Nortel Networks 5510 Classification, Untrusted Ports, Unrestricted Ports, IP Classifier Elements

Page 8

Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

polices. The ‘well-know’ DSCP values can be viewed by using the NNCLI command ‘show qos eqressmap’.

Untrusted Ports

o Assumes that all traffic coming into the port is suspect. Therefore, the DSCP field of any traffic that enters the Ethernet Routing Switch 5500 from an Untrusted Port is re- marked. For untagged packets, the default classifier is used to change the DSCP.

This results in a DSCP value determined by the CoS-to-DSCP mapping table using the default 802.1p priority of the interface where the packet is received. For tagged packets, the 802.1p value is determined by CoS-to-DSCP mapping table using the best effort DSCP, which is 0.

Unrestricted Ports

o Does not assume anything about the origin of the incoming traffic. You may assign an action to set the DSCP or not to set the DSCP; it's up to you. This allows you to manipulate the DSCP value based upon the filter criteria, and not upon the point of origin.

The following table displays a summary of the role combination capabilities.

Table 1: Default QoS Action

Type of Filter

Action

Trusted

Untrusted

Unrestricted

 

 

 

 

 

 

 

 

 

Tagged--Updates to 0

 

 

 

Does not

(Standard)

Does not

 

DSCP

Untagged--Updates using

 

change

change

IPv4 filter criteria

 

mapping table and port’s

 

 

 

 

 

default value

 

or Layer 2 filter

 

 

 

 

 

 

 

criteria matching

 

 

 

 

IPv4

 

 

 

 

 

Updates

 

 

 

 

 

 

 

IEEE

based on

Updates based on DSCP

Does not

 

DSCP

 

802.1p

mapping table value

change

 

mapping

 

 

 

 

 

 

table value

 

 

 

 

 

 

 

Classification

Classification identifies the traffic flow that requires QoS management. The traffic flow may be identified by the Layer 2 or IP content of the frame using any of the elements shown below.

ƒLayer 2 Classifier Elements

o Source MAC with mask to filter on complete or partial MAC addresses

o Destination MAC with mask to filter on complete or partial MAC addresses o VLAN ID – can be a range

o Tagged or untagged packets o EtherType

o 802.1p priority

IP Classifier Elements

o Source IPv4/v6 host or subnet

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

External Distribution

7

Image 8
Contents Ethernet Routing Switch NN48500-559 Abstract Table of Contents List of Figures List of TablesDocument Updates SymbolsConventions TextOverview Ethernet Routing Switch 5500 QoS and Filtering Classification Untrusted PortsUnrestricted Ports ƒ Layer 2 Classifier ElementsActions Supported StatisticsQoS Flow Chart Classifier Block Functionality Filter FunctionalityOverall Classification Functionality Port Range Functionality 7, 15, 31, 63 255, 511, 1025 4095, 8191 32762, or Min =Default Policy Drop Action PoliciesNN48500-559 Queue Sets 5520-24T-PWRconfig#qos agent buffer large maximum regular5520-24T-PWRconfig#default qos agent buffer Ethernet Routing Switch 5500 Egress CoS Queuing Egress CoS QueuingCoS 5520-24T-PWRconfig#show qos queue-set-assignment 5520-24T-PWRconfig#qos agent queue setEgress Queue Recommendations 5520-24T-PWRconfig#default qos agent queue-set5520-24T-PWRconfig#qos agent reset-default Traffic Meter and Shaping Bucket SizeActual Bucket Size Policing TrafficActual Bucket Size in Bytes Actual size in bytes Interface Parameter DescriptionExample Bucket Size Max burst rate Committed rate Duration MSec Interface ShaperMeter Bucket Size and Duration 5530-24TFDconfig#show qos if-shaper port Default Nortel Class of Service Default Nortel CoS MarkingsBinary Hex DecimalQoS Access Lists ACL ACL ConfigurationIP-ACL Configuration Config#qos ip-acl name 1..16 character string ?2 L2-ACL Configuration ACL-Assign ConfigurationACL Configuration Example Config#qos l2-acl name 1..16 character string ?5530H-24TFD#show qos ip-acl Verification5530H-24TFD#show qos acl-assign 5530H-24TFD#show qos policy 5500config#no qos acl-assign 5500config#no qos acl-assign 1 port 1/195500config#no qos ip-acl Changing ACLIP Security Features Dhcp Snooping ConfigurationDynamic ARP Inspection Configuration Dhcp SnoopingIP Source Guard Configuration IP Source GuardBpdu Filtering Configuration Bpdu FilteringQoS Applications Number of Classifiers Used Feature QoS Interface ApplicationsConfiguration Example ARP SpoofingDhcp Attacks Dhcp Snooping10.3 DoS Bpdu Blocking Configuration Steps Policy Configuration Role CombinationERS5500-48T#show qos if-assign ERS5500-48T#show qos if-groupERS5500-48Tconfig#qos ip-element 1-64000? ClassificationAdding IP and L2 Element IP ElementAdding a Classifier Adding a Classifier BlockMeters Parameters and variables DescriptionAdd a New Policy QoS Action Configuration ExamplesPre-defined Values Configuration Example 1 Traffic Meter Using Policies 12.2.1 ERS5500 Configuration Using PoliciesConfigure the Interface Role Combination Configure the IP elementsERS5500 Create the classifier block Configure MetersConfigure the Classifier Block Configure the Policy Verify OperationsERS5500 Create the policy Verify the Role CombinationVerify Classifier and Classifier Block Configuration Name m1ERS5500-24T#show qos classifier-block Verify Policy Configuration Verify that the QoS Policy 12.3.1 ERS5500 Configuration IP ACL, Dhcp Snooping, ARP Inspection, and Source GuardERS5500 Add IP address to Vlan 700 and enable Ospf ERS5500 Enable ARP-Inspection for VLAN’s 110 ERS5500 Assign the IP-ACL’s to ports Verify DHCP-SnoopingVerify ARP Inspection VIDVerify ACL Configuration Verify IP Source GuardNN48500-559 NN48500-559 ERS5500-24T#show qos acl-assign Configuration Example 3 Port Range Using ACL or Policy TCP Port RangeERS5500 Create IP elements for UDP port range Configuration Using PoliciesConfigure the Policies Configuration Using IP-ACL’s ERS5500 Remark all other traffic to Bronze12.5.1 ERS5500 Configuration Using Policies Create PolicyERS5500 Assign the L2-ACL’s to ports 12.5.2 ERS5500 Configuration Using IP-ACL’sERS5500 Pass all other traffic with standard CoS Configuration Example 5 L2 and L3 Classification 12.6.1 ERS5500 Configuration Using PoliciesConfigure Classifier and Classifier Blocks ERS5500 Add L2 elements for Vlan 11012.7.1 ERS5500 Configuration Dscp Mapping via Un-restricted Port RoleACL Configuration Policy ConfigurationView the Queue Assignments ID IDVerify Shape Rate Configuration Configuration Example 7 Interface ShapingEnable Shaping on Port Software Baseline Reference DocumentationContact us