|
MANUAL PAGE 190 80-CRA 119 1170/1-V1 Uen B | |
Copyright
© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademark List
| SmartEdge | is a registered trademark of Telefonaktiebolaget L M Ericsson. | |
| NetOp | is a trademark of Telefonaktiebolaget L M Ericsson. |
This document provides command syntax and usage guidelines for commands used in the configuration and operation of application traffic management. For an overview of application traffic management, see Reference [1]. For configuration tasks, see Reference [2].
access-group acl-name
no access-group
DPI policy configuration
|
acl-name |
Name of the DPI traffic management ACL policy created using the dpi access-list command (in global configuration mode). |
None
Associates a DPI traffic management policy with a DPI access control list.
[local]Redback(config-policy-dpi)# access-group myacl
action policy action-policy-name
no action policy [action-policy-name]
DPI policy configuration
|
action-policy-name |
Name of the action policy. |
No DPI traffic management action policy is configured.
Associates a DPI traffic management policy with a DPI traffic management action policy.
[local]Redback(config-policy-dpi)# action policy a1
[seq sequence-number] application application-name [network network-prefix/prefix-length | any] class class-name
no seq sequence-number
DPI access control list configuration
|
seq sequence-number |
Optional. Sequence number for the statement. Range: 1 to 4,294,967,295. |
|
application application-name |
Application name. |
|
network network-prefix |
Optional. Source or destination IP address to be included in the criteria. Destination IP address when the traffic direction is from subscriber to Internet; source IP address when the traffic direction is from Internet to subscriber. |
|
prefix-length |
Optional. Number of prefix bits. Range: 0 to 32. |
|
any |
Optional Indicates that IP traffic from all IP addresses is to be included in the criteria. |
|
class class-name |
Policy-based class name. |
None
Creates an ACL statement to allow packets that meet the specified criteria. Use the CLI help with this command (application ?) or issue the show dpi traffic-management application command in any mode for a list of application names. If the seq sequence-number construct is not specified, the system assigns a sequence number.
[local]Redback(dpi-acl)# seq 10 application bittorrent class c1 [local]Redback(dpi-acl)# seq 40 application skype class c3 [local]Redback(dpi-acl)# application youtube class c5
[seq sequence-number] category category-name [network network-prefix/ prefix-length | any] class class-name
no seq sequence-number
DPI access control list configuration
|
seq sequence-number |
Optional. Sequence number for the statement. Range: 1 to 4,294,967,295. |
|
category category-name |
Category name according to one of the keywords listed in Table 1. |
|
network network-prefix |
Optional. Source or destination IP address to be included in the criteria. Destination IP address when the traffic direction is from subscriber to Internet; source IP address when the traffic direction is from Internet to subscriber. |
|
prefix-length |
Optional. Number of prefix bits. Range: 0 to 32. |
|
any |
Optional. Indicates that IP traffic from all IP addresses is to be included in the criteria. |
|
class class-name |
Policy-based class name. |
None
Creates an ACL statement to allow packets that meet the specified criteria. If seq sequence-number is not specified, the system assigns a sequence number.
Table 1 lists the valid keyword substitutions for the category-name argument.
|
Keyword |
Definition |
|---|---|
|
all |
All categories. |
|
file-transfer |
File transfer applications. |
|
gaming |
Gaming applications. |
|
instant-messaging |
Instant messaging applications. |
|
p2p |
All P2P applications. |
|
streaming |
Audio or video streaming applications. |
|
transport |
Transport applications. |
|
voip |
Voice over IP applications. |
[local]Redback(dpi-acl)# seq 20 category streaming network 1.1.1.0/24 class c1 [local]Redback(dpi-acl)# category gaming network 4.1.1.0/24 class c2
class class-name
no class class-name
DPI action configuration
|
class-name |
Class name for a class of traffic to which the policy applies an action. |
None
Creates a class entry that defines actions applied to traffic mapped to a class. Allows different QoS policies to be applied to different sets (classes) of flows that are defined in the applied policy Access Control List (ACL).
If the class-name argument referenced by an ACL rule matches the class name in an action policy, the classified traffic is processed according to the class definition. If a rule for the class-name argument is not specified in the ACL policy, the class-based policy considers the class to be dormant and takes no action. If a rule for the class-name argument is specified in the ACL, but you do not include the class in the action policy (using this command), the SmartEdge® OS considers those packets to be in the default class.
[local]Redback(config-dpi-action)# class c0
clear dpi asp slot/port traffic-management statistics
exec
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
Clears all peak counters and all packet/byte counters.
[local]Redback#clear dpi asp 2/1 traffic-management statistics
clear dpi circuit {agent-circuit-id agent-circuit-id | agent-remote-id agent-remote-id | slot/port[:chan-num[:sub-chan-num] circuit-id | username subscriber} traffic-management sessions
exec
|
agent-circuit-id agent-circuit-id |
Subscriber session identifier, where the agent-circuit-id argument is the value of the agent circuit ID in a subscriber record. Enter the agent-circuit-id argument as a structured subscriber username in the form subscriber@context. |
|
agent-remote-idagent-remote-id |
Subscriber session identifier, where the agent-remote-id argument is the value of the agent remote ID in a subscriber record. Enter the agent-remote-id argument as a structured subscriber username in the form subscriber@context. |
|
slot |
Chassis slot number for a particular card. |
|
port |
Port number on the specified card. |
|
chan-num |
Optional. Channel number on the specified port. If omitted, this command applies to all channels on the port. Range: depends on the type of port; see Table 3. |
|
sub-chan-num |
Optional. Subchannel number in the specified channel. If omitted, this command applies to all subchannels in the channel. Range: depends on the type of port; see Table 3. |
|
circuit-id |
Subscriber session identifier. See Table 2 for information about the circuit-id argument. |
|
username subscriber |
Subscriber session identifier. Enter the subscriber argument as a structured subscriber username in the form subscriber@context. |
Clears all the traffic management sessions for the specified subscriber.
The circuit-id argument represents the following keywords and arguments; see Table 2.
clips [clips-session] | pppoe [pppoe-session] | vlan-id vlan-id [pppoe [pppoe-session] | clips [clips-session]] | vpi-vci vpi vci [pppoe [pppoe-session] | clips [clips-session]]
|
Port |
Channel Types |
chan-num Range |
sub-chan-num Range |
|---|---|---|---|
|
Channelized OC-12 |
DS-3, DS-1 |
1 to 12 |
1 to 28 |
|
Channelized STM-1 |
E1, DS-0 channel group |
1 to 63 |
1 to 31 |
|
Channelized DS-3 |
DS-1 |
1 to 28 |
– |
|
Channelized E1 |
DS-0 channel group |
1 to 31 |
– |
[local]Redback# clear dpi circuit username joe@local traffic-management sessions
clear dpi circuit {agent-circuit-id agent-circuit-id | agent-remote-id agent-remote-id | slot/port[:chan-num[:sub-chan-num] circuit-id | username subscriber} traffic-management statistics
exec
|
agent-circuit-id agent-circuit-id |
Subscriber session identifier, where the agent-circuit-id argument is the value of the agent circuit ID in a subscriber record. Enter the agent-circuit-id argument as a structured subscriber username in the form subscriber@context. |
|
agent-remote-id agent-remote-id |
Subscriber session identifier, where the agent-remote-id argument is the value of the agent remote ID in a subscriber record. Enter the agent-remote-id argument as a structured subscriber username in the form subscriber@context. |
|
slot |
Chassis slot number for a particular card. |
|
port |
Port number on the specified card. |
|
chan-num |
Optional. Channel number on the specified port. If omitted, this command applies to all channels on the port. Range: depends on the type of port; see Table 3. |
|
sub-chan-num |
Optional. Subchannel number in the specified channel. If omitted, this command applies to all subchannels in the channel. Range: depends on the type of port; see Table 3. |
|
circuit-id |
Subscriber session identifier. See Table 2 for information about the circuit-id argument. |
|
username subscriber |
Subscriber session identifier. Enter the subscriber argument as a structured subscriber username in the form subscriber@context. |
Clears all peak counters and all packet/byte counters for the specified subscriber.
[local]Redback# clear dpi circuit username joe@local traffic-management statistics
conform mark dscp dscp-class
no conform mark dscp
DPI QoS profile rate configuration
|
dscp-class |
Priority with which packets conforming to the rate are marked. Values can be:
|
No action is taken on packets that conform to the configured rate.
Marks packets that conform to the configured Quality of Service (QoS) rate with a Differentiated Services Code Point (DSCP) value.
You can configure the rate using the rate command. Only one mark instruction can be in effect at a time. To change the mark instruction, enter the conform mark dscp command, specifying a new value for the dscp-class argument, which supersedes the one previously configured.
Table 4 lists the keywords for the dscp-class argument.
|
DSCP Class |
Keyword |
DSCP Class |
Keyword |
|---|---|---|---|
|
Assured Forwarding (AF) Class 1/Drop precedence 1 |
af11 |
Class Selector 0 (same as default forwarding) |
cs0 (same as df) |
|
AF Class 1/Drop precedence 2 |
af12 |
Class Selector 1 |
cs1 |
|
AF Class 1/Drop precedence 3 |
af13 |
Class Selector 2 |
cs2 |
|
AF Class 2/Drop precedence 1 |
af21 |
Class Selector 3 |
cs3 |
|
AF Class 2/Drop precedence 2 |
af22 |
Class Selector 4 |
cs4 |
|
AF Class 2/Drop precedence 3 |
af23 |
Class Selector 5 |
cs5 |
|
AF Class 3/Drop precedence 1 |
af31 |
Class Selector 6 |
cs6 |
|
AF Class 3/Drop precedence 2 |
af32 |
Class Selector 7 |
cs7 |
|
AF Class 3/Drop precedence 3 |
af33 |
Default Forwarding (same as Class Selector 0) |
df (same as cs0) |
|
AF Class 4/Drop precedence 1 |
af41 |
Expedited Forwarding |
ef |
|
AF Class 4/Drop precedence 2 |
af42 |
||
|
AF Class 4/Drop precedence 3 |
af43 |
For more information about DSCP values, see RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.
| Caution! | ||
|
Risk of packet reordering. Packets can be reordered into a different
major DSCP class. To reduce the risk, ensure that the marking of conforming
packets and exceeding packets differ only within a major DSCP class.
Major DSCP classes are identified by the Class Selector code, and
include CS0=DF, CS1=AF11, AF12, AF13, CS2=AF21, AF22, AF23, CS3=AF31,
AF32, AF33, CS4=AF41, AF42, AF43, and CS5=EF. For example, if you
mark conforming packets with AF11 and you want to avoid reordering,
mark exceeding packets with AF11, AF12, or AF13 only.
| ||
The following example configures the DPI , qos_prof_01, to mark all packets that conform to the configured rate with a DSCP value representing a high priority of expedited forwarding (ef):
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# conform mark dscp ef
conform mark precedence prec-value
no conform mark precedence
DPI QoS profile rate configuration
|
prec-value |
Drop precedence value. Range: 1 to 3. |
No action is taken on packets that conform to the configured rate.
Marks packets that conform to the configured QoS rate with a drop precedence value corresponding to the Assured Forwarding (AF) class of the packet.
You configure the QoS rate by using the rate command.
In general, the level of forwarding assurance of an IP packet is based on: (1) the resources allocated to the AF class to which the packet belongs, (2) the current load of the AF class, and, in case of congestion within the class, (3) the drop precedence of the packet. In case of congestion, the drop precedence of a packet determines the relative importance of the packet within the AF Differentiated Services Code Point (DSCP) class. Packets with a lower drop precedence value are preferred and protected from being lost, and packets with a higher drop precedence value are discarded.
With AF classes AF1 (AF11, AF12, AF13), AF2 (AF21, AF22, AF23), AF3 (AF31, AF32, AF33), and AF4 (AF41, AF42, AF43), the second integer represents a drop precedence value. Table 5 shows how the AF drop precedence value of an incoming packet is changed when it exits the SmartEdge router after being tagged with a new drop precedence. (See also RFC 2597, Assured Forwarding PHB Group.)
|
DSCP Value of an Incoming Packet |
Packet is Tagged with a Drop Precedence Value |
DSCP Value of the Outgoing Packet |
|---|---|---|
|
AF11, AF12, AF13 |
1 |
AF11 |
|
AF21, AF22, AF23 |
AF21 | |
|
AF31, AF32, AF33 |
AF31 | |
|
AF41, AF42, AF43 |
AF41 | |
|
AF11, AF12, AF13 |
2 |
AF12 |
|
AF21, AF22, AF23 |
AF22 | |
|
AF31, AF32, AF33 |
AF32 | |
|
AF41, AF42, AF43 |
AF42 | |
|
AF11, AF12, AF13 |
3 |
AF13 |
|
AF21, AF22, AF23 |
AF23 | |
|
AF31, AF32, AF33 |
AF33 | |
|
AF41, AF42, AF43 |
AF43 |
Only one mark instruction can be in effect at a time. To change the mark instruction, enter the conform mark precedence command, specifying a new value for the prec-value argument, which supersedes the one previously configured.
The following example configures the DPI QoS profile qos_prof_01 to mark all packets that conform to the configured rate with a drop precedence value of 1 and drops all packets that exceed the rate:
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# conform mark precedence 1
conform mark priority {group-num | ignore} [{drop-precedence {group-num | ignore} | af-drop drop-value}]
no conform mark priority
DPI QoS profile rate configuration
|
group-num |
Priority group number. The range of values is 0 to 7. The scale used by this command for packet priority, from 0 (highest priority) to 7 (lowest priority), is the relative inverse of the scale used by QoS classification map and classification definition commands. |
|
ignore |
Specifies that the internal packet descriptor (PD) priority or drop-precedence value is not modified. |
|
drop-precedence |
Optional. Enables you to specify a setting for either the drop-precedence portion of the PD QoS field or the priority group, or both. |
|
af-drop drop-value |
Optional. Target internal drop-precedence value in two-bit format; leaves the least significant bit unmodified. The range of values is 1 to 3. |
No action is taken on packets that conform to the configured rate. Default mapping of priority groups to queues is listed in Table 6.
Marks packets that conform to the configured QoS rate with a priority group number, a drop-precedence value, or both, while leaving the packet’s IP header DSCP value unmodified. To configure the QoS rate rate, enter the rate command.
A priority group is an internal value used by the SmartEdge OS to determine into which egress queue the inbound packet is placed. The Type of Service (ToS) value, DSCP value, and Multiprotocol Label Switching (MPLS) experimental (EXP) bits are unchanged by this command. The actual queue number depends on the number of queues configured on the egress circuit.
The SmartEdge OS uses the factory preset, or default, mapping of a priority group to queue, according to the number of queues configured on a circuit; see Table 6.
|
Priority Group |
8 Queues |
4 Queues |
2 Queues |
1 Queue |
|---|---|---|---|---|
|
0 |
queue 0 |
queue 0 |
queue 0 |
queue 0 |
|
1 |
queue 1 |
queue 1 |
queue 1 |
queue 0 |
|
2 |
queue 2 |
queue 1 |
queue 1 |
queue 0 |
|
3 |
queue 3 |
queue 2 |
queue 1 |
queue 0 |
|
4 |
queue 4 |
queue 2 |
queue 1 |
queue 0 |
|
5 |
queue 5 |
queue 2 |
queue 1 |
queue 0 |
|
6 |
queue 6 |
queue 2 |
queue 1 |
queue 0 |
|
7 |
queue 7 |
queue 3 |
queue 1 |
queue 0 |
Only one mark instruction can be in effect at a time. To change the mark instruction, enter the conform mark priority command, specifying a new value for the group-num argument. This supersedes the value previously configured.
The following example configures the policy to mark all packets that conform to the configured rate with priority group number 3 and drops all packets that exceed the rate:
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# conform mark priority 3
debug dpi asp slot/asp-id traffic-management message-type trace {buffer | console | external} [level level]
exec
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
message-type |
Type of messages to debug, where message-type is one of the following:
|
|
trace |
Enables trace and sends debug information to buffer, console, or external. |
|
buffer |
Configures debug information for the circular buffer on the ASE. |
|
console |
Configures debug information for the console. |
|
external |
Configures debug information for the external log server. |
|
level level |
Specifies the debug logging level, where level is one of the following (in descending severity order):
|
Enables the generation of debug messages for the traffic management application on a specific ASE card.
Separate levels and message-types can be configured for the console and an external log server.
| Caution! | ||
|
Risk of performance loss. Enabling the generation of debug messages
can severely affect system performance. To reduce the risk, exercise
caution when enabling the generation of debug messages on a production
system.
| ||
[local]Redback# debug dpi asp 1 / 2 traffic-management all log console level alert
default-class class-name
no default-class
DPI action configuration
DPI access control list configuration
|
class-name |
Name of the default class. |
No default class is configured.
Specifies a class to use to map all traffic that is not otherwise classified. The default class defined in the DPI ACL policy is used to map all traffic that was not classified into one of the classes defined in the DPI ACL policy. The default class defined in the DPI action policy is used to map all traffic assigned to a class that is not defined in the action policy.
[local]Redback(config-dpi-action)# default-class default
dpi access-list acl-name
no dpi access-list acl-name
global configuration
|
acl-name |
DPI ACL policy name; must be unique. |
No DPI ACL policy is configured.
Creates or selects a DPI ACL policy and enters DPI access control list configuration mode.
[local]Redback(config)# dpi access-list b1
dpi qos profile profile-name [policing | metering]
no dpi qos profile profile-name [policing | metering]
global configuration
|
profile-name |
Name of the QoS profile. |
|
policing |
Optional. Specifies a QoS profile used to rate-limit traffic in the ingress direction. |
|
metering |
Optional. Specifies a QoS profile used to rate-limit traffic in the egress direction. |
No DPI is configured.
Creates or selects a DPI and enters DPI QoS profile configuration mode. If policing or metering is not specified, a bidirectional QoS profile is implied.
[local]Redback(config)# dpi qos profile q1
[local]Redback(config)# dpi qos profile q2 policing
dpi traffic-management action policy name
no dpi traffic-management action policy name
global configuration
|
name |
Name of the DPI traffic management action policy. |
No DPI traffic management action policy is configured.
Creates or selects a DPI traffic management action policy and enters DPI action configuration mode.
[local]Redback(config)# dpi traffic-management action policy a1
dpi traffic-management maximum sessions max-sessions [exceed class class-name]
no dpi traffic management maximum sessions max-sessions [exceed class class-name]
global configuration
|
max-sessions |
Maximum number of allowed sessions per subscriber. Range: 16 to 4096. |
|
exceed class class-name |
Optional. Specifies the action policy class used to map all traffic associated with subscriber sessions that exceed the allowed maximum value. |
Session limiting is disabled by default. When session limiting is enabled, the default action is to drop all packets associated with sessions that exceed the allowed maximum value.
Enables subscriber session limiting and specifies the maximum number of allowed sessions per subscriber. In addition, specifies whether packets associated with sessions that exceed the session limit are dropped, or mapped to an action policy class. The no form of this command disables subscriber session limiting.
[local]Redback(config)# dpi traffic-management maximum sessions 300 exceed class cl_01
dpi traffic-management policy {default | policy-name}
no dpi traffic-management policy {default | policy-name}
no dpi traffic-management policy
global configuration
subscriber configuration
|
default |
Global default traffic management policy applied to traffic when the specified policy is not configured. Only applies in global configuration mode. |
|
policy-name |
Name of the DPI traffic management policy. |
No DPI traffic management policy is configured.
In global configuration mode, creates or selects a DPI traffic management policy and enters DPI policy configuration mode.
In subscriber configuration mode, applies a DPI traffic management policy to a subscriber, default subscriber, or subscriber profile.
Create the DPI traffic management policy p1.
(config)# dpi traffic-management policy p1
Apply the DPI traffic management policy p1 to subscriber joe.
[isp1]Redback(config-ctx)#subscriber name joe [isp1]Redback(config-sub)# dpi traffic-management policy p1
dpi traffic-management resource-failure-action drop
no dpi traffic-management resource-failure-action
global configuration
|
drop |
Drop application traffic in the event of a resource failure. |
Application traffic bypasses the failed ASP and continues to forward subscriber traffic.
Drops application traffic when a resource fails. Use the no form of the command to bypass the ASP and continue to forward subscriber traffic in the event of a resource failure.
[local]Redback(config)# dpi traffic-management resource-failure-action drop
dpi traffic-management statistics [interim-interval minutes]
{no | default} dpi traffic-management statistics [interim-interval minutes]
global configuration
|
interim-interval minutes |
Optional. Frequency with which reporting statistics are sent to an external server. Range: 15 to 4,294,967,295; default: 15. |
Statistics reporting is disabled by default. When statistics reporting is enabled, the default interim-interval is 15 minutes.
Enables statistics reporting and configures the frequency to send statistics to an external server. The no form of this command disables reporting.
[local]Redback(config)# dpi traffic-management statistics interim-interval 30
exceed drop
no exceed drop
DPI QoS profile rate configuration
All packets exceeding the QoS rate and burst tolerance are dropped.
Specifies how packets are dropped when the traffic rate exceeds the QoS rate and burst tolerance.
Configure the traffic rate and burst tolerance with the rate command.
The following example drops packets that exceed the traffic rate and burst tolerance:
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# exceed drop
exceed mark dscp dscp-class
no exceed mark dscp
DPI QoS profile rate configuration
|
dscp-class |
Priority with which packets exceeding the rate are marked. Values can be:
|
Packets that exceed the configured rate are dropped.
Marks packets that exceed the configured QoS rate and burst tolerance with a DSCP value.
To configure the rate, enter the rate command. Only one mark instruction can be in effect at a time. To change the mark instruction, enter the exceed mark dscp command, specifying a new value for the dscp-class argument. This supersedes the one previously configured.
Table 4 lists the keywords for the dscp-class argument.
For more information about DSCP values, see RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.
| Caution! | ||
|
Risk of packet reordering. Packets can be reordered into a different
major DSCP class. To reduce the risk, ensure that the marking of conforming
packets and exceeding packets differ only within a major DSCP class.
Major DSCP classes are identified by the Class Selector code, and
include CS0=DF, CS1=AF11, AF12, AF13, CS2=AF21, AF22, AF23, CS3=AF31,
AF32, AF33, CS4=AF41, AF42, AF43, and CS5=EF. For example, if you
mark conforming packets with AF11 and you want to avoid reordering,
mark exceeding packets with AF11, AF12, or AF13 only.
| ||
Use the no or default form of this command to return to the default behavior of not taking any action on packets that conform to the configured rate.
The following example configures the DPI , qos_prof_01, to mark all packets that exceed the configured rate with a DSCP value representing a high priority of expedited forwarding (ef):
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# exceed mark dscp ef
exceed mark precedenceprec-value
no exceed
DPI QoS profile rate configuration
|
prec-value |
Drop precedence bits value. Range: 1 to 3. |
Packets that exceed the configured rate are dropped.
Marks packets that exceed the configured QoS rate with a drop precedence value corresponding to the AF class of the packet.
To configure the rate, enter the rate command.
In general, the level of forwarding assurance of an IP packet is based on: (1) the resources allocated to the AF class to which the packet belongs, (2) the current load of the AF class, and, in case of congestion within the class, (3) the drop precedence of the packet. In case of congestion, the drop precedence of a packet determines the relative importance of the packet within the AF class. Packets with a lower drop precedence value are preferred and protected from being lost, and packets with a higher drop precedence value are discarded.
With AF classes AF1 (AF11, AF12, AF13), AF2 (AF21, AF22, AF23), AF3 (AF31, AF32, AF33), and AF4 (AF41, AF42, AF43), the second integer represents a drop precedence value. Table 5 shows how the AF drop precedence value of an incoming packet is changed when it exits the SmartEdge router after being tagged with a new drop precedence. (See also RFC 2597, Assured Forwarding PHB Group.)
Only one mark instruction can be in effect at a time. To change the mark instruction, enter the exceed mark precedence command, specifying a new value for the prec-value argument, which supersedes the one previously configured.
Use the no or default form of this command to return to the default behavior of dropping packets that exceed the rate.
The following example configures the DPI , qos_prof_01, to mark all packets that exceed the configured rate with an IP precedence value of 3.
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# exceed mark precedence 3
exceed mark priority {group-num | ignore} [{drop-precedence {group-num | ignore} | af-drop drop-value}]
no exceed mark priority
DPI QoS profile rate configuration
|
group-num |
Priority group number. The range of values is 0 to 7. The scale used by this command for packet priority, from 0 (highest priority) to 7 (lowest priority), is the relative inverse of the scale used by QoS classification map and classification definition commands. |
|
ignore |
Specifies that the internal Packet Descriptor (PD) priority or drop-precedence value is not modified. |
|
drop-precedence |
Optional. Enables you to specify a setting for either the drop-precedence portion of the PD QoS field or the priority group, or both. |
|
af-drop drop-value |
Optional. Target internal drop-precedence value in two-bit format; leaves the least significant bit unmodified. Range: 1 to 3. |
Packets that exceed the configured rate are dropped.
Marks packets that exceed the QoS rate and burst tolerance with a priority group number, a drop-precedence value, or both, while leaving the packet’s IP header DSCP value unmodified.
To configure the QoS rate, enter the rate command.
A priority group is an internal value used by the SmartEdge OS to determine into which egress queue the inbound packet is placed. The ToS value, DSCP value, and MPLS EXP bits are unchanged by this command. The actual queue number depends on the number of queues configured on the circuit. For more information, see the num-queues command in Reference [3].
The SmartEdge OS uses the factory preset, or default, mapping of a priority group to queue, according to the number of queues configured on a circuit; see Table 6.
Only one mark instruction can be in effect at a time. To change the mark instruction, enter the exceed mark priority command, specifying a new value for the group-num argument. This supersedes the value previously configured.
| Caution! | ||
|
Risk of overriding configurations. The SmartEdge OS checks for
and applies marking in a specific order. To reduce the risk, remember
the following guidelines: Circuit-based marking overrides class-based
marking; Border Gateway Protocol (BGP) destination-based marking,
through route maps, overrides both circuit-based and class-based marking.
| ||
Use the no or default form of this command to return to the default behavior.
The following example configures the policy to mark all packets that exceed the configured rate with priority group number 3:
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000 [local]Redback(dpi-qos-rate)# exceed mark priority 3
log detection
no log detection
DPI action class configuration
Log detection is not enabled by default.
Generates a log entry when application or protocol traffic is detected in traffic mapped to the class. Enabling logging may impact performance.
[local]Redback(config-dpi-action-class)# log detection
mark dscp dscp-class
no mark dscp dscp-class
DPI QoS profile configuration
|
dscp-class |
Priority with which packets are marked. Values can be:
|
Packets are not assigned a DSCP priority.
Assigns a QoS DSCP priority to packets.
| Caution! | ||
|
Risk of overriding configurations. The SmartEdge OS checks for
and applies marking in a specific order. To reduce the risk, remember
the following guidelines: Circuit-based marking overrides class-based
marking; Border Gateway Protocol (BGP) destination-based marking,
through route maps, overrides both circuit-based and class-based marking.
| ||
For more information about DSCP values, see RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.
The following example configures the DPI qos_prof_02, to mark all packets as high-priority packets:
[local]Redback(config)# dpi qos profile qos_prof_02 [local]Redback(dpi-qos)# mark dscp ef
mark precedence prec-value
no mark precedence prec-value
DPI QoS profile configuration
|
prec-value |
Drop precedence value. Range: 1 to 3. |
Packets are not marked with an explicit drop precedence value.
Assigns a QoS drop precedence value to packets corresponding to the AF class of the packets.
In general, the level of forwarding assurance of an IP packet is based on: (1) the resources allocated to the AF class to which the packet belongs, (2) the current load of the AF class, and, in case of congestion within the class, (3) the drop precedence of the packet. In case of congestion, the drop precedence of a packet determines the relative importance of the packet within the AF DSCP class. Packets with a lower drop precedence value are preferred and protected from being lost, while packets with a higher drop precedence value are discarded. (For more information see RFC 2597, Assured Forwarding PHB Group.)
With AF classes AF1 (AF11, AF12, AF13), AF2 (AF21, AF22, AF23), AF3 (AF31, AF32, AF33), and AF4 (AF41, AF42, AF43), the second integer represents a drop precedence value. Table 5 shows how the AF drop precedence value of an incoming packet is changed when it exits the SmartEdge router after being tagged with a new drop precedence. (See also RFC 2597, Assured Forwarding PHB Group.)
Only one mark instruction can be in effect at a time. To change the mark instruction, enter the mark precedence command, specifying a new value for the prec-value argument, which supersedes the one previously configured.
The following example configures the DPI , qos_prof_02, to mark all packets as preferred packets.
[local]Redback(config)# dpi qos profile qos_prof_02 [local]Redback(dpi-qos)# mark precedence 1
mark priority {group-num | ignore} [{drop-precedence {group-num | ignore} | af-drop drop-value}]
no mark priority
DPI QoS profile configuration
|
group-num |
Priority group number. Range: 0 to 7. The scale used by this command for packet priority, from 0 (highest priority) to 7 (lowest priority), is the relative inverse of the scale used by QoS classification map and classification definition commands. |
|
ignore |
Specifies that the internal packet descriptor (PD) priority or drop-precedence value is not modified. |
|
drop-precedence |
Optional. Enables you to specify a setting for either the drop-precedence portion of the PD QoS field or the priority group, or both. |
|
af-drop drop-value |
Optional. Target internal drop-precedence value in two-bit format; leaves the least significant bit unmodified. Range: 1 to 3. |
The PD QoS values for a packet are not modified.
Sets the internal Packet Descriptor (PD) QoS classification value for specified packets, while preserving the packet’s IP header DSCP value.
A priority group is an internal value used by the SmartEdge OS to determine into which egress queue the inbound packet is placed. The ToS value, DSCP value, and MPLS EXP bits are unchanged by this command. The actual queue number depends on the number of queues configured on the egress circuit. For more information, see the num-queues command.
The SmartEdge OS uses the factory preset, or default, mapping of a priority group to queue, according to the number of queues configured on a circuit; see Table 6.
Only one mark instruction can be in effect at a time. To change the mark instruction, enter the mark priority command, specifying a new value for the group-num argument. This supersedes the value previously configured.
If neither the drop-precedence nor the af-drop keyword is specified, the priority bits are set to the specified value and the drop-precedence bits are cleared.
The following example configures the DPI , qos_prof_02, to mark all packets as high-priority packets:
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# mark priority 2
For UDP and TCP:
[seq sequence-number] protocol {udp | tcp} {network network-prefix/prefix-length | any} {cond source-port | range source-start-port source-end-port | any} {cond dest-port | range dest-start-port dest-end-port | any} class class-name
no seq sequence-number
For other protocols:
[seq sequence-number] protocol protocol {network network-prefix/prefix-length | any} class class-name
no seq sequence-number
DPI access control list configuration
|
seq sequence-number |
Optional. Sequence number for the statement. Range: 1 to 4,294,967,295. |
|
tcp |
Transmission Control Protocol. |
|
udp |
User Datagram Protocol. |
|
protocol |
Protocol name or number indicating a protocol as specified in RFC 1700, Assigned Numbers. Range: 0 to 255 or one of the keywords listed in Table 7. |
|
network network-prefix |
Source or destination IP address to be included in the criteria. Destination IP address when the traffic direction is from subscriber to Internet; source IP address when the traffic direction is from Internet to subscriber. |
|
prefix-length |
Optional. Number of prefix bits. Range: 0 to 32. |
|
any |
Optional. Indicates that IP traffic from all IP addresses or ports is to be included in the criteria. |
|
cond |
Matching condition for the port argument, according to one of the keywords listed in Table 8. |
|
source-port |
Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source port. This argument is only available if you specified TCP or UDP as the protocol. Range: 1 to 65,535 or one of the keywords listed in Table 9 and Table 10. |
|
range source-start-port source-end-port |
Beginning and ending TCP or UDP source ports that define a range of port numbers. A packet’s port must fall within the specified range to match the criteria. This construct is only available if you specified TCP or UDP as the protocol. Range: 1 to 65,535 or one of the keywords listed in Table 9 and Table 10. |
|
dest-port |
TCP or UDP destination port. This argument is only available if you specified TCP or UDP as the protocol. Range: 1 to 65,535 or one of the keywords listed in Table 9 and Table 10. |
|
range dest-start-port dest-end-port |
Beginning and ending TCP or UDP destination ports that define a range of port numbers. A packet’s port must fall within the specified range to match the criteria. This construct is only available if you specified TCP or UDP as the protocol. Range: 1 to 65,535 or one of the keywords listed in Table 9 and Table 10. |
|
class class-name |
Class name. |
None
Creates an ACL statement to allow packets that meet the specified criteria. If seq sequence-number is not specified, the system assigns a sequence number.
The cond source-port and cond dest-port constructs are mutually exclusive with the range source-start-port source-end-port and range dest-start-port dest-end-port constructs.
Table 7 lists the valid keyword substitutions for the protocol argument.
|
Keyword |
Definition |
|---|---|
|
ahp |
Authentication Header Protocol. |
|
esp |
Encapsulation Security Payload. |
|
gre |
Generic Routing Encapsulation. |
|
icmp |
Internet Control Message Protocol. |
|
igmp |
Internet Group Management Protocol. |
|
ip |
Any IP protocol. |
|
ipinip |
IP-in-IP tunneling. |
|
ospf |
Open Shortest Path First. |
|
pcp |
Payload Compression Protocol. |
|
pim |
Protocol Independent Multicast. |
Table 8 lists the valid keyword substitutions for the cond argument.
|
Keyword |
Description |
|---|---|
|
eq |
Specifies that values must be equal to those specified by the port argument. |
|
gt |
Specifies that values must be greater than those specified by the port argument. |
|
lt |
Specifies that values must be less than those specified by the port argument. |
|
neq |
Specifies that values must not be equal to those specified by the port argument. |
Table 9 lists the valid keyword substitutions for the source-port , source-start-port, source-end-port, dest-port, dest-start-port, or dest-end-port argument when it is used to specify a TCP port.
|
Keyword |
Definition |
Corresponding Port Number |
|---|---|---|
|
bgp |
Border Gateway Protocol |
179 |
|
chargen |
Character generator |
19 |
|
cmd |
Remote commands (rcmd) |
514 |
|
daytime |
Daytime |
13 |
|
discard |
Discard |
9 |
|
domain |
Domain Name System |
53 |
|
echo |
Echo |
7 |
|
exec |
Exec (rsh) |
512 |
|
finger |
Finger |
79 |
|
ftp |
File Transfer Protocol |
21 |
|
ftp-data |
FTP data connections (used infrequently) |
20 |
|
gopher |
Gopher |
70 |
|
hostname |
Network interface card (NIC) hostname server |
101 |
|
ident |
Identification protocol |
113 |
|
irc |
Internet Relay Chat |
194 |
|
klogin |
Kerberos login |
543 |
|
kshell |
Kerberos Shell |
544 |
|
login |
Login (rlogin) |
513 |
|
lpd |
Printer service |
515 |
|
nntp |
Network News Transport Protocol |
119 |
|
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
|
pop2 |
Post Office Protocol Version 2 |
109 |
|
pop3 |
Post Office Protocol Version 3 |
110 |
|
shell |
Remote command shell |
514 |
|
smtp |
Simple Mail Transport Protocol |
25 |
|
ssh |
Secure Shell |
22 |
|
sunrpc |
Sun Remote Procedure Call |
111 |
|
syslog |
System logger |
514 |
|
tacacs |
Terminal Access Controller Access Control System |
49 |
|
talk |
Talk |
517 |
|
telnet |
Telnet |
23 |
|
time |
Time |
37 |
|
uucp |
UNIX-to-UNIX Copy Program |
540 |
|
whois |
Nickname |
43 |
|
www |
World Wide Web (HTTP) |
80 |
Table 10 lists the valid keyword substitutions for the source-port , source-start-port, source-end-port, dest-port, dest-start-port, or dest-end-port argument when it is used to specify a UDP port.
|
Keyword |
Definition |
Corresponding Port Number |
|---|---|---|
|
biff |
Biff (Mail Notification, Comsat) |
512 |
|
bootpc |
Bootstrap Protocol client |
68 |
|
bootps |
Bootstrap Protocol server |
67 |
|
discard |
Discard |
9 |
|
dnsix |
DNSIX Security Protocol Auditing |
195 |
|
domain |
Domain Name System |
53 |
|
echo |
Echo |
7 |
|
isakmp |
Internet Security Association and Key Management Protocol (ISAKMP) |
500 |
|
mobile-ip |
Mobile IP Registration |
434 |
|
nameserver |
IEN116 Name Service (obsolete) |
42 |
|
netbios-dgm |
NetBIOS Datagram Service |
138 |
|
netbios-ns |
NetBIOS Name Service |
137 |
|
netbios-ss |
NetBIOS Session Service |
139 |
|
ntp |
Network Time Protocol |
123 |
|
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
|
rip |
Router Information Protocol |
520 |
|
snmp |
Simple Network Management Protocol |
161 |
|
snmptrap |
SNMP traps |
162 |
|
sunrpc |
Sun Remote Procedure Call |
111 |
|
syslog |
System logger |
514 |
|
tacacs |
Terminal Access Controller Access Control System |
49 |
|
talk |
Talk |
517 |
|
tfpt |
Trivial File Transfer Protocol |
69 |
|
time |
Time |
37 |
|
who |
Who Service (rwho) |
513 |
|
xdmcp |
X Display Manager Control Protocol |
177 |
[local]Redback(dpi-acl)# seq 20 udp any eq echo class c5 [local]Redback(dpi-acl)# tcp any any any class c6
qos profile profile-name [policing | metering]
no qos profile profile-name [policing | metering]
DPI action class configuration
|
profile-name |
Name of the QoS profile. |
|
policing |
Optional. Specifies a QoS profile used to rate-limit traffic in the ingress direction. |
|
metering |
Optional. Specifies a QoS profile used to rate-limit traffic in the egress direction. |
No QoS profile is configured.
Creates or selects a QoS profile and enters DPI QoS profile configuration mode. One policing and one metering QoS profile can be applied to a single dpi action class. Neither policing nor metering QoS profiles can be applied together with a bidrectional QoS profile.
[local]Redback(config-dpi-action-class)# qos profile q1
[local]Redback(config-dpi-action-class)# qos profile q2 policing
rate kbps {burst bytes | time-burst msec}
DPI QoS profile configuration
|
kbps |
Rate in kilobits per second. Range: 5 to 1,000,000,000. |
|
burst bytes |
Burst tolerance in bytes. Range: 1 to 4,250,000,000. |
|
time-burst msec |
Burst tolerance in milliseconds. Range: 1 to 10000. |
Rate is calculated based on the default values for the kbps, bytes, and msec arguments.
Sets the rate and burst tolerance for traffic on the subscriber record to which the QoS policy is attached.
Rate limits apply to an aggregate of inbound and outbound directions.
[local]Redback(config)# dpi qos profile qos_prof_01 [local]Redback(dpi-qos)# rate 64 burst 3000
show dpi asp slot/asp-id access-list [list-name]
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
list-name |
Detailed configuration information from the ASP for the ACL with the specified name. |
Displays information about one or all ACLs configured on the ASE card in the specified slot and port.
[local]Redback# show dpi asp 2/1 access-list
acl_01
acl_02
[local]Redback# show dpi asp 2/1 access-list acl_01
Default Class: cc
seq 10 application bit-torrent class dd
seq 20 application bit-torrent class dd
seq 30 application bit-torrent class dd
seq 40 application bit-torrent class dd
seq 50 category p2p class cc
seq 60 protocol tcp any range 1 65535 range 1 65535 class dd
seq 70 application bit-torrent network 1.2.3.4/0
class hh
seq 80 application bit-torrent network 1.2.3.4/1
class hhshow dpi asp slot/asp-id qos profile [profile-name]
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
profile-name |
Name of the profile. |
Displays information about one or all QoS profiles configured on the ASE card in the specified slot and port.
[local]Redback# show dpi asp 2/1 qos profile
q1
q2
q34
[local]Redback# show dpi asp 2/1 qos profile q1
Rate: 12312 kbps Burst: 23 bytes
Time-burst: 0 milli-seconds
Conf-mark-priority Conf-mark-prec Conf-mark-
dscp
0xff 0xff 0x16
Exceed-mark-priority Exceed-mark-prec Exceed-mark-
dscp
0xff 0x2 0xff
Jitter : 0
Delay : 123123
Reorder: 12 (random)
show dpi asp slot/asp-id traffic-management action policy [policy-name]
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
policy-name |
Name of the DPI traffic management action policy |
Displays information about one or all DPI traffic management action policies configured on the ASE card in the specified slot and port.
[local]Redback# show dpi asp 2/1 traffic-management
action policy
apol_01
apol_02
[local]Redback# show dpi asp 2/1 traffic-management
action policy apol_01
Default Class:
class c1
Qos Profile: q1 [Bidirectional]
Statistics: Enable
Log Events: Detection
class c2
Qos Profile: q2 [Policing]
Qos Profile: q3 [Metering]
Statistics: Enable
Log Events: Detectionshow dpi asp slot/asp-id traffic-management policy [policy-name]
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
policy-name |
Name of the DPI traffic management policy. |
Displays information about one or all DPI traffic management policies configured on the ASE card in the specified slot and port.
[local]Redback# show dpi asp 2/1 traffic-management policy
pol_01
Access Group: acl_01
Action Policy: apol_01show dpi asp slot/asp-id traffic-management statistics {sessions | packet [in | out] | protocol protocol-name | subscriber}
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
sessions |
Displays statistics per session. |
|
packet |
Displays global DPI module packet statistics. |
|
in |
Optional. Displays packet statistics for inbound packets. |
|
out |
Optional. Displays packet statistics for outbound packets. |
|
protocol |
Displays ASP counters per application. |
|
subscriber |
Displays subscriber statistics. |
With no option specified, displays the global traffic management statistics. Use the packet keyword to display global DPI module packet statistics. Use the in | out keywords to limit the display by direction. Use the protocol keyword to display ASP counters per application; for example, the total number of packets and bytes received, dropped, and so on. Use the subscriber keyword to display the current number of active subscribers, maximum subscriber count (historical), number of subscribers being processed with the specified profile, number of subscribers being processed with the default profile, and other subscriber statistics.
[local]Redback# show dpi asp 2/1 traffic-management statistics protocol
Protocol: bit-torrent
Packets Received: 4110091
Bytes Received: 2747344474
Packets Dropped: 0
Bytes Dropped: 0
Flow Count: 1000
Packets Inspected: 1000
Packets Rate Limited: 0
Packets Sent: 4110091
Bytes Sent: 2747344474
Protocol: fast-track
Packets Received: 0
Bytes Received: 0
Packets Dropped: 0
Bytes Dropped: 0
Flow Count: 0
Packets Inspected: 0
Packets Rate Limited: 0
Packets Sent: 0
Bytes Sent: 0
Protocol: edonkey
Packets Received: 0
Bytes Received: 0
---(more)---
[local]Redback# show dpi asp 2/1 traffic-management statistics protocol bit-torrent
Protocol: bit-torrent
Packets Received: 18
Bytes Received: 15238
Packets Dropped: 10
Bytes Dropped: 14720
Flow Count: 1
Packets Inspected: 1
Packets Rate Limited: 10
Packets Sent: 8
Bytes Sent: 518
[local]Redback# show dpi asp 2/1 traffic-management statistics subscriber
Current Subscriber Count: 1000
Maximum Subscriber Count: 1000
Subscribers Exceeding Session Limit: 100
Subscribers Per Profile:
Profile-Name Subscriber-Count
dpi_pol_1 1000
[local]Redback# show dpi asp 2/1 traffic-management statistics packet
Packets Received: 1147051577
Bytes Received: 765585355073
Packets Dropped: 0
Bytes Dropped: 0
Packets Inspected: 903794
Packets Rate Limited: 0
Packets Sent: 1147051577
Bytes Sent: 765585355073
Non-TCP/UDP Packets Received: 1594308
Packets Bypassed: 0
[local]Redback# show dpi asp 2/1 traffic-management statistics packet in
Packets Received: 1617332757
Bytes Received: 791013170998
Packets Dropped: 0
Bytes Dropped: 0
Packets Inspected: 1043009228
Packets Rate Limited: 0
Packets Sent: 1617332757
Bytes Sent: 791013170998
Non-TCP/UDP Packets Received: 2085990886
Packets Bypassed: 0
[local]Redback# show dpi asp 2/1 traffic-management statistics sessions
Sessions:
TCP:
Pending Classification: 125
Total: 948
UDP:
DNS: 0
Pending Classification: 0
Total: 1000show dpi circuit {agent-circuit-id agent-circuit-id | agent-remote-id agent-remote-id | slot/port[:chan-num[:sub-chan-num] [circuit-id] | username subscriber} traffic-management [sessions | statistics sessions | statistics [packet [in | out]] {class | protocol}]
all modes
|
agent-circuit-id agent-circuit-id |
Subscriber session identifier, where the agent-circuit-id argument is the value of the agent circuit ID in a subscriber record. Enter the agent-circuit-id argument as a structured subscriber username in the form subscriber@context. |
|
agent-remote-id agent-remote-id |
Subscriber session identifier, where the agent-remote-id argument is the value of the agent remote ID in a subscriber record. Enter the agent-remote-id argument as a structured subscriber username in the form subscriber@context. |
|
slot |
Chassis slot number for a particular card. |
|
port |
Port number on the specified card. |
|
chan-num |
Optional. Channel number on the specified port. If omitted, this command applies to all channels on the specified port. Range: depends on the type of port; see Table 3. |
|
sub-chan-num |
Optional. Subchannel number in the specified channel. If omitted, this command applies to all subchannels in the specified channel. Range: depends on the type of port; see Table 3. |
|
circuit-id |
Subscriber session identifier. See Table 2 for information about the circuit-id argument. |
|
username subscriber |
Subscriber session identifier. Enter the subscriber argument as a structured subscriber username in the form subscriber@context. |
|
sessions |
Displays a summary of all active (TCP, UDP) sessions for the specified subscriber. |
|
statistics sessions |
Displays subscriber session statistics from the ASP. |
|
packet [in | out] |
Displays directional traffic statistics per subscriber. |
|
class |
Displays subscriber statistics per class. |
|
protocol |
Displays subscriber statistics per application or protocol. |
Displays security service specific information per subscriber, including:
Use the sessions keyword to display a summary of all active (TCP, UDP) sessions for the specified subscriber, including the standard 5-tuple and the class applied to the flow; one line is displayed per subscriber session. Use the statistics keyword to display the subscriber statistics, including session statistics.
[local]Redback# show dpi circuit username p2_1@local
Assigned-ASP 2/1
ASP-State: Up
Services Configured: P2P-Traffic-Management[test]
Services Applied: P2P-Traffic-Management[test]
Service State: Normal
[local]Redback# show dpi circuit username p2_1@local traffic-management sessions
Source-IP Source- Transport Dest- Dest-IP
Port Port
12.1.0.1 32768 tcp 6881 112.1.1.1
P2P-Protocol Class-Protocol
bit-torrent c34
[local]Redback# show dpi circuit username p2_1@local traffic-management statistics class
Class: c100
Direction: Egress
Packets Received: 2
Bytes Received: 80
Packets Dropped: 0
Bytes Dropped: 0
Flow Count: 0
Packets Inspected: 2
Packets Rate Limited: 0
Packets Sent: 2
Bytes Sent: 80
Class: c100
Direction: Ingress
Packets Received: 1
Bytes Received: 40
Packets Dropped: 0
Bytes Dropped: 0
Flow Count: 0
Packets Inspected: 1
Packets Rate Limited: 0
Packets Sent: 1
Bytes Sent: 40
Class: c34
Direction: Egress
Packets Received: 58
Bytes Received: 3390[local]Redback# show dpi circuit username p2_1@local traffic-management statistics protocol
Protocol: bit-torrent
Direction: Egress
Packets Received: 106
Bytes Received: 6166
Packets Dropped: 0
Bytes Dropped: 0
Flow Count: 1
Packets Inspected: 1
Packets Rate Limited: 0
Packets Sent: 106
Bytes Sent: 6166
Protocol: bit-torrent
Direction: Ingress
Packets Received: 283
Bytes Received: 266422
Packets Dropped: 177
Bytes Dropped: 260544
Flow Count: 1
Packets Inspected: 0
Packets Rate Limited: 177
Packets Sent: 106
Bytes Sent: 5878[local]Redback# show dpi circuit username user1@domain.com traffic-management statistics packet Packets Received: 6144 Bytes Received: 4479456 Packets Dropped: 856 Bytes Dropped: 34240 Packets Inspected: 64 Packets Rate Limited: 0 Packets Exceeding Session Limit: 1100 Bytes Exceeding Session Limit: 187592 Packets Sent: 6144 Bytes Sent: 4479456 TCP Resets Originated: 0
[local]Redback# show dpi circuit username user1@domain.com traffic-management statistics session Sessions: TCP: Pending Classification: 1 Total: 2 UDP: DNS: 0 Pending Classification: 1 Total: 1
show dpi traffic-management [application | category [category-name]
all modes
|
application |
Display all supported applications. |
|
category |
Display all supported categories. |
|
category-name |
Display all applications in the specified category. |
Displays traffic management applications or categories supported by a software release.
[local]Redback# show dpi traffic-management application [local]Redback# show dpi traffic-management category [local]Redback# show dpi traffic-management category p2p
show security asp slot/asp-id statistics {packet slot | system}
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
|
packet |
Statistics output lists the Rx/Tx counters, including packets and bytes received, error packet and byte counts, packets and bytes sent, and packets and bytes dropped. |
|
slot |
Chassis slot number. |
|
system |
Statistics output lists memory usage of an ASP, including the number of ATM APS packets processed that were replicated. |
Displays statistics for the ASP on the specified ASE card.
[local]Redback# show security asp 2/1 statistics system
Memory Information :
Total Dynamic Memory: 1073726296 Bytes
Memory Allocated: 518697592 Bytes
Memory Available: 555028704 Bytes
Allocation Failures: 0 Bytes
Packet Statistics :
Bypassed packets:
Unknown Subscribers: 0
Memory Overload: 0
Replicated packets
slot 1: 19108908
slot 5: 817923
slot 6: 817923
slot 10: 19108908
[local]system1#show security asp 2/2 statistics system
Memory Information :
Total Dynamic Memory: 1073726296 Bytes
Memory Allocated: 518928728 Bytes
Memory Available: 554797568 Bytes
Allocation Failures: 0 Bytes
Packet Statistics :
Bypassed packets: 0
Unknown Subscribers: 0
Memory Overload: 0
Replicated packets
slot 1: 19179631
slot 5: 837430
slot 6: 837430
slot 10: 19179631
show security asp slot/asp-id system
all modes
|
slot |
Chassis slot number for a particular ASE card. |
|
asp-id |
The ID of the ASP on the ASE card: 1 or 2. |
Displays system-level information stored on the ASP, such as a list of slots populated with cards, card type and PPA type of traffic cards installed, and the state of each populated slot.
[local]Redback# show security asp 2/1 system
Control Plane :
Slot Card-Type State
2 ase Up
4 ge-20-port Up
Data Plane :
Slot Card-Type State
2 ase Up
4 ge-20-port Up
| ACL |
| Access Control List |
| AF |
| Assured Forwarding |
| DSCP |
| Differentiated Services Code Point |
| ISAKMP |
| Internet Security Association and Key Management Protocol |
| MPLS |
| Multiprotocol Label Switching |
| NIC |
| Network interface card |
| PD |
| Packet Descriptor |
| QoS |
| Quality of Service |
| TCP |
| Transmission Control Protocol |
| ToS |
| Type of Service |
| UDP |
| User Datagram Protocol |
| VCI |
| Virtual Circuit Identifier |
| VPI |
| Virtual Path Identifier |
| [1] Application Traffic Management Overview, 221 02-CRA 119 1031/1. |
| [2] Application Traffic Management Configuration and Operation. |
| [3] Command List, 1/190 77-CRA 119 1031/1. |