Example for Configuring a Traffic Policy Based on Complex Traffic Classification Under a MPLS Network
This part describes the configuration and application of traffic classifiers and traffic behaviors in the context of traffic policy based on complex traffic classification.
Networking Requirements
As shown in Figure 1, PE1, P, and PE2 are routers on an MPLS backbone network. CE1 and CE2 are access routers on the edge of the backbone network. Three users from the local network access the Internet through CE1.
On CE1, the CIR of the traffic of the user from the network segment 1.1.1.0 is limited to 10 Mbit/s and the CBS is limited to 150000 bytes.
On CE1, the CIR of the traffic of the user from the network segment 2.1.1.0 is limited to 5 Mbit/s and the CBS is limited to 100000 bytes.
On CE1, the CIR of the traffic of the user from the network segment 3.1.1.0 is limited to 2 Mbit/s and the CBS is limited to 100000 bytes.
On CE1, the DSCP values of the service packets from the three network segments are re-marked to 40, 26, and 0.
PE1 accesses the MPLS backbone network at the CIR of 15 Mbit/s, the CBS of 300000 bytes, the PIR of 20 Mbit/s, and the PBS of 500000 bytes.
On CE1, the CIR, CBS, PIR and PBS of the UDP protocol packets (except DNS, SNMP, SNMP Trap, and Syslog packets) are respectively limited to 5 Mbit/s, 100000 bytes,15 Mbit/s and 200000 bytes.
Interfaces 1 through 4 in this example are GE 0/1/0, GE 0/1/8, GE 0/1/16, GE 0/1/24, respectively.
Configuration Notes
When configuring traffic policies based on complex traffic classification, pay attention to the following:
- If both the if-match any and deny parameters are configured in the complex traffic classification rules on an interface, all packets, including protocol packets, are discarded by the interface. Therefore, use caution when configuring both the if-match any and deny parameters in a traffic classification rule.
- If the permit or deny parameter is configured in both the rule command and the traffic behavior view, only packets that are permitted are further processed according to the configured traffic behavior. If the deny action is configured in either the rule command or the traffic behavior view, all matched packets are discarded.
Configuration Roadmap
The configuration roadmap is as follows:
Define ACL rules.
Configure traffic classifiers.
Configure traffic behaviors.
Configure traffic policies.
Apply the traffic policies to interfaces.
Data Preparation
To complete the configuration, you need the following data:
ACL numbers 2001, 2002, 2003, 3001, and 3002
Re-marked DSCP values 40, 26, and 0 for the packets from the three network segments
CIRs of the traffic from users belonging to the three network segments, which are respectively 10 Mbit/s, 5 Mbit/s, and 2 Mbit/s, with their respective CBSs being 150000 bytes, 100000 bytes, and 100000 bytes
CIR of the UDP protocol packets (except DNS, SNMP, SNMP Trap, and Syslog packets) on CE1, which is 5 Mbit/s, the CBS, which is 100000 bytes, the PIR, which is 15 Mbit/s, and the PBS, which is 200000 bytes
CIR of PE1, which is 15 Mbit/s; the CBS, which is 300000 bytes; the PIR, which is 20 Mbit/s; and the PBS, which is 500000 bytes
Traffic classifier name, traffic behavior name, traffic policy name, and the interface number where the traffic policy is applied
Procedure
- Configure the IP addresses for the interfaces, routes, and basic MPLS functions (detail omitted here).
- Configure complex traffic classification on CE1 to control the traffic that accesses CE1 from the three local networks.
# Define ACL rules.
[~CE1] acl number 2001 [*CE1-acl4-basic-2001] rule permit source 1.1.1.0 0.0.0.255 [*CE1-acl4-basic-2001] commit [~CE1-acl4-basic-2001] quit [~CE1] acl number 2002 [*CE1-acl4-basic-2002] rule permit source 2.1.1.0 0.0.0.255 [*CE1-acl4-basic-2002] commit [~CE1-acl4-basic-2002] quit [~CE1] acl number 2003 [*CE1-acl4-basic-2003] rule permit source 3.1.1.0 0.0.0.255 [*CE1-acl4-basic-2003] commit [~CE1-acl4-basic-2003] quit [~CE1] acl number 3001 [*CE1-acl4-advance-3001] rule 0 permit udp destination-port eq dns [*CE1-acl4-advance-3001] rule 1 permit udp destination-port eq snmp [*CE1-acl4-advance-3001] rule 2 permit udp destination-port eq snmptrap [*CE1-acl4-advance-3001] rule 3 permit udp destination-port eq syslog [*CE1-acl4-advance-3001] commit [~CE1-acl4-advance-3001] quit [~CE1] acl number 3002 [*CE1-acl4-advance-3002] rule 4 permit udp [*CE1-acl4-advance-3002] commit [~CE1-acl4-advance-3002] quit
# Configure traffic classifiers and define ACL-based matching rules.
[~CE1] traffic classifier a [*CE1-classifier-a] if-match acl 2001 [*CE1-classifier-a] commit [~CE1-classifier-a] quit [~CE1] traffic classifier b [*CE1-classifier-b] if-match acl 2002 [*CE1-classifier-b] commit [~CE1-classifier-b] quit [~CE1] traffic classifier c [*CE1-classifier-c] if-match acl 2003 [*CE1-classifier-c] commit [~CE1-classifier-c] quit [~CE1] traffic classifier udplimit [*CE1-classifier-udplimit] if-match acl 3001 [*CE1-classifier-udplimit] commit [~CE1-classifier-udplimit] quit [~CE1] traffic classifier udplimit1 [*CE1-classifier-udplimit1] if-match acl 3002 [*CE1-classifier-udplimit1] commit [~CE1-classifier-udplimit1] quit
After the configuration is complete, run the display traffic classifier command to view the configuration of the traffic classifiers.
[~CE1] display traffic classifier user-defined User Defined Classifier Information: Total: 65535 Used: 6 Free: 65529 Classifier: a Description: Operator: or Rule(s): if-match acl 2001 precedence 1 Classifier: b Description: Operator: or Rule(s): if-match acl 2002 precedence 2 Classifier: c Description: Operator: or Rule(s): if-match acl 2003 precedence 3 Classifier: udplimit Description: Operator: or Rule(s) : if-match acl 3001 precedence 4 Classifier: udplimit1 Description: Operator: or Rule(s) : if-match acl 3002
# Define traffic behaviors, and configure traffic policing and DSCP values to be re-marked.
[~CE1] traffic behavior e [*CE1-behavior-e] car cir 10000 cbs 150000 pbs 0 [*CE1-behavior-e] remark dscp 40 [*CE1-behavior-e] commit [~CE1-behavior-e] quit [~CE1] traffic behavior f [*CE1-behavior-f] car cir 5000 cbs 100000 pbs 0 [*CE1-behavior-f] remark dscp 26 [*CE1-behavior-f] commit [~CE1-behavior-f] quit [~CE1] traffic behavior g [*CE1-behavior-g] car cir 2000 cbs 100000 pbs 0 [*CE1-behavior-g] remark dscp 0 [*CE1-behavior-g] commit [~CE1-behavior-g] quit [~CE1] traffic behavior udplimit [*CE1-behavior-udplimit] permit [*CE1-behavior-udplimit] commit [~CE1-behavior-udplimit] quit [~CE1] traffic behavior udplimit1 [*CE1-behavior-udplimit1] car cir 5000 pir 15000 cbs 100000 pbs 200000 green pass yellow discard red discard [*CE1-behavior-udplimit1] commit [~CE1-behavior-udplimit1] quit
# Define traffic policies and associate traffic classifiers and traffic behaviors.
[~CE1] traffic policy 1 [*CE1-trafficpolicy-1] classifier a behavior e [*CE1-trafficpolicy-1] commit [~CE1-trafficpolicy-1] quit [~CE1] traffic policy 2 [*CE1-trafficpolicy-2] classifier b behavior f [*CE1-trafficpolicy-2] commit [~CE1-trafficpolicy-2] quit [~CE1] traffic policy 3 [*CE1-trafficpolicy-3] classifier c behavior g [*CE1-trafficpolicy-3] commit [~CE1-trafficpolicy-3] quit [~CE1] traffic policy udplimit [*CE1-trafficpolicy-udplimit] classifier udplimit behavior udplimit [*CE1-trafficpolicy-udplimit] classifier udplimit1 behavior udplimit1 [*CE1-trafficpolicy-udplimit] commit [~CE1-trafficpolicy-udplimit] quit
After the preceding configuration, run the display traffic policy command to view the configuration of the traffic policies, traffic classifiers defined in the traffic policies, and the traffic behaviors associated with traffic classifiers.
[~CE1] display traffic policy user-defined User Defined Traffic Policy Information: Total: 10239 Used: 4 Free: 10235 Policy: 1 Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: a Precedence: 1 Behavior: e Committed Access Rate: CIR 10000 (Kbps), PIR 0 (Kbps), CBS 150000 (byte), PBS 0 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Marking: remark dscp cs5 Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: 2 Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: b Precedence: 1 Behavior: f Committed Access Rate: CIR 5000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Marking: remark dscp af31 Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: 3 Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: c Precedence: 1 Behavior: g Committed Access Rate: CIR 2000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Marking: remark dscp default Classifier: default-class Precedence: 65535 Behavior: be -none- Policy: udplimit Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: udplimit Precedence: 1 Behavior: udplimit -none- Classifier: udplimit1 Precedence: 10 Behavior: udplimit1 Committed Access Rate: CIR 5000 (Kbps), PIR 15000 (Kbps), CBS 100000 (byte), PBS 200000 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Classifier: default-class Precedence: 65535 Behavior: be -none-# Apply the traffic policies to the inbound interfaces.
[~CE1] interface gigabitethernet 0/1/0 [~CE1-GigabitEthernet0/1/0] undo shutdown [*CE1-GigabitEthernet0/1/0] traffic-policy 1 inbound [*CE1-GigabitEthernet0/1/0] commit [~CE1-GigabitEthernet0/1/0] quit [~CE1] interface gigabitethernet 0/1/16 [~CE1-GigabitEthernet0/1/16] undo shutdown [*CE1-GigabitEthernet0/1/16] traffic-policy 2 inbound [*CE1-GigabitEthernet0/1/16] commit [~CE1-GigabitEthernet0/1/16] quit [~CE1] interface gigabitethernet 0/1/24 [~CE1-GigabitEthernet0/1/24] undo shutdown [*CE1-GigabitEthernet0/1/24] traffic-policy 3 inbound [*CE1-GigabitEthernet0/1/24] commit [~CE1-GigabitEthernet0/1/24] quit [~CE1] interface gigabitethernet 0/1/8 [~CE1-GigabitEthernet0/1/8] undo shutdown [*CE1-GigabitEthernet0/1/8] traffic-policy udplimit outbound [*CE1-GigabitEthernet0/1/8] commit [~CE1-GigabitEthernet0/1/8] quit
- Configure complex traffic classification on PE1 to control the traffic that goes to the MPLS backbone network.
# Configure a traffic classifier and define the matching rule.
[~PE1] traffic classifier pe [*PE1-classifier-pe] if-match any [*PE1-classifier-pe] commit [~PE1-classifier-pe] quit
After the preceding configuration, you can run the display traffic classifier command to view the configuration of the traffic classifier.
[~PE1] display traffic classifier user-defined User Defined Classifier Information: Classifier: pe Description: Operator: or Rule(s): if-match any# Define a traffic behavior and configure traffic policing.
[~PE1] traffic behavior pe [*PE1-behavior-pe] car cir 15000 pir 20000 cbs 300000 pbs 500000 [*PE1-behavior-pe] commit [~PE1-behavior-pe] quit
# Define a traffic policy to associate the traffic classifier with the traffic behavior.
[~PE1] traffic policy pe [*PE1-trafficpolicy-pe] classifier pe behavior pe [*PE1-trafficpolicy-pe] commit [~PE1-trafficpolicy-pe] quit
After the preceding configuration, run the display traffic policy command to view the configuration of the traffic policies, traffic classifiers defined in the traffic policies, and the traffic behaviors associated with traffic classifiers.
[~PE1] display traffic policy user-defined User Defined Traffic Policy Information: Total: 10239 Used: 1 Free: 10238 Policy: pe Total: 5120 Used: 2 Free: 5118 Description: Step: 1 Share-mode Classifier: pe Precedence: 1 Behavior: pe Committed Access Rate: CIR 15000 (Kbps), PIR 2000 (Kbps), CBS 300000 (byte), PBS 500000 (byte), ADJUST 0 Conform Action: pass Yellow Action: pass Exceed Action: discard Color-aware: no Classifier: default-class Precedence: 65535 Behavior: be -none-# Apply the traffic policies to the incoming traffic.
[~PE1] interface gigabitethernet 0/1/0 [~PE1-GigabitEthernet0/1/0] undo shutdown [*PE1-GigabitEthernet0/1/0] traffic-policy pe inbound [*PE1-GigabitEthernet0/1/0] commit [~PE1-GigabitEthernet0/1/0] quit
- Verify the configuration.
Run the display interface command on CE1 and PE1. You can view that the traffic on the interfaces are regulated according to the configured traffic policies.
Configuration Files
Configuration file of CE1
# sysname CE1 # acl number 2001 rule 5 permit source 1.1.1.0 0.0.0.255 acl number 2002 rule 5 permit source 2.1.1.0 0.0.0.255 acl number 2003 rule 5 permit source 3.1.1.0 0.0.0.255 acl number 3001 rule 0 permit udp destination-port eq dns rule 1 permit udp destination-port eq snmp rule 2 permit udp destination-port eq snmptrap rule 3 permit udp destination-port eq syslog acl number 3002 rule 4 permit udp # traffic classifier a operator or if-match acl 2001 # traffic classifier b operator or if-match acl 2002 # traffic classifier c operator or if-match acl 2003 # traffic classifier udplimit operator or if-match acl 3001 # traffic classifier udplimit1 operator or if-match acl 3002 # traffic behavior e car cir 10000 cbs 150000 green pass red discard remark dscp cs5 # traffic behavior f car cir 5000 cbs 100000 green pass red discard remark dscp af31 # traffic behavior g car cir 2000 cbs 100000 green pass red discard remark dscp default # traffic behavior udplimit # traffic behavior udplimit1 car cir 5000 pir 15000 cbs 100000 pbs 200000 green pass yellow discard red discard # traffic policy 1 classifier a behavior e precedence 1 # traffic policy 2 classifier b behavior f precedence 1 # traffic policy 3 classifier c behavior g precedence 1 # traffic policy udplimit classifier udplimit behavior udplimit precedence 1 classifier udplimit1 behavior udplimit1 precedence 2 # interface GigabitEthernet0/1/0 undo shutdown ip address 1.1.1.1 255.255.255.0 traffic-policy 1 inbound # interface GigabitEthernet0/2/0 undo shutdown ip address 10.1.1.1 255.255.255.0 traffic-policy udplimit outbound # interface GigabitEthernet0/3/0 undo shutdown ip address 2.1.1.1 255.255.255.0 traffic-policy 2 inbound # interface GigabitEthernet0/4/0 undo shutdown ip address 3.1.1.1 255.255.255.0 traffic-policy 3 inbound # ospf 1 area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 2.1.1.0 0.0.0.255 network 3.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return
Configuration file of PE1
# sysname PE1 # mpls lsr-id 11.11.11.11 # mpls # mpls ldp # traffic classifier pe operator or if-match any # traffic behavior pe car cir 15000 pir 20000 cbs 300000 pbs 500000 green pass yellow pass red discard # traffic policy pe classifier pe behavior pe precedence 1 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.2 255.255.255.0 traffic-policy pe inbound # interface GigabitEthernet0/1/8 undo shutdown ip address 10.10.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 11.11.11.11 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.10.1.0 0.0.0.255 network 11.11.11.11 0.0.0.0 # return
Configuration file of P
# sysname P # mpls lsr-id 33.33.33.33 # mpls # mpls ldp # interface GigabitEthernet0/1/0 undo shutdown ip address 10.10.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/1/8 undo shutdown ip address 10.11.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 33.33.33.33 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.10.1.0 0.0.0.255 network 10.11.1.0 0.0.0.255 network 33.33.33.33 0.0.0.0 # return
Configuration file of PE2
# sysname PE2 # mpls lsr-id 22.22.22.22 # mpls # mpls ldp # interface GigabitEthernet0/1/0 undo shutdown ip address 10.12.1.2 255.255.255.0 # interface GigabitEthernet0/1/8 undo shutdown ip address 10.11.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 22.22.22.22 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.11.1.0 0.0.0.255 network 10.12.1.0 0.0.0.255 network 22.22.22.22 0.0.0.0 # return
Configuration file of CE2
# sysname CE2 # interface GigabitEthernet0/1/8 undo shutdown ip address 10.12.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.12.1.0 0.0.0.255 # return