qm command (QoS configuration)
Description
QoS (Quality of Service) is a convenient and flexible mechanism, allows to manipulate data streams going through the device. Allows to create up to 200 logical channels characterized by different properties (such as priority levels and data transfer rates), and then assign data streams to these logical channels according to special rules of assignment. Packets going through different channels are thus modifying their own properties as well as properties of their respective data flows.
Syntax:
CAUTION
Parameter values shall be put after their keywords (if any) without spaces, as shown above; no space may be put before or after "=".
Parameters
option [no]rtp [no]dot1p [no]dscp [no]tos [no]tcpack [no]icmp [no]strict [no]tunnel [no]pppoe [no]mpls [no]selfqos [no]auto [no]ipfw
Allows automatic prioritization management of data flows on the device.
"rtp" – enables/disables automatic prioritization of real time packets.
"dot1p" – enables/disables automatic prioritization of packets labeled with IEEE 802.1p priority.
"tos" – enables/disables automatic prioritization of packets labeled with TOS.
"dscp" – enables/disables automatic prioritization of packets labeled with DiffServ.
"tcpack" – enables/disables automatic prioritization of TCP ACK (acknowledgments) packets.
"icmp" – enables/disables automatic prioritization of ICMP (Internet Control Message Protocol) packets.
"strict" – applies the "Strict Priority" policy to all queues (packets from a queue with lower priority are not processed before a queue with higher priority is not empty). By default "Weighted Fair Queuing" policy is used (even if a queue with higher priority is not empty packets from other queues will be processed in a distinct sequence relative to a higher priority queue. For example, 4 packets from queue with priority 1, 2 packet from the queue with priority 2, 8 packets from queue priority 1,1 packet from the queue with priority 3).
"tunnel" – enables/disables automatic packet prioritization for a tunnel traffic.
"pppoe" – enables/disables automatic packet prioritization for a PPPoE tunnel traffic.
"mpls" – enables/disables automatic prioritization of packets labeled with MPLS.
[no]selfqos – enables/disables applying priorities to traffic destined for the device itself.
[no]auto – enables/disables automatic prioritization of all packets.
[no]ipfw – enables/disables traffic processing by IP Firewall and automatic prioritization.
For example, the unit is configured to automatically prioritize packets labeled with IEEE 802.1p priority. The node receives packets labeled with IEEE 802.1p priority "5" and assign them "VOICE" priority. In accordance with the priorities scheme, these packets will be processed before packets with other priorities.
classN {max=N} | {clear}
Сreates a service class "N". It is used for dynamic bandwidth allocation between different channels.
"max=N" – defines the total bandwidth of the class that will be limited to a given value (Kbps).
"clear" – deletes the class.
chN [max=N[%]|0] [ceil=N[%]|0] [ceilprio=N|0] [latency=N|0] [[add]pri=[N] | setpri=[N]] [[no]strict]] [pps=N|0] [to=ADDR] [vlan=[N|-1]] [dot1p=[N|-1]] [dscp=[N|-1]] [classN] [info="STRING"] clear
Defines a logical channel "N" with properties specified by one or more options.
"chN" – channel number from 1 to 200.
"max=N[%]|0" – sets maximum data rate for the channel in Kbps. Value range: from 10 to 100000. It is also possible to set it in percent of the parent class’ total bandwidth. The "0" value cancels any speed limitation for the channel.
"ceil=N[%]|0" – determines how much of the total bandwidth of the parent class can be used by the channel when the class’ bandwidth is not used entirely. Measured either in kilobits per second or percent of the parents class’ total bandwidth. The "0" value disables the parameter.
"ceilprio=N|0" – sets priority for the channel that is used when interface bandwidth can be used by several channels. Value range: from 1 to 10. The "0" value disables the parameter.
"latency=N|0" – determines the maximum time for packets to stay in the channel. If a packet is waiting in a queue of the channel more than this time then it is discarded. Measured in milliseconds. The "0" value disables the parameter. The required parameters can be assigned at the output from the MINT network, if necessary.
"[add]pri=[N]" – increase the priority level of the packet to the specified value only if the new priority is higher than initial.
"setpri=[N]" – sets priority level of the specified channel no matter what priority it had before.
NOTE
For all auto-prioritization functions the "addpri" argument must be used. Thus, priorities will be set in the following order:
the dot1p priority ("addpri");
the priority setted by "qm" rule ("addpri" or "setpri");
the "dscp"/"tos" priority, if it is higher than current ("addpri");
the value, that is set to the channel ("addpri" или "setpri").
The same order will be applied for outgoing packets if corresponding rules are configured.
"[no]strict" – applies the "Strict Priority" policy to all queues (packets from a queue with lower priority are not processed before a queue with higher priority is not empty). By default "Weighted Fair Queuing" policy is used (even if a queue with higher priority is not empty packets from other queues will be processed in a distinct sequence relative to a higher priority queue. For example, 4 packets from queue with priority 1,1 packet from the queue with priority 2, 8 packets from queue priority 1,1 packet from the queue with priority 3).
"pps=N|0" – sets the limit for the packets per second for the specified channel. The "0" value disables the parameter.
"to=ADDR" – redirects the whole stream to the specified IP-address irrespectively of the present routing conditions. The specified address shall be directly attainable through one of the router interfaces (without additional routing). This may be useful when the router serves as a network access unit, and two or more different clients want to access different providers through one unit.
"vlan=[N|-1]" – sets VLAN ID (value range: 0-4095). The "-1" value removes the argument.
"dot1p=[N|-1]" – prioritization of packets labeled IEEE 802.1p (valid values are from 0 to 7). The "-1" value removes the argument.
"dscp=[N|-1]" – prioritization of DSCP (valid values are from 0 to 63). The "-1" value removes the argument.
"classN" – assigns service class "N" to the channel. This additional parameter relates to the above defined data rate limitation, making it flexible: when the total bandwidth of this service class is not fully used, the extra bandwidth may be granted to such channel, thus exceeding its predefined data rate limit, up to full load of the class. When, there are several such channels competing for extra bandwidth, it is equally divided between them.
"info="STRING" – allows user to set up a string description for the QoS channel.
"clear" – removes current configuration of channel.
NOTE
If several of the above parameters are specified in the same command then rate limitation is applied first then redirection and priority last. If "vlan" and "dot1p" parameters are specified in the same command then "vlan" is processed first.
Each channel can be assigned a priority (0…16). Once assigned, a priority will be automatically recognized by every node inside MINT network.
Packets that have no priority are labeled as "REGULAR Best Effort=15" and processed accordingly.
Packets classification can also be performed using "pcap" rules.
CAUTION
Real prioritization within MINT network is conducted by priority, given by "pri=N" parameters. A DSCP label is transparently transmitted through the MINT network in any mode. A 802.1p priority is transparently transmitted only in switch mode of the MINT network. If necessary, for packets leaving the MINT network required "dot1p" and "dscp" parameters can be assigned by the operator.
stat [full] [clear]
Displays statistics of the specific channel (only for channels with specified rate limitation):
"full" – allows viewing enhanced statistics.
"clear" – resets statistics.
qm ch1 max=128 cur=127 packets=12345 (1234) bytes=1234567 (12345)
NOTE
The "qm stat" command displays PPS (Packets Per Second) statistics only if the limit for the packets per second is set for the specified channel (qm chN pps=N).
del RULE_NUMBER
Deletes the specified rule from the list.
dump RULE_NUMBER
Displays the compiled pseudo-code of the PCAP rule. Allows to check visually the complexity / optimality or the correctness of the rule.
mov RULE_A RULE_B
Changes the number of the rule from "A" to "B".
rearrange [STEP]
Renumbers all rules with the given increment "STEP" (default is 5). The "config show" command displays rules number.
add[out] [NUM] [IFNAME] chN rules..
Allows to add an ingress/egress packet to / from the device that satisfies the channel "N" rule.
"add" - processing of ingress packets to the device.
"out" – processing of egress packets from the device.
"num" – the sequence number in the list of rules (optional parameter).
"IFNAME" – an interface name through which packets enter\leave the device (optional parameter).
NOTE
All manipulations with packet headers, for example changing of dscp and 802.1p label, are possible only by using the "qm addout" command, i.e. only for leaving the device packets.
rules: [{setpri|addpri}=[N]] [pass] [vlan={N|any|$ACL}] [dot1p=N] [swg=N] [ether={X|any}] [dscp=N|tos=N] [prf] -f "pcap filter expression"
The rules syntax fully corresponds to the syntax of the "ipfw" command (see "ipfw command (IP Firewall)" section).
NOTE
Each packet passing through the system is checked if it matches rules strictly in order, from the first to the last, until there is a rule that satisfies the properties of the packet.
"setpri=[N]" – sets priority level of the packet no matter what priority it had before.
"addpri=[N]" – increase the priority level of the packet to the specified value only if the new priority is higher than initial.
"pass" – allows to "skip" the rule, perform related activities and continue browsing other rules in the list.
"log" – includes filter action records in the system log (optional parameter).
"vlan=" – allows to analyze VLAN ID (values range 0-4095):
"N" – the filter will pass tagged packets with the specified tag "N".
"any" – the filter will pass all tagged packets with any VLAN ID.
"$ACL" – the filter will pass tagged packets with the VLAN tags, listed as "$ACL" (description of the ACL lists see in section «Access Control Lists («acl» command)).
"dot1p=N" – allows to analyze 802.1p priority (values range 0-7).
"swg=N" – allows to analyze a switching group number.
"ether={X|any}" – allows to analyze a packet type. If option "any" is enabled, the filter will pass packets of all types.
"dscp=N" – allows to analyze the DSCP tag (values range 0-63).
"tos=N" – allows to analyze the TOS tag.
"prf" – enables filtration of PRF interface generated traffic.
"-f "pcap filter expression" – allows to use PCAP-filters.
PROTO from [not] ADDR [PORTs] to [not] ADDR [PORTs]
Specify a direction of transmission from and / or to:
"from" – source IP-address.
"to" – destination IP-address.
"not" – negative prefix, can be used after "from" and "to" keywords, it will be applied to the specified IP-address only, not for ports.
"ADDR" – source or destination IP-address. The syntax depends on the "proto" field. If "proto" specified as "all" or "icmp", than "ADDR" defines an address information. If "proto" specified as "udp" or "tcp", than "ADDR" defines an address information and an optional list of ports. An address information is specified as IP-address and optional subnet mask. A subnet mask can be specified as prefix or as a numeric value (nnn.nnn.nnn.nnn).
Possible options:
nn.nn.nn.nn
nn.nn.nn.nn:xxx.xxx.xxx.xxx
nn.nn.nn.nn/NN
The "0/0" record includes all possible IP-addresses.
PROTO: [all] | tcp | udp | icmp | arp | proto NUMBER
The limitation is based on the compliance with a certain protocol. Possible values: TCP, UDP, ICMP, ARP or numeric value of the protocol. ARP-packets are allowed for all IP-addresses and for ranges of IP-addresses, which are specified in the permit filters, even if these filters are created for other types of packets.
ADDR: IP | $LOCAL | $ROUTE | $ACL | mac x:x:x:x:x:x }
It is possible to group all the necessary addresses into the appropriate access list and set the name of this list as an IP-address ($ACLRULE). There are several predefined dynamic lists:
"$LOCAL" – a list that includes all the local addresses belonging to this router. It can be used to make easier filters records that restrict / allow access to the device.
"$ROUTE" – a list that contains the current system routing table, except for the "default route". Matching the address from this list means that there is an exact route for this address and the default route will not be used.
"$ACL" – a list of IP-addresses or networks, to which this rule will be applied.
"mac x:x:x:x:x:x" – for interfaces which have physical ethernet MAC-address, the numeric MAC-address value with the "mac" keyword as a prefix can be used. However, for incoming filters, you can specify only the source MAC-address, and for outgoing ones only the destination MAC-address. The "$BS" keyword can be used, in this case the real MAC-address of the base station sector will be used.
NOTE
Rules that use MAC-addresses for ingress packets will be processed before all the other rules, and rules for egress packets will be processed last.
PORTS: NUM[:NUM] [NUM] ...
Filters traffic by port numbers. It is possible to use a list of ports to specify multiple ports in one command. The first item of the list of ports can specify a range of numbers from smaller to greater, separated by a colon.
A compliance scheme of MINT and IEEE 802.1p/TOS/DSCP priorities is shown below:
BACKGROUND
16
REGULAR Best Effort
15
BUSINESS6
14
BUSINESS5
13
BUSINESS4
12
BUSINESS3
11
BUSINESS2
10
BUSINESS1
9
QOS4
8
QOS3
7
QOS2
6
QOS1
5
VIDEO2
4
VIDEO
3
VOICE
2
CONTROL
1
NETCRIT
0
Automatically recognized priorities:
16 BACKGROUND
Background
1
15 REGULAR Best Effort
Best Effort
0
0
CS0
0
14 BUSINESS6
1
CS1, AF11-13
8, 10
13 BUSINESS5
12, 14
12 BUSINESS4
2
CS2, AF21-23
16, 18
11 BUSINESS3
20, 22
10 BUSINESS2
3
CS3, AF31-33
24, 26
9 BUSINESS1
Excellent Effort
2
28, 30
8 QOS4
4
CS4, AF41-43
32
7 QOS3
34
6 QOS2
36
5 QOS1
Critical Applications
3
38
4 VIDEO2
Video
4
5
CS5, EF
40, 42
3 VIDEO
44, 46
2 VOICE
Voice
5
6
CS6
48, 50
1 CONTROL
Internetwork Control
6
52, 54
0 NETCRIT
Network Control
7
7
CS7
56, 58, 60, 62
Examples
Limit all outgoing traffic on the subscriber terminal to 64 Kbps.
Set to the "1.1.1.0/24" network traffic higher priority than for all other data streams.
Set to the "1.1.1.0/24" network traffic lower priority than for all other data streams. Take attention on the rules order. The last rule that each packet meets should be at the end of the list.
Network subscribers:
"1.1.1.0/24" should make connection through the "10.10.10.10" provider.
"2.2.2.0/24" should use the "20.20.20.20" provider.
In case of more complicated topology when providers routers are not reachable from this node, it is necessary to configure tunnels to providers first, then make redirection.
Disable automatic prioritization of real time packets and enable automatic prioritization of packets labeled with TOS.
Increase the priority of all packets to the value "N" in case if "N" is higher than the current priority.
Set the priority level "N" to all packets.
Channel 1 resets DSCP labels and 802.1p priorities.
Channel 2 sets the "QM_PRIO_BUSINESS1" priority and DSCP 31 label.
Pass all traffic through channel 1 to reset all priorities.
Forward TCP part of the traffic to the channel 2.
Forward the UDP part of the traffic to the channel 3.
The remaining traffic will be processed as a non-priority and directed to the channel 4.
Set 802.1p priority to packets from channel 25.
Set 802.1p priority and VLAN ID for channel 26. The VLAN header will be added automatically in case it is missing.
Forward egress packets assigned to the "eth0" interface and labeled with the DSCP 11, to the channel 25.
Forward egress UDP packets assigned to the "eth0" interface to the channel 25 and label them as DSCP 51.
The example of using PCAP filters for packet classification: all ICMP-traffic will be added to the channel 5 directed from or to nodes "1.1.1.1" and "1.1.1.5".
The example of using service class.
As a result of these commands the hierarchy as in the picture below will appear:
Assign the maximum throughput 1000 Kbps for parent class "Class 1".
Throughput of the "Class 1" is distributed between "Channel 1", "Channel 2", "Channel 3" and "Channel 4" with appropriate bandwidth values and the maximum non-guaranteed rate: in case if the "Class 1" bandwidth is not fully used, then the "Channel 1" and the "Channel 2" rates can increase up to 1000 Kbps, the "Channel 3" and the "Channel 4" increase up to 300 Kbps.
Last updated