< Home

Configuring a Traffic Profile

This section describes how to use the CLI to configure a traffic profile. A traffic profile defines available bandwidth resources that can be assigned to bandwidth management objects. The traffic profile is referenced by a traffic policy.

Prerequisites

Bandwidth resources available for a specific object have been planned.

Context

Each traffic profile uses multiple parameters to describe and control bandwidth resources, such as upstream and downstream overall guaranteed bandwidth and maximum bandwidth, per-IP-address/per-user guaranteed bandwidth and maximum bandwidth, connection limits, and DSCP priority re-marking.

A traffic profile will be referenced by a traffic policy. Therefore, the upstream and downstream directions in the traffic profile have specific mapping relationship with the directions of the traffic policy. That is, if the direction is the same as that of the traffic policy, the direction is defined as upstream. If not, the direction is defined as downstream. Before you configure a traffic profile, make clear of the actual directions (for example, the direction from the intranet to the Internet is usually called upstream) that upstream and downstream represent and then compare them with the traffic policy configuration (the source address is the IP address of a user, and the destination address is the address of Internet resources).

For example, you can configure either of the following methods to limit the traffic from the trust zone to the untrust zone:

  • When the source zone of the traffic policy is trust and the destination zone is untrust, configure upstream bandwidth control in the traffic profile (same direction as the traffic policy).
  • When the source Zone of the traffic policy is untrust and the destination zone is trust, configure downstream bandwidth control in the traffic profile (reverse direction of the traffic policy).

If interface bandwidth has been configured, the bandwidth values in a traffic profile must not exceed the interface bandwidth values. For information about how to set interface bandwidth, see Interfaces.

Configure traffic profiles referenced by parent and child policies based on the following rules:

  • The guaranteed bandwidth and connection limit specified in a child policy cannot be higher than those specified in the parent policy.
  • The parent and child policies must reference different traffic profiles.
  • Both the parent and child policies must set the traffic limiting mode to "setting the upstream and downstream bandwidth" or "setting the overall bandwidth" at the same time. Otherwise, bandwidth control is not accurate.

Procedure

  1. Access the traffic policy view from the system view.

    traffic-policy

  2. Create a traffic profile and access the traffic profile view.

    profile profile-name

    After creating a traffic profile, run the profile rename old-profile-name new-profile-name command to rename that profile.

  3. Configure the overall bandwidth for the traffic profile.

    • Specify a mode of referencing a traffic profile.

      bandwidth reference-mode { per-rule | rule-shared }

      per-rule indicates that a traffic profile takes effect only on one traffic policy that references the traffic profile, and rule-shared indicates that a traffic profile takes effect on multiple traffic policies that reference the traffic profile. The reference mode takes effect for the overall maximum bandwidth, guaranteed bandwidth, and connection limit.

    • Set the maximum bandwidth.

      bandwidth maximum-bandwidth whole { upstream | downstream | both } max-value

      This setting is used to limit traffic.

    • Set the guaranteed bandwidth.

      bandwidth guaranteed-bandwidth whole { upstream | downstream | both } guaranteed-value

      This setting is used to provide a traffic bandwidth guarantee.

    • Set the overall maximum number of connections.

      bandwidth connection-limit whole { upstream | downstream | both } connection-number

    • Set the overall maximum number of new connections per second.

      bandwidth connection-rate-limit whole { upstream | downstream | both } connection-number

  4. Configure the per-IP-address or per-user bandwidth for the traffic profile.

    You can select only one from the per-IP-address mode, per-user mode, and dynamic even distribution to configure at a time.

    • Set the per-IP address maximum bandwidth.

      bandwidth maximum-bandwidth per-ip { upstream | downstream | both } max-value

      The per-IP address maximum bandwidth cannot be higher than the overall maximum bandwidth.

    • Set the per-user maximum bandwidth.

      bandwidth maximum-bandwidth per-user { upstream | downstream | both } max-value

      The per-user maximum bandwidth cannot be higher than the overall maximum bandwidth.

    • Set the per-IP address guaranteed bandwidth.

      bandwidth guaranteed-bandwidth per-ip { upstream | downstream | both } guaranteed-value

      When setting the per-IP address guaranteed bandwidth, you are advised to count the actual number of IP addresses and make sure that the sum of per-IP address bandwidth does not exceed the configured overall maximum and guaranteed bandwidth.

    • Set the per-user guaranteed bandwidth.

      bandwidth guaranteed-bandwidth per-user { upstream | downstream | both } guaranteed-value

      When setting the per-user guaranteed bandwidth, you are advised to count the actual number of users and make sure that the sum of per-user bandwidth does not exceed the configured overall maximum and guaranteed bandwidth.

    • Configure dynamic even distribution.

      bandwidth average { per-ip | per-user } { auto | manual multiplier multiplier minimum minimum }

      If overall maximum bandwidth is configured, the FW dynamically distributes the same amount of maximum bandwidth available for each online IP address or user based on the total number of online IP addresses or users and bandwidth usage. The formula is as follows:

      Per-IP-address or per-user maximum bandwidth = MAX (Minimum bandwidth, Overall maximum bandwidth/IP address or user number x Even distribution multiplier)

      Based on the formula, the larger value between the two values in the bracket is the per-IP-address or per-user maximum bandwidth. The minimum bandwidth is introduced into the formula in case that the number of online IP addresses or users is too large. The even distribution multiplier is introduced to prevent bandwidth waste in case that each IP address or user requires small bandwidth (far less than the assigned peak value). You can increase the value of the even distribution multiplier for bandwidth multiplexing.

  5. Configure per-IP-address/per-user connection limit.

    The per-IP-address and per-user modes are mutually exclusive.

    • Set the per-IP address overall maximum number of connections.

      bandwidth connection-limit per-ip { upstream | downstream | both } connection-number

      The per-IP address overall maximum number of connections cannot be greater than the overall maximum number of connections.

    • Set the per-user overall maximum number of connections.

      bandwidth connection-limit per-user { upstream | downstream | both } connection-number

      The per-user overall maximum number of connections cannot be greater than the overall maximum number of connections.

    • Set the per-IP address maximum number of new connections per second.

      bandwidth connection-rate-limit per-ip { upstream | downstream | both } connection-number

      The per-IP address maximum number of new connections per second cannot be greater than the overall maximum number of new connections per second.

    • Set the per-user maximum number of new connections per second.

      bandwidth connection-rate-limit per-user { upstream | downstream | both } connection-number

      The per-user maximum number of new connections per second cannot be greater than the overall maximum number of new connections per second.

  6. Configure DSCP priority remarking for the traffic profile.

    remark dscp dscp-value

    This setting allows the upstream and downstream devices of the FW to distinguish traffic based on the re-marked DSCP value.

  7. Set the forwarding priority.

    bandwidth priority priority

    If traffic requires bandwidth higher than the guaranteed bandwidth but lower than the maximum bandwidth, the FW outbound interface allows the traffic to compete for bandwidth resources with the same type of traffic that is processed using other traffic profiles. Traffic with higher priorities is preferentially forwarded than the traffic with lower priorities.

    If the traffic forwarding priority is set to medium (4) in the traffic profile, traffic policing is used for bandwidth limiting by default; if the traffic forwarding priority is not set to medium (4), traffic shaping is used for bandwidth limiting by default. For more information about traffic policing and traffic shaping, see Traffic Shaping and Traffic Policing.

Parent Topic: Configuring Bandwidth Management Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >