< Home

Configuring MQC-based Selective QinQ

Background

A traffic policy is configured by associating traffic classifiers with traffic behaviors. You can specify a VLAN ID or other information in a traffic classifier and associate the traffic classifier with a traffic behavior to implement selective QinQ. The switch then adds the specified outer VLAN tag to packets matching the traffic classifier.

MQC-based selective QinQ enables the switch to provide differentiated services based on service types.

Only the S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI support this configuration.

Procedure

  1. Configure a traffic classifier.

    1. Run system-view

      The system view is displayed.

    2. Run traffic classifier classifier-name [ operator { and | or } ]

      A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.

      If operator is specified, the switch treats the relationship between rules in a traffic classifier according to the selected operator.

      • The and operator means that packets match a traffic classifier containing ACL rules only if the packets match one ACL rule and all the non-ACL rules, or they match a traffic classifier containing no ACL rules only if the packets match all the rules in the classifier.

      • The or operator means that packets match a traffic classifier as long as they match one of the rules in the classifier.

      The default operator is or.

    3. Configure matching rules according to the following table.

      Matching Rule

      Command

      Remarks

      Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

      		 if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

      -

      Inner and outer VLAN IDs in QinQ packets

      if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ]

      -

      802.1p priority in VLAN packets

      		 if-match 8021p 8021p-value &<1-8>

      If you enter multiple values for 8021p-value, a packet matches the traffic classifier as long as it matches any one of the 802.1p priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      Destination MAC address

      		 if-match destination-mac mac-address [ mac-address-mask ]

      -

      Source MAC address

      		 if-match source-mac mac-address [ mac-address-mask ]

      -

      Protocol type field in the Ethernet frame header

      		 if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }

      -

      All packets

      		 if-match any

      -

      DSCP priority in IP packets

      if-match dscp dscp-value &<1-8>

      • If you enter multiple values for dscp-value in the command, a packet matches the traffic classifier as long as it matches any one of the DSCP values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      • If the relationship between rules in a traffic classifier is AND, the if-match dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

      IP precedence in IP packets

      		 if-match ip-precedence ip-precedence-value &<1-8>

      • If you enter multiple values for ip-precedence-value, a packet matches the traffic classifier as long as it matches any one of the IP precedence values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      • The if-match dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

      Layer 3 protocol type

      		 if-match protocol { ip | ipv6 }

      -

      SYN Flag in TCP packets

      if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

      -

      Inbound interface

      		 if-match inbound-interface interface-type interface-number

      A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.

      ACL rule

      		 if-match acl { acl-number | acl-name }
      • Before specifying an ACL in a matching rule, configure the ACL.
      • If an ACL in a traffic classifier defines multiple rules, a packet matches the ACL as long as it matches one of rules, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      ACL6 rule

      		 if-match ipv6 acl { acl-number | acl-name }

      Before specifying an ACL6 in a matching rule, configure the ACL6.

    4. Run quit

      Exit from the traffic classifier view.

  2. Configure a traffic behavior.
    1. Run traffic behavior behavior-name

      A traffic behavior is created and the traffic behavior view is displayed.

    2. Run add-tag vlan-id vlan-id

      An outer VLAN ID is specified in the traffic behavior.

      The specified VLAN ID must exist on the switch. You cannot create a VLAN specified by the original VLAN tag of a received packet.

    3. Run quit

      Exit from the traffic behavior view.

    4. Run quit

      Exit from the system view.

  3. Configure a traffic policy.

    1. Run system-view

      The system view is displayed.

    2. Run traffic policy policy-name

      A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

      After a traffic policy is applied, you cannot use the traffic policy command to modify the matching order of traffic classifiers in the traffic policy. To modify the matching order, delete the traffic policy, create a traffic policy, and then specify the matching order.

      When creating a traffic policy, you can specify the matching order of matching rules in the traffic policy. The matching order can be either the automatic order (auto) or configuration order (config):
      • If the automatic order is used, traffic classifiers are matched based on the priorities of their types. If the traffic policy is applied to the inbound direction on the S5720-EI, S6720-EI, or S6720S-EI, traffic classifiers based on the following information are matched in descending order of priority: Layer 2 and IPv4 Layer 3 information > advanced ACL6 > basic ACL6 > IPv4 Layer 3 information > Layer 2 information > user-defined ACL information. In other cases, traffic classifiers based on the following information are matched in descending order of priority: Layer 2 and IPv4 Layer 3 information > advanced ACL6 information > basic ACL6 information > Layer 2 information > IPv4 Layer 3 information > user-defined ACL information. If data traffic matches multiple traffic classifiers and the bound traffic behaviors conflict with each other, the traffic behavior corresponding to the highest priority rule takes effect.
      • If the configuration order is used, traffic classifiers are matched based on the sequence in which they are bound to traffic behaviors.

      If more than 128 ACL rules defining CAR are configured, a traffic policy must be applied to an interface, a VLAN, and the system in sequence in the outbound direction. In the preceding situation, if ACL rules need to be updated, delete the traffic policy from the interface, VLAN, and system and re-configure a traffic policy in sequence.

    3. Run classifier classifier-name behavior behavior-name

      The traffic behavior is bound to the traffic classifier in the traffic policy.

    4. Run quit

      Exit from the traffic policy view.

    5. Run quit

      Exit from the system view.

  4. Apply the traffic policy.
    • Applying a traffic policy to an interface

      1. Run system-view

        The system view is displayed.

      2. Run interface interface-type interface-number

        The interface view is displayed.

      3. Run traffic-policy policy-name { inbound | outbound }

        A traffic policy is applied to the interface.

        A traffic policy can be applied to only one direction on an interface, but a traffic policy can be applied to different directions on different interfaces. After a traffic policy is applied to an interface, the system performs traffic policing for all the incoming or outgoing packets that match traffic classification rules on the interface.

    • Applying a traffic policy to a VLAN

      1. Run system-view

        The system view is displayed.

      2. Run vlan vlan-id

        The VLAN view is displayed.

      3. Run traffic-policy policy-name { inbound | outbound }

        A traffic policy is applied to the VLAN.

        Only one traffic policy can be applied to a VLAN in the inbound or outbound direction.

        After a traffic policy is applied, the system performs traffic policing for the packets that belong to a VLAN and match traffic classification rules in the inbound or outbound direction.

    • Applying a traffic policy to the system

      1. Run system-view

        The system view is displayed.

      2. Run traffic-policy policy-name global { inbound | outbound } [ slot slot-id ]

        A traffic policy is applied to the system.

        Only one traffic policy can be applied to the system or slot in one direction. A traffic policy cannot be applied to the same direction in the system and slot simultaneously.

        In a stack, a traffic policy that is applied to the system takes effect on all the interfaces and VLANs of all the member switches in the stack. The system then performs traffic policing for all the incoming and outgoing packets that match traffic classification rules on all the member switches. A traffic policy that is applied to a specified slot takes effect on all the interfaces and VLANs of the member switch with the specified stack ID. The system then performs traffic policing for all the incoming and outgoing packets that match traffic classification rules on this member switch.

        On a standalone switch, a traffic policy that is applied to the system takes effect on all the interfaces and VLANs of the local switch. The system then performs traffic policing for all the incoming and outgoing packets that match traffic classification rules on the local switch. Traffic policies applied to the slot and system have the same functions.

Verifying the Configuration

  • Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration on the switch.
  • Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration on the switch.
  • Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ] command to check the user-defined traffic policy configuration.
  • Run the display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to check traffic actions and ACL rules associated with the system, a VLAN, or an interface.
  • Run the display traffic policy { interface [ interface-type interface-number ] | vlan [ vlan-id ] | global } [ inbound | outbound ] command to check the traffic policy configuration on the switch.
  • Run the display traffic-policy applied-record [ policy-name ] command to check the record of the specified traffic policy.
Parent Topic: Configuring Selective QinQ
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic