Usage

In this section, it is assumed that Virtual Accelerator has been properly installed and configured. See Getting Started for more details.

Configuring a traffic conditioner attached to an interface in the fast path

TC can be set per interface and per direction. The rate limiting can be applied separately for incoming and outgoing packets on a given interface.

../../../_images/standalone-tc.svg

The fast path implements a proxy over the NETFPC channel to allow fp-cli to interact with the FPN-SDK API.

tc-iface-add

Configure a traffic conditioner attached to an interface:

# tc-iface-add <iface> ingress|egress <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

<iface>

Interface name, physical interface or virtual interface.

ingress|egress

Direction.

<CIR>

CIR. Expressed in:

  • multiples of bps

  • multiples of pps

<CBS>

CBS. Expressed in:

  • bytes

  • packets

A committed depth of 0 disables a traffic conditioner.

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as EIR.

[G|M|K]pps|bps

Unit and multiplier used for CIR, CBS, EIR and EBS.

  • pps means that values are expressed in terms of packets:

    • rates are multiples of pps (CIR and EIR)

    • burst sizes are in packets (CBS and EBS)

  • bps means that values are expressed in terms of bits.

    • rates are multiples of bps (CIR and EIR)

    • burst sizes are in bytes (CBS and EBS)

  • G, M and K multipliers apply to rates (CIR and EIR). They do not apply to burst sizes (CBS and EBS).

    • multipliers are powers of 1000 (K=1000, M=10002, G=10003)

tc-iface-del

Delete a traffic conditioner from an interface:

# tc-iface-del <iface> ingress|egress

Parameters

<iface>

Interface name, physical interface or virtual interface.

ingress|egress

Direction.

tc-iface

Display traffic conditioner rules configurations:

# tc-iface [<iface> ingress|egress]

Parameters

<iface>

Interface name, physical interface or virtual interface.

ingress|egress

Direction.

tc-iface-stats

Display traffic conditioner rules statistics:

# tc-iface-stats [<iface> ingress|egress]

Parameters

<iface>

Interface name, physical interface or virtual interface.

ingress|egress

Direction.

tc-iface-json

Display configured traffic conditioners and their statistics in json format:

tc-iface-json [vrfid all|<vrfid>]

Parameters

<vrfid>

Specifies the vrf of interfaces whose traffic conditioner will be displayed. Default 0. all dumps all vrfs.

tc-iface-stats-reset

Reset traffic conditioner statistics:

tc-iface-stats-reset [<iface>]

Parameters

<iface>

Interface name, physical interface or virtual interface.

Examples

  • Limit the bandwidth of traffic received on eth2_0 to 4000 Kbps with a maximum burst size of 512000 bytes:

    tc-iface-add eth2_0 ingress 4000 512000 0 0 Kbps

    • The CIR is set to 4000*1000 bps = 4000000 bps.

    • The CBS is set to 512000 bytes = 4096000 bits.

    • The EIR is set to 0 bits.

    • The EBS is set to 0 bytes.

  • Display traffic conditioner rules for a single traffic conditioner:

    tc-iface eth2_0

  • Display all configured traffic conditioners:

    tc-iface

  • Display statistics for a single traffic conditioner:

    tc-iface-stats eth2_0

  • Display all configured traffic statistics:

    tc-iface-stats

  • Display configured traffic conditioners and their statistics:

    tc-iface-json [vrfid all|VRFID]

If no vrfid is specified, only traffic conditioners in vrfid 0 will be
displayed.

  • Reset statistics on a single traffic conditioner:

    tc-iface-stats-reset eth2_0

  • Reset all statistics traffic conditioner:

    tc-iface-stats-reset

Configuring a traffic conditioner policer shared by several interfaces in the fast path

A traffic conditioner can be shared between several interfaces by creating a shared policer. The traffic flowing through the group of interfaces will consume tokens in the same traffic conditioner.

../../../_images/shared-policer.svg

tc-policer-add

Create a shared policer:

tc-policer-add <name> <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

<name>

Policer name.

Other parameters are identical to those of the tc-iface-add command.

tc-iface-bind

Bind an interface ingress or egress to the policer:

tc-iface-bind <iface> ingress|egress <name>

Parameters

<iface>

Interface name, physical interface or virtual interface.

ingress|egress

Direction.

<name>

Policer name.

tc-iface-del

Unbind an interface ingress or egress from a policer:

tc-iface-del <iface> ingress|egress

The same command tc-iface-del is used regardless whether the interface is attached to a standalone traffic conditioner or bound to a shared policer. If it is a standalone traffic conditioner, it is deleted. If it is a shared policer, the interface is unbound from the policer, but the policer itself is not deleted.

tc-policer-del

Delete a shared policer. All interfaces bound to this policer are unbound:

tc-policer-del <name>

tc-policer

Display shared policer configurations:

tc-policer [<name>]

tc-policer-stats

Display shared policer statistics:

tc-policer-stats [<name>]

tc-policer-json

Display shared policer configurations and their statistics in json format:

tc-policer-json

tc-policer-stats-reset

Reset policer statistics:

tc-policer-stats-reset [<name>]

Examples

  • Limit the bandwidth of traffic received on eth1_0 and eth2_0 to 4000 Kbps with a maximum burst size of 512000 bytes, by sharing policer policer1:

    tc-policer-add policer1 4000 512000 0 0 Kbps

tc-iface-bind eth1_0 ingress policer1
tc-iface-bind eth2_0 ingress policer1

  • Display traffic conditioner rules for policer policer1:

    tc-policer policer1

  • Display statistics for policer policer1:

    tc-policer-stats policer1

  • Display shared policer configurations and their statistics in json format:

    tc-policer-json

  • Display traffic conditioner rules for interfaces eth1_0 and eth2_0:

    tc-iface eth1_0
tc-iface eth2_0

  • Display statistics for interfaces eth1_0 and eth2_0:

    tc-iface-stats eth1_0
tc-iface-stats eth2_0

  • Unbind eth1_0 ingress from policer policer1:

    tc-iface-del eth1_0 ingress

    eth2_0 remains attached to policer1.

Configuring a flow-based traffic conditioner rule in the fast path

The rate limiting can be applied for packets which match an ip flow. The ip flow is defined by interface, source ip, destination ip and ip protocol.

For physical interfaces, it is possible to rate limit traffic going through an interface and all logical interfaces created on top. It can be used for example to provide a global rate limiter for different VLAN declared on top of the same physical interface. An option is also given to rate-limit traffic without taking into account logical interfaces built on top of a physical interface (e.g. rate limit untagged traffic on a port where some VLANs are defined).

tc-flow-add

Description

Add a flow-based traffic conditioner rule.

Synopsis

tc-flow-add <iface> ingress|egress <addr src> <addr dst> <tos>|any <ip proto>|any
            <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps <priority>

Parameters

<iface>

interface name, physical interface or virtual interface.

ingress|ingress_all|egress

Direction. The ingress_all direction can be set only on a physical interface to apply the rate limiter to the physical interface and all virtual interfaces built on top. It is not possible, for the same flow, to add an ingress and an ingress_all with different values of rate limiting.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.

<tos>|any

ToS value, “any” means any DSCP value.

<ip proto>|any

IP protocol number, “any” means any IP protocol.

<CIR>

CIR. Expressed in:

  • multiples of bps

  • multiples of pps

<CBS>

CBS. Expressed in:

  • bytes

  • packets

A committed depth of 0 disables a flow-based traffic conditioner rule.

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

Unit and multiplier used for CIR, CBS, EIR and EBS.

  • pps means that values are expressed in terms of packets:

    • rates are multiples of pps (CIR and EIR)

    • burst sizes are in packets (CBS and EBS)

  • bps means that values are expressed in terms of bits.

    • rates are multiples of bps (CIR and EIR)

    • burst sizes are in bytes (CBS and EBS)

  • G, M and K multipliers apply to rates (CIR and EIR). They do not apply to burst sizes (CBS and EBS).

    • multipliers are powers of 1000 (K=1000, M=10002, G=10003)

<priority>

Priority of the flow-based traffic conditioner rule among others, it is meant to allow priority to ensure more precise flow to be matched first, and the more generic flows after, for example:

tc-flow-add eth0 ingress 1.1.1.0/24 2.2.2.2 any any 10 10 10 10 pps 1
tc-flow-add eth0 ingress 1.1.1.0/24 2.2.2.0/24 any any 20 20 20 20 pps 2

Without priority second rule could be matched before the first one, even through we specifically try to reach the specified host.

Example

Limit the bandwidth of traffic received on eth2_0 from 10.24.3.92 to 10.22.3.91 to 4000 Kbps with a maximum burst size of 512000 bytes:

<fp-0> tc-flow-add eth2_0 ingress 10.24.3.92 10.22.3.91 any any 4000 512000 0 0 Kbps 1

  • The CIR is set to 4000*1000 bps = 4000000 bps.

  • The CBS is set to 512000 bytes = 4096000 bits.

  • The EIR is set to 0 bits.

  • The EBS is set to 0 bytes.

tc-flow-del

Description

Delete the specified flow-based traffic conditioner, either by ID or by flow.

Synopsis

tc-flow-del id <id>
or
tc-flow-del <iface> ingress|egress <addr src> <addr dst> <tos>|any <ip proto>|any

Parameters

<id>

Each tc flow rule has an ID. The id number can be shown by tc-flow command.

<iface>

interface name, physical interface or virtual interface.

ingress|ingress_all|egress

Direction.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.

<tos>|any

ToS value, “any” means any DSCP value.

<ip proto>|any

IP protocol number, “any” means any IP protocol.

tc-flow-add6

Description

Add an IPv6 flow-based traffic conditioner rule.

Synopsis

tc-flow-add6 <iface> ingress|ingress_all|egress <addr src> <addr dst> <tc>|any <next header>|any
            <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps <priority>

Parameters

<iface>

interface name, physical or virtual interface.

ingress|egress

Direction. The ingress_all direction can be set only on a physical interface to apply the rate limiter to the physical interface and all virtual interfaces built on top. It is not possible, for the same flow, to add an ingress and an ingress_all with different values of rate limiting.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:1::/48.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:2::/48.

<tc>|any

Traffic Class of the flow, “any” meaning any class.

<next header>|any

Next header protocol, “any” means any protocol.

<CIR>

CIR. Expressed in:

  • multiples of bps

  • multiples of pps

<CBS>

CBS. Expressed in:

  • bytes

  • packets

A committed depth of 0 disables a flow-based traffic conditioner rule.

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

Unit and multiplier used for CIR, CBS, EIR and EBS.

  • pps means that values are expressed in terms of packets:

    • rates are multiples of pps (CIR and EIR)

    • burst sizes are in packets (CBS and EBS)

  • bps means that values are expressed in terms of bits.

    • rates are multiples of bps (CIR and EIR)

    • burst sizes are in bytes (CBS and EBS)

  • G, M and K multipliers apply to rates (CIR and EIR). They do not apply to burst sizes (CBS and EBS).

    • multipliers are powers of 1000 (K=1000, M=10002, G=10003)

<priority>

Priority of the flow-based traffic conditioner rule among others, it is meant to allow priority to ensure more precise flow to be matched first, and the more generic flows after.

Example

Limit the bandwidth of traffic received on eth2_0 from 2001:DB8:1::1 to 2001:DB8:2::1 to 4000 Kbps with a maximum burst size of 512000 bytes:

<fp-0> tc-flow-add6 eth2_0 ingress 2001:DB8:1::1 2001:DB8:2::1 any any 4000 512000 0 0 Kbps 1

  • The CIR is set to 4000*1000 bps = 4000000 bps.

  • The CBS is set to 512000 bytes = 4096000 bits.

  • The EIR is set to 0 bits.

  • The EBS is set to 0 bytes.

tc-flow-del6

Description

Delete the specified IPv6 flow-based traffic conditioner, either by ID or by flow.

Synopsis

tc-flow-del6 id <id>
or
tc-flow-del6 <iface> ingress|egress <addr src> <addr dst> <tc>|any <next header>|any

Parameters

<id>

Each tc flow rule has an ID. The id number can be shown by tc-flow command.

<iface>

interface name, physical or virtual interface.

ingress|ingress_all|egress

Direction.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:1::/48.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:2::/48.

<tc>|any

Traffic Class of the flow, “any” meaning any class.

<next header>|any

Next header protocol, “any” means any protocol.

tc-flow

Description

List one or all configured flow-based traffic conditioner.

Synopsis

tc-flow [<iface>] [ingress|egress]

Parameters

<iface>

Interface name. Optional. If interface is set, only rules on this interface are displayed.

ingress|egress

Direction. Optional. If direction is set, only rules matching the direction are displayed.

Example

<fp-0> tc-flow
Ingress TC: 1 rules
1: eth2_0 ingress 10.24.3.92/32 10.22.3.91/32 any 1 priority 1 (IPv4)
     CIR 4 Mbps
     CBS 512000
     EIR 0 bps
     EBS 0
Egress  TC: 0 rules

tc-flow-stats

Description

Dump statistics of the specified flow-based traffic conditioner. The packet/byte number of the 3 marked colors(Green/Yellow/Red) are displayed.

Synopsis

tc-flow-stats id <id>

Parameters

ID

Each tc flow rule has an ID. The id number can be shown by tc-flow command.

Example

<fp-0> tc-flow-stats id 1
Green  19940 packets 1674960 bytes
Yellow 0 packets 0 bytes
Red    114782 packets 9641688 bytes

tc-flow-stats-reset

Description

Reset the statistics of the specified flow-based traffic conditioner. The packet/byte number of the 3 marked colors will be set to 0.

Synopsis

tc-flow-stats-reset id <id>

Parameters

ID

Each tc flow rule has an ID. The id number can be shown by tc-flow command.

Providing options

There are 3 parameters provided by this module:

  • hash-order is the order of the hash table (1 << hash-order)

  • max-flows is the maximum number of flows.

  • timeout is the idle duration (in seconds) before one flow hash node is deleted.

You can dynamically set the 3 parameters when starting the fast path:

  • Hash order with option --mod-opt=tc-flow:--hash-order=<hash-order>. Default is 10.

  • Maximum number of flows with option --mod-opt=tc-flow:--max-flows=<flow-number>. Default is 10000.

  • Timeout with option --mod-opt=tc-flow:--timeout=<timeout-value>. Default is 5.

Note

See Fast Path Capabilities documentation for impact of the available memory on the default value of configurable capabilities