Traffic Policy Based on MF Classification

Multiple traffic classifiers and behaviors can be configured on a NetEngine 8000 F. To implement Multi-Field (MF) classification, a traffic policy in which classifiers are associated with specific traffic behaviors is bound to an interface. This traffic policy based on MF classification is also called class-based QoS.

A traffic policy based on MF classification is configured using a profile that allows batch configuration or modification.

The QoS profile covers the following concepts:

Traffic classifier: defines the service type. The if-match clauses are used to set traffic classification rules.
Traffic behavior: defines actions that can be applied to a traffic classifier. For details about traffic behaviors, see section Traffic Classification and Traffic Behavior.
Traffic policy: associates traffic classifiers and behaviors. After a traffic policy is configured, it is applied to an interface.

The following figure shows relationships between an interface, traffic policy, traffic behavior, traffic classifier, and ACL.

Figure 1 Relationships between an interface, traffic policy, traffic behavior, traffic classifier, and ACL.

(1) A traffic policy can be applied to different interfaces.

(2) One or more classifier and behavior pairs can be configured in a traffic policy. One classifier and behavior pair can be configured in different traffic policies.

(3) One or more if-match clauses can be configured for a traffic classifier, and each if-match clause can specify an ACL. An ACL can be applied to different traffic classifiers and contains one or more rules.

(4) One or more actions can be configured in a traffic behavior.

And/Or Logic in Traffic Classifiers

If a traffic classifier has multiple matching rules, the And/Or logic relationships between rules are described as follows:

And: Packets that match all the if-match clauses configured in a traffic classifier belong to this traffic classifier.
Or: Packets that match any of the if-match clauses configured in a traffic classifier belong to this traffic classifier.

If several ACL rules and if-match rules configured in a traffic classifier, the And Logic needs packets match one ACL rule and all if-match rules.

Shared and Unshared Modes of a Traffic Policy

A traffic policy works in either shared or unshared mode. For example, a traffic policy defines that the bandwidths of TCP and UDP traffic are restricted to 100 Mbit/s and 200 Mbit/s, respectively, and that the bandwidth of other traffic is restricted to 300 Mbit/s. If the traffic policy is applied to two interfaces, there are two possible scenarios:

If the traffic policy is in unshared mode, the two interfaces to which the traffic policy applies are restricted individually. On each interface, the bandwidths of TCP traffic, UDP traffic, and other traffic are restricted to 100 Mbit/s, 200 Mbit/s, and 300 Mbit/s, respectively.
If the traffic policy is in shared mode, the two interfaces to which the traffic policy applies are restricted as a whole. The total bandwidths of TCP traffic, UDP traffic, and other traffic on the two interfaces are restricted to 100 Mbit/s, 200 Mbit/s, and 300 Mbit/s, respectively.

If a traffic policy works in shared mode, the interfaces must apply traffic policy from the same network processor on the same board.

Traffic Policy Implementation

Figure 2 Traffic policy implementation
Click to enlarge

As shown in the figure, a packet is matched against traffic classifiers in the order in which those classifiers are configured. If the packet matches a traffic classifier, no further match operation is performed. If not, the packet is matched against the following traffic classifiers one by one. If the packet matches no traffic classifier at all, the packet is forwarded with no traffic policy executed.

If multiple if-match clauses are configured for a traffic classifier, the packet is matched against them in the order in which they are configured. If an ACL or UCL is specified in an if-match clause, the packet is matched against the multiple rules in the ACL or UCL. The system first checks whether the ACL or UCL exists. (A non-existent ACL or UCL can be applied to a traffic classifier.) If the packet matches a rule in the ACL or UCL, no further match operation is performed.

A permit or deny action can be specified in an ACL for a traffic classifier to work with specific traffic behaviors as follows:

If the deny action is specified in an ACL, the packet that matches the ACL is denied, regardless of what the traffic behavior defines.
If the permit action is specified in an ACL, the traffic behavior applies to the packet that matches the ACL.

For traffic behavior mirroring or sampling, even if a packet matches a rule that defines a deny action, the traffic behavior takes effect for the packet.

Cascaded Traffic Policy

A traffic policy (parent policy) can have another traffic policy (child policy) configured in its traffic behavior to cascade over the new traffic policy.

One traffic policy (parent policy) can cascade over multiple traffic policies (child policies), and one traffic policy (child policy) can be cascaded by multiple traffic policies (parent policies). However, the traffic policies cannot be circulated or nested.

When a two-level traffic policy instance is formed and the action of the traffic behavior in the parent policy is the same as that of the traffic behavior in the child policy, the action of the traffic behavior in the child policy is implemented.

The same action configuration refers to the same action type. Even if the parameters are different, the actions of the same type are considered the same action configuration. In this case, the action of the traffic behavior in the child policy is implemented.
When the traffic behaviors for the parent and child policies are both service-class, service-class in the parent policy preferentially takes effect. However, if service-class in the parent policy carries no-remark, service-class in the child policy preferentially takes effect.

Hierarchical CAR

When a two-level traffic policy instance is created and the actions of the traffic behaviors in both policies are CAR, both CAR configurations take effect. In addition, the CAR of the child policy is implemented before the CAR of the parent policy. This is hierarchical CAR.

For example, the overall rate of the 1.1.1/24 network segment is set to 5 Mbit/s, and the rates of the IP addresses 1.1.1.1/32 and 1.1.1.2/32 on the 1.1.1/24 network segment need to be separately restricted and are set to 1 Mbit/s and 3 Mbit/s, respectively.