Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Center
ParameterDescription

option [no]rtp [no]dot1p [no]dscp [no]tos [no]tcpack [no]icmp [no]strict [no]tunnel [no]pppoe [no]mpls [no]selfqos [no]auto [no]ipfw

Allows automatic prioritization management of data flows on the device.

  • "rtp" – enables/disables automatic prioritization of real time packets.
  • "dot1p" – enables/disables automatic prioritization of packets labeled with IEEE 802.1p priority.
  • "tos" – enables/disables automatic prioritization of packets labeled with TOS.
  • "dscp" – enables/disables automatic prioritization of packets labeled with DiffServ.
  • "tcpack" – enables/disables automatic prioritization of TCP ACK (acknowledgments) packets.
  • "icmp" – enables/disables automatic prioritization of ICMP (Internet Control Message Protocol) packets.
  • "strict" – applies the "Strict Priority" policy to all queues (packets from a queue with lower priority are not processed before a queue with higher priority is not empty). By default "Weighted Fair Queuing" policy is used (even if a queue with higher priority is not empty packets from other queues will be processed in a distinct sequence relative to a higher priority queue. For example, 4 packets from queue with priority 1, 2 packet from the queue with priority 2, 8 packets from queue priority 1,1 packet from the queue with priority 3).
  • "tunnel" – enables/disables automatic packet prioritization for a tunnel traffic.
  • "pppoe" – enables/disables automatic packet prioritization for a PPPoE tunnel traffic.
  • "mpls" – enables/disables automatic prioritization of packets labeled with MPLS.
  • [no]selfqos – enables/disables applying priorities to traffic destined for the device itself.
  • [no]auto  enables/disables automatic prioritization of all packets.
  • [no]ipfw – enables/disables traffic processing by IP Firewall and automatic prioritization.

A compliance scheme of MINT and IEEE 802.1p/TOS/DSCP priorities is shown below:

Center

Include Page
_MINT/802.1p/TOS/DSCP
_MINT/802.1p/TOS/DSCP

For example, the unit is configured to automatically prioritize packets labeled with IEEE 802.1p priority. The node receives packets labeled with IEEE 802.1p priority "5" and assign them "VOICE" priority. In accordance with the priorities scheme, these packets will be processed before packets with other priorities. 

classN {max=N} | {clear}

Сreates a service class "N". It is used for dynamic bandwidth allocation between different channels.

  • "max=N" – defines the total bandwidth of the class that will be limited to a given value (Kbps).
  • "clear" – deletes the class.

chN [max=N[%]|0] [ceil=N[%]|0] [ceilprio=N|0] [latency=N|0]
[[add]pri=[N] | setpri=[N]] [[no]strict]] [pps=N|0] [to=ADDR]
[vlan=[N|-1]] [dot1p=[N|-1]] [dscp=[N|-1]] [classN] [info="STRING"]
clear


Defines a logical channel "N" with properties specified by one or more options.

  • "chN" – channel number from 1 to 200.
  • "max=N[%]|0" – sets maximum data rate for the channel in Kbps. Value range: from 10 to 100000. It is also possible to set it in percent of the parent class’ total bandwidth. The "0" value cancels any speed limitation for the channel.
  • "ceil=N[%]|0" – determines how much of the total bandwidth of the parent class can be used by the channel when the class’ bandwidth is not used entirely. Measured either in kilobits per second or percent of the parents class’ total bandwidth. The "0" value disables the parameter.
  • "ceilprio=N|0" – sets priority for the channel that is used when interface bandwidth can be used by several channels. Value range: from 1 to 10. The "0" value disables the parameter.
  • "latency=N|0" – determines the maximum time for packets to stay in the channel. If a packet is waiting in a queue of the channel more than this time then it is discarded. Measured in milliseconds. The "0" value disables the parameter. The required parameters can be assigned at the output from the MINT network, if necessary.
  • "[add]pri=[N]" – increase the priority level of the packet to the specified value only if the new priority is higher than initial.
  • "setpri=[N]" – sets priority level of the specified channel no matter what priority it had before.

Note
titleNOTE

For all auto-prioritization functions the "addpri" argument must be used. Thus, priorities will be set in the following order:

  1. the dot1p priority ("addpri");
  2. the priority setted by "qm" rule ("addpri" or "setpri");
  3. the "dscp"/"tos" priority, if it is higher than current ("addpri");
  4. the value, that is set to the channel ("addpri" или "setpri").

The same order will be applied for outgoing packets if corresponding rules are configured.

  • "[no]strict" – applies the "Strict Priority" policy to all queues (packets from a queue with lower priority are not processed before a queue with higher priority is not empty). By default "Weighted Fair Queuing" policy is used (even if a queue with higher priority is not empty packets from other queues will be processed in a distinct sequence relative to a higher priority queue. For example, 4 packets from queue with priority 1,1 packet from the queue with priority 2, 8 packets from queue priority 1,1 packet from the queue with priority 3).

  • "pps=N|0" – sets the limit for the packets per second for the specified channel. The "0" value disables the parameter.
  • "to=ADDR" – redirects the whole stream to the specified IP-address irrespectively of the present routing conditions. The specified address shall be directly attainable through one of the router interfaces (without additional routing). This may be useful when the router serves as a network access unit, and two or more different clients want to access different providers through one unit.
  • "vlan=[N|-1]" – sets VLAN ID (value range: 0-4095). The "-1" value removes the argument.
  • "dot1p=[N|-1]" – prioritization of packets labeled IEEE 802.1p (valid values are from 0 to 7). The "-1" value removes the argument.
  • "dscp=[N|-1]" – prioritization ofDSCP (valid values are from 0 to 63). The "-1" value removes the argument.
  • "classN" – assigns service class "N" to the channel. This additional parameter relates to the above defined data rate limitation, making it flexible: when the total bandwidth of this service class is not fully used, the extra bandwidth may be granted to such channel, thus exceeding its predefined data rate limit, up to full load of the class. When, there are several such channels competing for extra bandwidth, it is equally divided between them.
Warning
titleCAUTION

Exception: on the H02 platform, if there are several channels competing for extra bandwidth of their parent class, the bandwidth is divided between them proportionally to their respective predefined data rate limits.

  • "info="STRING" – allows user to set up a string description for the QoS channel.
  • "clear" – removes current configuration of channel.
Note
titleNOTE

If several of the above parameters are specified in the same command then rate limitation is applied first then redirection and priority last. If "vlan" and "dot1p" parameters are specified in the same command then "vlan" is processed first.

Each channel can be assigned a priority (0…16). Once assigned, a priority will be automatically recognized by every node inside MINT network.

Include Page
_MINT Priority
_MINT Priority

Priority "2" is processed as "voice". Packets that have no priority are labeled as "REGULAR Best Effort=15" and processed accordingly.

Packets classification can also be performed using "pcap" rules.

Warning
titleCAUTION

Real prioritization within MINT network is conducted by priority, given by "pri=N" parameters. A DSCP label is transparently transmitted through the MINT network in any mode. A 802.1p priority is transparently transmitted only in switch mode of the MINT network. If necessary, for packets leaving the MINT network required "dot1p" and "dscp" parameters can be assigned by the operator.

stat [full] [clear]

Displays statistics of the specific channel (only for channels with specified rate limitation):

  • "full" – allows viewing enhanced statistics.
  • "clear" – resets statistics.
Code Block
languagetext
themeEmacs
qm ch1 max=128 cur=127 packets=12345 (1234) bytes=1234567 (12345)
Note
titleNOTE

The "qm stat" command displays PPS (Packets Per Second) statistics only if the limit for the packets per second is set for the specified channel (qm chN pps=N).

del RULE_NUMBER

Deletes the specified rule from the list.
dump RULE_NUMBERDisplays the compiled pseudo-code of the PCAP rule. Allows to check visually the complexity / optimality or the correctness of the rule.

mov RULE_A RULE_B

Changes the number of the rule from "A" to "B".

rearrange [STEP]

Renumbers all rules with the given increment "STEP" (default is 5). The "config show" command displays rules number.

add[out] [NUM] [IFNAME] chN rules..

Allows to add an ingress/egress packet to / from the device that satisfies the channel "N" rule.

  • "add" - processing of ingress packets to the device.
  • "out" – processing of egresspackets from the device.
  • "num" – the sequence number in the list of rules (optional parameter).
  • "IFNAME" – an interface name through which packets enter\leave the device (optional parameter).
Note
titleNOTE

All manipulations with packet headers, for example changing of dscp and 802.1p label, are possible only by using the "qm addout" command, i.e. only for leaving the device packets.

rules: [{setpri|addpri}=[N]] [pass]
[vlan={N|any|$ACL}] [dot1p=N] [swg=N] [ether={X|any}] [dscp=N|tos=N] [prf]
-f "pcap filter expression"

The rules syntax fully corresponds to the syntax of the "ipfw" command (see "ipfw command (IP Firewall)" section).

Note
titleNOTE

Each packet passing through the system is checked if it matches rules strictly in order, from the first to the last, until there is a rule that satisfies the properties of the packet.

  • "setpri=[N] sets priority level of the packet no matter what priority it had before.
  • "addpri=[N] increase the priority level of the packet to the specified value only if the new priority is higher than initial.
  • "passallows to "skip" the rule, perform related activities and continue browsing other rules in the list.
  • "log includes filter action records in the system log (optional parameter).
  • "vlan= allows to analyze VLAN ID (values range 0-4095):
    • "N– the filter will pass tagged packets with the specified tag "N".
    • "any the filter will pass all tagged packets with any VLAN ID.
    • "$ACL the filter will pass tagged packets with the VLAN tags, listed as "$ACL" (description of the ACL lists see in section «Access Control Lists («acl» command)).
  • "dot1p=N allows to analyze 802.1p priority (values range 0-7).
  • "swg=N allows to analyze a switching group number.
  • "ether={X|any} allows to analyze a packet type. If option "any" is enabled, the filter will pass packets of all types.
  • "dscp=Nallows to analyze the DSCP tag (values range 0-63).
  • "tos=N allows to analyze the TOS tag.
  • "prf enables filtration of PRF interface generated traffic.
  • "-f "pcap filter expression"  allows to use PCAP-filters.

PROTO from [not] ADDR [PORTs] to [not] ADDR [PORTs]

Specify a direction of transmission from and / or to:

  • "from source IP-address.
  • "to destination IP-address.
  • "not negative prefix, can be used after "from" and "to" keywords, it will be applied to the specified IP-address only, not for ports.
  • "ADDR source or destination IP-address. The syntax depends on the "proto" field. If "proto" specified as "all" or "icmp", than "ADDR" defines an address information. If "proto" specified as "udp" or "tcp", than "ADDRdefines an address information and an optional list of portsAn address information is specified as IP-address and optional subnet mask. A subnet mask can be specified as prefix or as a numeric value (nnn.nnn.nnn.nnn). 

Possible options:

Code Block
languagetext
themeEmacs
nn.nn.nn.nn
nn.nn.nn.nn:xxx.xxx.xxx.xxx
nn.nn.nn.nn/NN

The "0/0" record includes all possible IP-addresses.

PROTO: [all] | tcp | udp | icmp | arp | proto NUMBER

The limitation is based on the compliance with a certain protocol. Possible values: TCP, UDP, ICMP, ARP or numeric value of the protocol. ARP-packets are allowed for all IP-addresses and for ranges of IP-addresses, which are specified in the permit filters, even if these filters are created for other types of packets.

ADDR: IP | $LOCAL | $ROUTE | $ACL | mac x:x:x:x:x:x }

It is possible to group all the necessary addresses into the appropriate access list and set the name of this list as an IP-address ($ACLRULE). There are several predefined dynamic lists:

  • "$LOCAL a list that includes all the local addresses belonging to this router. It can be used to make easier filters records that restrict / allow access to the device.
  • "$ROUTE a list that contains the current system routing table, except for the "default route". Matching the address from this list means that there is an exact route for this address and the default route will not be used.
  • "$ACL a list of IP-addresses or networks, to which this rule will be applied.
  • "mac x:x:x:x:x:x for interfaces which have physical ethernet MAC-address, the numeric MAC-address value with the "mac" keyword as a prefix can be used. However, for incoming filters, you can specify only the source MAC-address, and for outgoing ones only the destination MAC-address. The "$BS" keyword can be used, in this case the real MAC-address of the base station sector will be used.
Note
titleNOTE

Rules that use MAC-addresses for ingress packets will be processed before all the other rules, and rules for egress packets will be processed last.

PORTS: NUM[:NUM] [NUM] ...

Filters traffic by port numbers. It is possible to use a list of ports to specify multiple ports in one command. The first item of the list of ports can specify a range of numbers from smaller to greater, separated by a colon.

...