Configuring Flow Admission Control

Contents

1Overview
1.1Circuit Flow State
1.2Flow Attributes

2

Configuration and Operations Tasks
2.1Configure Flow Admission Control Profile
2.2Operations Tasks

3

Configuration Examples
3.1Configuring a FAC Profile
3.2Creating a FAC Profile Name and Entering the Mode
3.3Configuring a Maximum Flows Per Circuit Rate
3.4Configuring a Burst Creation Rate
3.5Configuring a Sustained Creation Rate
3.6Applying a FAC Profile to the Current Context
3.7Enabling a FAC Profile on a Circuit
Copyright

© Ericsson AB 2009–2011. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
SmartEdge is a registered trademark of Telefonaktiebolaget LM Ericsson.

1   Overview

This document provides an overview of the SmartEdge router flow architecture and describes the tasks used to configure, monitor, and administer flow. This document also provides flow configuration examples.

This document applies to both the Ericsson SmartEdge® and SM family routers. However, the software that applies to the SM family of systems is a subset of the SmartEdge OS; some of the functionality described in this document may not apply to SM family routers.

For information specific to the SM family chassis, including line cards, refer to the SM family chassis documentation.

For specific information about the differences between the SmartEdge and SM family routers, refer to the Technical Product Description SM Family of Systems (part number 5/221 02-CRA 119 1170/1) in the Product Overview folder of this Customer Product Information library.

A flow is a unidirectional object that identifies related data packets and enables you to apply a set of services to a portion of an 802.1Q circuit. Flows provide greater efficiency because you can associate services to be applied on a portion of the circuit. Without flows, you could apply services to entire groups of subscribers mapped to a specified circuit. Flow attributes are inherited from any services that are applied to the relevant circuit.

Note:  
You can apply circuits only to an 802.1Q circuit.

Flow attributes reside in a flow admission control (FAC) profile which is the basic unit of flow configuration. First you create a FAC profile and then you apply it to an existing circuit from circuit configuration mode.

A FAC profile controls various attributes pertaining to flow limits, for example, the maximum number of flows on a circuit.

Note:  
If you have fewer than a couple of packets per flow, the benefit realized through flows is less than the overhead associated with their management.

The SmartEdge router generates a flow when a packet passing through the SmartEdge router contains attributes that match specified settings. These settings are the source port, the destination port, the source IP address, the destination IP address, and the protocol. This quintet of settings is the five-tuple method, a standard used in flow generation.

To enable flow services on a circuit, you need to have Version 2 of the Packet Processing ASIC (PPA) for the traffic card on which the circuit resides. All SmartEdge platforms support the flow feature.

The flow feature is further described in the following sections:

1.1   Circuit Flow State

The flow state of a circuit refers to whether the flow is active or inactive. The flow state of a circuit is enabled if a FAC profile is currently applied to the circuit.

To change the flow state from inactive to active, you enable a flow, specifying the ID of the circuit you want to change. To change the flow state from active to inactive, you disable the flow, specifying the ID of the circuit you want to change. The flow state of a circuit is disabled if a FAC profile is currently applied to the circuit and you have not enabled flows on the circuit.

1.2   Flow Attributes

You can specify a traffic direction when you apply a FAC profile to each circuit: ingress, egress, or bidirectional.

This section provides information about the maximum flows per circuit, the burst flow creation rate, and the sustained flow creation rate. Figure 1 displays a typical flow creation rate cycle.

Figure 1   Flow Creation Rates

1.2.1   Maximum Flows Per Circuit

The number of flows that can be applied to a circuit is limited. This limit is the maximum flows per circuit. After the number of flows created reaches this maximum, the SmartEdge router can create no more flows and may drop packets.

If the SmartEdge router creates too many flows, system resources like memory and processing power may be overtaxed, degrading system performance. Set a meaningful maximum number of flows per circuit to prevent system performance from degrading.

Creating the right number of flows on a circuit can improve performance because a flow affects the number of services and the amount of quality of service (QoS) markings on a circuit. Creating the right balance between too many and too few flows gives you more control over performance-related services on a circuit.

The maximum flows per circuit attribute has no default value. The maximum number of flows per circuit you can create is 2 million. If more than 2 million flows are created for a circuit, the circuit may become overloaded.

1.2.2   Burst Flow Creation Rate

You can control the number of flows that are created on a circuit by setting a fixed limit. This limit is the burst flow creation rate (rate at which flows generate over a short period of time; the number of flows created in one second). For example, if you set the burst flow creation rate to 100, the SmartEdge router can generate up to 100 flows per second. When the number of flows reaches 100, the SmartEdge router generates no more flows in that second and waits for the next second before continuing.

High burst flow creation rates can slow circuit performance. If the number of flows created in a second is too high, system performance degrades. However, by setting the burst flow creation rate value, you can prevent performance issues.

The burst flow creation rate has no default value. The maximum number of flows you can create in the first second is 2 million. If more than 2 million flows are created for a circuit in the first second, the circuit may become overloaded. By setting an optimal burst flow creation rate, you can keep the SmartEdge router in a stable state.

1.2.3   Sustained Flow Creation Rate

You can control the number of flows that are created on a circuit over time after the number of flows created in a second has reached a limit. This setting is the sustained flow creation rate. This setting enables you to limit flows, which stabilizes the SmartEdge router. It is useful when the burst flow creation rate is optimal for a one-second interval, but may overtax system memory over time.

For example, if the burst flow creation rate is 1,000, the circuit may be able to tolerate that many flows created for a second. However, after four seconds elapse, the circuit may not be able to process the cumulative number of flows allowed by the maximum flows per circuit value (4,000). To bring the flow creation rate back to a value the SmartEdge router can easily manage, configure a sustained flow creation rate to a value less than 1,000; for example, 200.

When you change the sustained creation rate, the maximum number of flows created per second after the first second is 200. The flow generation process stops when the maximum flows per circuit value is reached. In this example, if the maximum flows per circuit value is 2,000, then the flow generation process lasts six seconds.

To arrive at this figure, add 1,000 flows in the first second (allowed by the burst flow creation rate), 200 in each second (allowed by the sustained flow creation rate), reaching a maximum limit of 2,000 after five seconds. Table 1 shows the flow creation cycle based on these figures.

Table 1    Flow Creation Cycle

Time Unit (Second)

Flow Increment

Flow Sum

Notes

First

1,000

1,000

Allowed by the burst flow creation rate.

Second

200

1,200

Allowed by the sustained flow creation rate.

Third

200

1,400

Allowed by the maximum flows per circuit value.

Fourth

200

1,600

Allowed by the maximum flows per circuit value.

Fifth

200

1,800

Allowed by the maximum flows per circuit value.

Sixth

200

2,000

Allowed by the maximum flows per circuit value.

Seventh

200

2,200

Disallowed by the maximum flows per circuit value.

The sustained flow creation rate attribute has no default value. The maximum number of flows you can create in each second after the first second elapses is 2 million. If more than 2 million flows are created for a circuit after the first second, the circuit may become overloaded.

2   Configuration and Operations Tasks

In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see Command List.

2.1   Configure Flow Admission Control Profile

To configure basic flow architecture, perform the tasks in Table 2. Enter all commands in flow configuration mode, unless otherwise noted.

Table 2    Configure a Flow Admission Control Profile

Task

Root Command

Notes

Create the FAC profile name and access flow configuration mode.

flow admission-control profile

Enter this command in global configuration mode.

Optional. Create a maximum number of flows that can exist on a single circuit.

max-flows-per-circuit

 

Optional. Create a fixed limit in which a flow can be created in a second.

burst-creation-rate

 

Optional. Create a maximum number of flows that can be created on a circuit in each second after a burst creation rate limit has been reached.

sustained-creation-rate

 

Apply FAC profiles to a circuit.

flow apply admission-control profile

Enter this command in circuit configuration mode.

Enable a FAC profile on a circuit

flow enable

Enter this command in exec mode.

2.2   Operations Tasks

To monitor and troubleshoot flow, perform the appropriate task listed in Table 3. Enter the clear commands in exec mode; enter the show commands in any mode.

Table 3    FAC Operations Tasks

Task

Root Command

Remove all counters from the flow counter list.

clear flow counters

Remove all entries from the flow log.

clear flow log

Display all FAC profiles on the current circuit.

show configuration flow

Display output associated with a FAC profile.

show flow admission-control profile

Display the set of FAC profile IDs for all circuits or a specified circuit.

show flow circuit

Display settings for common flow counters.

show flow counters

Display the flow log of events for all circuits or a specified circuit.

show flow log

Display details associated with the PPA on the current circuit.

show flow ppa state

Display all processes mapped to a current circuit.

show process flowd

3   Configuration Examples

This section includes examples of configuring FAC.

3.1   Configuring a FAC Profile

The following example configures a FAC profile to be applied to a circuit:

[local]Redback(config)#port ethernet 1/1

[local]Redback(config)#flow admission-control profile f1

[local]Redback(config-flow-ac-profile)#max-flows-per-circuit 1000

[local]Redback(config-flow-ac-profile)#burst-creation-rate 1000

[local]Redback(config-flow-ac-profile)#exit

[local]Redback(config)#commit

The following example displays output of the flow configuration session:

[local]Redback(config-ac-profile)#show configuration flow

card ge-10-port 1

port ethernet 1/1

dot1q pvc 1

flow apply admission-control profile “f2” out

dot1q pvc 2

flow apply admission-control profile “f3” in

dot1q pvc 5

flow apply admission-control profile “f3” bidirectional

3.2   Creating a FAC Profile Name and Entering the Mode

The following example configures a FAC profile name called profile1 and enters flow configuration mode:

[local]Redback(config)#flow admission-control profile profile1

3.3   Configuring a Maximum Flows Per Circuit Rate

The following example sets the maximum flows allowed per circuit of 20:

[local]Redback(config)#flow admission-control profile profile1

[local]Redback(config-flow-ac-profile)#max-flows-per-circuit 20

3.4   Configuring a Burst Creation Rate

The following example sets a flow burst creation rate of 20:

[local]Redback(config)#flow admission-control profile profile1

[local]Redback(config-flow-ac-profile)#burst-creation-rate 20

3.5   Configuring a Sustained Creation Rate

The following example sets a flow sustained creation rate of 20:

[local]Redback(config)#flow admission-control profile profile1

[local]Redback(config-flow-ac-profile)#sustained-creation-rate 20

3.6   Applying a FAC Profile to the Current Context

The following example applies FAC profile profile1 to the current circuit after configuring an attribute (for example, a flow sustained creation rate): use the flow apply admission-control profile command from the circuit configuration mode:

[local]Redback(config)#port ethernet 1/1

[local]Redback(config-port)#dot1q pvc 1

[local]Redback(config-dot1q-pvc)#flow apply admission-control profile1 bidirectional

3.7   Enabling a FAC Profile on a Circuit

The following example enables a FAC profile. You may first want to display flow circuits using the show flow circuit all command to see which flow circuits are available. For details about this command, see Command List.

[local]Redback#show flow circuit all



Circuit				FAC Id		Dir		FAC Id		Dir

-------				-------		---		-------		---

3/1:1023:63/1/2/81922				0x40500002		in



[local]Redback#flow enable circuit 3/1:1023:63/1/2/81922 in