To use the classifier-based model to configure a QoS policy and apply it to a selected class of traffic on a port or VLAN interface, follow these steps:
-
Evaluate the types of traffic in your network and identify the traffic types that you want to prioritize or rate limit.
-
Create an IPv4 or IPv6 traffic class using the
class
command to select the packets you want to manage.Syntax:
Defines the name of a traffic class and specifies whether a policy is to be applied to IPv4 or IPv6 packets, where
classname
is a text string (64 characters maximum). After you enter theclass
command, you enter the class configuration context to specify match criteria. A traffic class contains a series ofmatch
andignore
commands, which specify the criteria used to classify packets.A traffic class consists of match criteria, which consist of
match
andignore
commands.-
The
match
commands define the values that header fields must contain for a packet to belong to the class and be managed by policy actions. -
The
ignore
commands define the values which, if contained in header fields, exclude a packet from the policy actions configured for the class.
NOTE: Enter match/ignore statements in the precise order in which you want their criteria to be used to check packets.
The following match criteria are supported in match/ignore statements for inbound IPv4/IPv6 traffic:
-
-
Enter one or more
match
orignore
commands from the class configuration context to filter traffic and determine the packets on which policy actions will be performed.Syntax:
[no] [
seq-number
] [match
|ignore
]ip-protocol
source-address
destination-address
dscp
codepoint
] [precedence
precedence-value
] [tos
tos-value
] [vlan
vlan-id
] -
Create a QoS policy to perform QoS actions on selected packets by entering the
policy qos
command from the global configuration context.Syntax:
A traffic policy consists of one or more classes, and one or more QoS actions configured for each class of traffic. The configured actions are executed on packets that match a
match
statement in a class. No policy action is performed on packets that match anignore
statement.
NOTE: Be sure to enter each class and its associated QoS actions in the precise order in which you want packets to be checked and processed by QoS actions.
To configure the QoS actions that you want to execute on packets that match the criteria in a specified class, enter one or more
class action
commands from the policy configuration context:Syntax:
Defines the QoS actions to be applied on a pre-configured IPv4 or IPv6 traffic class when a packet matches the
match
criteria in the traffic class. You can enter multiple action statements for the same traffic class.The complete
no
form of theclass action
command or theno
command removes a QoS action from the policy configuration.seq-number
The following QoS commands are supported by the
replaceable:qos-action
-
rate-limit
kbps
-
priority
priority-value
-
ip-precedence
precedence-value
-
dscp
dscp-value
To manage packets that do not match the
match
orignore
criteria in any class in the policy, and therefore have no QoS actions performed on them, enter an optional default class. The default class is placed at the end of a policy configuration and specifies the QoS actions to perform on packets that are neither matched nor ignored. -
-
(Optional) To configure a default class in a policy, enter the
default-class
command at the end of a policy configuration and specify one or more QoS actions to be executed on packets that are not matched and not ignored.Syntax:
Configures a default class that allows one or more QoS actions to be executed on packets that are not matched or ignored by any of the class configurations in a QoS policy. The default-class supports the same QoS commands as the
class
ipv4
|
ipv6
action
command:rate-limit
,priority
,ip-precedence
, anddscp
. -
Apply the QoS policy to inbound traffic on a port (
interface service-policy in
command) or VLAN (vlan service-policy in
command) interface.The following restrictions apply to a QoS service policy:
-
Only one QoS policy is supported on a port or VLAN interface.
-
If you apply a QoS policy to a port or VLAN interface on which a QoS policy is already configured, the new policy replaces the existing one.
-
A QoS policy is supported only on inbound traffic.
Because only one QoS policy is supported on a port or VLAN interface, ensure that the policy you want to apply contains all the required classes and actions for your configuration.
To apply a QoS policy on a port or VLAN interface, enter one of the following commands from the global configuration context.
Syntax:
Configures specified ports with a QoS policy that is applied to inbound traffic on each interface.
Separate individual port numbers in a series with a comma; for example,
a1, b4, d3
.Enter a range of ports by using a dash; for example,
a1-a5
.The QoS policy name you enter must be the same as the policy name you configured with the
policy qos
command in Step 2.Syntax:
Configures a QoS policy on the specified VLAN that is applied to inbound traffic on the VLAN interface.
Valid VLAN ID numbers range from 1 to 4094.
The QoS policy name you enter must be the same as the policy name you configured with the
policy
command in Step 2. -
-
Determine the additional QoS configurations to apply to each QoS-capable device in your network and configure the appropriate policy.
Optional: For802.1p (CoS) priority settings to be included in outbound packets, configure tagged VLANs on the appropriate downstream links.
Use the following show
commands to display information about a classifier-based QoS configuration and statistics or resource usage on QoS policies.
Syntax:
Lists the statements that make up the IPv4 class identified by classname.
Lists the statements that make up the IPv6 class identified by classname.
Displays all classes, both IPv4 and IPv6, and lists the statements that make up each class.
Additional variants of the
show class
command provide information on classes that are members of policies that have been applied to ports or VLANs.
Viewing show class
output for a QoS policy
HP Switch(config)#: show class ipv4 gnutella Statements for Class ipv4 "gnutella" 10 match tcp 0.0.0.0 255.255.255.255 range 6346 6347 0.0.0.0 255.255.255.255 20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 6346 6347 30 match udp 0.0.0.0 255.255.255.255 range 6346 6347 0.0.0.0 255.255.255.255 40 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 6346 6347 HP Switch(config)#: show class ipv4 kazaa Statements for Class ipv4 "kazaa" 10 match tcp 0.0.0.0 255.255.255.255 eq 1214 0.0.0.0 255.255.255.255 20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 1214 30 match udp 0.0.0.0 255.255.255.255 eq 1214 0.0.0.0 255.255.255.255 40 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 1214 HP Switch(config)#: show class ipv4 http Statements for Class ipv4 "http" 10 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 80 20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 443 50 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 8080
Syntax:
Displays the names of all policies defined for the switch and lists the statements that make up each policy.
Additional variants of the
show policy
command provide information on policies that have been applied to ports or VLANs.
Viewing show policy
output for a QoS policy
HP Switch(config)#: show policy suspect-traffic Statements for Policy "suspect-traffic" 10 class ipv4 "http" action rate-limit kbps 2000 action priority 3 20 class ipv4 "kazaa" action rate-limit kbps 1000 action priority 2 30 class ipv4 "gnutella" action rate-limit kbps 1000 action priority 2
Syntax:
[ show
| clear
]
statistics policy
policy-name
port
port-num
[ show
| clear
] statistics policy
policy-name
vlan
vid
in
Displays the statistics for a specified policy applied to a specified port or VLAN.
Clears statistics for the specified policy and port or VLAN.
Specifies the number of the port on which the policy is applied (single port only, not a range).
Specifies the number or name of the vlan on which the policy is applied. VLAN ID numbers range from 1 to 4094.
Specifies that statistics are shown for inbound traffic only.
Syntax:
Displays the number of hardware resources (rules, meters, and application port ranges) used by classifier-based QoS policies that are currently applied to interfaces on the switch, mirroring policies and other software features.
NOTE: The information displayed is the same as the output of
show qos resources
andshow access-list resources
commands. For a detailed explanation of the information displayed with theshow [qos |
command, see the Management and Configuration Guide for your switch.access-list
|policy
]resources
Viewing show policy resources
output for all currently configured QoS policies
HP Switch(config)#: show policy resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 3014 | 15 | 11 | 0 | 1 | 0 | 0 | 3 | | Meters | Meters Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 250 | | 5 | 0 | | | | 0 | | Application | | Port Ranges | Application Port Ranges Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 14 | 2 | 0 | 0 | | 0 | 0 | 0 | 0 of 8 Policy Engine management resources used. Key: ACL = Access Control Lists QoS = Device & Application Port Priority, QoS Policies, ICMP rate limits IDM = Identity Driven Management VT = Virus Throttling blocks Mirror = Mirror Policies, Remote Intelligent Mirror endpoints PBR = Policy Based Routing Policies Other = Management VLAN, DHCP Snooping, ARP Protection, Jumbo IP-MTU, Transparent Mode. Resource usage includes resources actually in use, or reserved for future use by the listed feature. Internal dedicated-purpose resources, such as port bandwidth limits or VLAN QoS priority, are not included.
Starting in software release K.14.01, the packet classification and prioritization methods, QoS configuration also supports advanced classifier-based functions. Advanced classifier-basedQoS introduces:
-
A finer granularity than globally-configured QoS for classifying IPv4 andIPv6 traffic
-
Additional actions for managing selected traffic, such as rate limiting and IP precedence marking
-
The application of QoS policies to inbound traffic flows on specific port and VLAN interfaces (instead of using only globally-configured, switch-wide QoS settings)
-
Enables re-use traffic classes in different software-feature configurations, such as QoS and port mirroring
Classifier-based QoS is designed to work with existing globally-configured, switch-wide QoS policies by allowing you to zoom in on a subset of port or VLAN traffic to further manage it. Classifier-based policies take precedence over, and may override, globally-configured QoS settings that apply to all traffic on the switch.
Classifier-based QoS policies provide greater control for managing network traffic. Using multiple match criteria, you can finely select and define the classes of traffic that you want to manage. QoS-specific policy actions determine how you can handle the selected traffic.
Classifier-based QoS configuration consists of the following general steps:
The following restrictions apply to QoS policies configured with the classifier-based model:
-
A classifier-based QoS policy cannot be applied on a port or VLAN interface on which a classifier-based QoS policy is already configured. It is possible to apply a classifier-based policy of a different type, such as port mirroring.
-
A QoS policy that uses the
rate-limit
command is not supported on a port interface on which ICMP rate limiting has already been globally configured. To apply the QoS policy, you must first disable the ICMP rate limiting configuration. See the Multicast and Routing Guide for your switch.In cases where an ICMP rate limiting configuration is to be maintained, configure a QoS policy by adding the necessary
match
statements for the ICMP traffic in a class configuration, then configure arate-limit
action for the class in the policy configuration. -
In a QoS policy that uses the
class action rate-limit
command, the rate limit is calculated on a per-module or per port-bank basis. If trunked ports or VLANs with a configured rate limit span multiple modules or port-banks, the configured rate limit is not guaranteed. -
In a QoS policy that uses the
class action dscp
command, the DSCP value entered must be already configured with an 802.1p priority in the DSCP Policy table.
This global QoS packet-marking option assigns an 802.1p priority to all IP packets that have the specified IP address as either a source or destination. If both the source and destination addresses match, the priority configured for the IP destination address has precedence.
Syntax:
Marks an 802.1p priority in outbound packets with the specified IP address or subnet mask in the source or destination field in a packet header, where:
or
ipv4-address
is an IPv4 or IPv6 address used to match the source or destination address in packet headers.
ipv6-address
NOTE: An IPv6 local-link address (such as
fe80::110:252%vlan20
) that is automatically generated on a VLAN interface is not supported as anipv6-address
value.
[ipv4]
is the subnet identified by the IPv4 mask for the specified address that is used to match the IPv4 in the source or destination field of packet headers.ipv4-address/mask-length
ipv6
is the subnet identified by the IPv6 prefix-length for the specified address that is used to match the IPv6 address in the source or destination field of packet headers.ipv6-address/prefix-length
Enter the IPv4 mask or IPv6 prefix length with an address in CIDR format by using the number of significant bits (for example,
2001:db8::1:262:a03:e102:127/64
or10.28.31.1/24
).
priority
marks the specified 802.1p priority in matching IP packets.0 - 7
The 802.1p priority determines the packet's queue in the outbound port on the switch. If the packet leaves the switch on a tagged VLAN port, it carries the 802.1p priority with it to the next downstream device.
The
no
form of the command deletes the specified IP address or subnet mask as a QoS classifier, and resets the priority for the VLAN toNo-override
.
Displays a listing of all IP device-priority QoS configurations currently in the
running-config
file.
Configuring and Viewing 802.1p priority
configuring and Viewing the 802.1p priority used to mark packets that match each global IP-device classifier:
IP Address / Mask or Prefix Length | 802.1p Priority |
---|---|
10.28.31.1 | 7 |
10.28.31.130 | 5 |
10.28.31.100/24 | 1 |
2001:db8:2:1:212:79ff:fe88:a100 | 3 |
2001:db8:3:3::/64 | 1 |
HP Switch(config)#: qos device-priority 10.28.31.1 priority 7 HP Switch(config)#: qos device-priority 10.28.31.130 priority 5 HP Switch(config)#: qos device-priority ipv4 10.28.32.100/24 priority 1 HP Switch(config)#: qos device-priority 2001:db8:2:1:212:79ff:fe88:a100 priority HP Switch(config)#: qos device-priority ipv6 2001:db8:3:3::/64 priority 1 HP Switch(config)#: show qos device-priority Device priorities Device Address Apply rule | DSCP Priority -------------------------------------------- ---------- + ------ ----------- 10.28.31.1 Priority | 7 10.28.31.130 Priority | 5 10.28.32.100/24 Priority | 1 2001:db8:2:1:212:79ff:fe88:a100 Priority | 3 2001:db8:3:3::/64 Priority | 1
-
Identify a DSCP used to set a policy in packets received from an upstream or edge switch.
-
Determine the 802.1p priority (0 - 7) you want to apply to packets carrying the identified DSCP. (You can either maintain the priority assigned in the upstream or edge switch, or assign a new priority.)
-
If necessary, use the
command to configure the DSCP policy (codepoint and associated 802.1p priority) that you want to use to mark matching packets.qos dscp-map
codepoint
priority0 - 7
-
Enable IP-Diffserv mode by entering the
qos type-of-service diff-services
command.
Syntax:
Causes the switch to read the
(DSCP) of an incoming IP packet and, when a match occurs, assign the associated 802.1p priority in the DSCP Policy table.codepoint
Options
Disables direct 802.1p priority assignment to packets carrying the |
|
Displays the current Type-of-Service configuration. In IP-Diffserv mode it also shows the current direct 802.1p assignments and the current DSCP assignments covered later in this section. |
Examples
show qos type-of-service
An edge switch A in an untagged VLAN assigns a DSCP of 000110 on IP packets it receives on port A6, and handles the packets with high priority (7). When these packets reach interior switch B you want the switch to handle them with the same high priority. To enable this operation you would configure an 802.1p priority of 7 for packets received with a DSCP of 000110
, and then enable diff-services
:
The next table shows the difference in how global IP-Precedence and IP-Diffserv classifiers are implemented in the switch.
Outbound port | IP Type-of-Service classifiers | |
---|---|---|
IP-Precedence mode | IP differentiated services mode | |
IP Packet Sent Out an Untagged Port in a VLAN |
Based on the IP Precedence bit set in a packet's ToS/Traffic Class field, the packet is sent to one of eight outbound port queues in the switch:
|
Based on the DSCP codepoint that the switch has been configured to detect, one of the following actions is taken:
Based on the new 802.1p priority marking, the packet leaves the switch through one of the following queues:
If |
IP Packet Sent Out a Tagged Port in a VLAN | Based on the IP Precedence bit set in a packet's ToS/Traffic Class field:
|
Based on the DSCP codepoint that the switch has been configured to detect, one of the following actions is taken:
Based on the new 802.1p priority marking, the packet leaves the switch through one of the outbound port queues described above. In addition, the priority value (0 - 7) is used to set the 802.1p priority in the VLAN tag carried by the packet to the next downstream device. If the priority is configured as |
When configuring global QoS classifiers using TCP/UDP and a Layer 4 Application port number or port range, the switch automatically assigns two QoS resources for each policy—one for traffic to the TCP/UDP destination port and one for traffic to the TCP/UDP source port.
The show qos resources
command displays the number of hardware resources currently in use by QoS policies and other software features.
Viewing the hardware resources used by currently configured QoS policies
HP Switch(config)#: show qos resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 3014 | 15 | 11 | 0 | 1 | 0 | 0 | 3 | | Meters | Meters Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 250 | | 5 | 0 | | | | 0 | | Application | | Port Ranges | Application Port Ranges Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 14 | 2 | 0 | 0 | | 0 | 0 | 0 | 0 of 8 Policy Engine management resources used. Key: ACL = Access Control Lists QoS = Device & Application Port Priority, QoS Policies, ICMP rate limits IDM = Identity Driven Management VT = Virus Throttling blocks Mirror = Mirror Policies, Remote Intelligent Mirror endpoints PBR = Policy Based Routing Policies Other = Management VLAN, DHCP Snooping, ARP Protection, Jumbo IP-MTU, Transparent Mode. Resource usage includes resources actually in use, or reserved for future use by the listed feature. Internal dedicated-purpose resources, such as port bandwidth limits or VLAN QoS priority, are not included.
|
|
NOTE: ACLs and QoS policies share the same application port ranges. If a new QoS policy specifies a port range that is already configured for one or more ACLs, the QoS column increases by 1, but the Application Port Ranges Available column remains unchanged. Likewise, if an ACL is configured for a port range on which a QoS policy is already applied, the ACL column increases by 1, while the Available column remains unchanged. Similarly, when you remove a port range, the Application Port Ranges Available column increases only if the port range is not configured for an existing ACL or QoS policy on the switch. |
|
|