Defining a Traffic Behavior and Configuring Actions

This section describes the traffic behaviors supported by the device and how to configure actions for a traffic behavior.

Context

The device supports various types of traffic behaviors. You can choose one or more traffic behaviors as required.

Procedure

  • Configure packet filtering actions.
    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior–name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run permit | deny

      Packets are allowed or forbidden to pass.

      If both the if-match any and deny parameters are configured in an MF classification rule, the device discards all packets, including protocol packets, that flow through an interface. Therefore, exercise caution when configuring both the if-match any and deny parameters in a traffic classification rule.

      If the permit or deny action is configured in both the rule command and the traffic behavior view, only the packets that are permitted by the rule command are processed according to the configured traffic behavior. If the deny action is configured in either the rule command or the traffic behavior view, all the matched packets are discarded.

    4. Run commit

      The configuration is committed.

  • Configure traffic policing actions.
    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior–name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run car { cir cir-value [ pir pir-value ] } [ cbs cbs-value [ pbs pbs-value ] ] [ adjust adjust-value ] [ green { discard | pass [ remark dscp dscp | service-class class color color ] } | yellow { discard | pass [ remark dscp dscp | service-class class color color ] } | red { discard | pass [ remark dscp dscp | service-class class color color ] } ] * [ summary ] [ color-aware ] [ limit-type pps ]

      A traffic policing action is configured.After you configure a traffic policing action for a traffic policy, the traffic policy can be applied to both incoming and outgoing traffic on an interface.

      The original qos car command that is configured on an interface will be affected after a traffic policy configured with a traffic policing action is applied to the interface.

      If this command is run more than once, the last configuration overrides the previous one.

      If the CoS of a packet is re-marked as EF, BE, CS6, or CS7, the packet can be re-marked only green.

    4. Run user-queue cir cir-value [ [ pir pir-value ] | [ flow-queue flow-queue-name ] | [ user-group-queue group-name ] | [ service-template service-template-name ] ]*

      Class-based HQoS scheduling is specified as the traffic behavior.

      The user-queue and car commands are mutually exclusive in the same traffic behavior.

      The outgoing traffic supports class-based HQoS scheduling only when the traffic policy works in unshared mode and is applied to an ETM subcard.

    5. (Optional) Run flow-car cir cir-value [ pir pir-value ] [ cbs cbs-value [ pbs pbs-value ] ] identifier { source-ip | destination-ip }

      Flow CAR is implemented for flows with the source or destination IP addresses residing on the specified network segment.

    6. Run commit

      The configuration is committed.

  • Configure suppression for broadcast, multicast, and unknown unicast packets.
    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior–name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run broadcast-suppression cir cir-value [ cbs cbs-value ] [ green { discard | pass [ service-class class color { green | yellow | red } ] } | red { discard | pass [ service-class class color { green | yellow | red } ] } ] *

      The rate at which broadcast packets are transmitted is restricted.

    4. Run multicast-suppression cir cir-value [ cbs cbs-value ] [ green { discard | pass [ service-class class color { green | yellow | red } ] } | red { discard | pass [ service-class class color { green | yellow | red } ] } ] *

      The rate at which multicast packets are transmitted is restricted.

    5. Run unknown-unicast-suppression cir cir-value [ cbs cbs-value ] [ green { discard | pass [ service-class class color { green | yellow | red } ] } | red { discard | pass [ service-class class color { green | yellow | red } ] } ] *

      The rate at which unknown unicast packets are transmitted is restricted.

    The configured traffic behavior can be applied to the incoming or outgoing traffic on an interface.

    After traffic suppression is applied to an interface, the packets matching the rules are processed based on the traffic behavior, and the packets not matching the rules are forwarded.

  • Configure forced traffic classification.
    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior-name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run service-class service-class color color

      Packets with a certain CoS are colored.

    4. (Optional) Run service-class service-class color color track { master | slave } bfd-session session-name bfd-session-name

      The function of marking matching packets' CoS and color based on the status of the specified BFD session is configured.

    5. Run commit

      The configuration is committed.

  • Set the packet precedence.
    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior–name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Configure the router as follows:

      • To re-mark the precedence of IP packets, run the remark ip-precedence ip-precedence command.

      • To re-mark the DSCP value of IP packets, run the remark [ ipv6 ] dscp dscp-value command.

      • To re-mark the precedence of VLAN packets, run the remark 8021p 8021p-value command.

      • To re-mark the ToS value of IP packets, run the remark tos tos command.

      • To re-mark the DF value of IP packets, run the remark ip-df dfvalue command.
      • To re-mark the TTL value of IP packets, run the remark ttl ttl-value command.

      To re-mark the DSCP value of IPv6 packets, run the remark ipv6 dscp dscp-value command.

    4. Run commit

      The configuration is committed.

  • Set packet forwarding actions.

    • Redirecting of packets to the public network LSP applies only to the ingress node of an MPLS network, instead of other nodes such as transit and egress nodes.
    • Redirecting of packets to the public network LSP can be configured only for single-tagged MPLS packets.

    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior-name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Configure the router as follows:

      • To directly forward packets without redirecting them, run the permit command in the traffic behavior view.

      • To directly drop packets without redirecting them, run the deny command in the traffic behavior view.

        The deny action is mutually exclusive with other traffic actions. Traffic that is configured with the deny action cannot be further processed unless the traffic is configured with the permit action.

      • To configure the IPv4 address and outbound interface, VPN instance, and NQA instance on a single next hop for redirecting IPv4 packets, run the following commands:
        • redirect ip-nexthop ip-address interface interface-type interface-number [ route-forward ] [ pri-type common ]
        • redirect ip-nexthop ip-address nqa nqa-test-administer-name name-of-nqa-test-instance [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ] [ public-network ]
        • redirect ip-nexthop ip-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
      • To configure the IPv4 addresses and outbound interfaces, VPN instances, and NQA instances on multiple next hops for redirecting IPv4 packets, run the following commands:
        • redirect ipv4-multinhp { nhp ip-address interface interface-type interface-number } &<2-42> [ loadbalance [ sip-hash ] ] [ route-forward ] [ pri-type common ][ unequal-cost ]
        • redirect ipv4-multinhp { nhp ip-address nqa nqa-test-administer-name name-of-nqa-test-instance } &<2-42> [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
        • redirect ipv4-multinhp { nhp ip-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] } &<2-42> [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ] [ non-revertive ]
      • To configure the IPv6 address and outbound interface, VPN instance, and NQA instance on a single next hop for redirecting IPv6 packets, run the following commands:
        • redirect ipv6-nexthop ipv6-address interface interface-type interface-number [ route-forward ] [ pri-type common ]
        • redirect ipv6-nexthop ipv6-address nqa nqa-test-administer-name name-of-nqa-test-instance [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
        • redirect ipv6-nexthop ipv6-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
      • To configure the IPv6 addresses and outbound interfaces, VPN instances, and NQA instances on multiple next hops for redirecting IPv6 packets, run the following commands:
        • redirect ipv6-multinhp { nhp ipv6-address interface interface-type interface-number } &<2-16> [ loadbalance [ sip-hash ] ] [ route-forward ] [ pri-type common ] [ unequal-cost ]
        • redirect ipv6-multinhp { nhp ipv6-address nqa nqa-test-administer-name name-of-nqa-test-instance } &<2-16> [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
        • redirect ipv6-multinhp { nhp ipv6-address vpn vpn-instance-name [ nqa nqa-test-administer-name name-of-nqa-test-instance ] } &<2-16> [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
      • In a scenario in which a forward PBR policy redirects packets to a single next hop whose IP address matches a default route or a black-hole route, if you want packets to be forwarded based on the destination IP address, run either of the following commands:
        • redirect ip-nexthop ip-address [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ] [ public-network ]
        • redirect ipv6-nexthop ipv6-address [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
      • In a scenario in which a forward PBR policy redirects packets to multiple next hops whose IP addresses match default or black-hole routes, if you want packets to be forwarded based on the destination IP address, run either of the following commands:
        • redirect ipv4-multinhp { nhp ip-address } &<2-42> [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
        • redirect ipv6-multinhp { nhp ipv6-address } &<2-16> [ routing-filter { default-routing | blackhole-routing } * ] [ pri-type common ]
      • To redirect IPv4 or IPv6 packets to be forwarded using private network routes to public network routes' outbound interfaces, run the redirect { ip | ipv6 } public-network command.

      • To redirect IP packets to the public network LSP, run the redirect lsp public dest-ipv4-address [ nexthop-address | interface interface-type interface-number | secondary ] command.

      • To redirect packets to a specified VPN group, run the redirect vpn-group vpn-group-name command.

      • To redirect packets to a specified VSI, run the redirect vsi vsi-name.
      • To redirect IPv4 packets to a specified outbound interface, run the redirect to interface { interface-name | interface-type interface-number } [ route-forward ] command.
      • To redirect IPv6 packets to a specified outbound interface, run the redirect ipv6 to interface { interface-name | interface-type interface-number } [ route-forward ] command.

      • To configure the next hop of the packets to be sent to the CPU according to limits of idle web users, run the redirect-cpu http-redirect-chasten command.

        In VS mode, this command is supported only by the admin VS.

      • To redirect packets to a specified tunnel, run the redirect interface tunnel tunnelname [ route-forward ] command.
      • To redirect public-network IPv4/IPv6 packets to an SRv6 TE Policy, run the redirect srv6-te policy endpoint color { sid | vpnsid } sid-ip.

      When the redirection policy in the traffic behavior is a discard PBR policy, the IP address and outbound interface of the next hop must be specified. When the redirection policy in the traffic behavior is a forward PBR policy, the IP address of the next hop must be specified.

      In IPv6 application, the IP address of the next hop specified for a discard PBR policy must be an IPv6 link-local address or an IPv6 unicast address; the IP address of the next hop specified for a forward PBR policy can be only an IPv6 unicast address.

    4. Run commit

      The configuration is committed.

  • Configure a load balancing mode for packets.
    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior-name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run load-balance { flow [ l2 | l3 ] | packet }

      A load balancing mode is set for packets.

    4. Run commit

      The configuration is committed.

  • Configure a policy for redirection.

    ACL rules are generally used for redirection in traffic behavior. However, the specifications of ACL rules are limited. When ACL rules defined for MF classification do not meet the live network requirements, you can redirect the traffic behavior to a configured traffic policy to implement cascaded MF classification.

    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior–name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run traffic-policy policy-name

      The traffic behavior is redirected to the traffic policy.

      • Cascading a traffic policy over another will cause the device forwarding performance to deteriorate.
      • When the traffic on an interface matches the cascaded traffic policy:
        • The traffic is forwarded based on the traffic behavior in the cascaded traffic policy.
        • If the traffic behaviors in the two traffic policies are different, they can be individually implemented.
        • If the traffic behaviors in the two traffic policies are the same, the specific behavior configuration in the cascaded traffic policy takes effect.
      • On an interface, only one traffic policy can be applied to outgoing or incoming packets. If the traffic policy cascades over another traffic policy and is applied to an interface, both traffic policies take effect on the direction-specific interface.

      • The parameters specified for a traffic policy, such as inbound, outbound, link-layer, mpls-layer, and all-layer, are inherited by the cascaded traffic policy.

      • When the traffic behaviors for two-level ACLs are service-class, level-1 service-class preferentially takes effect. However, if level 1 service-class carries no-remark, level-2 service-class preferentially takes effect.

    4. (Optional) Run hierarchical-car enable

      Hierarchical CAR is enabled in a cascaded traffic policy.

      When a traffic policy is configured in a traffic behavior, CAR can also be configured in the traffic policy to implement hierarchical CAR.

    5. Run commit

      The configuration is committed.

  • Enable NetStream sampling.

    To charge the subscribers or collect traffic statistics based on traffic classifiers, you can configure the corresponding traffic classifier and run the following commands to enable NetStream sampling:

    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior-name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run { ip | ipv6 } netstream sampler { fix-packets packet-interval | fix-time time-interval | random-packets packet-interval }

      NetStream sampling is enabled.

      Traffic sampling using a share-mode traffic policy is not supported.

    4. (Optional) Run ip netstream sampler except deny-action

      NetStream is not applied to traffic matching the ACL rule or traffic behavior that contains deny.

    5. Run commit

      The configuration is committed.

  • Increase the priority of traffic behavior.

    If both BGP flow specification and MF classification are configured on a device, you can run the increase-priority command to allow the traffic behavior configured in MF classification to preferentially take effect.

    1. Run system-view

      The system view is displayed.

    2. Run traffic behavior behavior-name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    3. Run increase-priority

      The priority of the traffic behavior is increased.

    4. Run commit

      The configuration is committed.

Parent Topic: Configuring MF Classification-based Traffic Policies for IP Packets
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >