Configuring Policing


Policing can be applied per port or globally (for example, on a per VLAN basis). Starting from Netvisor ONE release 6.1.0, it can also be applied based on a 3-bit internal priority value used to categorize the traffic based on 8 possible classes.

Port-based Policing

You can configure a vFlow policy that applies to a port and specifies a maximum bandwidth (and optionally a token bucket size), for example like so:


CLI (network-admin@switch) > vflow-create name policer1 scope fabric in-port 21 bw-max 0.4g


CLI (network-admin@switch) > port-stats-show port 21 show-diff-interval 1 format port,ibytes,ibits,iUpkts,iBpkts,iMpkts,obytes,obits,oUpkts,oBpkts,oMpkts


port ibytes ibits iUpkts iBpkts iMpkts obytes obits oUpkts oBpkts oMpkts

---- ------ ----- ------ ------ ------ ------ ----- ------ ------ ------

21   47.4M  397M  5.38K  0      0      82.2K  673K  1.11K  0      0

21   85.2K  698K  1.15K  0      0      49.2M  412M  5.59K  0      0

VLAN-based Policing

You can configure a vFlow policy that applies to all the traffic in a VLAN and specifies a maximum bandwidth (and optionally a token bucket size), for example like so:


CLI (network-admin@switch) > vflow-create name policer1 scope fabric in-port 21 bw-max 400m


CLI (network-admin@switch) > vflow-create name policer2 scope fabric vlan 10 bw-max 2g


CLI (network-admin@switch) > port-stats-show port 21 show-diff-interval 1 format port,ibytes,ibits,iUpkts,iBpkts,iMpkts,obytes,obits,oUpkts


port ibytes ibits iUpkts iBpkts iMpkts obytes obits oUpkts

---- ------ ----- ------ ------ ------ ------ ----- ------

21   0      62.4M 970    0      0      0      51.0M 1.20K

Internal Priority-based Policing

Internal priority is an intermediary priority value that maps DSCP values to CoS values. Netvisor ONE version 6.1.0 (or later release) allows you to configure vFlow policies using the internal priority as a filtering parameter. This means that you can now perform traffic policing for any received traffic based on DSCP values. In earlier versions of Netvisor ONE you needed to configure at least one vFlow policy per port per DSCP value or DSCP value range. However, starting from Netvisor ONE release 6.1.0, you need to configure only one vFlow per internal priority value.


The allowed range of internal priority values is 0-7. For example, you can assign a maximum bandwidth limit of 100 Mbps for packets with an internal priority value of 1 by using the command:



CLI (network-admin@switch) > vflow-create name flow1 scope local internal-pri 1 bw-max 100M


You can display the configuration by using the command:


CLI (network-admin@switch) > vflow-show

name:         flow1

scope:        local

type:         vflow

in-port:      

internal-pri: 1

bw-max:       100M

burst-size:   auto

precedence:   default

action:     

packet-res:

fwding-type:

enable:       enable

table-name:   System-L1-L4-Tun-1-0


To clear the internal priority field for a vFlow entry, use the command:


CLI (network-admin@switch) > vflow-create name flow1 internal-pri none


Note: To achieve filtering of traffic based on the desired DSCP values, you must configure the internal priority value on the basis of the configured DSCP to CoS mapping. For more information, see the Configuring DSCP to CoS Mapping section of the Configuring and Using vFlows chapter.


Note: This feature does not support queue numbers/classes 8 and 9 as these queues are available exclusively for internal control plane traffic.


Note: You can configure the internal-pri parameter in different hardware filter tables except for System-VCAP-table-1-0 and VCAP-IPv6-table-1-0.

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south