Example for Configuring UCL-based Traffic Policies
This section provides an example for configuring UCL-based traffic policies based on simple traffic classification.
Networking Requirements
As shown in Figure 1, PPPoE users are accessed to the network through the DSLAM. It is required that the router mark the priorities of users and distinguish them as gold users and silver users, and achieve bandwidth assurance and implement rate limit for the traffic of users according to their priorities. Packets longer than 2000 bytes are to be discarded.
Configuration Roadmap
The configuration roadmap is as follows:
Configure users who can go online properly.
Configure a user group.
Configure a UCL rule.
Configure a traffic classifier, traffic behavior, and traffic policy.
Apply the UCL to user traffic.
Specify the domain of users.
Data Preparation
To complete the configuration, you need the following data:
User group name
UCL number
Name of the traffic classifier, traffic behavior, and the traffic policy
Maximum length of user packets (2000 bytes)
Committed Information Rate (15 Mbit/s), Committed Burst Size (300000 bytes), Peak Information Rate (20 Mbit/s), and Peak Burst Size (500000 bytes)
Domain to which users belong
Procedure
- Configure the BRAS service on the Device so that users can go online.
For detailed configuration, refer to the HUAWEI NetEngine 8000 F SeriesRouterConfiguration Guide - User Access.
- Configure a user group.
<~HUAWEI> system-view [~HUAWEI] sysname Device [~Device] commit [~Device] user-group group1 [~Device] commit
- Configure a UCL rule.
[~Device] acl 6001 [*Device-acl-ucl-6001] rule 1 permit ip source user-group group1 destination any [*Device-acl-ucl-6001] commit [*Device-acl-ucl-6001] quit
- Configure a traffic classifier and define a matching rule.
[~Device] traffic classifier c1 [*Device-classifier-c1] if-match acl 6001 [*Device-classifier-c1] commit [*Device-classifier-c1] quit
- Configure a traffic behavior.
[~Device] traffic behavior b1 [*Device-behavior-b1] deny packet-length gt 2000 [*Device-behavior-b1] car cir 15000 pir 20000 cbs 300000 pbs 500000 [*Device-behavior-b1] commit [*Device-behavior-b1] quit
- Define a traffic policy that associates the traffic classifier with the traffic behavior.
[~Device] traffic policy p1 [*Device-trafficpolicy-p1] classifier c1 behavior b1 [*Device-trafficpolicy-p1] statistics enable [*Device-trafficpolicy-p1]commit [*Device-trafficpolicy-p1] quit
- Apply the UCL traffic policy.In VS mode, this command traffic-policy is supported only by the admin VS.
[~Device] traffic-policy p1 inbound
After the UCL-based traffic policy is applied in the system view, the traffic of all online users is classified according to the UCL.
- Specify the domain of users.
[~Device] aaa [*Device-aaa] domain isp1 [*Device-aaa-domain-isp1] user-group group1 [*Device-aaa-domain-isp1] commit [*Device-aaa-domain-isp1] quit
- Verify the configuration.After the preceding configurations, run the display traffic policy command to view the configuration results of the traffic policy, the traffic classifier that is defined in the traffic policy, and the association between the traffic behavior and the traffic classifier.
<Device> display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Share-mode Classifier: default-class Behavior: be -none- Classifier: c1 Behavior: b1 deny packet-length gt 2000 Committed Access Rate: CIR 15000 (Kbps), PIR 20000 (Kbps), CBS 300000 (byte), PBS 500000 (byte) Conform Action: Committed Access Rate: CIR 15000 (Kbps), PIR 20000 (Kbps), CBS 300000 (byte), PBS 500000 (byte) Conform Action: pass Yellow Action: pass Exceed Action: discardAfter the preceding configurations, you can view UCL-based traffic statistics by running the display traffic policy statistics ucl [ slot slot-id ] { inbound | outbound } command. This command is supported only on the Admin VS.<Device> display traffic policy statistics ucl slot 1 inbound Traffic policy inbound: p1 Traffic policy applied at 2009-09-03 20:25:50 Statistics enabled at 2009-09-03 20:25:50 Statistics last cleared: Never Rule number: 2 IPv4, 0 IPv6 Current status: OK! Item Packets Bytes ------------------------------------------------------------------- Matched 20,935,529 2,009,808,208 +--Passed 543,363 52,178,560 +--Dropped 20,392,166 1,957,629,648 +--Filter 0 0 +--URPF 0 0 +--CAR 20,392,166 1,957,629,648 Missed 0 0 Last 30 seconds rate Item pps bps ------------------------------------------------------------------- Matched 1,007,607 773,842,816 +--Passed 26,326 20,225,840 +--Dropped 981,281 753,616,976 +--Filter 0 0 +--URPF 0 0 +--CAR 981,281 753,616,976 Missed 0 0
Configuration File
Configuration file of the router.
# sysname Device # radius-server group rd1 radius-server authentication 192.168.7.249 1645 weight 0 radius-server accounting 192.168.7.249 1646 weight 0 radius-server shared-key-cipher %^%#clY:%[]x='-RMNJus[s/VJ:3YBq3<..|.{'xgbp+%^% radius-server type plus11 radius-server traffic-unit kbyte # interface Virtual-Template1 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 pppoe-server bind Virtual-Template 1 user-vlan 1 bas access-type layer2-subscriber default-domain authentication isp1 authentication-method ppp # ip pool pool1 bas local gateway 192.168.0.1 255.255.255.0 section 0 192.168.0.2 192.168.0.200 dns-server 192.168.7.252 # acl number 6001 rule 1 permit ip source user-group group1 # traffic classifier c1 operator or if-match acl 6001 # traffic behavior b1 deny packet-length gt 2000 car cir 15000 pir 20000 cbs 300000 pbs 500000 green pass yellow pass red discard # traffic policy p1 share-mode statistics enable classifier c1 behavior b1 # traffic-policy p1 inbound # user-group group1 # aaa authentication-scheme auth1 accounting-scheme acct1 # domain isp1 authentication-scheme auth1 accounting-scheme acct1 radius-server group rd1 ip-pool pool1 user-group group1 # return