Kaspersky SD-WAN
2.3
English

Contents

Quality of Service (QoS)

A Quality of Service (QoS) policy ensures data transfer in accordance with the requirements set for traffic classes. In Kaspersky SD-WAN, the following components contribute to the quality of service:

  • Traffic classes - indicate the priority of traffic processing and distribute traffic among queues. For example, you can use one of the traffic classes for real-time traffic that requires minimizing packet loss. You can map traffic to traffic classes when creating or editing a traffic classifier.
  • Traffic classifiers determine whether or not the DSCP values specified in the traffic packet header fields must be trusted. If a traffic classifier does not trust DSCP values, it maps them to traffic classes. You can specify a traffic classifier when creating or editing a quality of service rule to make the quality of service rule use this traffic classifier.
  • Quality of service rules determine whether the bandwidth of traffic processed by traffic classifiers is limited. You can specify a quality of service rule when you create or edit a transport service to make the transport service use this quality of service rule.
  • Constraints are used to configure how the paths are built in transport services. You can create two types of constraints:

    You can specify a constraint when creating or editing a transport service to make the transport service use this constraint.

  • Traffic classification rules identify traffic with particular values of the L2 – L4 header fields, as well as traffic of specified applications, in the overall stream of traffic. You can specify a traffic classification rule when creating or editing a traffic filter to make the traffic filter use this traffic classification rule.
  • Traffic filters filter traffic based on specified traffic classification rules. You can specify a traffic filter when creating or editing a transport service or ACL interface to make the transport service or ACL interface use this traffic filter.

In this Help section

Managing traffic classes

Managing traffic classifiers

Managing quality of service rules

Managing Manual-TE constraints

Managing threshold constraints

Managing traffic classification rules

Managing traffic filters
Page top
[Topic 245177]

Managing traffic classes

About traffic classes

You can view the table of traffic classes in an SD-WAN instance template or in the controller configuration menu.

  • To view the table of traffic classes in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the Traffic classes tab.
  • To view the table of traffic classes in the controller settings menu, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, and go to the QoS section.

By default, the following traffic classes are created:

  • Best effort
  • Business normal
  • Business critical
  • Video
  • Conference
  • Signaling
  • Real time
  • Network control

Information about traffic classes is displayed in the following columns of the table:

  • Name is the name of the traffic class.
  • Internal tag is the internal tag of the traffic class.
  • Queue is the number of the queue to which traffic from the traffic class goes.
  • KOver is the overcommitment ratio of the traffic bandwidth, which sets the multiplier by which the bandwidth dedicated to the traffic class can be increased if the total bandwidth is not fully utilized.
  • Exclude when computing path indicates whether the bandwidth available to the traffic class is taken into account when calculating the route:
    • Yes
    • No

The following parameters are displayed in the lower part of the table:

  • Default traffic class is the traffic class in which all traffic is placed that is not included in other classes.
  • Control traffic class is the traffic class in which control traffic is placed that is used to manage solution components. We recommend assigning the highest priority to control traffic to make sure the network works reliably.
  • Maximum reserved bandwidth (%) is the percentage of the maximum traffic transfer rate that can be available for the traffic class.

Kaspersky SD-WAN does not support creating traffic classes, but you can edit the default traffic classes in the SD-WAN instance template or in the controller configuration menu.

Editing a traffic class

You can edit a traffic class in an SD-WAN instance template or in the controller configuration menu. If you edit a traffic class in an SD-WAN instance template, that traffic class is not modified in the controller configuration menu of already deployed SD-WAN instances.

Default traffic classes are suitable for most deployment scenarios, and we do not recommend editing them.

To edit a traffic class:

  1. Edit a traffic class in one of the following ways:
    • If you want to edit the traffic class in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the Traffic classes tab.
    • If you want to edit the traffic class in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section.

    A table of traffic classes is displayed.

  2. Click Edit.
  3. In the Name column, enter the name of the traffic class.
  4. In the Queue column, select the number of the queue into traffic of the selected class goes. The higher the value, the higher the priority of the traffic class. You cannot specify the same priority for multiple traffic classes.
  5. In the KOver column, select the overcommitment ratio of the traffic bandwidth, which sets the multiplier by which the bandwidth dedicated to the traffic class can be increased if the total bandwidth is not fully utilized.
  6. If you want to ignore the bandwidth available to the traffic class when building the route, select the Exclude when computing path check box. When this check box is selected, you cannot select the KOver ratio for the traffic class. By default, this check box is selected next to the Best effort traffic class.
  7. In the Default traffic class drop-down list, select the traffic class in which all traffic is placed that is not included in other classes. By default, the Best effort traffic class is selected.
  8. In the Control traffic class drop-down list, select the traffic class in which you want control traffic is placed. By default, the Network control traffic class is selected.
  9. In the Maximum reserved bandwidth (%) drop-down list, select the percentage of the maximum traffic transfer rate that can be available for the traffic class. Range of values: 10 to 90. Default value: 90.
  10. Click Ok.

    The traffic class is modified.

  11. If you have modified a traffic class in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.
Page top
[Topic 261421]

Managing traffic classifiers

You can view the table of traffic classifiers in an SD-WAN instance template or in the controller configuration menu.

  • To view the table of traffic classifiers in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the Traffic classifiers tab.
  • To view the table of traffic classifiers in the controller settings menu, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, go to the QoS section and select the Traffic classifiers tab.

By default, the Untrust-BE-Classifier is created, which does not trust DSCP values in traffic packet header fields and puts all traffic in the Best effort traffic class. Information about traffic classes is displayed in the following columns of the table:

  • Name is the name of the traffic classifier.
  • Type indicates whether the classifier trusts the DSCP values set in the header fields of traffic packets:
    • Yes
    • No
  • Traffic class are traffic classes into which the traffic classifier puts traffic.
  • Packet field are traffic packet headers.
  • External tag is the DSCP value that the traffic packet headers must contain for the traffic classifier to put traffic in the traffic class.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating a traffic classifier

Editing a traffic classifier

Deleting a traffic classifier
Page top
[Topic 261422]

Creating a traffic classifier

You can create a traffic classifier in an SD-WAN instance template or in the controller configuration menu. If you create a traffic classifier in an SD-WAN instance template, that traffic classifier is not created in the controller configuration menu of already deployed SD-WAN instances.

To create a traffic classifier:

  1. Create a traffic classifier in one of the following ways:
    • If you want to create a traffic classifier in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the Traffic classifiers tab.
    • If you want to create a traffic classifier in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section and select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  2. Click + Classifier.
  3. This opens a window; in that window, in the Name field, enter the name of the traffic classifier.
  4. In the Type list, select one of the following values:
    • Trust means that the traffic classifier trusts the DSCP values set in the header fields of traffic packets. Default value.
    • Untrust means that the traffic classifier does not trust the DSCP values set in the header fields of traffic packets.
  5. If you selected Trust in the Type list, map the traffic classes to DSCP values in the traffic packet headers:
    1. In the Traffic class column, select the traffic class into which the traffic classifier puts traffic.
    2. In the External tag column, click Select next to the traffic packet header field.
    3. Select the check boxes next to the displayed DSCP values that must be present in the traffic packet header field for the traffic classifier to put traffic in the traffic class.
    4. Click Ok.
  6. If in the Type list you selected Untrust, select the traffic class in which the traffic classifier places all traffic in the Traffic class drop-down list.
  7. Click Create.

    The traffic classifier is created and displayed in the table.

  8. If you have created a traffic classifier in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.

You can specify a traffic classifier when creating or editing a quality of service rule to make the quality of service rule use this traffic classifier.

Page top
[Topic 242620]

Editing a traffic classifier

You can edit a traffic classifier in an SD-WAN instance template or in the controller configuration menu. If you edit a traffic classifier in an SD-WAN instance template, that traffic classifier is not edited in the controller configuration menu of already deployed SD-WAN instances.

To edit a traffic classifier:

  1. Edit a traffic classifier in one of the following ways:
    • If you want to edit a traffic classifier in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the Traffic classifiers tab.
    • If you want to edit a traffic classifier in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section and select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  2. Click Management → Edit next to the traffic classifier that you want to edit.
  3. This opens a window; in that window, if necessary, edit the traffic classifier settings. For a description of the settings, see the instructions for creating a traffic classifier.
  4. Click Save.

    The traffic classifier is modified and updated in the table.

  5. If you have edited a traffic classifier in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.
Page top
[Topic 256606]

Deleting a traffic classifier

You can delete a traffic classifier in an SD-WAN instance template or in the controller configuration menu. If you delete a traffic classifier in an SD-WAN instance template, that traffic classifier is not deleted in the controller configuration menu of already deployed SD-WAN instances.

Deleted traffic classifiers cannot be restored.

To delete a traffic classifier:

  1. Delete a traffic classifier in one of the following ways:
    • If you want to delete a traffic classifier in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the Traffic classifiers tab.
    • If you want to delete a traffic classifier in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section and select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  2. Click Management → Delete next to the traffic classifier that you want to delete.
  3. In the confirmation window, click Delete.

    The traffic classifier is deleted and is no longer displayed in the table.

  4. If you have deleted a traffic classifier in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.
Page top
[Topic 245578]

Managing quality of service rules

You can view the table of quality of service rules in an SD-WAN instance template or in the controller configuration menu.

  • To view the table of quality of service rules in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the QoS rules tab.
  • To view the table of quality of service rules in the controller settings menu, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, go to the QoS section and select the QoS rules tab.

By default, the Unlimited-QoS quality of service rule is created that uses the default traffic classifier, Untrust-BE-Classifier, does not limit the bandwidth, and provides 100% of the total bandwidth to the Best effort traffic class. Information about quality of service rules is displayed in the following columns of the table:

  • Name is the name of the quality of service rule.
  • MBR is the maximum bandwidth allowed by the quality of service rule.
  • The following columns display the percentage of the total bandwidth available to traffic classes:
    • Best effort
    • Business normal
    • Business critical
    • Video
    • Conference
    • Signaling
    • Real time

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating a quality of service rule

Editing a quality of service rule

Deleting a quality of service rule
Page top
[Topic 261424]

Creating a quality of service rule

You can create a quality of service rule in the SD-WAN instance template or in the controller configuration menu. If you create a quality of service rule in an SD-WAN instance template, that quality of service rule is not created in the controller configuration menu of already deployed SD-WAN instances.

To create a quality of service rule:

  1. Create a quality of service rule:
    • If you want to create a quality of service rule in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the QoS rules tab.
    • If you want to create a quality of service rule in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section and select the QoS rules tab.

    The table of quality of service rules is displayed.

  2. Click + QoS rule.
  3. This opens a window; in that window, in the Name field, enter the name of the quality of service rule.
  4. In the Classifier drop-down list, select the created traffic classifier that you want to use in the quality of service rule.
  5. If you want the quality of service rule to limit the bandwidth for traffic processed by the traffic classifier, clear the Unlimited check box. This check box is selected by default.
  6. If you cleared the Unlimited check box, configure the traffic bandwidth limit:
    1. In the MBR field, enter the maximum bit rate. Default value: 1.
    2. In the Speed type drop-down list, select the units of measurement for the maximum bit rate:
      • Kbit/sec. Default value.
      • Mbit/sec
      • Gbit/sec
    3. If in the Classifier drop-down list, you have selected a classifier of the Trust type, in the Maximum reserved bandwidth (%) column, specify the percentage of the total bit rate available to traffic classes. The sum total of the specified values must equal 100%.
  7. Click Create.

    The quality of service rule is created and displayed in the table.

  8. If you have created a quality of service rule in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.

You can specify a quality of service rule when you create or edit a transport service to make the transport service use this quality of service rule.

Page top
[Topic 242639]

Editing a quality of service rule

You can edit a quality of service rule in an SD-WAN instance template or in the controller configuration menu. If you edit a quality of service rule in an SD-WAN instance template, that quality of service rule is not modified in the controller configuration menu of already deployed SD-WAN instances.

To edit a quality of service rule:

  1. Edit a quality of service rule:
    • If you want to edit a quality of service rule in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the QoS rules tab.
    • If you want to edit a quality of service rule in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section and select the QoS rules tab.

    The table of quality of service rules is displayed.

  2. Click Management Edit next to the quality of service rule that you want to edit.
  3. This opens a window; in that window, if necessary, edit the quality of service settings. For a description of the settings, see the instructions for creating a quality of service rule.
  4. Click Save.

    The quality of service rule is modified and updated in the table.

  5. If you have edited a quality of service rule in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.
Page top
[Topic 256612]

Deleting a quality of service rule

You can delete a quality of service rule in an SD-WAN instance template or in the controller configuration menu. If you delete a quality of service rule in an SD-WAN instance template, that quality of service rule is not deleted in the controller configuration menu of already deployed SD-WAN instances.

Deleted quality of service rules cannot be restored.

To delete a quality of service rule:

  1. Delete a quality of service rule:
    • If you want to delete a quality of service rule in an SD-WAN instance template, go to the SD-WAN → SD-WAN instance templates section, click the SD-WAN instance template, and select the QoS rules tab.
    • If you want to delete a quality of service rule in the controller settings menu, go to the Infrastructure section, click Management → Configuration menu next to the controller, and go to the QoS section and select the QoS rules tab.

    The table of quality of service rules is displayed.

  2. Click Management → Delete next to the quality of service rule that you want to delete.
  3. In the confirmation window, click Delete.

    The quality of service rule is deleted and is no longer displayed in the table.

  4. If you have deleted a quality of service rule in the SD-WAN instance template, in the upper part of the settings area, click Save to save the SD-WAN instance template settings.
Page top
[Topic 256613]

Managing Manual-TE constraints

To display the table of Manual-TE constraints, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, and go to the Constraints section. Information about Manual-TE constraints is displayed in the following columns of the table:

  • Name is the name of the Manual-TE constraint.
  • Segment is the segment of the Manual-TE paths added to the Manual-TE constraint.
  • Paths are the Manual-TE paths that have been added to the Manual-TE constraint.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating a Manual-TE constraint

Editing a Manual-TE constraint

Deleting a Manual-TE constraint
Page top
[Topic 261426]

Creating a Manual-TE constraint

To create a Manual-TE constraint:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Constraints section.

    The Manual-TE tab with the table of Manual-TE constraints is selected by default.

  4. In the upper part of the page, click + Manual-TE constraint.
  5. This opens a window; in that window, in the Name field, enter the name of the Manual-TE constraint.
  6. Select the Use Manual-TE path check box next to the created Manual-TE paths that you want to add to the Manual-TE constraint. These check boxes are cleared by default.
  7. If you want to allow using an Auto-SPF path when the specified Manual-TE paths are not available, select the Ignore if no constrained path is found check box next to the Manual-TE paths. You can only select the check box next to a Manual-TE path that have the Use Manual-TE path check box selected. These check boxes are cleared by default.
  8. Click Create.

The Manual-TE constraint is created and displayed in the table.

You can specify a Manual-TE constraint when creating or editing a transport service to make the transport service use this Manual-TE constraint.

Page top
[Topic 246463]

Editing a Manual-TE constraint

To edit a Manual-TE constraint:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Constraints section.

    The Manual-TE tab with the table of Manual-TE constraints is selected by default.

  4. Click Management → Edit next to the Manual-TE constraint that you want to edit.
  5. This opens a window; in that window, if necessary, edit the Manual-TE constraint settings. For a description of the settings, see the instructions for creating a Manual-TE constraint.
  6. Click Save.

The Manual-TE constraint is modified and updated in the table.

Page top
[Topic 256618]

Deleting a Manual-TE constraint

Deleted Manual-TE constraints cannot be restored.

To delete a Manual-TE constraint:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Constraints section.

    The Manual-TE tab with the table of Manual-TE constraints is selected by default.

  4. Click Management → Delete next to the Manual-TE constraint that you want to delete.
  5. In the confirmation window, click Delete.

The Manual-TE constraint is deleted and is no longer displayed in the table.

Page top
[Topic 256619]

Managing threshold constraints

To display the table of threshold constraints, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, go to the Constraints section, and select the Thresholds tab. Information about threshold constraints is displayed in the following columns of the table:

  • Name is the name of the threshold constraint.
  • Last resort indicates whether the threshold constraint excludes a link from Auto-TE path calculation if the Last resort check box is selected in link monitoring settings:
    • Y
    • N
  • Error level indicates whether the threshold constraint excludes a link from Auto-TE path calculation if the errors-per-second threshold is reached on the link:
    • Y
    • N
  • Utilization indicates whether the threshold constraint excludes a link from Auto-TE path calculation if the utilization threshold is reached on the link, as a percentage of the bandwidth of the source service interface:
    • Y
    • N
  • Latency indicates whether the threshold constraint excludes a link from Auto-TE path calculation if the delay threshold (in milliseconds) is reached for traffic passing through the link:
    • Y
    • N
  • Jitter indicates whether the threshold constraint excludes a link from Auto-TE path calculation if the jitter threshold (in milliseconds) is reached for traffic passing through the link:
    • Y
    • N
  • Packet loss indicates whether the threshold constraint excludes a link from Auto-TE path calculation if the packet loss threshold (as a percentage value) is reached on the link:
    • Y
    • N

    You can specify monitoring thresholds when configuring link monitoring.

    The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating a threshold constraint

Editing a threshold constraint

Deleting a threshold constraint
Page top
[Topic 276363]

Creating a threshold constraint

To create a threshold constraint:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Constraints section.

    The Manual-TE tab with the table of Manual-TE constraints is selected by default.

  4. Select the Thresholds tab.

    A table of threshold constraints is displayed.

  5. In the upper part of the page, click + Threshold constraint.
  6. This opens a window; in that window, in the Name field, enter the name of the threshold constraint.
  7. Select the Don't use links with threshold reached check box next to link monitoring indicators to have the threshold constraint exclude links that have reached the threshold value of these monitoring indicators from the Auto-TE path calculation. This check box is cleared by default.
  8. If you do not want the threshold constraint to exclude links with reached thresholds from Auto-TE path calculation when alternative links do not exist, select the Ignore if no constrained path is found check box next to the monitoring values. This check box is cleared by default. You can only select the check box next to monitoring values that have the Don't use links with threshold reached check box selected.

    For example, if you have selected the Don't use links with threshold reached check box next to the Error level monitoring value, the threshold constraint excludes a link on which the errors-per-second threshold is reached from Auto-TE path calculation. If you have also selected the Ignore if no constrained path is found check box and all links have reached the errors per second threshold, the threshold constraint does not exclude the link from the Auto-TE path calculation.

  9. Click Create.

The threshold constraint is created and displayed in the table.

You can specify a threshold constraint when creating or editing a transport service to make the transport service use this threshold constraint.

Page top
[Topic 246441]

Editing a threshold constraint

To edit a threshold constraint:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Constraints section.

    The Manual-TE tab with the table of Manual-TE constraints is selected by default.

  4. Select the Thresholds tab.

    A table of threshold constraints is displayed.

  5. Click Management → Edit next to the threshold constraint that you want to edit.
  6. This opens a window; in that window, if necessary, edit the threshold constraint settings. For a description of the settings, see the instructions for creating a threshold constraint.
  7. Click Save.

The threshold constraint is modified and updated in the table.

Page top
[Topic 256621]

Deleting a threshold constraint

Deleted threshold constraints cannot be restored.

To delete a threshold constraint:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Constraints section.

    The Manual-TE tab with the table of Manual-TE constraints is selected by default.

  4. Select the Thresholds tab.

    A table of threshold constraints is displayed.

  5. Click Management → Delete next to the threshold constraint that you want to delete.
  6. In the confirmation window, click Delete.

The threshold constraint is deleted and is no longer displayed in the table.

Page top
[Topic 256622]

Managing traffic classification rules

To display the table of traffic classification rules, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, and go to the Traffic filters section. Information about traffic classification rules is displayed in the following columns of the table:

  • Name is the name of the traffic classification rule.
  • L2 fields are L2 fields whose values the traffic classification rule uses to identify traffic in the overall data stream.
  • L3 fields are L3 fields whose values the traffic classification rule uses to identify traffic in the overall data stream.
  • L4 fields are L4 fields whose values the traffic classification rule uses to identify traffic in the overall data stream.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating a traffic classification rule

Editing a traffic classification rule

Deleting a traffic classification rule
Page top
[Topic 261427]

Creating a traffic classification rule

To create a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Traffic filters section.

    By default, the Rules tab is selected, which displays the table of traffic classification rules.

  4. In the upper part of the page, click + Qualification rule.
  5. This opens a window; in that window, in the Name field, enter the name of the traffic classification rule.
  6. On the L2 fields tab, select the check boxes next to the L2 fields whose values the traffic classification rule uses to identify traffic in the overall data stream. If the check box is selected, enter or select the field value. You can use the values of the following fields to identify traffic in the overall data stream:
    • Outer VLAN ID. Range of values: 1 to 2094.
    • Outer VLAN PCP. Range of values: 0 to 7.
    • Source MAC.
    • Source MAC mask.
    • Destination MAC.
    • Destination MAC mask.
    • Ethertype:
      • 0x0800. Default value.
      • 0x86dd
      • 0x0806
  7. On the L3 fields tab, select the check boxes next to the L3 fields whose values the traffic classification rule uses to identify traffic in the overall data stream. If the check box is selected, enter or select the field value. You can use the values of the following fields to identify traffic in the overall data stream.
    • Protocol:
      • IPv4
      • IPv6
    • Source IP.
    • Source IP prefix length. Range of values for the IPv4 address: 0 to 32; for IPv6 address: 0 to 128
    • Destination IP.
    • Destination IP prefix length. Range of values for the IPv4 address: 0 to 32; for IPv6 address: 0 to 128
    • DSCP
    • TOS
  8. On the L4 fields tab, select the check boxes next to the L4 fields whose values the traffic classification rule uses to identify traffic in the overall data stream. If the check box is selected, enter or select the field value. You can use the values of the following fields to identify traffic in the overall data stream:
    • IP protocol
    • Source port list
    • Destination port list
    • ICMP type number
  9. On the DPI tab, select the Application check box and select the application whose traffic the traffic classification rule identifies in the overall data stream.
  10. Click Create.

The traffic classification rule is created and displayed in the table.

You can specify a traffic classification rule when creating or editing a traffic filter to make the traffic filter use this traffic classification rule.

Example of a created traffic classification rule:

You can create a traffic classification rule with the following parameters:

  • On the L2 fields tab, in the Outer VLAN ID field, enter 1.
  • On the L2 fields tab, in the Outer VLAN PCP field, enter 3.
  • On the L3 fields tab, in the Protocol drop-down list, select IPv4.
  • On the L3 fields tab, in the Source IP field, enter the 192.168.2.0/24 IP address.

The traffic classification rule identifies traffic with the following properties in the overall data stream:

  • Outer VLAN tag — 1
  • Outer PCP tag — 3
  • Protocol — IPv4
  • Source IP address — 192.168.2.0/24

The traffic classification rule does not identify traffic that lacks at least one of these properties in the overall data stream.

See also

Scenario: Directing application traffic to a transport service
Page top
[Topic 246479]

Editing a traffic classification rule

To edit a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Traffic filters section.

    By default, the Rules tab is selected, which displays the table of traffic classification rules.

  4. Click Management → Edit next to the traffic classification rule that you want to edit.
  5. This opens a window; in that window, if necessary, edit the traffic classification rule settings. For a description of the settings, see the instructions for creating a traffic classification rule.
  6. Click Save.

The traffic classification rule is modified and updated in the table.

Page top
[Topic 256625]

Deleting a traffic classification rule

Deleted traffic classification rules cannot be restored.

To delete a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Traffic filters section.

    By default, the Rules tab is selected, which displays the table of traffic classification rules.

  4. Click Management → Delete next to the traffic classification rule that you want to delete.
  5. In the confirmation window, click Delete.

The traffic classification rule is deleted and is no longer displayed in the table.

Page top
[Topic 256627]

Managing traffic filters

To display the table of traffic filters, go to the Infrastructure menu section, click Management → Configuration menu next to the controller, go to the Traffic filters section, and select the Filters tab. Information about traffic filters is displayed in the following columns of the table:

  • Name is the name of the traffic filter.
  • Added rules are traffic classification rules that have been added to the traffic filter.
  • Action is the action that the traffic filter applies to the traffic:
    • Permit — Allow further routing of the traffic.
    • Deny — Block further routing of the traffic.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Creating a traffic filter

Editing a traffic filter

Deleting a traffic filter
Page top
[Topic 261429]

Creating a traffic filter

To create a traffic filter:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Traffic filters section.

    By default, the Rules tab is selected, which displays the table of traffic classification rules.

  4. Select the Filters tab.

    A table of traffic filters is displayed.

  5. In the upper part of the page, click + Traffic fliter.
  6. This opens a window; in that window, in the Name field, enter the name of the traffic filter.
  7. Add the created traffic classification rule to the traffic filter:
    1. In the Sequence field, enter the sequential number of the traffic classification rule. The first traffic classification rule that the traffic filter applies to traffic is the rule with the lowest sequence number. Range of values: 1 to 998. Default value: 10.

      You cannot specify the same sequence number for multiple traffic classification rules.

    2. In the Qualification rule drop-down list, select the traffic classification rule that you want to add to the traffic filter.
    3. In the Action drop-down list, select the action that the traffic filter applies to traffic:
      • Permit — Allow further routing of the traffic. Default value.
      • Deny — Block further routing of the traffic.
    4. Click Add.

    The traffic classification rule is added. You can add multiple traffic classification rules or delete a traffic classification rule. To delete a traffic classification rule, click Delete next to it.

  8. In the Default action (if sequence=999) drop-down list, select the action that the traffic filter applies to all other traffic:
    • Permit — Allow further routing of the traffic. Default value.
    • Deny — Block further routing of the traffic.
  9. Click Create.

The traffic filter is created and displayed in the table.

You can specify a traffic filter when creating or editing a transport service or ACL interface to make the transport service or ACL interface use this traffic filter.

See also

Scenario: Directing application traffic to a transport service
Page top
[Topic 246488]

Editing a traffic filter

To edit a traffic filter:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Traffic filters section.

    By default, the Rules tab is selected, which displays the table of traffic classification rules.

  4. Select the Filters tab.

    A table of traffic filters is displayed.

  5. Click Management → Edit next to the traffic filter that you want to edit.
  6. This opens a window; in that window, if necessary, edit the traffic filter settings. For a description of the settings, see the instructions for creating a traffic filter.
  7. Click Save.

The traffic filter is modified and updated in the table.

Page top
[Topic 256629]

Deleting a traffic filter

Deleted traffic filters cannot be restored.

To delete a traffic filter:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes.

  3. Go to the Traffic filters section.

    By default, the Rules tab is selected, which displays the table of traffic classification rules.

  4. Select the Filters tab.

    A table of traffic filters is displayed.

  5. Click Management → Delete next to the traffic filter that you want to delete.
  6. In the confirmation window, click Delete.

The traffic filter is deleted and is no longer displayed in the table.

Page top
[Topic 256630]