Nortel 5530 User manual

Ethernet Routing Switch

5510/5520/5530

Engineering

> Filters and QOS Configuration for

Ethernet Routing Switch 5500

Technical Configuration Guide

Enterprise Solutions Engineering

Document Date: April 01, 2008

Document Number: NN48500-559

Document Version: 2.0

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

Nortel is a recognized leader in delivering communications capabilities that enhance the human

experience, ignite and power global commerce, and secure and protect the world’s most critical

information. Serving both service provider and enterprise customers, Nortel delivers innovative

technology solutions encompassing end-to-end broadband, Voice over IP, multimedia services

and applications, and wireless broadband designed to help people solve the world’s greatest

challenges. Nortel does business in more than 150 countries. For more information, visit Nortel

on the Web at www.nortel.com.

While the information in this document is believed to be accurate and reliable, except as

otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS"

WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The

information and/or products described in this document are subject to change without

notice. Nortel Networks, the Nortel Networks logo and the Globemark are trademarks of

Nortel Networks.

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

Abstract

This technical configuration guide provides an overview on how to configure QoS and Filters on

the Ethernet Routing Switch 5500 with software release 5.1. The configuration examples are all in

reference to the Nortel Networks Command Line Interface (NNCLI).

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

Table of Contents

DOCUMENT UPDATES..................................................................................................................5

CONVENTIONS...............................................................................................................................5

1. OVERVIEW: ETHERNET ROUTING SWITCH 5500 QOS AND FILTERING........................6

2. QOS FLOW CHART................................................................................................................9

3. FILTER FUNCTIONALITY ....................................................................................................10

3.1 OVERALL CLASSIFICATION FUNCTIONALITY........................................................................10

3.2 CLASSIFIER BLOCK FUNCTIONALITY ..................................................................................10

3.3 PORT RANGE FUNCTIONALITY...........................................................................................11

3.4 POLICIES .........................................................................................................................12

4. QUEUE SETS........................................................................................................................14

5. TRAFFIC METER AND SHAPING........................................................................................19

5.1 ACTUAL BUCKET SIZE.......................................................................................................20

5.2 POLICING TRAFFIC ...........................................................................................................20

5.3 INTERFACE SHAPER .........................................................................................................22

6. DEFAULT NORTEL CLASS OF SERVICE ..........................................................................24

7. QOS ACCESS LISTS (ACL).................................................................................................25

7.1 ACL CONFIGURATION.......................................................................................................25

8. IP SECURITY FEATURES....................................................................................................30

8.1 DHCP SNOOPING ............................................................................................................30

8.2 DYNAMIC ARP INSPECTION ..............................................................................................30

8.3 IP SOURCE GUARD ..........................................................................................................31

9. BPDU FILTERING.................................................................................................................32

9.1 BPDU FILTERING CONFIGURATION...................................................................................32

10. QOS INTERFACE APPLICATIONS..................................................................................33

10.1 ARP SPOOFING ...............................................................................................................34

10.2 DHCP ATTACKS ..............................................................................................................35

10.3 DOS................................................................................................................................36

10.4 BPDU BLOCKING.............................................................................................................37

11. CONFIGURATION STEPS – POLICY CONFIGURATION...............................................38

11.1 ROLE COMBINATION.........................................................................................................38

11.2 CLASSIFICATION...............................................................................................................39

11.3 METERS...........................................................................................................................41

11.4 ADD A NEW POLICY..........................................................................................................42

12. CONFIGURATION EXAMPLES........................................................................................43

12.1 PRE-DEFINED VALUES ......................................................................................................43

12.2 CONFIGURATION EXAMPLE 1–TRAFFIC METER USING POLICIES........................................44

12.3 CONFIGURATION EXAMPLE –IP ACL, DHCP SNOOPING,ARP INSPECTION,BPDU

FILTERING,AND SOURCE GUARD ..................................................................................................50

12.4 CONFIGURATION EXAMPLE 3: PORT RANGE USING ACL OR POLICY ...................................59

12.5 CONFIGURATION EXAMPLE 4–L2 CLASSIFICATION BASED ON MAC ADDRESS ...................62

12.6 CONFIGURATION EXAMPLE 5–L2 AND L3 CLASSIFICATION................................................64

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

12.7 CONFIGURATION EXAMPLE 6-QOSMARKING WITH PORT ROLE COMBINATION SET FOR UN-

RESTRICTED USING ACL’S............................................................................................................66

12.8 CONFIGURATION EXAMPLE 7–INTERFACE SHAPING..........................................................69

13. SOFTWARE BASELINE ...................................................................................................70

14. REFERENCE DOCUMENTATION....................................................................................70

List of Figures

Figure 1: QoS System Diagram.......................................................................................................6

Figure 2: QoS Flow Chart................................................................................................................9

Figure 3: Arp Spoofing Example....................................................................................................34

Figure 4: IP ACL, DHCP Snooping, ARP Inspection, and Source Guard .....................................50

Figure 5: L2 Classification Based on MAC Address Example.......................................................62

Figure 6: DSCP Mapping via Un-restricted Port Role ...................................................................66

List of Tables

Table 1: Default QoS Action ............................................................................................................7

Table 2: Example of Valid Port Ranges.........................................................................................11

Table 3: Default Policy Drop Action...............................................................................................12

Table 4: Ethernet Routing Switch 5500 Resource Sharing ...........................................................14

Table 5: Ethernet Routing Switch 5500 Egress CoS Queuing......................................................15

Table 6: Meter and Shaping Range and Granularity.....................................................................19

Table 7: Actual Bucket Size in Bytes.............................................................................................20

Table 8: Meter Bucket Size and Duration......................................................................................22

Table 9: Default Nortel CoS Markings ...........................................................................................24

Table 10: QoS Applications – Number of Classifiers Used...........................................................33

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

Document Updates

Added ACL, DHCP Snooping, APP Inspection, BPDU Filtering and IP Source Guard.

Conventions

This section describes the text, image, and command conventions used in this document.

Symbols:

Tip – Highlights a configuration or technical tip.

Note – Highlights important information to the reader.

Warning – Highlights important information about an action that may result in equipment

damage, configuration or data loss.

Text:

Bold text indicates emphasis.

Italic text in a Courier New font indicates text the user must enter or select in a menu item, button

or command:

ERS5520-48T# show running-config

Output examples from Nortel devices are displayed in a Lucinda Console font:

ERS5520-48T# show running-config

! Embedded ASCII Configuration Generator Script

! Model = Ethernet Routing Switch 5520-24T-PWR

! Software version = v5.0.0.011

enable

configure terminal

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

1. Overview: Ethernet Routing Switch 5500

QoS and Filtering

The Ethernet Routing Switch 5500 supports QoS and filter configuration via WEB, CLI, and

Device Manager with no support for COPS at this time. As shown in the diagram below, the

following functional components provide QoS support on the Ethernet Routing Switch 5500:

•Role Combination on the ingress port

•Classify traffic at either Layer 2 or at a Layer 3/4 level

•Take action by dropping, marking, redirecting, or metering (policing) traffic

•Send traffic to appropriate egress queue

Figure 1: QoS System Diagram

Role Combination

A role combination is a grouping of one or more ports, capabilities, and interface classifications

against which a policy is applied. The capabilities presently supported on the Ethernet Routing

Switch 5500 include ingress IP and Layer 2 classification. The Ethernet Routing Switch 5500

supports the following interface classes that can be applied to zero, one, or many interfaces:

•Trusted Ports

oAssumes that all traffic coming into the port is originating from a trusted source.

Therefore, the DSCP field of any traffic that enters the Ethernet Routing Switch 5500

from a Trusted Port is not remarked by default. However, a policy can still be applied

to a trusted port to remark if required. Note that only the 802.1p user priority value

associated with ‘well-known’ DSCP values are remapped by the default trusted

Port

Classifier

Meter

Marker

Dropper

Queue

Redirecto

Actions

Counters / Statistics

Role Combinations

(ingress port group)

Egress

ports

Port

Queue

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

polices. The ‘well-know’ DSCP values can be viewed by using the NNCLI command

‘show qos eqressmap’.

•Untrusted Ports

oAssumes that all traffic coming into the port is suspect. Therefore, the DSCP field of

any traffic that enters the Ethernet Routing Switch 5500 from an Untrusted Port is re-

marked. For untagged packets, the default classifier is used to change the DSCP.

This results in a DSCP value determined by the CoS-to-DSCP mapping table using

the default 802.1p priority of the interface where the packet is received. For tagged

packets, the 802.1p value is determined by CoS-to-DSCP mapping table using the

best effort DSCP, which is 0.

•Unrestricted Ports

oDoes not assume anything about the origin of the incoming traffic. You may assign

an action to set the DSCP or not to set the DSCP; it's up to you. This allows you to

manipulate the DSCP value based upon the filter criteria, and not upon the point of

origin.

The following table displays a summary of the role combination capabilities.

Table 1: Default QoS Action

Type of Filter Action Trusted Untrusted Unrestricted

DSCP Does not

change

•Tagged--Updates to 0

(Standard)

•Untagged--Updates using

mapping table and port’s

default value

Does not

change

IPv4 filter criteria

or Layer 2 filter

criteria matching

IPv4

IEEE

802.1p

Updates

based on

DSCP

mapping

table value

Updates based on DSCP

mapping table value Does not

change

Classification

Classification identifies the traffic flow that requires QoS management. The traffic flow may be

identified by the Layer 2 or IP content of the frame using any of the elements shown below.

Layer 2 Classifier Elements

oSource MAC with mask to filter on complete or partial MAC addresses

oDestination MAC with mask to filter on complete or partial MAC addresses

oVLAN ID – can be a range

oTagged or untagged packets

oEtherType

o802.1p priority

•IP Classifier Elements

oSource IPv4/v6 host or subnet

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

oDestination IPv4/v6 host or subnet

oIPv4/v6 DSCP value

oIPv4 Protocol type, IPv6 next-header

oIPv4/v6 Layer 4 (UDP/TCP) Source port – can be range of ports

oIPv4/v6 Layer 4 (UDP/TCP) Destination port – can be range of ports

oIPv6 flow identifier

A classifier can contain one Layer 2 element, one IP element, or one Layer 2 and one IP element.

One or more classifiers can be combined to create a classifier block where up to 15 classifiers

and/or classifier blocks can be assigned to a port. By using classifier blocks, the number of

classifiers can be increased up to a total of 114 classifiers per port on the Ethernet Routing

Switch 5500 for a total of over 40K in a stack. In addition, statistic counters can be used to

match/in-profile and out-of-profile statistics with meter. Up to 32 match/in-profile counters and 63

out-of-profile counters (one per meter) are supported per interface.

Actions Supported

After matching a certain classification criteria, various actions can be initiated.

•In-profile actions (metered traffic within specific bandwidth limits)

oDrop

oUpdate DSCP

oUpdate 802.1p

oDrop precedence choice of low-drop, high-drop or use egress map

•Out-of-profile actions (metered traffic exceeding bandwidth limits)

oDrop

oUpdate DSCP

oSet drop precedence

•Non-Match actions (non-metered traffic)

oDrop

oUpdate DSCP

oUpdate 802.1p

oDrop precedence choice of low-drop or high-drop

Metering data includes in-profile and out-of-profile actions with metered bandwidth allocated per

port. Each meter has its own token bucket that controls the rate at which packets are accepted for

processing at ingress. The committed information rate (CIR) and bucket sizes are as follows:

oCommitted rate from 1 Mbps to 1 Gbps in 1 Mbps increments, 64K to 1 Gbps in 64K for

ERS5530 only with 10/100/1000 Mbps interfaces – please see table 6 below for details

oToken bucket sizes in bytes: 16K, 20K, 32K, 44K, 76K, 140K, 268K, 512K where one

byte is sent for each token

oUp to 63 counters are available per port

Statistics

The Ethernet Routing Switch 5500 supports tracking of statistics (packet counters) for the policies

defined. The switch can be set-up for one counter for each classifier or a counter for all classifiers

associated with a policy up to 63 counters are available per port. The statistics track match/in-

profile and out-of-profile statistics associated with a meter.

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

ExternalDistribution

2. QoS Flow Chart

The following flowchart displays the various steps required in setting up a QoS policy. You

basically now need to create a Classifier with each Classifier made up of one IP Classifier

Element, or one L2 Classifier Element or one IP and one L2 Classifier Element. You then add the

Classifier to a separate Policy on a per port basis. Or you can group a number of Classifiers into

a Classifier Block and then add the Classifier Block to a Policy on a per port basis. The Ethernet

Routing Switch 5500 supports up to 114 Classifiers per port for a total of greater than 40K

Classifiers in a fully configured stack.

Figure 2: QoS Flow Chart

Role Combination

*Application > QoS > Devices

> Interface Configuration

Role Combination –

Interface Classes

oTrusted Ports

oUntrusted Ports

oUnrestricted

Classification

*Application > QoS > Rules

Classifier Element

oIP Classifier Element

oL2 Classifier Element

Classifier

Made up of one of the

following:

oOne L2 Element

oOne IP Element

One L2 and one IP

Classifier Block

Grouping of one or more

Classifiers

Policy

Type = Classifier

*Application QoS Policy

Policy

Type = Classifier Block

*Application QoS Policy

Meter

*Application QoS Meter

* WEB Configuration Step

This manual suits for next models

Table of contents

Other Nortel Switch manuals

Nortel

Nortel DMS-250 User manual

Nortel

Nortel CVX 1800 Manual

Nortel

Nortel BayStack 450-12F User manual

Nortel

Nortel BayStack 5520-24T-PWR Instruction and safety manual

Nortel

Nortel 2230 Dimensions

Nortel

Nortel 5399 Manual

Nortel

Nortel Nortel Power Branch Package 10 How to use

Nortel

Nortel Passport 4400 Series Reference manual

Nortel

Nortel BayStack 450-24T Guide

Nortel

Nortel BayStack 5510-24T User manual

Nortel

Nortel BayStack 400-S User manual

Nortel

Nortel 251 User manual

Nortel

Nortel Contivity1510D Service manual

Nortel

Nortel 8000 Series Instruction Manual

Nortel

Nortel 3510-24T Instruction Manual

Nortel

Nortel BayStack 325-24T User manual

Nortel

Nortel Passport Module 8672A Guide

Nortel

Nortel BayStack 410 24T Guide

Nortel

Nortel Passport 8648 User manual

Nortel

Nortel 1200N User manual

Nortel

Nortel Contivity Extranet Switch 2500 User manual

Nortel

Nortel Versalar 15000 Guide

Nortel

Nortel 2350 User manual

Nortel

Nortel 8630GBR Reference guide

Popular Switch manuals by other brands

SMC Networks

SMC Networks SMC6224M Technical specifications

Aeotec

Aeotec ZWA003-S operating manual

TRENDnet

TRENDnet TK-209i Quick installation guide

Planet

Planet FGSW-2022VHP user manual

Avocent

Avocent AutoView 2000 AV2000BC AV2000BC Installer/user guide

Moxa Technologies

Moxa Technologies PT-7728 Series user manual

Intos Electronic

Intos Electronic inLine 35392I operating instructions

Cisco

Cisco Catalyst 3560-X-24T Technical specifications

Asante

Asante IntraCore IC3648 Specifications

Siemens

Siemens SIRIUS 3SE7310-1AE Series Original operating instructions

Edge-Core

Edge-Core DCS520 quick start guide

RGBLE

RGBLE S00203 user manual

Thrustmaster

Thrustmaster FLIGHT SIMULATOR X quick guide

Southwire

Southwire SURGE GUARD 41390 RVC troubleshooting guide

Buhler

Buhler Nivotemp NT 61 Brief instructions

Kramer

Kramer VS-41HDCP user manual

Techly

Techly IDATA AU-270 user manual

Belkin

Belkin F1U109 user manual