精华内容
下载资源
问答
  • Joint Optimization of Rule Placement and Traffic Engineering for QoS Provisioning in Software Defined Network
  • 注意-由于时间紧迫,我无法维护此存储库,因此,如果有兴趣帮助维护此存储库的任何人都可以与我联系,我可以将您添加为维护者,谢谢。 交通规则违规检测系统 该项目试图在遇到红灯或超速行驶时检测汽车。...
  • 转自:...buildingowner=10184221 通过traffic-filter调用 <Huawei>sys [Huawei]acl 3000 //创建高级ACL(3000~3999) [Huawei-acl-adv-3...

    转自:http://support.huawei.com/ecommunity/bbs/10248323.html?auther=1&buildingowner=10184221

    通过traffic-filter调用

    <Huawei>sys

    [Huawei]acl 3000 //创建高级ACL(3000~3999)

    [Huawei-acl-adv-3000]

    [Huawei-acl-adv-3000]rule permit ip source192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 //配置允许192.168.1.0段去访问192.168.2.0段

    [Huawei-acl-adv-3000]rule deny ip source192.168.1.0 0.0.0.255 destination 192.168.4.0 0.0.0.255 //配置拒绝192.168.1.0段去访问192.168.=4.0段

    [Huawei-acl-adv-3000]dis thi //查看当前配置是否配置成功

    #

    acl number 3000

    rule5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255

    rule10 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.4.0 0.0.0.255

    #

    return

    [Huawei-acl-adv-3000]q //退出ACL视图

    [Huawei]int g0/0/1 //进入对应的接口

    [Huawei-GigabitEthernet0/0/1]traffic-filterinbound acl 3000 //接口下调用ACL 3000

    [Huawei-GigabitEthernet0/0/1]q //退出接口视图

    [Huawei]

    展开

    转载于:https://blog.51cto.com/13469136/2400448

    展开全文
  • acl访问控制列表,匹配感兴趣的数据,与相应的工具对数据进行处理,本次与traffic-filter流量过滤一起,对相应的流量数据进行限制或者放行。 转载于:https://blog.51cto.com/14162269/2344629

    一.要求
    1)R1只允许WG登录,WG能ping通Server1和Client1
    2)YF和CW之间不能互通,但都可以和WG互通
    3)YF可以访问Client1
    4)CW不能访问Client1
    5)YF和CW只能访问Server1的WWW服务
    6)只有WG才能访问Server1的所有服务
    二.拓扑图
    网络流量控制---ACL与traffic-filter
    三.配置
    WG:IP 192.168.1.1/24 网关192.168.1.254
    YF: IP 192.168.2.1/24 网关192.168.2.254
    CW:IP 192.168.3.1/24 网关192.168.3.254
    server1:IP 192.168.4.1/24 网关192.168.4.254
    Client1: IP192.168.10.1/24 网关192.168.10.254

    wg
    sys
    sys wg
    int g0/0/0
    ip addr 192.168.1.1 24
    q
    ip route-s 0.0.0.0 0.0.0.0 192.168.1.254

    r1
    sys
    sys r1
    int g0/0/0
    ip addr 192.168.20.254 24
    q
    int g0/0/1
    ip addr 192.168.30.254 24
    q
    int g0/0/2
    ip addr 192.168.10.254 24
    q

    r2
    sys
    sys r2
    int g0/0/0
    ip addr 192.168.30.1 24
    q
    int g0/0/1
    ip addr 192.168.1.254 24
    q
    int g0/0/2
    ip addr 192.168.2.254 24
    q

    r3
    sys
    sys r3
    int g0/0/0
    ip addr 192.168.20.1 24
    q
    int g0/0/1
    ip addr 192.168.3.254 24
    q
    int g0/0/2
    ip addr 192.168.4.254 24
    q

    r1
    ip route-s 192.168.1.0 24 192.168.30.1
    ip route-s 192.168.2.0 24 192.168.30.1
    ip route-s 192.168.3.0 24 192.168.20.1
    ip route-s 192.168.4.0 24 192.168.20.1

    r2
    ip route-s 192.168.10.0 24 192.168.30.254
    ip route-s 192.168.3.0 24 192.168.30.254
    ip route-s 192.168.4.0 24 192.168.30.254

    r3
    ip route-s 192.168.10.0 24 192.168.20.254
    ip route-s 192.168.1.0 24 192.168.20.254
    ip route-s 192.168.2.0 24 192.168.20.254

    r1
    acl 2000
    rule 5 permit source 192.168.1.1 0.0.0.0
    rule 10 deny source any
    q
    user-interface vty 0 4
    acl 2000 inbound
    user privilege level 3
    authentication-mode aaa
    aaa
    local-user jing password cipher 123
    local-user jing service-type telnet
    q

    r2
    acl 3000
    rule 5 permit ip source 192.168.2.1 0.0.0.0 destination 192.168.1.1 0.0.0.0
    rule 10 permit tcp source 192.168.2.1 0.0.0.0 destination 192.168.4.1 0.0.0.0 destination-port eq 80
    rule 15 permit ip source 192.168.2.1 0.0.0.0 destination 192.168.10.1 0.0.0.0
    rule 20 deny ip source any
    q
    int g0/0/2
    traffic-filter inbound acl 3000

    r3
    acl 3000
    rule 5 permit ip source 192.168.3.1 0.0.0.0 destination 192.168.1.1 0.0.0.0
    rule 10 permit tcp source 192.168.3.1 0.0.0.0 destination 192.168.4.1 0.0.0.0 destination-port eq 80
    rule 20 deny ip source any
    q
    int g0/0/1
    traffic-filter inbound acl 3000
    四.验证
    YF成功访问server1 的www服务
    网络流量控制---ACL与traffic-filter
    YF ping访问server1 失败网络流量控制---ACL与traffic-filter
    YF ping访问Client1成功
    网络流量控制---ACL与traffic-filter
    YF ping访问WG成功网络流量控制---ACL与traffic-filter
    YF ping访问CW失败
    网络流量控制---ACL与traffic-filter
    CW ping访问WG成功网络流量控制---ACL与traffic-filter
    CW ping访问YF失败
    网络流量控制---ACL与traffic-filter
    CW ping访问server1失败
    网络流量控制---ACL与traffic-filter

    acl访问控制列表,匹配感兴趣的数据,与相应的工具对数据进行处理,本次与traffic-filter流量过滤一起,对相应的流量数据进行限制或者放行。

    转载于:https://blog.51cto.com/14162269/2344629

    展开全文
  • ip rule

    2017-03-22 18:48:56
    One great way to take advantage of the RPDB is to split different types of traffic to different providers based on packet characteristics. Let's assume two network connections on  masq-gw , one that ...

    D.3. ip rule

    Another part of the iproute2 software package, ip rule is the single tool for manipulating the routing policy database under linux (RPDB). For a fuller discussion of the RPDB, see Section 10.3, “Using the Routing Policy Database and Multiple Routing Tables”. The RPDB can be displayed with ip rule show. Particular rules can be added and removed with (predictably, if you have been reading the sections on the other iproute2 tools) ip rule add command and the ip rule del command. We'll make a particular example of the ip rule add nat.

    D.3.1. ip rule show

    Briefly, the RPDB mediates access to the routing tables. In the overwhelming majority of installations (most workstations, servers, and even routers), there is no need to take advantage of the RPDB. A single IP routing table is all that is required for basic connectivity. In more complex networking configurations, however, the RPDB allows the administrator to programmatically select a routing table based on characteristics of a packet.

    Along with this freedom and flexibility comes the power to break networking in strange and unexpected ways. I will reiterate: IP routing is stateless. Because IP routing is stateless, the network architect, planner or administrator needs to be aware of the issues involved with using multiple routing tables.

    For a fuller discussion of some of these issues, be sure to read Section 10.3, “Using the Routing Policy Database and Multiple Routing Tables”. Now, let's look at some of the ways to use ip rule.

    D.3.2. Displaying the RPDB with ip rule show

    To display the RPDB, use the command ip route show. The output of the command is a list of rules in the RPDB sorted by order of priority. The rules with the highest priority will be displayed at the top of the output.

    Example D.28. Displaying the RPDB with ip rule show

    [root@isolde]# ip rule show
    0:      from all lookup local 
    32766:  from all lookup main 
    32767:  from all lookup 253
              

    There are some interesting items to observe here. First, these are the three default rules in the RPDB which will be available on any machine with an RPDB. The first rule specifies that any packet from any where should first be matched against routes in the local routing table. Remember that the local routing table is for broadcast addresses on link layers, network address translation, and locally hosted IP addresses.

    If a packet is not bound for any of these three destinations, the kernel will check the next entry in the RPDB. In the simple case above, on isolde, a packet bound for 205.254.211.182 would first pass through the local routing table without matching any of the local destinations. The next entry in the RPDB recommends using the main routing table to select a destination route.

    In isolde's main routing table, it is likely that there is no host nor network match for this destination, thus the packet will match the default route in the main routing table.

    FIXME!! Can anybody (somebody?) explain to me why there is a rule priority 32767 which refers to table 253? I'm still confused about this.

    D.3.3. Adding a rule to the RPDB with ip rule add

    Adding a rule to the routing policy database is simple. The syntax of the ip rule add command should be familiar to those who have read Section D.2, “ip route or have used the ip route to populate routing tables.

    A simple rule selects a packet on the the packet's characteristics. Some characteristics available as selection criteria are the source address, the destination, the type of service (ToS), the interface on which the packet arrived, and an fwmark.

    One great way to take advantage of the RPDB is to split different types of traffic to different providers based on packet characteristics. Let's assume two network connections on masq-gw, one that is a highly reliable high cost connection, and a much lower cost less reliable connection. Let's also assume that we are using Type of Service flags on IP packets on the internal network.

    We might want to prefer a low-latency, highly reliable link for one type of packet. By using tos as a selection criterion with ip rule we can effectively route these packets via our faster and more reliable internet connection.

    Example D.29. Creating a simple entry in the RPDB with ip rule add [58]

    [root@masq-gw]# ip route add default via 205.254.211.254 table 8
    [root@masq-gw]# ip rule add tos 0x08 table 8
    [root@masq-gw]# ip route flush cache
    [root@masq-gw]# ip rule show
    0:      from all lookup local 
    32765:  from all tos 0x08 lookup 8 
    32766:  from all lookup main 
    32767:  from all lookup 253
              

    Note that the rule we inserted was added to the next available higher priority in the RPDB because we did not specify a priority. If we wished to specify a priority, we could use prio.

    Now any packet with an IP ToS field matching 0x08 will be routed according to the instructions in table 8. If no route in table 8 applies to the matched packet (not possible, since we added a default route), the packet would be routed according to the instructions in table "main".

    The selection criteria for matching a packet can be grouped. Let's look at a more complex example of ip rule where we use multiple selection criteria.

    Example D.30. Creating a complex entry in the RPDB with ip rule add

    [root@masq-gw]# ip rule add from 192.168.100.17 tos 0x08 fwmark 4 table 7
              

    Frankly, that's a very complex rule! I do not know if I could describe a scenario where this particular rule would be required. The point, though, is that you can have arbitrarily complex selection criteria, and multiple rules which lookup routes in as many of the 253 routing tables as you wish.

    ip rule add, while a powerful tool, can quickly make a routing table or router too complex to easily understand. It's important to try to design and implement the simplest configuration to maintain on your router. If you cannot avoid using multiple routing tables and the RPDB, at least be systematic about it.

    D.3.4. ip rule add nat

    As discussed more thoroughly in Chapter 5, Network Address Translation (NAT), this is the other half of iproute2 supported network address translation. The two components are ip route add nat and ip rule add nat.

    ip rule add nat is used to rewrite the source IP on packets during the routing stage. Each packet from the real IP is translated to the NAT IP without altering the destination address of the packet.

    NAT is commonly used to publish a service in an internal network on a public IP. Thus packets returning to the public network need to be readdressed to appear with a source address of the publicly accessibly IP.

    Example D.31. Creating a NAT rule with ip rule add nat

    [root@masq-gw]# ip rule add nat 205.254.211.17 from 192.168.100.17
    [root@masq-gw]# ip rule show
    0:      from all lookup local 
    32765:  from 192.168.100.17 lookup main map-to 205.254.211.17
    32766:  from all lookup main 
    32767:  from all lookup 253
              

    In more complex situations, entire subnets can be translated to provide NAT for a range of IPs. The example below shows how to specify the ip rule add natto complete the NAT mapping in Example D.22, “Creating a NAT route for an entire network with ip route add nat.

    Example D.32. Creating a NAT rule for an entire network with ip rule add nat

    [root@masq-gw]# ip rule add nat 205.254.211.32 from 192.168.100.32/29
    [root@masq-gw]# ip rule show
    0:      from all lookup local 
    32765:  from 192.168.100.32/29 lookup main map-to 205.254.211.32
    32766:  from all lookup main 
    32767:  from all lookup 253
              

    Notice the ip rule synonym for the nat option. It is valid to substitute map-to for nat.

    D.3.5. ip rule del

    Naturally, no iproute2 tool would be complete without the ability to undo what has been done. With ip rule del, individual rules can be removed from the RPDB.

    It is at first quite confusing that the word all in the ip rule show output needs to be replaced with the network address 0/0. I do not know why all is not acceptable as a synonym for 0/0, but you'll save yourself some headache by getting in the habit of replacing all with 0/0.

    By replacing the verb add in any of the command lines above with the verb del, you can remove the specified entry from the RPDB.

    Example D.33. Removing a NAT rule for an entire network with ip rule del nat

    [root@masq-gw]# ip rule del nat 205.254.211.32 from 192.168.100.32/29
    [root@masq-gw]# ip rule show
    0:      from all lookup local 
    32766:  from all lookup main 
    32767:  from all lookup 253
              

    The ip rule utility can be a great boon in the manipulation and maintenance of complex routers.



    [58] Please note that this is an incomplete example. Simply put, I'm not dealing with the issues of inbound packets or packets destined for locally connected networks in this example. Keep in mind the instructional nature of this example, and plan your own network accordingly. For a fuller discussion of the issues involved with handling multiple Internet links, see Section 10.4, “Multiple Connections to the Internet”. Note also, that there is no corresponding network connection in the example network for this network connection.

    展开全文
  • 华为traffic访问列表及Qos基本配置

    万次阅读 多人点赞 2018-05-06 19:38:26
    2 访问列表traffic实验配置 2.1 实验环境及拓扑图 2.2 R1、R2、R3上配置OSPF 2.3 配置traffic访问控制 3 令牌桶及Qos配置 3.1 traffic配置 3.2 Qos配置 1 Qos概念 QoS(Quality of Ser...

    1 Qos概念

    QoS(Quality of Service,服务质量)指一个网络能够利用各种基础技术,为指定的网络通信提供更好的服务能力, 是网络的一种安全机制, 是用来解决网络延迟和阻塞等问题的一种技术。 在正常情况下,如果网络只用于特定的无时间限制的应用系统,并不需要QoS,比如Web应用,或E-mail设置等。但是对关键应用和多媒体应用就十分必要。当网络过载或拥塞时,QoS 能确保重要业务量不受延迟或丢弃,同时保证网络的高效运行。

    1.1 如何区分数据

    1. IP包,包括IP优先级(有8种),IP报文包头定义的有区分服务;dscp优先级
    2. Mac帧:802.1p

    1.2 Qos的三种模式

    1. Best-Effort service(尽力而为服务模型)
    2. Integrated service(综合服务模型,简称Int-Serv)
    3. Differentiated service(区分服务模型,简称Diff-Serv)(常用)

    1.3 Qos配置流程

    1. 流量分类(先用acl划分规则,而后再进行下一步配置)
    2. 流行为的配置
    3. 制定Qos策略,将前面定义的类和流行为绑定在一起
    4. 应用策略(基于接口或pvc的应用策略、基于上线用户的应用策略、基于Vlan的应用策略)

    1.4 QoS的三种服务模型

    1. Best-Effort service(尽力而为服务模型,简称Best-Effort
    Best-Effort服务模型是一个单一的服务模型,也是最简单的服务模型。对Best-Effort服务模型,网络尽最大的可能性来发送报文。但对延时、可靠性等性能不提供任何保证。
    Best-Effort服务模型是网络的缺省服务模型,通过FIFO(first in first out 先入先出)队列来实现。它适用于绝大多数网络应用,如FTP、E-Mail等。

    2. Integrated service(综合服务模型,简称Int-Serv
    Int-Serv服务模型Int-Serv是一个综合服务模型,它可以满足多种QoS需求。该模型使用资源预留协议(RSVP),RSVP运行在从源端到目的端的每个设备上,可以监视每个流,以防止其消耗资源过多。这种体系能够明确区分并保证每一个业务流的服务质量,为网络提供最细粒度化的服务质量区分。
    但是,Inter-Serv模型对设备的要求很高,当网络中的数据流数量很大时,设备的存储和处理能力会遇到很大的压力。Inter-Serv模型可扩展性很差,难以在Internet核心网络实施。

    3. Differentiated service(区分服务模型,简称Diff-Serv
    Diff-Serv服务模型Diff-Serv是一个多服务模型,它可以满足不同的QoS需求。与Int-Serv不同,它不需要通知网络为每个业务预留资源。区分服务实现简单,扩展性较好。

    2 访问列表traffic实验配置

    2.1 实验环境及拓扑图

    环境:
    	软件版本:eNSP 1.2.00.510
    IP地址如下:
    PC1:
    	Ethernet 0/0/1:192.168.1.2/24
    AR1:
    	GE 0/0/0:192.168.1.1/24(宣告ospf)
    	GE 0/0/1:10.1.1.1/24(宣告ospf)
    	GE 0/0/2:10.2.2.1/24(宣告ospf)
    AR2:
    	GE 0/0/0:10.1.1.2/24(宣告ospf)
    	GE 0/0/1:10.3.3.1/24(宣告ospf)
    	GE 0/0/2:100.100.100.1/24(宣告ospf)
    AR3:
    	GE 0/0/0:10.2.2.2/24(宣告ospf)
    	GE 0/0/1:10.3.3.2/24(宣告ospf)
    	GE 0/0/2:200.200.200.1/24(宣告ospf)
    www.Server1:
    	Ethernet 0/0/0:100.100.100.100/24
    ftp.Server2:
    	Ethernet 0/0/0:200.200.200.200/24
    

    拓扑图
    这里写图片描述

    2.2 R1、R2、R3上配置OSPF

    AR1:

    <R2>un t m 
    Info: Current terminal monitor is off.
    <R2>sy
    Enter system view, return user view with Ctrl+Z.
    [R1]ospf
    [R1-ospf-1]area 0
    [R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
    [R1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
    [R1-ospf-1-area-0.0.0.0]network 10.2.2.0 0.0.0.25
    [R1-ospf-1-area-0.0.0.0]dis th
    [V200R003C00]
    #
     area 0.0.0.0 
      network 10.1.1.0 0.0.0.255 
      network 10.2.2.0 0.0.0.255 
      network 192.168.0.0 0.0.0.255 
    #
    return
    

    AR2:

    <R2>un t m 
    Info: Current terminal monitor is off.
    <R2>sy
    Enter system view, return user view with Ctrl+Z.
    [R2]ospf
    [R2-ospf-1]area 0
    [R2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
    [R2-ospf-1-area-0.0.0.0]network 10.3.3.0 0.0.0.255
    [R2-ospf-1-area-0.0.0.0]network 100.100.100.0 0.0.0.255
    [R2-ospf-1-area-0.0.0.0]dis th
    [V200R003C00]
    #
     area 0.0.0.0 
      network 10.1.1.0 0.0.0.255 
      network 10.3.3.0 0.0.0.255 
      network 100.100.100.0 0.0.0.255 
    #
    return
    

    AR3:

    <R3>un t m
    Info: Current terminal monitor is off.
    <R3>sy
    Enter system view, return user view with Ctrl+Z.
    [R3]ospf
    [R3-ospf-1]area 0
    [R3-ospf-1-area-0.0.0.0]network 10.2.2.0 0.0.0.255
    [R3-ospf-1-area-0.0.0.0]network 10.3.3.0 0.0.0.255
    [R3-ospf-1-area-0.0.0.0]network 200.200.200.0 0.0.0.255
    [R3-ospf-1-area-0.0.0.0]dis th
    [V200R003C00]
    #
     area 0.0.0.0 
      network 10.2.2.0 0.0.0.255 
      network 10.3.3.0 0.0.0.255 
      network 200.200.200.0 0.0.0.255 
    #
    return
    

    测试是否全网互通
    这里写图片描述

    2.3 配置traffic访问控制

    这里写图片描述
    跟踪一下PC1到www.Server1的选路
    这里写图片描述
    跟踪一下PC2到ftp.Server2的选路
    这里写图片描述

    要求:
    PC1到ftp.Server2的选路由原来的PC1->R1->R2->R3->ftp.Server2改为PC1->R1->R3->ftp.Server2

    配置如下:

    # 只需要在R1上配置策略就可以
    # 高级acl策略配置
    [R1]acl 3000
    [R1-acl-adv-3000]rule permit ip destination 200.200.200.200 0
    [R1-acl-adv-3000]dis th
    [V200R003C00]
    #
    acl number 3000  
     rule 5 permit ip destination 200.200.200.200 0 
    #
    return
    [R1-acl-adv-3000]qu
    
    # 流分类配置
    [R1]traffic classifier c1
    [R1-classifier-c1]if-match acl 3000
    [R1-classifier-c1]dis th
    [V200R003C00]
    #
    traffic classifier c1 operator or
     if-match acl 3000
    #
    return
    [R1-classifier-c1]qu
    
    # 流行为配置
    [R1]traffic behavior b1
    [R1-behavior-b1]redirect ip-nexthop 10.2.2.2  # 重定向走向
    [R1-behavior-b1]qu
    
    # 制定traffic策略
    [R1]traffic policy p1
    [R1-trafficpolicy-p1]classifier c1 behavior b1
    [R1-trafficpolicy-p1]qu
    
    # 应用策略
    [R1]int g0/0/0
    [R1-GigabitEthernet0/0/0]traffic-policy p1 inbound  #需要设置到进口方向
    [R1-GigabitEthernet0/0/0]qu
    [R1]dis traffic policy user-defined 
      User Defined Traffic Policy Information:
      Policy: p1
       Classifier: c1
        Operator: OR
         Behavior: b1
          Redirect: 
            Redirect ip-nexthop 10.2.2.2
    
    [R1]
    

    测试
    这里写图片描述

    3 令牌桶及Qos配置

    令牌桶算法是网络流量整形(Traffic Shaping)和速率限制(Rate Limiting)中最常使用的一种算法。典型情况下,令牌桶算法用来控制发送到网络上的数据的数目,并允许突发数据的发送。可以把其形象的比喻成高速公路发卡(令牌),当发的卡越多高速公路上就越拥堵,所以需要对其进行一些限速,就是把卡(令牌)少发一点。

    下面几个名词概念是需要了解的:

    • CIR:(Committed Information Rate,承诺信息速率)。计量单位为kbps (以bit 位为单位) 每秒可通过的速率。如设置为500Kbps 。每8bit位=1Byte 1kbps=1024bit
    • PIR(Peak Information Rate,峰值信息速率):即允许传输或转发报文的最大速率;单位为bit
    • CBS:(Committed Burst Size):承诺突发尺寸突发尺寸,令牌桶的容量,即每次突发所允许的最大的流量尺寸。设置的突发尺寸必须大于最大报文长度。计量单位为byte(字节)。
    • PBS:(Peak Burst Size):峰值突发尺寸
    • EBS:(Excess Burst Size,超出突发尺寸):即瞬间能够通过的超出突发流量。

    PIR 和PBS是只有在交换机中才有的参数。

    green(pass通过)<CIR<yellow(排队等待) <PIR<red(丢弃)

    3.1 traffic配置

    要求限速CIR为10M,CBS为2000000,PBS为4000000

    这里需要注意一个设备的一个接口只能配置一个策略,就是R1的GE0/0/0接口只能保留一个策略,所以需要把上一个策略给undo掉

    # 高级acl策略配置
    [R1]acl 3001
    [R1-acl-adv-3001]rule permit ip destination 100.100.100.100 0
    [R1-acl-adv-3001]qu
    
    # 流分类配置
    [R1]traffic classifier c2
    [R1-classifier-c2]if-match acl 3001
    [R1-classifier-c2]qu
    
    # 流行为配置
    [R1]traffic behavior b2
    [R1-behavior-b2]car cir 10000 cbs 2000000 pbs 4000000 green pass yellow pass remark-dscp 20 red discard   # car就是限速的
    [R1-behavior-b2]qu
    
    # 制定traffic策略
    [R1]traffic policy p2
    [R1-trafficpolicy-p2]classifier c2 behavior b2
    [R1-trafficpolicy-p2]qu
    
    # 应用策略
    [R1]int g0/0/0
    [R1-GigabitEthernet0/0/0]dis th
    [V200R003C00]
    #
    interface GigabitEthernet0/0/0
     ip address 192.168.1.1 255.255.255.0 
     traffic-policy p1 inbound
    #
    return
    [R1-GigabitEthernet0/0/0]undo traffic-policy inbound   #关掉上一个策略
    [R1-GigabitEthernet0/0/0]traffic-policy p2 inbound 
    [R1-GigabitEthernet0/0/0]qu
    [R1]dis traffic policy user-defined 
      User Defined Traffic Policy Information:
      Policy: p2
       Classifier: c2
        Operator: OR
         Behavior: b2
          Committed Access Rate:
            CIR 10000 (Kbps), PIR 0 (Kbps), CBS 2000000 (byte), PBS 4000000 (byte)
            Color Mode: color Blind 
            Conform Action: pass
            Yellow  Action: remark dscp 20 and pass
            Exceed  Action: discard
    
      Policy: p1
       Classifier: c1
        Operator: OR
         Behavior: b1
          Redirect: 
            Redirect ip-nexthop 10.2.2.2
    
    [R1]
    

    3.2 Qos配置

    # qos比较简单,一条命令搞定
    [R1-GigabitEthernet0/0/0]qos car inbound acl 3001 cir 10000 cbs 2000000 pbs 4000000 green pass yellow pass remark-dscp 20 red discard 
    [R1-GigabitEthernet0/0/0]dis th
    [V200R003C00]
    #
    interface GigabitEthernet0/0/0
     ip address 192.168.1.1 255.255.255.0 
     qos car inbound acl 3001 cir 10000 cbs 2000000 pbs 4000000 green pass yellow pa
    ss remark-dscp af22 red discard
     traffic-policy p2 inbound
    #
    return
    [R1-GigabitEthernet0/0/0]
    
    展开全文
  • 流策略概述Traffic Policy

    千次阅读 2019-10-08 18:12:25
    华为需要先配ACL,然后配流分类(traffic classifier tc1),将ACL和流分类绑定,再配流行为(traffic behavior tb1),接着配置流策略(traffic policy tp1),最后把策略应用到接口下,让ACL生效。...
  • Traffic policy 策略,三层路由过滤 ... Rule 5 deny ip source 192.168.120.0 0.0.0.255 destination 192.168.125.0 0.0.0.255 2#做classifier Traffic classifier 10 If-match 10 3#做behavior Tra...
  • img Forwarding Rule 定义 img Target Proxy 定义 img URL Map 定义 img Backend Service 定义 img Managed Instance Group 定义 img 数据面 Sidecar 配置 Traffic Director 将服务发现信息和路由规则转换为 Envoy ...
  • 学习5G知识,势必要去阅读相关的技术标准,而纯英文的标准协议对于初学者来说是个门槛。 个人在学习5G标准3GPP TS 29244-g30过程...5.2.1A Packet Detection Rule Handling报文检测规则处理 5.2.1A.1 General When.
  • ICAO Doc4444-RAC_501_13_Rules of the air and air traffic services.pdf
  • 1,最近某公司有个需求 2,配置为重点--在于思路 需求:192.168.1 3 5 8网段不能访问2.x网段 仅允许财务2.x访问1.... rule 10 permit ip source 192.168.1.253 0.0.0.0 destination 192.168.2.0 0.0.0.2...
  • 学习5G知识,势必要去阅读相关的技术标准,而纯英文的标准协议对于初学者来说是个门槛。 个人在学习5G标准3GPP TS 29244-g30...5.2.7 Multi-Access Rule Handling (for 5GC)多访问规则处理(用于5GC) 5.2.7.1 Gen.
  • Traffic Shifting

    2018-05-16 17:30:07
    samples/bookinfo/kube/route-rule-all-v1.yaml )。如果你在一个不同环境进行这个课题,将 kube 更换为对应你运行环境的目录 (e.g., samples/bookinfo/consul/route-rule-all-v1.yaml for the Consul-based ...
  • linux有一个成熟的带宽供给系统,称为Traffic Control(流量控制)。这个系统支持各种方式进行分类、排序、共享和限制出入流量。 一、基础知识 让ip显示我们的链路 ip link list root@hbg:/# ip link list1: ...
  • Control Egress Traffic

    2018-05-16 17:45:45
    name: httpbin-egress-rule spec: destination: service: httpbin .org ports: - port: 80 protocol: http EOF 2.为能访问一个外部HTTPS服务创建一个egress规则: cat | istioctl create -f - ...
  • 一、使用ip rule查看路由策略数据库 ip rule list 在 Linux 系统启动时,内核会为路由策略数据库配置三条缺省的规则: rule 0 匹配任何条件 查询路由表local(ID 255) 路由表local是一个特殊的路由表,包含...
  • Traffic-Filter(ACL)在WLAN应用场景比较适合 在一个企业网络架构中,无线提供多种业务转发,包括给访客Guest的,以及内部员工的,我们希望访客只能访问internet,而内部员工限制则少很多,这时候可以通过在无线...
  • 官方定义: 先匹配ACL,如是deny那就直接过滤掉,不再通过qos匹配;如是acl是permit,那么接下来qos流量进行匹配...traffic behavior但是若使用deny,则无论acl规则中的permit或者deny,一律全都丢弃不进行转发. 组合有
  • ZTE OLT对ONU限速 方法1:ACL限速 Step-1:使用con t 命令进入...Step-4:使用traffic-limit in 命令配置rule 的限速 Step-5: 使用interface 命令进入配置模式,绑定ACL规则 示例: ACL: Acl有多种配置模式:其中...
  • Correlation rule tuning

    2014-07-20 10:55:00
    to find the mechanism to ignore that specific traffic for that specific rule. I have seen rules that need to be modified slightly to become effective. For example a correlation rule monitoring for...
  • Linux操作系统中的流量控制器TC(Traffic Control)用于Linux内核的流量控制,主要是通过在输出端口处建立一个队列来实现流量控制。 接收包从输入接口进来后,经过流量限制丢弃不符合规定的数据包,由输入多路分配...
  • 华为alc配置实例:-traffic-filter # 在VLAN100上配置基于ACL的报文过滤,允许源IP地址为192.168.0.2/32的报文通过,丢弃其他报文。 &lt;HUAWEI&gt; system-view [HUAWEI] vlan 100 ...
  • PCI Express学习篇---PCIe Ordering Rule

    千次阅读 2021-04-17 10:33:20
    Ordering rule的作用: 兼容传统的总线(PCI,PCI-X,AGP) 确保Completion是确定的,顺序是可控的 避免deadlock死锁 通过最小化read latency和管理read write ordering以此来最大化性能和吞吐率 有三种模型: ...
  • Egress 1 创建 egress 规则 (1)向management发出api命令: ...最终在cloud数据库firewall_rules表中插一条state:Add,purpose: Firewall,traffic_type: Egress的记录。 execute()方法 management --
  • Snort Rule Infographic

    2019-09-26 10:22:48
    Snort Rule Infographic Official Documentation Snort FAQ Snort Team / Open Source Community Snort Users Manual Snort Team Snort Rule Infographic Talos ------------...
  • records.config¶ ...records.config file (by default, located in/usr/local/etc/trafficserver/) is a list of configurable variables used bythe Traffic Server software. Many of the variables in ther

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 7,963
精华内容 3,185
关键字:

ruletraffic