior: mkt_http
Committed Access Rate:
CIR 25600 (kbps), CBS 1600000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
#
traffic classifier email operator and
if-match acl 3002
#
traffic classifier ftp operator and
if-match acl 2001
#
traffic classifier mkt_http operator and
if-match acl 3001
#
traffic classifier rd_http operator and
if-match acl 3000
#
traffic behavior email
car cir 2048 cbs 128000 ebs 0 green pass red discard yellow pass
#
traffic behavior ftp
car cir 10240 cbs 640000 ebs 0 green pass red discard yellow pass
#
traffic behavior mkt_http
car cir 25600 cbs 1600000 ebs 0 green pass red discard yellow pass
#
traffic behavior rd_http
car cir 15360 cbs 960000 ebs 0 green pass red discard yellow pass
#
qos policy email&ftp
classifier email behavior email
classifier ftp behavior ftp
#
qos policy mkt_http
classifier mkt_http behavior mkt_http
#
qos policy rd_http
classifier rd_http behavior rd_http
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
qos apply policy email&ftp inbound
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
qos apply policy rd_http inbound
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
qos apply policy mkt_http inbound
#
acl basic 2001
rule 0 permit source 192.168.10.2 0
#
acl advanced 3000
rule 0 permit tcp source 192.168.1.0 0.0.0.255 destination-port eq www
#
acl advanced 3001
rule 0 permit tcp source 192.168.2.0 0.0.0.255 destination-port eq www
#
acl advanced 3002
rule 0 permit tcp source 192.168.10.1 0 destination-port eq smtp
如圖2所示,某公司各分支機構通過交換機將數據上行至Device,再由Device通過專線將數據傳輸至公司骨幹網。
各分支機構內通過VLAN來標識不同的業務數據,在Device的Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2端口上配置了1:1 VLAN Mapping功能,按圖中所示對業務VLAN進行了重新映射,以滿足骨幹網中的傳輸策略要求。
根據線路帶寬狀況,現要求使用流量監管功能,實現對不同業務類型的數據進行如下的帶寬分配:
· 在Device連接分支機構A和分支機構B的鏈路上,要求對上行至Device的各業務數據速率分別限製為:VLAN1001為400Mbps,VLAN1002為200Mbps,VLAN1003為200Mbps。對Device下行方向的業務數據同樣根據以上數值進行限速。
· 在Device連接分支機構C的鏈路上,要求對上行至Device的各業務數據速率分別限製為:VLAN201為400Mbps,VLAN202為200Mbps,VLAN203為200Mbps。對Device下行方向的業務數據同樣根據以上數值進行限速。
· 在Device連接公司骨幹網的聯路上,要求對上行至骨幹網的各業務數據限速為:VLAN201為100Mbps,VLAN202為60Mbps,VLAN203為40Mbps。對下行方向數據同樣根據以上數值進行限速。
圖2 基於VLAN的帶寬分配配置組網圖
為實現基於VLAN的帶寬分配,需要將QoS策略中流分類匹配規則定義為匹配指定的VLAN,同時創建動作為流量監管的流行為,並將二者進行配對關聯。通過創建多個這樣的配對關係並將對應的QoS策略進行應用,便可以對不同VLAN的數據進行不同的速率限製,達到帶寬分配的效果。
表2 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7639P01及以上版本 |
|
S10500X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-XS係列交換機 |
Release 7639P01及以上版本 |
|
S7600E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500X-X係列交換機 |
Release 7639P01及以上版本 |
|
S10500係列交換機 |
Release 7639P01及以上版本 |
|
S7600-X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-S係列交換機 |
Release 7639P01及以上版本 |
|
S7500E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500E係列交換機 |
Release 7639P01及以上版本 |
|
S7500X係列交換機 |
Release 7639P01及以上版本 |
|
S7600係列交換機 |
Release 7639P01及以上版本 |
|
S7000ET係列交換機 |
Release 7639P01及以上版本 |
在一個流行為中,流量監管動作不能與重標記優先級(包括本地優先級、丟棄優先級、802.1p優先級、DSCP優先級、IP優先級)的動作同時配置,否則會導致該流行為不能被正常應用。
# 配置端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2為Trunk端口,允許VLAN1001、VLAN1002、VLAN1003、VLAN201、VLAN202、VLAN203通過,取消允許VLAN1通過,並配置1:1 VLAN Mapping。
<Device> system-view
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] port link-type trunk
[Device-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1001 to 1003 201 to 203
[Device-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[Device-Ten-GigabitEthernet1/0/1] vlan mapping 1001 translated-vlan 201
[Device-Ten-GigabitEthernet1/0/1] vlan mapping 1002 translated-vlan 202
[Device-Ten-GigabitEthernet1/0/1] vlan mapping 1003 translated-vlan 203
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] interface ten-gigabitethernet 1/0/2
[Device-Ten-GigabitEthernet1/0/2] port link-type trunk
[Device-Ten-GigabitEthernet1/0/2] port trunk permit vlan 1001 to 1003 201 to 203
[Device-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[Device-Ten-GigabitEthernet1/0/2] vlan mapping 1001 translated-vlan 201
[Device-Ten-GigabitEthernet1/0/2] vlan mapping 1002 translated-vlan 202
[Device-Ten-GigabitEthernet1/0/2] vlan mapping 1003 translated-vlan 203
[Device-Ten-GigabitEthernet1/0/2] quit
# 配置端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/10為Trunk端口,並允許VLAN201、VLAN202、VLAN203通過,取消允許VLAN1通過。
[Device] interface ten-gigabitethernet 1/0/3
[Device-Ten-GigabitEthernet1/0/3] port link-type trunk
[Device-Ten-GigabitEthernet1/0/3] port trunk permit vlan 201 to 203
[Device-Ten-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[Device-Ten-GigabitEthernet1/0/3] quit
[Device] interface ten-gigabitethernet 1/0/10
[Device-Ten-GigabitEthernet1/0/10] port link-type trunk
[Device-Ten-GigabitEthernet1/0/10] port trunk permit vlan 201 to 203
[Device-Ten-GigabitEthernet1/0/10] undo port trunk permit vlan 1
[Device-Ten-GigabitEthernet1/0/10] quit
(1) 對接收和發送分支機構A、B、C的報文進行流量監管。
# 創建流分類vlan201,匹配規則為匹配customer-vlan-id為201。
[Device] traffic classifier vlan201
[Device-classifier-vlan201] if-match customer-vlan-id 201
[Device-classifier-vlan201] quit
# 創建流分類vlan202,匹配規則為匹配customer-vlan-id為202。
[Device] traffic classifier vlan202
[Device-classifier-vlan202] if-match customer-vlan-id 202
[Device-classifier-vlan202] quit
# 創建流分類vlan203,匹配規則為匹配customer-vlan-id為203。
[Device] traffic classifier vlan203
[Device-classifier-vlan203] if-match customer-vlan-id 203
[Device-classifier-vlan203] quit
# 創建流行為car400,並配置流量監管的動作,承諾速率為400Mbps。
[Device] traffic behavior car400
[Device-behavior-car400] car cir 409600
[Device-behavior-car400] quit
# 創建流行為car200,並配置流量監管的動作,承諾速率為200Mbps。
[Device] traffic behavior car200
[Device-behavior-car200] car cir 204800
[Device-behavior-car200] quit
# 創建QoS策略ABCupdown,並將流分類與流行為進行配對。
[Device] qos policy ABCupdown
[Device-qospolicy-ABCupdown] classifier vlan201 behavior car400
[Device-qospolicy-ABCupdown] classifier vlan202 behavior car200
[Device-qospolicy-ABCupdown] classifier vlan203 behavior car200
[Device-qospolicy-ABCupdown] quit
# 在端口Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet1/0/2和Ten-GigabitEthernet1/0/3的入方向和出方向分別應用QoS策略ABCupdown。
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] qos apply policy ABCupdown inbound
[Device-Ten-GigabitEthernet1/0/1] qos apply policy ABCupdown outbound
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] interface ten-gigabitethernet 1/0/2
[Device-Ten-GigabitEthernet1/0/2] qos apply policy ABCupdown inbound
[Device-Ten-GigabitEthernet1/0/2] qos apply policy ABCupdown outbound
[Device-Ten-GigabitEthernet1/0/2] quit
[Device] interface ten-gigabitethernet 1/0/3
[Device-Ten-GigabitEthernet1/0/3] qos apply policy ABCupdown inbound
[Device-Ten-GigabitEthernet1/0/3] qos apply policy ABCupdown outbound
[Device-Ten-GigabitEthernet1/0/3] quit
(2) 對接收和發送公司骨幹網的報文進行流量監管。
# 創建流行為car100,並配置流量監管的動作,承諾速率為100Mbps。
[Device] traffic behavior car100
[Device-behavior-car100] car cir 102400
[Device-behavior-car100] quit
# 創建流行為car60,並配置流量監管的動作,承諾速率為60Mbps。
[Device] traffic behavior car60
[Device-behavior-car60] car cir 61440
[Device-behavior-car60] quit
# 創建流行為car40,並配置流量監管的動作,承諾速率為40Mbps。
[Device] traffic behavior car40
[Device-behavior-car40] car cir 40960
[Device-behavior-car40] quit
# 創建QoS策略ABCupdown,並將流分類與流行為進行配對。
[Device] qos policy BONEupdown
[Device-qospolicy-BONEupdown] classifier vlan201 behavior car100
[Device-qospolicy-BONEupdown] classifier vlan202 behavior car60
[Device-qospolicy-BONEupdown] classifier vlan203 behavior car40
[Device-qospolicy-BONEupdown] quit
# 在端口GigabitEthernet1/0/10的入方向和出方向分別應用QoS策略BONEupdown。
[Device] interface ten-gigabitethernet 1/0/10
[Device-Ten-GigabitEthernet1/0/10] qos apply policy BONEupdown inbound
[Device-Ten-GigabitEthernet1/0/10] qos apply policy BONEupdown outbound
[Device-Ten-GigabitEthernet1/0/10] quit
在處理由分支機構上行至骨幹網的報文時,交換機將按下圖順序執行動作。
圖3 上行方向報文處理流程示意圖(以VLAN1001為例)
在處理在由骨幹網下行至分支機構的報文時,交換機將按下圖順序執行動作。
圖4 下行方向報文處理流程示意圖(以VLAN201為例)
# 執行display qos policy interface命令查看端口上QoS策略的應用狀態。此處以Ten-GigabitEthernet1/0/10為例。
[Device] display qos policy interface ten-gigabitethernet 1/0/10
Interface: Ten-GigabitEthernet1/0/10
Direction: Inbound
Policy: BONEupdown
Classifier: vlan201
Operator: AND
Rule(s) :
If-match customer-vlan-id 201
Behavior: car100
Committed Access Rate:
CIR 102400 (kbps), CBS 6400000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Classifier: vlan202
Operator: AND
Rule(s) :
If-match customer-vlan-id 202
Behavior: car60
Committed Access Rate:
CIR 61440 (kbps), CBS 3840000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Classifier: vlan203
Operator: AND
Rule(s) :
If-match customer-vlan-id 203
Behavior: car40
Committed Access Rate:
CIR 40960 (kbps), CBS 2560000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Interface: Ten-GigabitEthernet1/0/10
Direction: Outbound
Policy: BONEupdown
Classifier: vlan201
Operator: AND
Rule(s) :
If-match customer-vlan-id 201
Behavior: car100
Committed Access Rate:
CIR 102400 (kbps), CBS 6400000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Classifier: vlan202
Operator: AND
Rule(s) :
If-match customer-vlan-id 202
Behavior: car60
Committed Access Rate:
CIR 61440 (kbps), CBS 3840000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
Classifier: vlan203
Operator: AND
Rule(s) :
If-match customer-vlan-id 203
Behavior: car40
Committed Access Rate:
CIR 40960 (kbps), CBS 2560000 (Bytes), EBS 0 (Bytes)
Green action : pass
Yellow action : pass
Red action : discard
Green packets : 0 (Packets)
Red packets : 0 (Packets)
#
traffic classifier vlan201 operator and
if-match customer-vlan-id 201
#
traffic classifier vlan202 operator and
if-match customer-vlan-id 202
#
traffic classifier vlan203 operator and
if-match customer-vlan-id 203
#
traffic behavior car40
car cir 40960 cbs 2560000 ebs 0 green pass red discard yellow pass
#
traffic behavior car60
car cir 61440 cbs 3840000 ebs 0 green pass red discard yellow pass
#
traffic behavior car100
car cir 102400 cbs 6400000 ebs 0 green pass red discard yellow pass
#
traffic behavior car200
car cir 204800 cbs 12800000 ebs 0 green pass red discard yellow pass
#
traffic behavior car400
car cir 409600 cbs 25600000 ebs 0 green pass red discard yellow pass
#
qos policy ABCupdown
classifier vlan201 behavior car400
classifier vlan202 behavior car200
classifier vlan203 behavior car200
#
qos policy BONEupdown
classifier vlan201 behavior car100
classifier vlan202 behavior car60
classifier vlan203 behavior car40
#
interface Ten-GigabitEthernet1/0/10
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 201 to 203
qos apply policy BONEupdown inbound
qos apply policy BONEupdown outbound
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 201 to 203 1001 to 1003
vlan mapping 1001 translated-vlan 201
vlan mapping 1002 translated-vlan 202
vlan mapping 1003 translated-vlan 203
qos apply policy ABCupdown inbound
qos apply policy ABCupdown outbound
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 201 to 203 1001 to 1003
vlan mapping 1001 translated-vlan 201
vlan mapping 1002 translated-vlan 202
vlan mapping 1003 translated-vlan 203
qos apply policy ABCupdown inbound
qos apply policy ABCupdown outbound
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 201 to 203
qos apply policy ABCupdown inbound
qos apply policy ABCupdown outbound
#
如圖5所示,某企業內部包含研發和市場兩大部門,其中,研發部又分成研發部一部和研發部二部,各部門通過Device設備接入Internet。現企業要求在Device上配置聚合CAR功能對研發部訪問Internet的總帶寬進行限速,上行和下行的帶寬都不能超過10M。
圖5 聚合CAR配置組網圖
為了實現研發部訪問Internet的上行和下行帶寬都不超過10Mbps,可以在研發部與Device連接的兩個端口XGE1/0/1的出入方向上分別配置聚合CAR對上下行流量進行監管。
表3 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7639P01及以上版本 |
|
S10500X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-XS係列交換機 |
Release 7639P01及以上版本 |
|
S7600E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500X-X係列交換機 |
Release 7639P01及以上版本 |
|
S10500係列交換機 |
Release 7639P01及以上版本 |
|
S7600-X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-S係列交換機 |
Release 7639P01及以上版本 |
|
S7500E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500E係列交換機 |
Release 7639P01及以上版本 |
|
S7500X係列交換機 |
Release 7639P01及以上版本 |
|
S7600係列交換機 |
Release 7639P01及以上版本 |
|
S7000ET係列交換機 |
Release 7639P01及以上版本 |
(1) 配置上行方向聚合CAR
# 配置ACL規則,匹配上行流量的源IP地址。
<Device> system-view
[Device] acl basic 2000
[Device-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Device-acl-ipv4-basic-2000] rule permit source 192.168.2.0 0.0.0.255
[Device-acl-ipv4-basic-2000] quit
# 配置類,引用ACL。
[Device] traffic classifier uplink
[Device-classifier-uplink] if-match acl 2000
[Device-classifier-uplink] quit
# 配置聚合CAR,流量帶寬為10Mbps。
[Device] qos car uplink aggregative cir 10240
# 配置流行為,在流行為中引用聚合CAR。
[Device] traffic behavior uplink
[Device-behavior-uplink] car name uplink
[Device-behavior-uplink] quit
# 配置QoS策略。
[Device] qos policy uplink
[Device-qospolicy-uplink] classifier uplink behavior uplink
[Device-qospolicy-uplink] quit
# 將策略應用在端口XGE1/0/1的出方向上。
[Device] interface ten-GigabitEthernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] qos apply policy uplink outbound
[Device-Ten-GigabitEthernet1/0/1] quit
(2) 配置下行方向聚合CAR
# 配置ACL規則,匹配下行流量的目的IP地址。
[Device] acl advanced 3000
[Device-acl-ipv4-adv-3000] rule permit ip destination 192.168.1.0 0.0.0.255
[Device-acl-ipv4-adv-3000] rule permit ip destination 192.168.2.0 0.0.0.255
[Device-acl-ipv4-adv-3000] quit
# 配置類,引用ACL。
[Device] traffic classifier downlink
[Device-classifier-downlink] if-match acl 3000
[Device-classifier-downlink] quit
# 配置聚合CAR,流量帶寬為10Mbps。
[Device] qos car downlink aggregative cir 10240
# 配置流行為,在流行為中引用聚合CAR。
[Device] traffic behavior downlink
[Device-behavior-downlink] car name downlink
[Device-behavior-downlink] quit
# 配置QoS策略。
[Device] qos policy downlink
[Device-qospolicy-downlink] classifier downlink behavior downlink
[Device-qospolicy-downlink] quit
# 將策略應用在端口XGE1/0/1的入方向上。
[Device] interface ten-GigabitEthernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] qos apply policy downlink inbound
[Device-Ten-GigabitEthernet1/0/1] quit
# 執行display qos policy interface命令查看端口上QoS策略的應用狀態。
[Device] display qos policy interface
Interface: Ten-GigabitEthernet1/0/1
Direction: Inbound
Policy: downlink
Classifier: downlink
Operator: AND
Rule(s) :
If-match acl 3000
Behavior: downlink
Committed Access Rate:
Car name: downlink
Interface: Ten-GigabitEthernet1/0/1
Direction: Outbound
Policy: uplink
Classifier: uplink
Operator: AND
Rule(s) :
If-match acl 2000
Behavior: uplink
Committed Access Rate:
Car name: uplink
#
qos car downlink aggregative cir 10240 cbs 640000 ebs 0 green pass red discard yellow pass
qos car uplink aggregative cir 10240 cbs 640000 ebs 0 green pass red discard yellow pass
#
traffic classifier downlink operator and
if-match acl 3000
#
traffic classifier uplink operator and
if-match acl 2000
#
traffic behavior downlink
car name downlink
#
traffic behavior uplink
car name uplink
#
qos policy downlink
classifier downlink behavior downlink
#
qos policy uplink
classifier uplink behavior uplink
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
qos apply policy downlink inbound
qos apply policy uplink outbound
#
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 5 permit source 192.168.2.0 0.0.0.255
#
acl advanced 3000
rule 0 permit ip destination 192.168.1.0 0.0.0.255
rule 5 permit ip destination 192.168.2.0 0.0.0.255
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
