S9850-4C, R6555P01H43
现场端口wge 1/4/2 入方向做mqc car限速2G,服务器打流测试,发现限速没有生效,测试流量可以打到10G
(1)检查配置,配置限速没有问题,物理接口入方向也支持配置流量监管
#
interface Twenty-FiveGigE1/4/2
port link-mode bridge
port access vlan 3023
port link-flap protect enable
stp edged-port
qos trust dscp
qos apply policy bms2gbps inbound
#
traffic classifier bms2gbps operator and
if-match any
#
traffic behavior bms2gbps
car cir 2000000 cbs 125000192 ebs 0 green pass red discard yellow pass
#
(2)检查设备acl资源,入方向资源还是充足的
===============display qos-acl resource===============
Interfaces: GE1/0/1 to GE1/0/2, HGE1/2/1 to HGE1/2/8
WGE1/4/1 to WGE1/4/24, HGE1/4/25 to HGE1/4/26 (slot 1)
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
---------------------------------------------------------------------
VFP ACL 1024 256 0 768 25%
IFP ACL 18432 7680 594 10158 44%
IFP Meter 3072 768 2 2302 25%
IFP Counter 18432 7680 2 10750 41%
EFP ACL 2048 0 139 1909 6%
EFP Meter 1024 0 10 1014 0%
EFP Counter 1024 0 138 886 13%
(3)端口下只放通了一个vlan,检查vlan虚接口的配置,发现配置了一个包过滤,包过滤的acl里匹配了一条any的rule
包过滤优先级比qos优先级高,流量会先匹配包过滤里的rule,导致限速不生效
#
interface Vlan-interface3023
ip address 1.1.1.1 255.255.255.254
packet-filter 3001 inbound
#
acl number 3001
rule 1000 permit tcp source 2.2.2.2 0.0.0.63 destination 3.3.3.3 0.0.0.127 destination-port eq www
rule 1001 permit tcp source 2.2.2.2 0.0.0.63 destination 3.3.3.3 0.0.0.127 destination-port eq 443
rule 2000 deny ip source 2.2.2.2 0.0.0.63 destination 4.4.4.4 0.0.0.255
rule 2002 deny ip source 2.2.2.2 0.0.0.63 destination 5.5.5.5 0.0.0.127
rule 3000 permit ip
#
报文过滤的缺省动作为Permit,即允许未匹配上ACL规则的报文通过。可以去掉包过滤里的这个rule 3000
遇到acl相关的配置不生效问题,如流镜像、包过滤、pbr等,可以先检查下设备上有没有其他acl优先匹配了
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作