QoS-VPP Case

introduction introduction this guide provides a step by step tutorial for configuring the quality of service (qos) capabilities of the asterfusion et2500 open intelligent gateway running asternos vpp what this guide will accomplish what this guide will accomplish by following this guide, you will learn how to implement progressively advanced traffic control strategies, moving from granular flow control to interface level management, and finally to complex service level agreements (sla) the scenarios covered are phase 1 bi directional flow based policing (smart flow control) configuring the gateway to intelligently limit high bandwidth udp traffic (e g , video/p2p) while allowing tcp traffic (e g , office work) to pass at full speed phase 2 bi directional port based rate limiting (hard limiting) applying a strict bandwidth limit on a specific physical interface, regardless of traffic type, suitable for tenant management phase 3 elastic bandwidth management (tr tcm) implementing a "guaranteed + burstable" bandwidth service using two rate three color marker (tr tcm) technology preparation building the basic network preparation building the basic network before applying qos policies, we must ensure basic connectivity and nat are working topology & planning topology & planning lab components device type / operating system role in topology key function in this guide et2500 / asternos qos gateway device under test (dut) for qos configuration physical pc / windows internal client client pc for generating traffic and testing speed physical pc / linux or windows traffic server server in the wan zone (external pc) running iperf3 target configuration plan device / logical interface ip address / subnet default gateway notes / connection point asternos vm (wan) 192 168 200 166/24 192 168 200 1 connects via ethernet1 to upstream switch asternos vm (lan) 172 16 10 1/24 gateway for internal client (ethernet2 in vlan 10) internal client pc 172 16 10 10/24 172 16 10 1 connects to asternos ethernet2 traffic server (external) 192 168 200 251/24 192 168 200 1 connects to upstream switch configuration steps configuration steps step 1 configure interfaces, routing and nat sonic# configure terminal sonic(config)# interface ethernet 1 sonic(config if 1)# ip address 192 168 200 166/24 sonic(config if 1)# nat zone 1 sonic(config if 1)# exit sonic(config)# vlan 10 sonic(config vlan 10)# exit sonic(config)# interface vlan 10 sonic(config vlanif 10)# ip address 172 16 10 1/24 sonic(config vlanif 10)# exit sonic(config)# interface ethernet 2 sonic(config if 2)# switchport access vlan 10 sonic(config if 2)# exit sonic(config)# ip route 0 0 0 0/0 192 168 200 1 sonic(config)# nat enable sonic(config)# nat pool global pool 192 168 200 166 sonic(config)# nat binding global bind global pool verification ensure the internal client can ping the traffic server ( 192 168 200 251 ) phase 1 bi directional flow based policing (smart flow control) phase 1 bi directional flow based policing (smart flow control) goal limit udp traffic (e g , video/p2p) to 10 mbps in both upload and download directions, while allowing tcp traffic (e g , office work) to utilize the full available bandwidth without restriction configuration steps configuration steps step 1 define traffic behavior create a behavior that defines the rate limit (car) for udp traffic cir 1250 kbps cbs 100000 bytes (burst buffer) sonic(config)# traffic behavior flow policer 10m sonic(config traffic behavior flow policer 10m)# car sr tcm cir 1250 cbs 100000 sonic(config traffic behavior flow policer 10m)# exit step 2 define flow classification (acls) create two acls (ingress and egress) to identify udp traffic tcp and other traffic will match the default permit rule (or you can explicitly add a permit rule) 1 configure ingress acl (upload control) sonic(config)# access list l3 flow control ingress sonic(config l3 acl flow control)# rule 10 ip protocol 17 traffic behavior flow policer 10m sonic(config l3 acl flow control)# exit 2\ configure egress acl (download control) sonic(config)# access list l3 flow control out egress sonic(config l3 acl flow control out)# rule 10 ip protocol 17 traffic behavior flow policer 10m sonic(config l3 acl flow control out)# exit 3\ verify acl rule sonic(config)# do show acl rule step 3 apply policies to interface bind both acls to the lan interface ( ethernet2 ) to enforce bi directional control sonic(config)# interface ethernet 2 sonic(config if 2)# acl flow control sonic(config if 2)# acl flow control out sonic(config if 2)# exit verification verification udp test (should be limited) execute iperf3 c 192 168 200 251 u b 50m t 10 i 1 (add r for download test) expected result the bandwidth is strictly limited to 10 mbps with high packet loss in both directions tcp test (should be unlimited) execute iperf3 c 192 168 200 251 t 10 i 1 (add r for download test) expected result the bandwidth reaches 950 mbps (or line rate), proving that normal office traffic is unaffected phase 2 port based bi directional rate limiting phase 2 port based bi directional rate limiting goal limit the total bandwidth of ethernet2 to 50mbps in both directions (upload/ingress and download/egress) this effectively simulates a 50mbps dedicated line for a tenant configuration steps configuration steps step 1 clean up previous configuration sonic(config)# interface ethernet 2 sonic(config if 2)# no acl flow control sonic(config if 2)# exit step 2 define port limit behavior cir 6250 kbps sonic(config)# traffic behavior port policer 50m sonic(config traffic behavior port policer 50m)# car sr tcm cir 6250 cbs 100000 sonic(config traffic behavior port policer 50m)# exit step 3 bind to interface (both directions) bind the behavior to both ingress (default) and egress directions to enforce a symmetric speed limit sonic(config)# interface ethernet 2 sonic(config if 2)# traffic behavior bind port policer 50m sonic(config if 2)# traffic behavior bind egress port policer 50m sonic(config if 2)# exit verification verification upload test (ingress limit) execute iperf3 c 192 168 200 251 u b 100m t 10 i 1 expected result bandwidth capped at 50mbps download test (egress limit) execute iperf3 c 192 168 200 251 u b 100m r t 10 i 1 expected result bandwidth is also capped at 50mbps phase 3 elastic bandwidth management (tr tcm) phase 3 elastic bandwidth management (tr tcm) goal implement a flexible sla policy where the user is guaranteed 10mbps (cir) but allowed to burst up to 20mbps (pir) traffic exceeding 20mbps is dropped configuration steps configuration steps step 1 clean up previous configuration sonic(config)# interface ethernet 2 sonic(config if 2)# no traffic behavior bind sonic(config if 2)# exit step 2 define two rate three color marker (tr tcm) cir (guaranteed) 1250 kbps pir (peak) 2500 kbps pbs 200000 bytes (peak buffer, must be > cbs) sonic(config)# traffic behavior sla elastic 20m sonic(config traffic behavior sla elastic 20m)# car tr tcm cir 1250 cbs 100000 pir 2500 pbs 200000 sonic(config traffic behavior sla elastic 20m)# exit step 3 bind to interface sonic(config)# interface ethernet 2 sonic(config if 2)# traffic behavior bind sla elastic 20m sonic(config if 2)# exit verification verification test "yellow" zone (elastic burst) execute iperf3 c 192 168 200 251 u b 15m t 10 i 1 expected result bandwidth reaches 15mbps (exceeding cir but within pir), showing allowed burst test "red" zone (peak cap) execute iperf3 c 192 168 200 251 u b 50m t 10 i 1 expected result bandwidth is strictly capped at 20mbps (pir limit) summary of qos policies summary of qos policies after configuring the scenarios above, you can verify all created traffic behaviors in the system database this confirms that the rate limiting parameters (cir, pir, cbs, pbs) are correctly defined command sonic# show traffic behavior rule output verification ensure that the modes ( sr tcm vs tr tcm ) and rate values match your design requirements conclusion conclusion this guide has verified the comprehensive qos capabilities of asternos vpp, enabling granular traffic management from basic port limits to complex flow based and elastic bandwidth strategies