1 简介

本文档介绍使用QoS嵌套CBQ特性的典型案例。

2 配置前提

本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文档假设您已了解QoS特性。

3 配置举例

3.1 组网需求

如图1所示,Host A,Host B和Host C在同一子网内,通过Router与Internet相连,均可访问Internet。现要求:

· Host A、Host B、Host C访问Internet的总访问速率不能高于5Mbps。

· 其中Host A访问Internet的速率不低于2Mbps。

· Host C在每日08:00到20:00时间段不能访问Internet。

图1 MSR路由器QoS嵌套CBQ特性组网图

20140113_1767481_image002_812755_30005_0.png

3.2 使用版本

本举例是在Release 2311版本上进行配置和验证的。

3.3 配置思路

为了使主机能够按要求访问Internet,需要在路由器Router上分别配置QoS父策略和子策略,并将二者关联起来,最后将父策略应用在Router接口出方向上。

3.4 配置注意事项

  1. 在父策略行为下应用子策略时,最多只能嵌套一层策略,并且不能嵌套自己。

  2. 如果父策略和子策略中配置了相同的行为,先执行父策略的行为再执行子策略的行为。

  3. 如果子策略中配置了CBQ,那么父策略中必须配置GTS,并且配置的父策略GTS带宽必须大于子策略CBQ带宽,否则配置失败。

  4. 嵌套策略时,如果父策略的GTS配置采用百分比形式,则子策略CBQ带宽配置不允许采用绝对值形式。

  5. 子策略中不允许配置GTS。

  6. 嵌套策略支持对IPv4、IPv6、MPLS报文的处理。

  7. 如果嵌套策略已经应用在接口或PVC上,则不允许删除嵌套的子策略,必须先解除子策略和父策略的嵌套关系。

3.5 配置步骤

配置设备接口地址

<Router> system-view
[Router] interface ethernet 0/1
[Router-Ethernet0/1] ip address 1.1.1.10 255.255.255.0
[Router-Ethernet0/1] quit
[Router] interface ethernet 0/0
[Router-Ethernet0/0] ip address 13.1.1.1 255.255.255.0
[Router-Ethernet0/0] quit

创建ACL 3000,允许源为1.1.1.0/24网段的报文

[Router] acl number 3000
[Router-acl-adv-3000] rule permit ip source 1.1.1.0 0.0.0.255
[Router-acl-adv-3000] quit

配置父策略分类匹配ACL 3000的报文

[Router] traffic classifier father
[Router-classifier-father] if-match acl 3000
[Router-classifier-father] quit

配置父策略行为限速总的访问速率为5Mbps

[Router] traffic behavior father
[Router-behavior-father] gts cir 5000
[Router-behavior-father] quit

配置父策略,将父策略分类和父策略行为关联起来

[Router] qos policy father
[Router-qospolicy-father] classifier father behavior father
[Router-qospolicy-father] quit

配置子策略分类a为匹配源IP为1.1.1.1/32

[Router] acl number 3001
[Router-acl-adv-3001] rule 0 permit ip source 1.1.1.1 0
[Router-acl-adv-3001] quit
[Router] traffic classifier son_a
[Router-classifier-son_a] if-match acl 3001
[Router-classifier-son_a] quit

创建名为t1的时间段,其时间范围为每日的8点到20点

[Router] time-range t1 08:00 to 20:00 daily

配置子策略分类c为匹配源IP为1.1.1.3/32,并匹配时间段t1

[Router] acl number 3003
[Router-acl-adv-3003] rule 0 permit ip source 1.1.1.3 0 time-range t1
[Router-acl-adv-3003] quit
[Router] traffic classifier son_c
[Router-classifier-son_c] if-match acl 3003
[Router-classifier-son_c] quit

配置子策略行为,行为a配置队列AF保证带宽为2Mbps;行为c为过滤掉,不允许访问

[Router] traffic behavior son_a
[Router-behavior-son_a] queue af bandwidth 2000
[Router-behavior-son_a] quit
[Router] traffic behavior son_c
[Router-behavior-son_c] filter deny
[Router-behavior-son_c] quit

配置子策略,将子分类a与子行为a关联,子分类c与子行为c关联

[Router] qos policy son
[Router-qospolicy-son] classifier son_a behavior son_a
[Router-qospolicy-son] classifier son_c behavior son_c
[Router-qospolicy-son] quit

将子策略关联到父行为下

[Router] traffic behavior father
[Router-behavior-father] traffic-policy son
[Router-behavior-father] quit

将父策略应用到接口出方向

[Router] interface ethernet 0/0
[Router-Ethernet0/0] qos apply policy father outbound
[Router-Ethernet0/0] quit

3.6 验证配置

在设备Router查看统计信息

<Router> display qos policy interface ethernet0/0
  Interface: Ethernet0/0
  Direction: Outbound
  Policy: father
   Classifier: default-class
     Matched : 0(Packets) 0(Bytes)
     5-minute statistics:
       Forwarded: 0/0 (pps/bps)
       Dropped  : 0/0 (pps/bps)
     Rule(s) : If-match any
     Behavior: be
      -none-
   Classifier: father
     Matched : 511162(Packets) 30669720(Bytes)
     5-minute statistics:
       Forwarded: 311/149588 (pps/bps)
       Dropped  : 835/400971 (pps/bps)
     Operator: AND
     Rule(s) : If-match acl 3000
     Behavior: father
      General Traffic Shape:
        CIR 5000 (kbps), CBS 312500 (byte)
        Queue Size  : 113 (Packets)
        Passed   : 179084(Packets) 10745040(Bytes)
        Discarded: 161706(Packets) 9702360(Bytes)
        Delayed  : 147796(Packets) 8867760(Bytes)
      Nest Policy:
        Traffic policy son
         Classifier: default-class
           Matched : 181146(Packets) 10868760(Bytes)
           Rule(s) : If-match any
           Behavior: be
           Default Queue:
            Flow Based Weighted Fair Queuing
              Max number of hashed queues: 256
              Matched  : 164615/9876900 (Packets/Bytes)
              Enqueued : 80407/4824420 (Packets/Bytes)
              Discarded: 84208/5052480 (Packets/Bytes)
              Discard Method: Tail
         Classifier: son_a
           Matched : 185627(Packets) 11137620(Bytes)
           Operator: AND
           Rule(s) : If-match acl 3001
           Behavior: son_a
            Assured Forwarding:
              Bandwidth 2000 (Kbps)
              Matched  : 168618/10117080 (Packets/Bytes)
              Enqueued : 78641/4718460 (Packets/Bytes)
              Discarded: 89977/5398620 (Packets/Bytes)
              Discard Method: Tail
         Classifier: son_c
           Matched : 195966(Packets) 11757960(Bytes)
           Operator: AND
           Rule(s) : If-match acl 3003
           Behavior: son_c
            Filter Enable: deny

可以查看接口的出方向接率大概为5Mbps

<Router> display interface ethernet0/0
Ethernet0/0 current state: UP
Line protocol current state: UP
Description: Ethernet0/0 Interface
The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 13.1.1.1/24 Primary
IP Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 000f-6590-3600
IPv6 Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 000f-6590-3600
Media type is twisted pair, loopback not set, promiscuous mode not set
100Mb/s, Full-duplex, link type is autonegotiation
Output flow-control is disabled, input flow-control is disabled
Output queue : (Urgent queuing : Size/Length/Discards)  0/100/0
Output queue : (Protocol queuing : Size/Length/Discards)  0/500/0
Output queue : (FIFO queuing : Size/Length/Discards)  0/75/0
Last clearing of counters: 10:51:24  Thu 09/02/2010
    Last 5 seconds input rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec
    Last 5 seconds output rate 624996.00 bytes/sec, 4999968 bits/sec, 10416.59 packets/sec
    Input: 0 packets, 0 bytes, 0 buffers
           0 broadcasts, 0 multicasts, 0 pauses
           0 errors, 0 runts, 0 giants
           0 crc, 0 align errors, 0 overruns
           0 dribbles, 0 drops, 0 no buffers
    Output:2802056 packets, 168123360 bytes, 2802056 buffers
           0 broadcasts, 0 multicasts, 0 pauses
           0 errors, 0 underruns, 0 collisions
           0 deferred, 0 lost carriers

3.7 配置文件

#
 sysname Router
#
 time-range t1 08:00 to 20:00 daily
#
acl number 3000
 rule 0 permit ip source 1.1.1.0 0.0.0.255
acl number 3001
 rule 0 permit ip source 1.1.1.1 0
acl number 3003
 rule 0 permit ip source 1.1.1.3 0 time-range t1
#
traffic classifier son_a operator and
 if-match acl 3001
traffic classifier son_c operator and
 if-match acl 3003
traffic classifier father operator and
 if-match acl 3000
#
traffic behavior son_a
 queue af bandwidth 2000
traffic behavior son_c
 filter deny
traffic behavior father
 gts cir 5000 cbs 312500 ebs 0 queue-length 50
 traffic-policy son
#
qos policy son
 classifier son_a behavior son_a
 classifier son_c behavior son_c
qos policy father
 classifier father behavior father
#
interface Ethernet0/0
 port link-mode route
 ip address 13.1.1.1 255.255.255.0
 qos apply policy father outbound
#
interface Ethernet0/1
 port link-mode route
 ip address 1.1.1.10 255.255.255.0
#