Znyx Networks bh5700 Manuale Utente
tc qdisc add dev zre1 ingress //ingress qdisc for zre1
tc qdisc add dev zhp2 ingress //ingress qdisc for vlan
The filter add command changes slightly, the parent is now a special handle ffff:fff1, so using the
same filter as the first example:
same filter as the first example:
tc filter add dev zre1 parent ffff:fff1 protocol ip u32 match ip dst
10.91.100.5/32 classid 105:2
10.91.100.5/32 classid 105:2
This filter will match packets arriving on port zre1, destined for port zre5, with destination IP
address 10.91.100.5. The packets will be put in cos queue 1 on port zre5.
address 10.91.100.5. The packets will be put in cos queue 1 on port zre5.
If the filter was defined for dev zhp2 it would be applied to packets arriving on any port which
is included in zhp 2, and require that they be in the VLAN associated with zhp2.
is included in zhp 2, and require that they be in the VLAN associated with zhp2.
tc filter add dev zhp2 parent ffff:fff1 protocol ip u32 match ip
protocol 6 0xff match tcp src 0 0xf000 classid 105:3
This filter illustrates matching a range of values; any tcp packet on the VLAN associated with
zhp2 with a source port below 4096 will be matched.
zhp2 with a source port below 4096 will be matched.
Advanced Filtering – Policing
In addition to using filters to direct packets into particular egress queues, it is possible to measure
the rate at which matching packets are arriving and specify actions to take place if the rate is “out
of profile” or “in profile”. This is called policing. It provides a means for limiting the bandwidth
used by matching packets.
the rate at which matching packets are arriving and specify actions to take place if the rate is “out
of profile” or “in profile”. This is called policing. It provides a means for limiting the bandwidth
used by matching packets.
The rate threshold is specified in bytes per second, with a burst size which is to be allowed when
the previous rate has been below the threshold. An action is specified to be taken only if the
packet is “out of profile”, that is, the rate has exceeded the threshold and burst size. A second
action can be specified if the packet is “in profile”; the default is to accept the packet. A separate
set of meters are used for policing on each ingress port. This means that the rates given are for
each ingress port, even if the matching packets are going into a single COS queue.
the previous rate has been below the threshold. An action is specified to be taken only if the
packet is “out of profile”, that is, the rate has exceeded the threshold and burst size. A second
action can be specified if the packet is “in profile”; the default is to accept the packet. A separate
set of meters are used for policing on each ingress port. This means that the rates given are for
each ingress port, even if the matching packets are going into a single COS queue.
A policing specification follows the match rules in a filter, and precedes the classid. The
following policing specification will drop matching packets when the rate exceeds 10 million
bytes per second after a burst of 20 kilobytes:
following policing specification will drop matching packets when the rate exceeds 10 million
bytes per second after a burst of 20 kilobytes:
police rate 10mbps burst 20kb drop
To specify actions for in-profile packets as well as those out-of-profile, separate the actions by a
“/”:
“/”:
police rate 100mbit burst 10mbit action drop/reclassify
The reclassify action marks the packet for dropping if the cos queue is above its congestion
threshold. It would apply in this case to packets which were in profile, the out of profile packets
would be dropped immediately.
threshold. It would apply in this case to packets which were in profile, the out of profile packets
would be dropped immediately.
The classid parameter is not required, and may not be needed for some policing filters. If it is
Ethernet Switch Blade User's Guide
release 3.2.2j
page 117