Parameter | Description |
---|
option [no]rtp [no]dot1p [no]dscp [no]tos [no]tcpack [no]icmp [no]strict [no]tunnel [no]pppoe [no]mpls [no]selfqos [no]auto [no]ipfw | Allows automatic prioritization management of data flows on the device. - "rtp" – enables/disables automatic prioritization of real time packets.
- "dot1p" – enables/disables automatic prioritization of packets labeled with IEEE 802.1p priority.
- "tos" – enables/disables automatic prioritization of packets labeled with TOS.
- "dscp" – enables/disables automatic prioritization of packets labeled with DiffServ.
- "tcpack" – enables/disables automatic prioritization of TCP ACK (acknowledgments) packets.
- "icmp" – enables/disables automatic prioritization of ICMP (Internet Control Message Protocol) packets.
- "strict" – applies the "Strict Priority" policy to all queues (packets from a queue with lower priority are not processed before a queue with higher priority is not empty). By default "Weighted Fair Queuing" policy is used (even if a queue with higher priority is not empty packets from other queues will be processed in a distinct sequence relative to a higher priority queue. For example, 4 packets from queue with priority 1, 2 packet from the queue with priority 2, 8 packets from queue priority 1,1 packet from the queue with priority 3).
- "tunnel" – enables/disables automatic packet prioritization for a tunnel traffic.
- "pppoe" – enables/disables automatic packet prioritization for a PPPoE tunnel traffic.
- "mpls" – enables/disables automatic prioritization of packets labeled with MPLS.
- [no]selfqos – enables/disables applying priorities to traffic destined for the device itself.
- [no]auto – enables/disables automatic prioritization of all packets.
- [no]ipfw – enables/disables traffic processing by IP Firewall and automatic prioritization.
A compliance scheme of MINT and IEEE 802.1p/TOS/DSCP priorities is shown below: Center |
---|
Include Page |
---|
| _MINT/802.1p/TOS/DSCP |
---|
| _MINT/802.1p/TOS/DSCP |
---|
|
|
For example, the unit is configured to automatically prioritize packets labeled with IEEE 802.1p priority. The node receives packets labeled with IEEE 802.1p priority "5" and assign them "VOICE" priority. In accordance with the priorities scheme, these packets will be processed before packets with other priorities.
|
classN {max=N} | {clear} | Сreates a service class "N". It is used for dynamic bandwidth allocation between different channels. - "max=N" – defines the total bandwidth of the class that will be limited to a given value (Kbps).
- "clear" – deletes the class.
|
chN [max=N[%]|0] [ceil=N[%]|0] [ceilprio=N|0] [latency=N|0] [[add]pri=[N] | setpri=[N]] [[no]strict]] [pps=N|0] [to=ADDR] [vlan=[N|-1]] [dot1p=[N|-1]] [dscp=[N|-1]] [classN] [info="STRING"] clear
| Defines a logical channel "N" with properties specified by one or more options.
Note |
---|
| For all auto-prioritization functions the "addpri" argument must be used. Thus, priorities will be set in the following order: - the dot1p priority ("addpri");
- the priority setted by "qm" rule ("addpri" or "setpri");
- the "dscp"/"tos" priority, if it is higher than current ("addpri");
- the value, that is set to the channel ("addpri" или "setpri").
The same order will be applied for outgoing packets if corresponding rules are configured.
|
"[no]strict" – applies the "Strict Priority" policy to all queues (packets from a queue with lower priority are not processed before a queue with higher priority is not empty). By default "Weighted Fair Queuing" policy is used (even if a queue with higher priority is not empty packets from other queues will be processed in a distinct sequence relative to a higher priority queue. For example, 4 packets from queue with priority 1,1 packet from the queue with priority 2, 8 packets from queue priority 1,1 packet from the queue with priority 3). - "pps=N|0" – sets the limit for the packets per second for the specified channel. The "0" value disables the parameter.
- "to=ADDR" – redirects the whole stream to the specified IP-address irrespectively of the present routing conditions. The specified address shall be directly attainable through one of the router interfaces (without additional routing). This may be useful when the router serves as a network access unit, and two or more different clients want to access different providers through one unit.
- "vlan=[N|-1]" – sets VLAN ID (value range: 0-4095). The "-1" value removes the argument.
- "dot1p=[N|-1]" – prioritization of packets labeled IEEE 802.1p (valid values are from 0 to 7). The "-1" value removes the argument.
- "dscp=[N|-1]" – prioritization ofDSCP (valid values are from 0 to 63). The "-1" value removes the argument.
- "classN" – assigns service class "N" to the channel. This additional parameter relates to the above defined data rate limitation, making it flexible: when the total bandwidth of this service class is not fully used, the extra bandwidth may be granted to such channel, thus exceeding its predefined data rate limit, up to full load of the class. When, there are several such channels competing for extra bandwidth, it is equally divided between them.
Warning |
---|
| Exception: on the H02 platform, if there are several channels competing for extra bandwidth of their parent class, the bandwidth is divided between them proportionally to their respective predefined data rate limits. |
- "info="STRING" – allows user to set up a string description for the QoS channel.
- "clear" – removes current configuration of channel.
Note |
---|
| If several of the above parameters are specified in the same command then rate limitation is applied first then redirection and priority last. If "vlan" and "dot1p" parameters are specified in the same command then "vlan" is processed first. |
Each channel can be assigned a priority (0…16). Once assigned, a priority will be automatically recognized by every node inside MINT network. Include Page |
---|
| _MINT Priority |
---|
| _MINT Priority |
---|
|
Priority "2" is processed as "voice". Packets that have no priority are labeled as "REGULAR Best Effort=15" and processed accordingly.
Packets classification can also be performed using "pcap" rules. Warning |
---|
| Real prioritization within MINT network is conducted by priority, given by "pri=N" parameters. A DSCP label is transparently transmitted through the MINT network in any mode. A 802.1p priority is transparently transmitted only in switch mode of the MINT network. If necessary, for packets leaving the MINT network required "dot1p" and "dscp" parameters can be assigned by the operator. |
|
stat [full] [clear] | Displays statistics of the specific channel (only for channels with specified rate limitation): - "full" – allows viewing enhanced statistics.
- "clear" – resets statistics.
Code Block |
---|
| qm ch1 max=128 cur=127 packets=12345 (1234) bytes=1234567 (12345) |
Note |
---|
| The "qm stat" command displays PPS (Packets Per Second) statistics only if the limit for the packets per second is set for the specified channel (qm chN pps=N). |
|
del RULE_NUMBER | Deletes the specified rule from the list.
|
dump RULE_NUMBER | Displays the compiled pseudo-code of the PCAP rule. Allows to check visually the complexity / optimality or the correctness of the rule. |
mov RULE_A RULE_B | Changes the number of the rule from "A" to "B".
|
rearrange [STEP] | Renumbers all rules with the given increment "STEP" (default is 5). The "config show" command displays rules number. |
add[out] [NUM] [IFNAME] chN rules.. | Allows to add an ingress/egress packet to / from the device that satisfies the channel "N" rule. - "add" - processing of ingress packets to the device.
- "out" – processing of egresspackets from the device.
- "num" – the sequence number in the list of rules (optional parameter).
- "IFNAME" – an interface name through which packets enter\leave the device (optional parameter).
Note |
---|
| All manipulations with packet headers, for example changing of dscp and 802.1p label, are possible only by using the "qm addout" command, i.e. only for leaving the device packets. |
|
rules: [{setpri|addpri}=[N]] [pass] [vlan={N|any|$ACL}] [dot1p=N] [swg=N] [ether={X|any}] [dscp=N|tos=N] [prf] -f "pcap filter expression" | The rules syntax fully corresponds to the syntax of the "ipfw" command (see "ipfw command (IP Firewall)" section). Note |
---|
| Each packet passing through the system is checked if it matches rules strictly in order, from the first to the last, until there is a rule that satisfies the properties of the packet. |
- "setpri=[N]" – sets priority level of the packet no matter what priority it had before.
- "addpri=[N]" – increase the priority level of the packet to the specified value only if the new priority is higher than initial.
- "pass" – allows to "skip" the rule, perform related activities and continue browsing other rules in the list.
- "log" – includes filter action records in the system log (optional parameter).
- "vlan=" – allows to analyze VLAN ID (values range 0-4095):
- "N" – the filter will pass tagged packets with the specified tag "N".
- "any" – the filter will pass all tagged packets with any VLAN ID.
- "$ACL" – the filter will pass tagged packets with the VLAN tags, listed as "$ACL" (description of the ACL lists see in section «Access Control Lists («acl» command)).
- "dot1p=N" – allows to analyze 802.1p priority (values range 0-7).
- "swg=N" – allows to analyze a switching group number.
- "ether={X|any}" – allows to analyze a packet type. If option "any" is enabled, the filter will pass packets of all types.
- "dscp=N" – allows to analyze the DSCP tag (values range 0-63).
- "tos=N" – allows to analyze the TOS tag.
- "prf" – enables filtration of PRF interface generated traffic.
- "-f "pcap filter expression" – allows to use PCAP-filters.
|
PROTO from [not] ADDR [PORTs] to [not] ADDR [PORTs] | Specify a direction of transmission from and / or to:
- "from" – source IP-address.
- "to" – destination IP-address.
- "not" – negative prefix, can be used after "from" and "to" keywords, it will be applied to the specified IP-address only, not for ports.
- "ADDR" – source or destination IP-address. The syntax depends on the "proto" field. If "proto" specified as "all" or "icmp", than "ADDR" defines an address information. If "proto" specified as "udp" or "tcp", than "ADDR" defines an address information and an optional list of ports. An address information is specified as IP-address and optional subnet mask. A subnet mask can be specified as prefix or as a numeric value (nnn.nnn.nnn.nnn).
Possible options: Code Block |
---|
| nn.nn.nn.nn
nn.nn.nn.nn:xxx.xxx.xxx.xxx
nn.nn.nn.nn/NN |
The "0/0" record includes all possible IP-addresses. |
PROTO: [all] | tcp | udp | icmp | arp | proto NUMBER | The limitation is based on the compliance with a certain protocol. Possible values: TCP, UDP, ICMP, ARP or numeric value of the protocol. ARP-packets are allowed for all IP-addresses and for ranges of IP-addresses, which are specified in the permit filters, even if these filters are created for other types of packets. |
ADDR: IP | $LOCAL | $ROUTE | $ACL | mac x:x:x:x:x:x } | It is possible to group all the necessary addresses into the appropriate access list and set the name of this list as an IP-address ($ACLRULE). There are several predefined dynamic lists: - "$LOCAL" – a list that includes all the local addresses belonging to this router. It can be used to make easier filters records that restrict / allow access to the device.
- "$ROUTE" – a list that contains the current system routing table, except for the "default route". Matching the address from this list means that there is an exact route for this address and the default route will not be used.
- "$ACL" – a list of IP-addresses or networks, to which this rule will be applied.
- "mac x:x:x:x:x:x" – for interfaces which have physical ethernet MAC-address, the numeric MAC-address value with the "mac" keyword as a prefix can be used. However, for incoming filters, you can specify only the source MAC-address, and for outgoing ones only the destination MAC-address. The "$BS" keyword can be used, in this case the real MAC-address of the base station sector will be used.
Note |
---|
| Rules that use MAC-addresses for ingress packets will be processed before all the other rules, and rules for egress packets will be processed last. |
|
PORTS: NUM[:NUM] [NUM] ... | Filters traffic by port numbers. It is possible to use a list of ports to specify multiple ports in one command. The first item of the list of ports can specify a range of numbers from smaller to greater, separated by a colon. |