Example for Configuring Rate Limiting Based on VLAN IDs

Overview

In addition to an ACL, a traffic classifier in MQC defines many Layer 2 and Layer 3 matching rules such as the VLAN ID, 802.1p priority, DSCP priority, source MAC address, and destination MAC address. You can configure different traffic classifiers on the device to identify packets and configure actions for them such as rate limiting, statistics, or mirroring.

In this example, traffic classifiers are configured based on VLAN IDs and different CIR values are configured so that the device allocates different bandwidth to service flows.

Configuration Notes

For applicable product models and versions, see Applicable Product Models and Versions.

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Networking Requirements

In Figure 1, the Switch connects to the router through GE2/0/1, and the enterprise connects to the Internet through the Switch and router.

Voice, video, and data services are transmitted in VLAN 120, VLAN 110, and VLAN 100 respectively.

Traffic policing needs to be configured on the Switch to police packets of different services so that traffic is limited within a proper range, guaranteeing bandwidth of each service.

Voice, video, and data services have QoS requirements in descending order of priority. The Switch needs to re-mark DSCP priorities in different service packets so that the downstream router processes them based on priorities, ensuring QoS of different services.

Table 1 describes the QoS requirements.

**Table 1** QoS guarantee for uplink traffic on the Switch
Traffic Type	CIR (kbit/s)	PIR (kbit/s)	DSCP Priority
Voice	2000	10000	46
Video	4000	10000	30
Data	4000	10000	14

Figure 1 Networking of traffic policing

Configuration Roadmap

The configuration roadmap is as follows:

Create a VLAN and configure interfaces so that the enterprise can access the Internet through the Switch.
Configure traffic classifiers on the Switch to classify packets based on VLAN IDs.
Configure traffic behaviors on the Switch to limit the rate of packets and re-mark DSCP priorities of packets.
Configure a traffic policy on the Switch, bind traffic behaviors and traffic classifiers, and apply the traffic policy to the interface on the Switch connected to the LSW.

Procedure

Create VLANs and configure interfaces.

# Create VLAN 100, VLAN 110, and VLAN 120 on the Switch.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 110 120

# Configure GE1/0/1 and GE2/0/1 as trunk interfaces and add them to VLAN 100, VLAN 110, and VLAN 120.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 110 120
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 2/0/1
[Switch-GigabitEthernet2/0/1] port link-type trunk
[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 110 120
[Switch-GigabitEthernet2/0/1] quit

Configure traffic classifiers.

# Configure traffic classifiers c1, c2, and c3 on the Switch to classify different service flows based on VLAN IDs.

[Switch] traffic classifier c1 operator and
[Switch-classifier-c1] if-match vlan-id 120  //Configure a matching rule to match packets with VLAN 120.
[Switch-classifier-c1] quit
[Switch] traffic classifier c2 operator and
[Switch-classifier-c2] if-match vlan-id 110  //Configure a matching rule to match packets with VLAN 110.
[Switch-classifier-c2] quit
[Switch] traffic classifier c3 operator and
[Switch-classifier-c3] if-match vlan-id 100  //Configure a matching rule to match packets with VLAN 100.
[Switch-classifier-c3] quit

Configure traffic behaviors.

# Configure traffic behaviors b1, b2, and b3 on the Switch to police service flows and re-mark priorities of the service flows, and configure traffic statistics.

[Switch] traffic behavior b1
[Switch-behavior-b1] car cir 2000 pir 10000 green pass  //Set the CIR of packets with VLAN 120 to 2000 kbit/s.
[Switch-behavior-b1] remark dscp 46  //Configure the device to re-mark DSCP priorities of packets from VLAN 120 with 46.
[Switch-behavior-b1] statistic enable  //Enable traffic statistics.
[Switch-behavior-b1] quit
[Switch] traffic behavior b2
[Switch-behavior-b2] car cir 4000 pir 10000 green pass
[Switch-behavior-b2] remark dscp 30
[Switch-behavior-b2] statistic enable
[Switch-behavior-b2] quit
[Switch] traffic behavior b3
[Switch-behavior-b3] car cir 4000 pir 10000 green pass
[Switch-behavior-b3] remark dscp 14
[Switch-behavior-b3] statistic enable
[Switch-behavior-b3] quit

Configure a traffic policy and apply the traffic policy to an interface.

# Create a traffic policy p1 on the Switch, bind the traffic classifiers and traffic behaviors to the traffic policy, and apply the traffic policy to GE1/0/1 in the inbound direction to police packets and re-mark the packet priorities.

[Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] classifier c2 behavior b2
[Switch-trafficpolicy-p1] classifier c3 behavior b3
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound
[Switch-GigabitEthernet1/0/1] quit

Verify the configuration.

# Check the traffic classifier configuration.

[Switch] display traffic classifier user-defined
  User Defined Classifier Information:
   Classifier: c2
    Precedence: 10
    Operator: AND
    Rule(s) : if-match vlan-id 110
             
   Classifier: c3
    Precedence: 15
    Operator: AND
    Rule(s) : if-match vlan-id 100
             
   Classifier: c1
    Precedence: 5
    Operator: AND
    Rule(s) : if-match vlan-id 120
             
Total classifier number is 3

# Check the configuration of the traffic policy p1.

[Switch] display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c2
    Operator: AND
     Behavior: b2
      Permit
      Committed Access Rate:
        CIR 4000 (Kbps), PIR 10000 (Kbps), CBS 500000 (byte), PBS 1250000 (byte)
        Color Mode: color Blind
        Conform Action: pass
        Yellow  Action: pass
        Exceed  Action: discard
       Remark:                            
        Remark DSCP af33
      Statistic: enable 
   Classifier: c3
    Operator: AND
     Behavior: b3
      Permit
      Committed Access Rate:
        CIR 4000 (Kbps), PIR 10000 (Kbps), CBS 500000 (byte), PBS 1250000 (byte)
        Color Mode: color Blind
        Conform Action: pass
        Yellow  Action: pass
        Exceed  Action: discard
      Remark:
        Remark DSCP af13
      Statistic: enable
   Classifier: c1
    Operator: AND
     Behavior: b1
      Permit
      Committed Access Rate:
        CIR 2000 (Kbps), PIR 10000 (Kbps), CBS 250000 (byte), PBS 1250000 (byte)
        Color Mode: color Blind
        Conform Action: pass
        Yellow  Action: pass
        Exceed  Action: discard
      Remark:
        Remark DSCP ef
      Statistic: enable

# Check information about the traffic policy that is applied to the interface. Voice packets on GE1/0/1 are used as an example. When the rate of the packets is larger than 10000 kbit/s, packet loss occurs. The rate of voice packets is limited within 10000 kbit/s.

[Switch] display traffic policy statistics interface gigabitethernet 1/0/1 inbound verbose classifier-base class c1

 Interface:  GigabitEthernet1/0/1
 Traffic policy inbound: p1
 Rule number: 3
 Current status: success
 Statistics interval: 300   
---------------------------------------------------------------------
 Board : 1
---------------------------------------------------------------------
 Matched          |      Packets:                        49,491
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                        40,971
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                         8,520
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
--------------------------------------------------------------------- 
     Car          |      Packets:                         8,520
                  |      Bytes:                               -
---------------------------------------------------------------------

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 100 110 120
#
traffic classifier c1 operator and precedence 5 
 if-match vlan-id 120
traffic classifier c2 operator and precedence 10
 if-match vlan-id 110
traffic classifier c3 operator and precedence 15
 if-match vlan-id 100
#
traffic behavior b1
 permit
 car cir 2000 pir 10000 cbs 250000 pbs 1250000 mode color-blind green pass yellow pass red discard
 remark dscp ef
 statistic enable
traffic behavior b2
 permit
 car cir 4000 pir 10000 cbs 500000 pbs 1250000 mode color-blind green pass yellow pass red discard
 remark dscp af33
 statistic enable
traffic behavior b3
 permit
 car cir 4000 pir 10000 cbs 500000 pbs 1250000 mode color-blind green pass yellow pass red discard
 remark dscp af13
 statistic enable
#
traffic policy p1 match-order config
 classifier c1 behavior b1
 classifier c2 behavior b2
 classifier c3 behavior b3
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 110 120
 traffic-policy p1 inbound
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 110 120
#
return

Applicable Product Models and Versions

**Table 2** Applicable product models and versions
Product	Product Model	Software Version
S2700	S2752EI	V100R006C05
	S2710-SI	V100R006C05
	S2720-EI	V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S2750-EI	V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
S3700	S3700-SI, S3700-EI	V100R006C05
S3700	S3700-HI	V200R001C00
S5700	S5700-LI	V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700S-LI	V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700-SI	V200R001C00, V200R002C00, V200R003C00, V200R005C00
	S5700-EI	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)
	S5700-HI	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)
	S5710-C-LI	V200R001C00
	S5710-X-LI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5710-EI	V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02)
	S5710-HI	V200R003C00, V200R005(C00&C02&C03)
	S5720-LI, S5720S-LI	V200R010C00, V200R011C00, V200R011C10, V200R012(C00&C20), V200R013C00, V200R019C00, V200R019C10
	S5720-SI, S5720S-SI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5720I-SI	V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5720-EI	V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5720-HI	V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5730-HI	V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5730-SI	V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5730S-EI	V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5731-H	V200R013C02, V200R019C00, V200R019C10
	S5731-S, S5731S-S	V200R019C00, V200R019C10
	S5731S-H	V200R019C00, V200R019C10
	S5732-H	V200R019C00, V200R019C10
	S5735-L, S5735S-L	V200R019C00, V200R019C10
	S5735S-L-M	V200R019C00, V200R019C10
	S5735-S, S5735S-S	V200R019C00, V200R019C10
S5700	S5735-S-I	V200R019C10
S6700	S6700-EI	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02)
	S6720-LI, S6720S-LI	V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720-SI, S6720S-SI	V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720-EI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720S-EI	V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720-HI	V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6730-H	V200R013C02, V200R019C00, V200R019C10
	S6730-S, S6730S-S	V200R019C00, V200R019C10
	S6730S-H	V200R019C10
S7700	S7703, S7706, S7712	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R013C02, V200R019C00, V200R019C10
	S7703 PoE	V200R013C00, V200R019C00, V200R019C10
	S7706 PoE	V200R013C00, V200R019C00, V200R019C10
S9700	S9703, S9706, S9712	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00