Configuring Policing
Policing can be applied per port or globally (for example, on a per VLAN basis). Starting from Netvisor ONE release 6.1.0, it can also be applied based on a 3-bit internal priority value used to categorize the traffic based on 8 possible classes.
Port-based Policing
You can configure a vFlow policy that applies to a port and specifies a maximum bandwidth (and optionally a token bucket size), for example like so:
CLI (network-admin@switch) > vflow-create name policer1 scope fabric in-port 21 bw-max 0.4g
CLI (network-admin@switch) > port-stats-show port 21 show-diff-interval 1 format port,ibytes,ibits,iUpkts,iBpkts,iMpkts,obytes,obits,oUpkts,oBpkts,oMpkts
port ibytes ibits iUpkts iBpkts iMpkts obytes obits oUpkts oBpkts oMpkts
---- ------ ----- ------ ------ ------ ------ ----- ------ ------ ------
21 47.4M 397M 5.38K 0 0 82.2K 673K 1.11K 0 0
21 85.2K 698K 1.15K 0 0 49.2M 412M 5.59K 0 0
…
VLAN-based Policing
You can configure a vFlow policy that applies to all the traffic in a VLAN and specifies a maximum bandwidth (and optionally a token bucket size), for example like so:
CLI (network-admin@switch) > vflow-create name policer1 scope fabric in-port 21 bw-max 400m
CLI (network-admin@switch) > vflow-create name policer2 scope fabric vlan 10 bw-max 2g
CLI (network-admin@switch) > port-stats-show port 21 show-diff-interval 1 format port,ibytes,ibits,iUpkts,iBpkts,iMpkts,obytes,obits,oUpkts
port ibytes ibits iUpkts iBpkts iMpkts obytes obits oUpkts
---- ------ ----- ------ ------ ------ ------ ----- ------
21 0 62.4M 970 0 0 0 51.0M 1.20K
…
Internal Priority-based Policing
Internal priority is an intermediary priority value that maps DSCP values to CoS values. Netvisor ONE version 6.1.0 (or later release) allows you to configure vFlow policies using the internal priority as a filtering parameter. This means that you can now perform traffic policing for any received traffic based on DSCP values. In earlier versions of Netvisor ONE you needed to configure at least one vFlow policy per port per DSCP value or DSCP value range. However, starting from Netvisor ONE release 6.1.0, you need to configure only one vFlow per internal priority value.
The allowed range of internal priority values is 0-7. For example, you can assign a maximum bandwidth limit of 100 Mbps for packets with an internal priority value of 1 by using the command:
CLI (network-admin@switch) > vflow-create name flow1 scope local internal-pri 1 bw-max 100M
You can display the configuration by using the command:
CLI (network-admin@switch) > vflow-show
name: flow1
scope: local
type: vflow
in-port:
internal-pri: 1
bw-max: 100M
burst-size: auto
precedence: default
action:
packet-res:
fwding-type:
enable: enable
table-name: System-L1-L4-Tun-1-0
To clear the internal priority field for a vFlow entry, use the command:
CLI (network-admin@switch) > vflow-create name flow1 internal-pri none
Note: To achieve filtering of traffic based on the desired DSCP values, you must configure the internal priority value on the basis of the configured DSCP to CoS mapping. For more information, see the Configuring DSCP to CoS Mapping section of the Configuring and Using vFlows chapter.
Note: This feature does not support queue numbers/classes 8 and 9 as these queues are available exclusively for internal control plane traffic.
Note: You can configure the internal-pri parameter in different hardware filter tables except for System-VCAP-table-1-0 and VCAP-IPv6-table-1-0.