< Home

Example for Configuring a Traffic Policy to Implement Rate Limiting

Overview

In a traffic policy, access control list (ACL) rules can be used to classify packets. ACLs are classified as basic, advanced, and Layer 2 ACLs. A basic ACL defines rules based on the source IP address, fragment flag, and time range. Traffic policing is configured in the traffic behavior to limit the rate of matched packets.

An Access Control List (ACL) consists of one or more rules. The rules determine whether packets match conditions such as source addresses, destination addresses, and port numbers of packets.

Configuration Notes

For applicable product models and versions, see Applicable Product Models and Versions.

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Networking Requirements

In Figure 1, the company has two departments, belonging to VLAN 10 and VLAN 20, respectively. Some servers are deployed in VLAN 10 and high bandwidth is required; employees need to access the Internet in VLAN 20 only and there are no high requirements for bandwidth. The company purchases a 10 Mbit/s leased line. The company requires the bandwidth for Internet access in VLAN 20 to be between 2 Mbit/s and 4 Mbit/s, and traffic exceeding 4 Mbit/s is discarded.

Figure 1 Configuring a traffic policy to implement rate limiting

Device

Interface

VLAN

Layer 3 Interface

IP Address

SwitchA

GigabitEthernet1/0/1

VLAN 10

-

-

GigabitEthernet1/0/2

VLAN 20

-

-

GigabitEthernet1/0/3

VLAN 10 and VLAN 20

-

-

Switch

GigabitEthernet1/0/1

VLAN 10 and VLAN 20

VLANIF 10 and VLANIF 20

VLANIF 10: 192.168.1.1/24

VLANIF 20: 192.168.2.1/24

GigabitEthernet1/0/2

VLAN 30

VLANIF 30

10.1.20.2/24

Configuration Roadmap

The configuration roadmap is as follows:
  1. Create VLANs, and configure interfaces and a routing protocol to implement interworking between the company and external network.
  2. Configure an ACL on the Switch to match traffic from a specified network segment.
  3. Configure a traffic classifier on the Switch to classify packets based on the ACL.
  4. Configure a traffic behavior on the Switch to limit the rate of matched traffic.
  5. Configure a traffic policy on the Switch, bind the traffic policy to the traffic classifier and traffic behavior, and apply the traffic policy to GE1/0/1 connected to SwitchA in the inbound direction to implement rate limiting.

Procedure

  1. Create VLANs, and configure interfaces and a routing protocol.

    # Configure the switch.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20 30  //Create VLAN 10, VLAN 20, and VLAN 30.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk  //Set the link type of the interface to trunk.
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20  //Add the interface to VLAN 10 and VLAN 20.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type access  //Set the link type of the interface to access.
[Switch-GigabitEthernet1/0/2] port default vlan 30  //Add the interface to VLAN 30.
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface vlanif 10  //Create a VLANIF interface.
[Switch-Vlanif10] ip address 192.168.1.1 255.255.255.0  //Configure an IP address for the VLANIF interface. The IP address is the gateway address of network segment 192.168.1.0/24.
[Switch-Vlanif10] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 192.168.2.1 255.255.255.0
[Switch-Vlanif20] quit
[Switch] interface vlanif 30  //Create a VLANIF interface.
[Switch-Vlanif30] ip address 10.1.20.2 255.255.255.0  //Configure an IP address for the VLANIF interface to connect to the router.
[Switch-Vlanif30] quit
[Switch] ip route-static 0.0.0.0 0 10.1.20.1  //Configure a static route pointing to the external network to implement interworking.

    # Configure SwitchA.

    <HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20  //Create VLAN 10 and VLAN 20.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access  //Set the link type of the interface to access.
[SwitchA-GigabitEthernet1/0/1] port default vlan 10  //Add the interface to VLAN 10.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 20
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk  //Set the link type of the interface to trunk.
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20  //Add the interface to VLAN 10 and VLAN 20.
[SwitchA-GigabitEthernet1/0/3] quit

    # Configure the router.

    Configure the IP address of 10.1.20.1/24 for the interface of the router connected to the switch.

  2. Configure an ACL.

    # Configure an ACL on the Switch to match traffic from network segment 192.168.2.0/24.

    [Switch] acl 3000
[Switch-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255
[Switch-acl-adv-3000] quit

  3. Configure a traffic classifier.

    # Configure a traffic classifier on the Switch to classify packets based on the ACL.

    [Switch] traffic classifier c1 operator and
[Switch-classifier-c1] if-match acl 3000
[Switch-classifier-c1] quit

  4. Configure a traffic behavior.

    # Configure a traffic behavior on the Switch to limit the rate of matched traffic.

    [Switch] traffic behavior b1
[Switch-behavior-b1] car cir 2048 pir 4096  //Set the CIR to 2 Mbit/s and PIR to 4 Mbit/s.
[Switch-behavior-b1] statistic enable
[Switch-behavior-b1] quit

  5. Configure a traffic policy and apply the traffic policy to an interface.

    # Create a traffic policy on the Switch, bind the traffic behavior and traffic classifier to the traffic policy, and apply the traffic policy to the inbound direction of GE1/0/1 connected to SwitchA.

    [Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound
[Switch-GigabitEthernet1/0/1] quit

  6. Verify the configuration.

    # Check the ACL configuration.

    [Switch] display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 5
 rule 5 permit ip source 192.168.2.0 0.0.0.255 (match-counter 0)

    # Check the traffic policy configuration.

    [Switch] display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: AND
     Behavior: b1
      Permit
      Committed Access Rate:
        CIR 2048 (Kbps), PIR 4096 (Kbps), CBS 256000 (byte), PBS 512000 (byte)
        Color Mode: color Blind
        Conform Action: pass
        Yellow  Action: pass
        Exceed  Action: discard
      Statistic: enable

    # Check the traffic policy that is applied to the interface. When the rate of packets from network segment 192.168.2.0/24 is larger than 4 Mbit/s, packet loss occurs. The rate of packets from the network segment is limited within 4 Mbit/s.

    [Switch] display traffic policy statistics interface gigabitethernet 1/0/1 inbound

 Interface:  GigabitEthernet1/0/1
 Traffic policy inbound: p1
 Rule number: 3
 Current status: success
 Statistics interval: 300   
---------------------------------------------------------------------
 Board : 1
---------------------------------------------------------------------
 Matched          |      Packets:                        82,455
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                        53,385
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                        29,070
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
--------------------------------------------------------------------- 
     Car          |      Packets:                        29,070
                  |      Bytes:                               -
---------------------------------------------------------------------

Configuration Files

  • Switch configuration file

    #
sysname Switch
#
vlan batch 10 20 30
#
acl number 3000
 rule 5 permit ip source 192.168.2.0 0.0.0.255
#
traffic classifier c1 operator and precedence 5
 if-match acl 3000
#
traffic behavior b1
 permit
 car cir 2048 pir 4096 cbs 256000 pbs 512000 mode color-blind green pass yellow pass red discard
 statistic enable
#
traffic policy p1 match-order config
 classifier c1 behavior b1
#
interface Vlanif10
 ip address 192.168.1.1 255.255.255.0
#
interface Vlanif20
 ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
 ip address 10.1.20.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
 traffic-policy p1 inbound
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 30
#
ip route-static 0.0.0.0 0.0.0.0 10.1.20.1
#
return

  • SwitchA configuration file

    #
sysname SwitchA
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
return

Applicable Product Models and Versions

Table 1 Applicable product models and versions

Product

Product Model

Software Version

S2700

S2752EI

V100R006C05

S2710-SI

V100R006C05

S2720-EI

V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S2750-EI

V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S3700

S3700-SI, S3700-EI

V100R006C05

S3700-HI

V200R001C00

S5700

S5700-LI

V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S5700S-LI

V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S5700-SI

V200R001C00, V200R002C00, V200R003C00, V200R005C00

S5700-EI

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)

S5700-HI

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)

S5710-C-LI

V200R001C00

S5710-X-LI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S5710-EI

V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02)

S5710-HI

V200R003C00, V200R005(C00&C02&C03)

S5720-LI, S5720S-LI

V200R010C00, V200R011C00, V200R011C10, V200R012(C00&C20), V200R013C00, V200R019C00, V200R019C10

S5720-SI, S5720S-SI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5720I-SI

V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5720-EI

V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5720-HI

V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5730-HI

V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5730-SI

V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5730S-EI

V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5731-H

V200R013C02, V200R019C00, V200R019C10

S5731-S, S5731S-S

V200R019C00, V200R019C10

S5731S-H

V200R019C00, V200R019C10

S5732-H

V200R019C00, V200R019C10

S5735-L, S5735S-L

V200R019C00, V200R019C10

S5735S-L-M

V200R019C00, V200R019C10

S5735-S, S5735S-S

V200R019C00, V200R019C10

S5700

S5735-S-I

V200R019C10

S6700

S6700-EI

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02)

S6720-LI, S6720S-LI

V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720-SI, S6720S-SI

V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720-EI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720S-EI

V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720-HI

V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6730-H

V200R013C02, V200R019C00, V200R019C10

S6730-S, S6730S-S

V200R019C00, V200R019C10

S6730S-H

V200R019C10

S7700

S7703, S7706, S7712

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R013C02, V200R019C00, V200R019C10

S7703 PoE

V200R013C00, V200R019C00, V200R019C10

S7706 PoE

V200R013C00, V200R019C00, V200R019C10

S9700

S9703, S9706, S9712

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00
Parent Topic: Typical QoS Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >