System Administration Guide: Network Interfaces and Network Virtualization

Setting Up Accounting for Packet Flows

You can use the extended accounting feature to capture these statistics into a file, which can then be printed for usage reports.

ProcedureHow to Configure Flow Accounting

Use the flowadm command and extended accounting feature of the Solaris OS to collect statistical data on flow usage. In this manner, you can maintain records of flow traffic for tracking, provisioning, or billing purposes. The following task shows how to gather statistics for a system on a traditional network, which has implemented flow control on the system's interfaces. For an example, refer to Figure 10–3. For the tasks that implement flow control on this network, see How to Set Up and Configure Flow Control for a System on a Traditional Network.

Before You Begin

You must have configured flows on the system's interfaces, as explained in Interface-Based Flow Control for Traditional Networks.

  1. Assume the Primary Administrator role or become superuser on the system with the interfaces whose usage you want to track.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. On the system with the interfaces whose usage you want to track, become superuser or assume the equivalent root role.

    To create and assign the root role, see How to Make root User Into a Role in System Administration Guide: Security Services.

  3. View the system's currently configured flows.

    # flowadm show-flow
    NAME            LINK            ATTR            VALUE
    app-flow        internal0
                                    ip_version      4
    httpsflow       nge0
                                    transport       tcp
                                    local_port      443
    httpflow        nge0
                                    transport       tcp
                                    local_port      80

    The output shows three flows. app-flow is a flow configured on interface internal0. This interface isolates traffic coming from the application server on the network, by using the IP address of the server as the key. The flows httpflow and httpsflow are configured on interface nge0. These flows isolate HTTP and secure HTTP packets by using their port numbers, 80 and 443, respectively.

  4. View usage statistics for the system's three flows.

    # flowadm show-flow -s
    app-flow    65        0           0       1723      72366       0
    httpsflow   0         0           0       32932     3225851     0
    httpflow    29        3982        0       42        20799       0

    The -soption of flowadm gathers usage statistics at the point when the command is issued.

  5. View the accounting options that are available from extended accounting.

    # acctadm
                Task accounting: inactive
           Task accounting file: none
         Tracked task resources: none
       Untracked task resources: extended
             Process accounting: inactive
        Process accounting file: none
      Tracked process resources: none
    Untracked process resources: extended,host
                Flow accounting: inactive
           Flow accounting file: none
         Tracked flow resources: none
       Untracked flow resources: extended
                Network accounting: inactive
           Network accounting file: none
         Tracked Network resources: none
       Untracked Network resources: extended

    The last four options implement extended accounting for flows. The previous output verifies that network accounting is not turned on and an accounting file is unknown.

  6. Confirm that an extended accounting file does not already exist.

    # cd /var/adm/exacct ; ls

    If no accounting file is listed, this confirms that you can now create the file.

  7. Create an extended accounting file for the flows on the system.

    Use the syntax:

    # acctadm -e extended -f /var/adm/exacct/file-name net

    The net argument turns on extended accounting for network flows.

    Suppose you wanted to track usage of the flows you have defined for a system. You would type the following:

    # acctadm -e extended -f /var/adm/exacct/httpflow net
  8. Verify that extended accounting is now turned on.

    # acctadm
                Task accounting: inactive
                Network accounting: active
                Network accounting file: /var/adm/exacct/httpflow
                Tracked Network resources: extended
                Untracked Network resources: none
  9. Show usage of all the system's flows.

    # flowadm show-usage -f /var/adm/exacct/httpflow
    Bytes          Packets   Errors    Duration       Bandwidth      Link/Flow
    68912          76        0         140            3.94 Kbps        httpflow
    3449           32        0         140          197.09 bps       httpsflow
    0              0         0         140            0.00 bps        app-flow
  10. Show the contents of the extended accounting file that have to do with a particular flow.

    Use the following syntax:

    # flowadm show-usage -f /var/adm/exacct/filename flow

    For example, use the following command to obtain data on HTTP usage on the system.

    # flowadm show-usage -f /var/adm/exacct/httpflow httpflow
    14:35:51    14:36:11    0              0                 0.00 bps  httpflow
    14:36:11    14:36:31    0              0                 0.00 bps  httpflow
    14:36:31    14:36:51    3789           64895            27.47 Kbps  httpflow
    14:36:51    14:37:11    120            108              91.20 bps  httpflow
    14:37:11    14:37:31    0              0                 0.00 bps  httpflow

    This output gathers statistics on httpflow since the command was issued.

  11. Obtain a count of all packet flows on the system.

    Gathering statistics on interface usage can indicate over time whether you should configure a virtual network on the interface or possibly add another interface.

    # dladm show-usage -f /var/adm/exacct/httpflow
    Bytes          Packets   Errors    Duration       Bandwidth      Link/Flow
    159080         1188      0         400            3.18 Kbps            nge0
    1600           17        0         400           32.00 bps             internal0

    The output shows packet count for the nge0 interface, which has flows for HTTP and HTTPS traffic, as well as unfiltered traffic. The internal0 interface has a flow for traffic received from IP address, the address of the application server.

  12. Obtain a count of all packet traffic for a specific interface.

    # dladm show-usage -f /var/adm/exacct/httpflow nge0
    Start Time  End Time    In Bytes       Out Bytes      Bandwidth     Device
    14:34:51    14:35:11    2512           0                 1.00 Kbps     nge0
    14:35:11    14:35:31    986            0               394.40 bps      nge0
    14:35:31    14:35:51    2108           0               843.20 bps      nge0
    14:35:51    14:36:11    2632           0                 1.05 Kbps     nge0
    14:36:11    14:36:31    1653           91              697.60 bps      nge0
    14:36:31    14:36:51    5237           64937            28.07 Kbps     nge0
    14:36:51    14:37:11    8902           3424              4.93 Kbps     nge0
    14:37:11    14:37:31    9648           4958              5.84 Kbps     nge0
    14:37:31    14:37:51    1766           0               706.40 bps      nge0
    14:37:51    14:38:11    3334           0                 1.33 Kbps     nge0
    14:38:11    14:38:31    1834           578             964.80 bps      nge0