MQC Configuration Is Invalid on Huawei CE Switch

What should we do if MQC configuration is invalid on Huawei CE switch like CE6800 CE8800 CE12800?

1, Checking Whether the Traffic Policy Is Delivered Successfully

Procedure

A CE switch such as Huawei CE6820-48S6CQ-B uses asynchronous delivery for MQC. A traffic policy can be configured successfully, but may be not delivered successfully. Run the display traffic-policy applied-record command in any view to check whether the traffic policy is delivered successfully.

When the value of State is success, the traffic policy is delivered successfully.

When the value of State is fail(n), the traffic policy fails to be delivered. The value n indicates the code for the cause of a failure to deliver a traffic policy.

<HUAWEI> 
display traffic-policy applied-record p1
Total records : 4   

Policy Type/Name                     Apply Parameter             Slot State          
   

traffic-filter     (IPv4) acl 2001   Global inbound                 1 success        

                                                                    2 success        

                                                                    4 fail(4)            

dsc                                  Global inbound                 1 fail(3)        

                                                                    2 fail(3)        

                                                                    4 fail(3)        

n4                                   10GE4/0/2 inbound              4 fail(4)        

p1                                   10GE4/0/5 inbound              4 fail(4) 

Fail reason:  

   3 — The numbers of matched conditions and actions in the traffic policy exceed the limit.

   4 — Insufficient ACL resources.  

 

2, Checking Whether the Traffic Policy Is Configured Correctly

Procedure

Run the display traffic policy command in any view to check whether the traffic classifier name, relationship between rules in a traffic classifier, traffic behavior name, and action in a traffic behavior are correct. If the preceding configuration is incorrect, change the configuration.

The command output shows that the traffic classifier name is c1, the relationship between rules in a traffic classifier is OR, the traffic behavior name is b1, and the action in a traffic behavior is traffic statistics collection.

<HUAWEI> display traffic policy p1   
Traffic Policy Information:     Policy: p1                    
Classifier: c1       //Traffic classifier name        
Type: OR           //Relationship between rules in a traffic classifier       
Behavior: b1         //Traffic behavior name         
Statistics: enable //Action in a traffic behavior

Pay attention to the following points:

  • When an ACL rule defining a VPN instance is defined in a traffic classifier, the vpn-instancefield is ignored. Both private and public traffic are matched. To accurately match private traffic, apply a traffic policy to the corresponding Layer 3 interface.
  • When the relationship between rules in a traffic classifier is OR, packets only need to match one or more rules in a traffic classifier.
  • When the relationship between rules in a traffic classifier is AND:

If a traffic classifier contains ACL rules, packets match the traffic classifier only when the packets match one ACL rule and all the non-ACL rules.

If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

Run the display traffic classifier command in any view to check whether the value of Rule(s) is consistent with traffic characteristics. If the value of Rule(s) is inconsistent with traffic characteristics, change rule information.

The following command output shows that traffic tagged with VLAN 120 is matched.

<HUAWEI> display traffic classifier  

Traffic Classifier Information:       

Classifier: c1       Type: AND     Rule(s):                                                                      

if-match vlan 120

3, Checking Whether the Traffic Policy Is Applied to the Correct View and Direction

Procedure

Run the display traffic-policy applied-record command in any view to check whether the view and direction specified by Apply Parameter are correct. If the view and direction are incorrect, change the configuration.

The following command output shows that the traffic policy p1 is applied to 10GE1/0/1 in the inbound direction.

<HUAWEI> display traffic-policy applied-record p1 
Total records : 1                                                                                                                                                             
Policy Type/Name                 Apply Parameter           Slot     State                                                                                                             
p1                               10GE1/0/1 inbound             
1     success        

Pay attention to the following points:

  • The traffic policy that is applied to a VLANIF interface is valid for only Layer 3 unicast packets.
  • When the traffic policy that contains packet filtering or mirroring is applied in the outbound direction, the following situation will occur:
  • If there is only if-match any, the traffic policy is valid for only Layer 2 traffic.
  • If the traffic policy contains the ACL based on Layer 3 fields, the traffic policy is valid for only Layer 3 traffic.
  • If the traffic policy does not contain the ACL based on Layer 3 fields, the traffic policy is valid for only Layer 2 traffic.

4, Checking Whether There Is Another Traffic Policy with a Higher Priority

Procedure

Run the display traffic-policy apply-information command in the diagnostic view to check the priorities of traffic policies. The command output displays the traffic policies that take effect in descending order of priority. If a traffic policy with a higher priority also matches the specified traffic, adjust the MQC configuration based on network requirements.

For example, the traffic policy w1 is listed before the traffic policy w2, so w1 has a higher priority than w2. If traffic matches both w1 and w2, the action defined in w1 is taken for the traffic.

<HUAWEI> system-view [~HUAWEI] diagnose [~HUAWEI-diagnose] display traffic-policy apply-information slot 1:                                                                          
Chip Policy Type/Name         
Apply Parameter         
GroupId     Priority                                                                      
Group / Service      0 w1                       
10GE1/0/11(Out)              60      4 / 110          0 w2                      
VLAN 77(Out)                 60      4 / 112     

 

Tags