Example for Configuring a Traffic Policy to Collect Statistics on Ping Packets
Overview
During network fault rectification, devices may fail to ping each other. You can configure the device to collect statistics on ping packets to narrow the search scope and locate fault points rapidly.
Ping packets are ICMP packets, so you can define ICMP in an advanced ACL to match ping packets. When a traffic policy is used to collect statistics on ping packets, an ACL is used to classify packets and the traffic statistics action is defined for matched packets. The statistics results helps locate faults.
- If the numbers of received and forwarded ping packets on a device are the same, ping packets are forwarded normally and no packet loss occurs. If the number of received ping packets is larger than the number of forwarded ping packets, packet loss occurs on the device.
- If the number of received ping packets is equal to the number of received ping packets on an interface, ping packets are forwarded normally and no packet loss occurs on the link of the interface. If the number of sent ping packets is larger than the number of received ping packets on the interface, packet loss occurs on the link of the interface. In this case, the remote device needs to be configured to collect packet statistics for fault location.
Configuration Notes
For applicable product models and versions, see Applicable Product Models and Versions.
For details about software mappings, visit Hardware Query Tool and search for the desired product model.
Networking Requirements
In Figure 1, the PC cannot access the server. The device where data flows pass needs to be configured to collect statistics on ping packets so that the fault point can be located.
Configuration Roadmap
- Create VLANs and configure interfaces to ensure network connectivity.
- Configure ACLs to match ICMP packets exchanged between the PC and server.
- Configure traffic classifiers to classify packets based on the ACLs.
- Configure traffic behaviors and define the traffic statistics action.
- Configure traffic policies, bind the traffic classifiers and traffic behaviors to the traffic policies, and apply the traffic policies to inbound and outbound directions of GE1/0/1 and GE1/0/2 of the Switch.
Procedure
- Create VLANs and configure interfaces.
# Configure the Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 10 //Create VLAN 10. [Switch-vlan10] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type access //Set the link type of the interface to access. [Switch-GigabitEthernet1/0/1] port default vlan 10 //Add the interface to VLAN 10. [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type access [Switch-GigabitEthernet1/0/2] port default vlan 10 [Switch-GigabitEthernet1/0/2] quit
# Configure the PC's gateway address 10.1.1.2/24 for the interface of the router connected to the Switch, and configure the IP address 10.1.2.1/24 for the interface of the router connected to the server.
- Configure ACLs.
# Configure ACL rules on the Switch to match ICMP packets exchanged between the PC and server.
[Switch] acl 3001 [Switch-acl-adv-3001] rule permit icmp source 10.1.1.1 0 destination 10.1.2.10 0 //Configure an ACL rule to permit packets from the PC to the server. [Switch-acl-adv-3001] quit [Switch] acl 3002 [Switch-acl-adv-3002] rule permit icmp source 10.1.2.10 0 destination 10.1.1.1 0 //Configure an ACL rule to permit packets from the server to the PC. [Switch-acl-adv-3002] quit
- Configure traffic classifiers.
# Configure traffic classifiers on the Switch to classify packets based on the ACL.
[Switch] traffic classifier c1 operator and [Switch-classifier-c1] if-match acl 3001 [Switch-classifier-c1] quit [Switch] traffic classifier c2 operator and [Switch-classifier-c2] if-match acl 3002 [Switch-classifier-c2] quit
- Configure traffic behaviors.
# Configure traffic behaviors on the Switch and define the traffic statistics action in the traffic behaviors.
[Switch] traffic behavior b1 [Switch-behavior-b1] statistic enable [Switch-behavior-b1] quit [Switch] traffic behavior b2 [Switch-behavior-b2] statistic enable [Switch-behavior-b2] quit
- Configure traffic policies and apply the traffic policies to interfaces.
# Create traffic policies p1 and p2 on the Switch, bind the traffic behaviors and traffic classifiers to the traffic policies, apply the traffic policy p1 to the inbound direction of GE1/0/1 and outbound direction of GE1/0/2, and apply the traffic policy p2 to the outbound direction of GE1/0/1 and inbound direction of GE1/0/2.
[Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] quit [Switch] traffic policy p2 [Switch-trafficpolicy-p2] classifier c2 behavior b2 [Switch-trafficpolicy-p2] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound [Switch-GigabitEthernet1/0/1] traffic-policy p2 outbound [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] traffic-policy p1 outbound [Switch-GigabitEthernet1/0/2] traffic-policy p2 inbound [Switch-GigabitEthernet1/0/2] quit
- Verify the configuration.
# Check the ACL configuration on the Switch.
[Switch] display acl all Total nonempty ACL number is 2 Advanced ACL 3001, 1 rule Acl's step is 5 rule 5 permit icmp source 10.1.1.1 0 destination 10.1.2.10 0 (match-counter 0) Advanced ACL 3002, 1 rule Acl's step is 5 rule 5 permit icmp source 10.1.2.10 0 destination 10.1.1.1 0 (match-counter 0)
In V200R009 and later versions, (match-counter 0) is not displayed in the display acl command output.
# Check the traffic policy configuration on the Switch.
[Switch] display traffic policy user-defined User Defined Traffic Policy Information: Policy: p2 Classifier: c2 Operator: AND Behavior: b2 Permit Statistic: enable Policy: p1 Classifier: c1 Operator: AND Behavior: b1 Permit Statistic: enable Total policy number is 2
# Ping the server from the PC and check the traffic statistics in the inbound and outbound directions of GE1/0/1 and GE1/0/2 on the Switch. Here, check the traffic statistics in the inbound direction of GE1/0/1.
[Switch] display traffic policy statistics interface gigabitethernet 1/0/1 inbound Interface: GigabitEthernet1/0/1 Traffic policy inbound: p1 Rule number: 1 Current status: success Statistics interval: 300 --------------------------------------------------------------------- Board : 1 --------------------------------------------------------------------- Matched | Packets: 0 | Bytes: 0 | Rate(pps): 0 | Rate(bps): 0 --------------------------------------------------------------------- Passed | Packets: 0 | Bytes: 0 | Rate(pps): 0 | Rate(bps): 0 --------------------------------------------------------------------- Dropped | Packets: 0 | Bytes: 0 | Rate(pps): 0 | Rate(bps): 0 --------------------------------------------------------------------- Filter | Packets: 0 | Bytes: 0 --------------------------------------------------------------------- Car | Packets: 0 | Bytes: 0 ---------------------------------------------------------------------
Matched indicates the numbers of packets and bytes matching the traffic classifier, and Passed indicates the numbers of forwarded packets and bytes matching the traffic classifier. The following table describes the traffic statistics.
Traffic Statistics on GigabitEthernet1/0/1
Traffic Statistics on GigabitEthernet1/0/2
Description
display traffic policy statistics interface gigabitethernet 1/0/1 inbound
display traffic policy statistics interface gigabitethernet 1/0/2 outbound
- If the statistics are 0, ping request packets do not reach the Switch.
- If the statistics are consistent and are not 0, ping request packets are forwarded normally.
- If the statistics in the inbound direction of GigabitEthernet1/0/1 are more than the statistics in the outbound direction of GigabitEthernet1/0/2, ping request packets are discarded on the Switch and the Switch is the fault point.
display traffic policy statistics interface gigabitethernet 1/0/1 outbound
display traffic policy statistics interface gigabitethernet 1/0/2 inbound
- If the statistics are 0, ping response packets do not reach the Switch.
- If the statistics are consistent and are not 0, ping response packets are forwarded normally.
- If the statistics in the inbound direction of GigabitEthernet1/0/2 are more than the statistics in the outbound direction of GigabitEthernet1/0/1, ping response packets are discarded on the Switch and the Switch is the fault point.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 10 # acl number 3001 rule 5 permit icmp source 10.1.1.1 0 destination 10.1.2.10 0 acl number 3002 rule 5 permit icmp source 10.1.2.10 0 destination 10.1.1.1 0 # traffic classifier c1 operator and precedence 5 if-match acl 3001 traffic classifier c2 operator and precedence 10 if-match acl 3002 # traffic behavior b1 permit statistic enable traffic behavior b2 permit statistic enable # traffic policy p1 match-order config classifier c1 behavior b1 traffic policy p2 match-order config classifier c2 behavior b2 # interface GigabitEthernet1/0/1 port link-type access port default vlan 10 traffic-policy p1 inbound traffic-policy p2 outbound # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 traffic-policy p2 inbound traffic-policy p1 outbound # return
Applicable Product Models and Versions
Product |
Product Model |
Software Version |
|---|---|---|
S2700 |
S2752EI |
V100R006C05 |
S2710-SI |
V100R006C05 |
|
S2720-EI |
V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S2750-EI |
V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 |
|
S3700 |
S3700-SI, S3700-EI |
V100R006C05 |
S3700-HI |
V200R001C00 |
|
S5700 |
S5700-LI |
V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 |
S5700S-LI |
V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 |
|
S5700-SI |
V200R001C00, V200R002C00, V200R003C00, V200R005C00 |
|
S5700-EI |
V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03) |
|
S5700-HI |
V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02) |
|
S5710-C-LI |
V200R001C00 |
|
S5710-X-LI |
V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 |
|
S5710-EI |
V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02) |
|
S5710-HI |
V200R003C00, V200R005(C00&C02&C03) |
|
S5720-LI, S5720S-LI |
V200R010C00, V200R011C00, V200R011C10, V200R012(C00&C20), V200R013C00, V200R019C00, V200R019C10 |
|
S5720-SI, S5720S-SI |
V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5720I-SI |
V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5720-EI |
V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5720-HI |
V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5730-HI |
V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5730-SI |
V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5730S-EI |
V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S5731-H |
V200R013C02, V200R019C00, V200R019C10 |
|
S5731-S, S5731S-S |
V200R019C00, V200R019C10 |
|
S5731S-H |
V200R019C00, V200R019C10 |
|
S5732-H |
V200R019C00, V200R019C10 |
|
S5735-L, S5735S-L |
V200R019C00, V200R019C10 |
|
S5735S-L-M |
V200R019C00, V200R019C10 |
|
S5735-S, S5735S-S |
V200R019C00, V200R019C10 |
|
S5700 |
S5735-S-I |
V200R019C10 |
S6700 |
S6700-EI |
V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02) |
S6720-LI, S6720S-LI |
V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S6720-SI, S6720S-SI |
V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S6720-EI |
V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S6720S-EI |
V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S6720-HI |
V200R012C00, V200R013C00, V200R019C00, V200R019C10 |
|
S6730-H |
V200R013C02, V200R019C00, V200R019C10 |
|
S6730-S, S6730S-S |
V200R019C00, V200R019C10 |
|
S6730S-H |
V200R019C10 |
|
S7700 |
S7703, S7706, S7712 |
V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R013C02, V200R019C00, V200R019C10 |
S7703 PoE |
V200R013C00, V200R019C00, V200R019C10 |
|
S7706 PoE |
V200R013C00, V200R019C00, V200R019C10 |
|
S9700 |
S9703, S9706, S9712 |
V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00 |