Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Contents ACL configuration ···························································································································································· 1 ACL overview ···································································································································································· 1 ACL applications on the switch······························································································································· 1 ACL categories ························································································································································· 1 ACL numbering and naming ··································································································································· 2 Match order ······························································································································································ 2 ACL rule numbering ················································································································································· 3 Implementing time-based ACL rules························································································································ 3 IPv4 fragment filtering with ACLs ···························································································································· 3 ACL configuration task list ················································································································································...
Page 4
Configuring a priority mapping table ················································································································· 27 Configuring a port to trust packet priority for priority mapping ······································································ 27 Changing the port priority of an interface·········································································································· 28 Displaying and maintaining priority mapping ············································································································ 28 Priority mapping configuration examples ··················································································································· 28 Priority trust mode and port priority configuration example ·············································································...
Page 5
Appendix B Introduction to packet precedences········································································································ 65 IP precedence and DSCP values ·································································································································· 65 802.1p priority ······························································································································································ 66 Support and other resources ········································································································································ 68 Contacting HP ································································································································································ 68 Subscription service ·············································································································································· 68 Related information ························································································································································ 68 Documents ······························································································································································ 68 Websites ································································································································································ 68 Conventions ····································································································································································...
ACL configuration NOTE: Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document.. ACL overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering.
ACL numbering and naming Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a number for identification. In addition, you can assign the ACL a name for ease of identification. After creating an ACL with a name, you cannot rename it or delete its name.
NOTE: A wildcard mask, also called an ”inverse mask,” is a 32-bit binary and is represented in dotted decimal notation. In contrast to a network mask, the 0 bits in a wildcard mask represent “do care” bits, and the 1 bits represent ”don’t care" bits. If the “do care” bits in an IP address are identical to the “do care”...
ACL configuration task list Complete the following tasks to configure an ACL: Task Remarks Configuring a time range Optional Configuring an IPv4 basic ACL Configuring an IPv6 basic ACL Required Configuring an IPv4 advanced ACL Configure at least one task. Configuring an IPv6 advanced ACL Configuring an Ethernet frame header ACL Copying an IPv4 ACL...
Page 10
Follow these steps to configure an IPv4 basic ACL: To do… Use the command… Remarks Enter system view system-view –– Required By default, no ACL exists. acl number acl-number [ name acl- IPv4 basic ACLs are numbered in Create an IPv4 basic ACL and name ] [ match-order { auto | the range 2000 to 2999.
To do… Use the command… Remarks Optional Configure a description for the description text By default, an IPv6 basic ACL has IPv6 basic ACL no ACL description. Optional Set the rule numbering step step step-value 5 by default Required By default, an IPv6 basic ACL does not contain any rule.
Page 12
To do… Use the command… Remarks Required By default, no ACL exists. IPv4 advanced ACLs are acl number acl-number [ name acl- Create an IPv4 advanced ACL numbered in the range 3000 to name ] [ match-order { auto | and enter its view 3999.
To do… Use the command… Remarks Enter system view system-view –– Required By default, no ACL exists. IPv6 advanced ACLs are acl ipv6 number acl6-number [ name Create an IPv6 advanced ACL numbered in the range 3000 to acl6-name ] [ match-order { auto | and enter its view 3999.
Follow these steps to configure an Ethernet frame header ACL: To do… Use the command… Remarks Enter system view system-view –– Required By default, no ACL exists. Ethernet frame header ACLs are acl number acl-number [ name acl- numbered in the range 4000 to Create an Ethernet frame header name ] [ match-order { auto | 4999.
Copying an IPv4 ACL Follow these steps to copy an IPv4 ACL: To do… Use the command… Remarks Enter system view system-view — acl copy { source-acl-number | Copy an existing IPv4 ACL to name source-acl-name } to { dest- Required create a new IPv4 ACL acl-number | name dest-acl-name...
To do… Use the command… Remarks Required Set the interval for generating and By default, the interval is 0. No outputting IPv4 packet filtering acl logging frequence frequence IPv4 packet filtering logs are logs generated. Applying an IPv6 ACL for Packet Filtering Follow these steps to apply an IPv6 ACL for packet filtering: To do…...
To do... Use the command… Remarks Clear statistics on one or all IPv6 reset acl ipv6 counter { acl6-number | all | Available in user view basic and advanced ACLs name acl6-name } ACL configuration examples IPv4 ACL application configuration example Network requirements As shown in Figure...
IPv6 ACL application configuration example Network requirements As shown in Figure 2, apply an IPv6 ACL to the incoming traffic of GigabitEthernet 1/0/1 on Device A so that every day from 08:00 to 18:00 the interface allows only packets from Host A to pass through. Configure Device A to output packet filtering logs to the console at an 10-minute intervals.
QoS overview Introduction to QoS In data communications, Quality of Service (QoS) is a network’s ability to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate. Network resources are scarce. The contention for resources requires that QoS prioritize important traffic flows over trivial ones.
QoS techniques overview The QoS techniques include traffic classification, traffic policing, traffic shaping, line rate, congestion management, and congestion avoidance. The following section briefly introduces these QoS techniques. Applying QoS techniques in a network Figure 3 Position of the QoS techniques in a network Traffic direction Traffic classification Traffic policing...
QoS configuration approaches QoS configuration approach overview The following approaches are available for configuring QoS: Non-policy approach Policy approach. Some features support both approaches, but some support only one. Non-policy approach In non-policy approach, you can configure QoS service parameters without using a QoS policy. For example, you can use the line rate feature to set a rate limit on an interface without using a QoS policy.
Figure 4 QoS policy configuration procedure Define a class Define a behavior Define a policy Apply the policy Apply the Apply the Apply the Apply the Apply the policy to policy to a policy policy policy to an online VLAN globally globally interface...
Page 23
match-criteria Table 2 The keyword and argument combinations for the argument Keyword and argument combination Description Matches an ACL The acl-number argument ranges from 2000 to 4999 for an IPv4 acl [ ipv6 ] { acl-number | name acl- ACL, and 2000 to 3999 for an IPv6 ACL. name } The acl-name argument is a case-insensitive string of 1 to 32 characters, which must start with an alphabetic letter from a to z...
NOTE: To successfully apply a traffic class that uses the AND operator, define only one if-match clause for any list of the following match criteria and input only one value for any of the following arguments, for 8021p-list example, the argument: ...
NOTE: If an ACL is referenced by a QoS policy for defining traffic match criteria, packets matching the ACL are organized as a class and the behavior defined in the QoS policy applies to the class regardless of whether the match mode of the if-match clause is deny or permit. Applying the QoS policy You can apply a QoS policy to the following occasions: An interface—The policy takes effect on the traffic received on the interface.
To do… Use the command… Remarks Required The configuration made in user profile view takes effect when the user profile is Enter user profile view user-profile profile-name activated and the users of the user profile are online. For more information about user profiles, see the Security Configuration Guide.
To do… Use the command… Remarks qos apply policy policy-name Apply the QoS policy globally Required global inbound Applying the QoS policy to the control plane A device provides the data plane and the control plane. The data plane has units responsible for receiving, transmitting, and switching (forwarding) packets, such as various dedicated forwarding chips.
Page 28
To do… Use the command… Remarks display traffic behavior user-defined [ Display traffic behavior Available in any behavior-name ] [ | { begin | exclude | configuration view include } regular-expression ] display qos policy user-defined [ policy-name [ Display user-defined QoS policy Available in any classifier tcl-name ] ] [ | { begin | exclude | configuration...
Priority mapping configuration Priority mapping overview Introduction to priority mapping When a packet enters a device, depending on your configuration, the device assigns a set of QoS priority parameters to the packet based on either a certain priority field carried in the packet or the port priority of the incoming port.
The priority trust mode on a port decides which priority is used for priority mapping table lookup. Port priority was introduced to use for priority mapping in addition to priority fields carried in packets. The HP A5120 EI Switch Series provides the following priority trust modes: ...
Priority mapping configuration task list You can modify priority mappings by modifying priority mapping tables, priority trust mode on a port, and port priority. HP recommends planning QoS throughout the network before making your QoS configuration. Complete the following task to configure priority mapping:...
Task Remarks Configuring a priority mapping table Optional Configuring a port to trust packet priority for priority mapping Optional Changing the port priority of an interface Optional Configuring priority mapping Configuring a priority mapping table Follow these steps to configure an uncolored priority mapping table: To do…...
To do… Use the command… Remarks priority. Trust the port priority undo qos trust Changing the port priority of an interface Follow these steps to change the port priority of an interface: To do… Use the command… Remarks Enter system view system-view —...
Figure 6 Network diagram for priority trust mode configuration Device A Internet Server GE1/0/3 Device C Device B Configuration procedure # Assign port priority to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. Make sure that the priority of GigabitEthernet 1/0/1 is higher than that of GigabitEthernet 1/0/2, and no trusted packet priority type is configured on GigabitEthernet 1/0/1 or GigabitEthernet 1/0/2.
Page 35
Table 3 Configuration plan Queuing plan Traffic Traffic priority order Output Queue destination Traffic source queue priority R&D department High R&D department > Management Public servers management department > Medium department marketing department Marketing department R&D department Management department > Internet through Management marketing department >...
Page 36
[Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] qos priority 4 [Device-GigabitEthernet1/0/2] quit # Set the port priority of GigabitEthernet 1/0/3 to 5. [Device] interface gigabitethernet 1/0/3 [Device-GigabitEthernet1/3] qos priority 5 [Device-GigabitEthernet1/3] quit Configure the priority mapping table # Configure the 802.1p-to-local priority mapping table to map 802.1p priority values 3, 4, and 5 to local precedence values 2, 6, and 4.
Page 37
[Device-qospolicy-market] quit [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] qos apply policy market inbound # Configure a priority marking policy for the R&D department and apply the policy to the incoming traffic of GigabitEthernet 1/0/2. [Device] traffic behavior rd [Device-behavior-rd] remark dot1p 3 [Device-behavior-rd] quit [Device] qos policy rd [Device-qospolicy-rd] classifier http behavior rd...
Traffic policing, traffic shaping, and line rate configuration Traffic policing, traffic shaping, and line rate overview Without limits on user traffic, a network can be easily overwhelmed. To help assign network resources, such as assign bandwidth efficiently, to improve network performance and user satisfaction, QoS technologies, such as traffic policing, traffic shaping, and rate limiting, were introduced.
Complicated evaluation You can set two token buckets, bucket C and bucket E, to evaluate traffic in a more complicated environment and achieve more policing flexibility. For example, traffic policing uses the following parameters: CIR: Rate at which tokens are put into bucket C. It sets the average packet transmission or ...
Traffic policing is widely used in policing traffic entering the networks of internet service providers (ISPs). Traffic policing can classify the policed traffic, and take pre-defined policing actions on each packet depending on the evaluation result following these rules: Forwarding the packet if the evaluation result is ―conforming‖ ...
You can perform traffic shaping for the packets on the outgoing interface of Switch A to avoid unnecessary packet loss. Packets exceeding the limit are cached in Switch A. Once resources are released, traffic shaping takes out the cached packets and sends them out. All of the traffic sent to Switch B conforms to the traffic specification defined in Switch B.
To do… Use the command… Remarks Create a class and enter class traffic classifier tcl-name [ operator { and | or } ] — view Configure the match criteria if-match match-criteria — Exit class view quit — Create a behavior and enter traffic behavior behavior-name —...
Configuring the line rate Follow these steps to configure the line rate: To do… Use the command… Remarks Enter system view system-view — Enter Use either command. interface interface interface-type interface-number Enter Settings in interface view take view interface effect on the current interface; view or port settings in port group view take Enter port...
Congestion management configuration Congestion management overview Causes, impacts, and countermeasures Network congestion degrades service quality on a traditional network. Congestion is a situation where the forwarding rate decreases due to insufficient resources, and results in extra delay. Congestion is more likely to occur in complex packet switching circumstances. Figure 12 shows the common cases:...
Page 45
Figure 13 Schematic diagram for SP queuing Queue 7 High priority Packets to be sent through this port Queue 6 Sent packets Interface …… Queue 1 Sending queue Packet Queue classification scheduling Queue 0 Low priority Figure 13, SP queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in descending priority order.
Page 46
In contrast to SP, WRR queuing schedules queues in a round-robin way to guarantee each queue certain service time in each scheduling cycle. In WRR queuing, each queue has a scheduling weight, which determines the percentage of resources assigned to the queue. The A5120 EI switches support packet-based WRR, which allocates bandwidth to queues in terms of packets.
WFQ is effectively applied in some special occasions, because WFQ can balance delay and jitter among flows when congestion occurs. For example, WFQ is used for the assured forwarding (AF) services of the Resource Reservation Protocol (RSVP). In Generic Traffic Shaping (GTS), WFQ schedules buffered packets.
Configure WRR queuing Configuration procedure Follow these steps to configure WRR queuing: To do… Use the command… Remarks Enter system view system-view — Enter Use either command. interface interface-type interface- interface Settings in interface view take number Enter interface view effect on the current interface;...
[Sysname-GigabitEthernet1/0/1] qos wrr 6 group 1 weight 12 [Sysname-GigabitEthernet1/0/1] qos wrr 7 group 1 weight 14 Configuring WFQ queuing Configuration procedure Follow these steps to configure a WFQ queue: To do… Use the command… Remarks Enter system view system-view — Enter Use either command.
Traffic filtering configuration Traffic filtering overview You can filter in or filter out a class of traffic by associating the class with a traffic filtering action. For example, you can filter packets sourced from a specific IP address according to network status. NOTE: You can filter traffic also by applying an ACL-based packet filter to a port.
To do… Use the command… Remarks display traffic behavior user-defined [ Optional Display the traffic filtering behavior-name ] [ | { begin | exclude | configuration Available in any view include } regular-expression ] NOTE: With filter deny configured for a traffic behavior, the other actions (except class-based accounting) in the traffic behavior do not take effect.
Priority marking configuration Priority marking overview NOTE: Priority marking can be used together with priority mapping. For more information, see the chapter “Priority mapping configuration.” Priority marking sets the priority fields or flag bits of packets to modify the priority of traffic. For example, priority marking allows you to set IP precedence or DSCP for a class of IP traffic to change its transmission priority in the network.
To do… Use the command… Remarks Associate the class with the classifier tcl-name behavior behavior- traffic behavior in the QoS — name policy Return to system view quit — To an interface Applying the QoS policy to an interface — To online users Applying the QoS policy to online users —...
Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets with destination IP address 192.168.0.1. <Device> system-view [Device] acl number 3000 [Device-acl-adv-3000] rule permit ip destination 192.168.0.1 0 [Device-acl-adv-3000] quit # Create advanced ACL 3001, and configure a rule to match packets with destination IP address 192.168.0.2.
Page 58
# Create a policy named policy_server, and associate classes with behaviors in the policy. [Device] qos policy policy_server [Device-qospolicy-policy_server] classifier classifier_dbserver behavior behavior_dbserver [Device-qospolicy-policy_server] classifier classifier_mserver behavior behavior_mserver [Device-qospolicy-policy_server] classifier classifier_fserver behavior behavior_fserver [Device-qospolicy-policy_server] quit # Apply the policy named policy_server to the incoming traffic of GigabitEthernet 1/0/1. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] qos apply policy policy_server inbound [Device-GigabitEthernet1/0/1] quit...
Traffic redirecting configuration Traffic redirecting overview Traffic redirecting redirects the packets matching the specific match criteria to a certain location for processing. The following redirecting actions are supported: Redirecting traffic to the CPU: redirects packets that require processing by the CPU to the CPU. ...
Page 60
NOTE: The actions of redirecting traffic to the CPU and redirecting traffic to an interface are mutually exclusive in the same traffic behavior. Use the display traffic behavior user-defined command to view the traffic redirecting configuration.
Class-based accounting configuration Class-based accounting overview Class-based accounting collects statistics on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing the statistics, you can determine whether anomalies have occurred and what action to take. The class-based accounting function on the A5120 EI switches counts traffic in packets.
Class-based accounting configuration example Class-based accounting configuration example Network requirements As shown in Figure 18, Host is connected to GigabitEthernet 1/0/1 of Device. Configure class-based accounting to collect statistics for traffic sourced from 1.1.1.1/24 and received on GigabitEthernet 1/0/1. Figure 18 Network diagram for traffic accounting configuration Host 1.1.1.1/24 Device...
Data buffer configuration Introduction to the data buffer Data buffer The A5120 EI switches provide a data buffer to buffer outgoing packets to reduce packet loss during congestion. The switch controls how a port uses the data buffer by allocating the cell resource and the packet resource (called ―buffer resources‖).
As illustrated by the vertical lines in Figure 19, the switch automatically divides the dedicated resource evenly among all ports. As illustrated by the horizontal lines in Figure 19, the dedicated resource of each port is proportionately allocated among the queues on it and all ports use the same allocation scheme. The percentage of the resource allocated to a queue is called the minimum guaranteed resource percentage of the queue.
HP does not recommend modifying the data buffer parameters unless you are sure that your device will benefit from the change. If a larger buffer is needed, HP recommends that you enable the burst function to allocate the buffer automatically.
To do… Use the command… Remarks Optional Configure the shared resource buffer egress [ slot slot-number ] By default, on an A5120 EI switch, area of the cell resource in cell total-shared ratio ratio 60% of the cell resource is the percentage shared resource.
Configuring the packet resource Configuring the minimum guaranteed packet resource size for a queue Follow these steps to configure the minimum guaranteed packet resource size for a queue: To do… Use the command… Remarks Enter system view system-view — Configure the minimum Optional guaranteed packet resource buffer egress [ slot slot-number ]...
Appendix A Default priority mapping tables NOTE: For the default dscp-dscp priority mapping tables, an input value yields a target value equal to it. Table 4 Default dot1p-lp and dot1p-dp priority mapping tables Input priority value dot1p-lp mapping dot1p-dp mapping Local precedence 802.1p priority (dot1p) Drop precedence (dp)
Appendix B Introduction to packet precedences IP precedence and DSCP values Figure 21 ToS and DS fields Bits: Bits: Preced Type of DS-Field DSCP IPv4 ToS ence Service (for IPv4,ToS byte octet,and for IPv6,Traffic Class octet ) Must Class Selector Currently RFC 1349 codepoints...
DSCP value (decimal) DSCP value (binary) Description 010010 af21 010100 af22 010110 af23 011010 af31 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 001000 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p priority 802.1p priority lies in the Layer 2 header and applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2.
After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources. Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking ...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 75
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index A B C D I L M N P T U Congestion management techniques,39 Copying an ACL,9 ACL applications on the switch,1 categories,1 ACL numbering and naming,2 Data buffer,59 ACL rule numbering,3 Data buffer allocation,59 Applying QoS techniques in a network,15 Data buffer configuration approaches,60...
Page 77
Priority trust mode on a port,25 Traffic evaluation and token buckets,33 Traffic filtering configuration example,48 Traffic policing,34 Traffic shaping,35 Using the burst function to configure the data buffer setup,61...