The IPQoS flowacct module records information about traffic flows, a process that is referred to as flow accounting. Flow accounting produces data that can be used for billing customers or for evaluating the amount of traffic to a particular class.
Flow accounting is optional. flowacct is typically the final module that metered or marked traffic flows might encounter before release onto the network stream. For an illustration of flowacct's position in the Diffserv model, see Figure 1–1. For detailed technical information, refer to the flowacct (7ipp) man page.
To enable flow accounting, you need to use the Oracle Solaris exacct accounting facility and the acctadm command, as well as flowacct. For more information about flow accounting, refer to Chapter 5, Using Flow Accounting and Statistics Gathering Tasks.
The flowacct module gathers information about flows in a flow table that is composed of flow records. Each entry in the table contains one flow record. You cannot display a flow table.
In the IPQoS configuration file, you define the following flowacct parameters to measure flow records and to write the records to the flow table:
timer – Defines an interval, in milliseconds, when timed-out flows are removed from the flow table and written to the file that is created by acctadm
timeout – Defines an interval, in milliseconds, which specifies how long a packet flow must be inactive before the flow times out
max_limit – Places an upper limit on the number of flow records that can be stored in the flow table
For an example of how flowacct parameters are used in the IPQoS configuration file, refer to How to Configure Flow Control in the IPQoS Configuration File.
The flowacct module maintains a flow table that records all packet flows that are seen by a flowacct instance.
A flow is identified by the following parameters, which include the flowacct 8-tuple:
Source address
Destination address
Source port
Destination port
DSCP
User ID
Project ID
Protocol Number
If all the parameters of the 8–tuple for a flow remain the same, the flow table contains only one entry. The max_limit parameter determines the number of entries that a flow table can contain.
The flow table is scanned at the interval that is specified in the IPQoS configuration file for the timer parameter. The default is 15 seconds. A flow “times out” when its packets are not seen by the IPQoS system for at least the timeout interval in the IPQoS configuration file. The default timeout interval is 60 seconds. Entries that have timed out are then written to the accounting file that is created with the acctadm command.
A flowacct record contains the attributes described in the following table.
|
You use the acctadm command to create a file in which to store the various flow records that are generated by flowacct. acctadm works in conjunction with the extended accounting facility. For technical information, refer to the acctadm (1M) man page.
The flowacct module observes flows and fills the flow table with flow records. flowacct then evaluates its parameters and attributes in the interval that is specified by timer. When a packet is not seen for at least the last_seen plus timeout values, the packet times out. All timed-out entries are deleted from the flow table. These entries are then written to the accounting file each time the interval that is specified in the timer parameter elapses.
To invoke acctadm for use with the flowacct module, use the following syntax:
acctadm -e file-type -f filename flow
Invokes acctadm with the -e option. The -e indicates that a resource list follows.
Specifies the attributes to be gathered, either basic or extended. For a list of attributes in each file type, refer to Table 6–4.
Creates the file file-name to hold the flow records.
Indicates that acctadm is to be run with IPQoS.