How to Configure policer on Versa FlexVNF : Versa Support

Use case: Sometimes customer wants to limit the Internet traffic. Especially when there is only one WAN link. They wouldn't want to choke the WAN bandwidth by internet traffic which could cause SD-WAN traffic drop due to congestion on WAN link.

Solution:

We need to apply policer to limit the traffic. On Versa FlexVNF, a policer works in inbound direction. Policer action is configured on QoS profile (Step 1), further we need to associate this profile with a particular traffic flow using QoS policy rule (Step 3).

In this example we have 1 Gig WAN link and we want to allow maximum 10Mb of Internet traffic. So here we need to configure 10Mb policer on the “DIA-traffic-profile” which is mapped with Internet traffic flow coming from LAN host and going out on Vni-0/0 interface.

Topology:

cid:image001.jpg@01D49243.C919EA90

Step 1: Configure QoS Profile.

Go to Appliance > Configuration> Networking tab> Class of Service> QoS Profiles and then click on + button.

We need to define Peak rate of internet traffic which needs to be allowed (i.e. 10Mbps ) and Burst size is in Byte [ 5000 Byte Default ]

Note: Burst size needs to be chosen carefully as it affects policer rate. Choosing burst size too large may cause policer to allow traffic more than the specified rate. Also choosing burst size too low may result in early drops than the specified rate.

Step 2: Configure QoS-policy

Go to Appliance > Configuration> Networking tab> Class of Service> QoS Policies and then click on + button.

There can be only one QoS-policy. By-default there is ‘Default-policy’ configured so we can just delete the default one and create new policy.

cid:image004.jpg@01D48C1A.67707A90

cid:image005.jpg@01D48C1A.67707A90

Step 3: Configure QoS policy rules.

Go to Appliance > Configuration> Networking tab> Class of Service> QoS Policies> Rules and then click on + button.

cid:image006.jpg@01D48C1A.67707A90

Specify rule name

cid:image008.png@01D48C1A.B7912C90

Match source and destination. Here source zone is “Intf-LAN2-Zone” where internet traffic is coming from LAN host.

Destination is “L-ST-AGR-LAN-VR-Internet” zone. We can match other parameters as well based on requirement.

cid:image011.png@01D49246.9D7B8170

Finally, in enforce tab we need to associate the rule with QoS profile created in step 1 and then click on OK button.

cid:image008.jpg@01D49243.C919EA90

Verification:

Initiate the traffic and check if configured qos-policy rules are getting hit or not. If we qos policy rule is not getting hit then cross check source/destination parameters.

[ok][2018-12-04 21:59:42]

admin@CPE1-cli> show orgs org-services AGR class-of-service qos-policies

                                          QOS     QOS    QOS      QOS       QOS      PPS      PPS      KBPS     KBPS    

                                   QOS    DROP    DROP   FORWARD  FORWARD   SESSION  POLICER  POLICER  POLICER  POLICER 

                                   HIT    PACKET  BYTE   PACKET   BYTE      DENY     PKTS     BYTES    PKTS     BYTES   

NAME            RULE NAME          COUNT  COUNT   COUNT  COUNT    COUNT     COUNT    DROPPED  DROPPED  DROPPED  DROPPED 

-------------------------------------------------------------------------------------------------------------------------

AGR-QoS-Policy  SD_WAN-limit       2      0       0      15506    13055256  0        0        0        0        0       

                DIA-traffic-limit  11     13      17722  168      39296     0        0        0        13       17722 <<< Drops due to policer


 


 

vsm-vcsn0> show vsm statistics dropped


 

DPDK ERROR STATISTICS

~~~~~~~~~~~~~~~~~~~~~


 


 

DATAPATH ERROR STATISTICS

~~~~~~~~~~~~~~~~~~~~~~~~~

# Packets Dropped - Filter Lookup Module Action Denied : 10


 


 

THRM ERROR STATISTICS

~~~~~~~~~~~~~~~~~~~~~~


 


 

NFP ERROR STATISTICS

~~~~~~~~~~~~~~~~~~~~

# Dropped Anchor rate limiting             : 102 <<< Drops due to policer


 


 

VSF ERROR STATISTICS

~~~~~~~~~~~~~~~~~~~~


 


 

VUNET ERROR STATISTICS

~~~~~~~~~~~~~~~~~~~~~~


 


 

COS DROPS

~~~~~~~~~~~~~

# Shaper drops                             : 0

Check if policer is properly configured or not>

admin@CPE1-cli> show orgs org-services AGR class-of-service mapping fc-queue


 

Forwarding-class Queue Mapping      

 ------------------------------     

   Forwarding   Traffic    Queue

      Class      Class     Number

  -----------  ---------  --------

      fc_nc        0          0

        fc1        0          1

        fc2        0          2

        fc3        0          3

      fc_ef        1          0

        fc5        1          1

        fc6        1          2

        fc7        1          3

      fc_af        2          0

        fc9        2          1

       fc10        2          2

       fc11        2          3

      fc_be        3          0 << Forwarding class/traffic class and queue details

       fc13        3          1

       fc14        3          2

       fc15        3          3

        


 

vsm-vcsn0> show  qos kbps-policer            

<....>

-------------------------------

Tenant-id              : 2

ID                     : 27

rate-limit configured  : Yes

peak burst size        : 10000 (bytes)

pir period             : 100 (microseconds)

pir bytes per period   : 125

ticks                  : 55dfb244bac8a

hz                     : 83214fe7

rdtsc                  : 55dfb244bcc54

FC/PLP                 : 12/1

DSCP rw enabled        : 0

Dot1P rw enabled       : 0

time                   : 686983456810

te                     : 10000

-------------------------------

How to Configure policer on Versa FlexVNF

Modified on: Thu, 13 Dec, 2018 at 4:15 PM

More articles in QoS Use Cases