System Administration Guide: IP Services

Chapter 30 Using Flow Accounting and Statistics Gathering (Tasks)

This chapter explains how to obtain accounting and statistical information on traffic that is handled by an IPQoS system. The following topics are discussed:

Setting Up Flow Accounting (Task Map)

The following task map lists the generic tasks for obtaining information about traffic flows by using the flowacct module.



For Instructions 

1. Create a file to contain accounting information for traffic flows. 

Use the acctadm command to create a file that holds the results of processing by flowacct.

How to Create a File for Flow-Accounting Data

2. Define flowacct parameters in the IPQoS configuration file.

Define values for the timer, timeout, and max_limit parameters.

How to Enable Accounting for a Class in the IPQoS Configuration File

Recording Information About Traffic Flows

You use the IPQoS flowacct module to collect information about traffic flows. For example, you can collect source and destination addresses, number of packets in a flow, and similar data. The process of accumulating and recording information about flows is called flow accounting.

The results of flow accounting on traffic of a particular class are recorded in a table of flow records. Each flow record consists of a series of attributes. These attributes contain data about traffic flows of a particular class over an interval of time. For a list of the flowacct attributes, refer to Table 31–4.

Flow accounting is particularly useful for billing clients as is defined in their service-level agreements (SLAs). You can also use flow accounting to obtain flow statistics for critical applications. This section contains tasks for using flowacct with the Solaris extended accounting facility to obtain data on traffic flows.

The following information is contained in sources outside this chapter:

ProcedureHow to Create a File for Flow-Accounting Data

Before you add a flowacct action to the IPQoS configuration file, you must create a file for flow records from the flowacct module. You use the acctadm command for this purpose. acctadm can record either basic attributes or extended attributes in the file. All flowacct attributes are listed in Table 31–4. For detailed information about acctadm, refer to the acctadm(1M) man page.

  1. Assume the Primary Administrator role, or become superuser, on the IPQoS-enabled system.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Create a basic flow-accounting file.

    The following example shows how to create a basic flow-accounting file for the premium web server that is configured in Example 28–1.

    # /usr/sbin/acctadm -e basic -f /var/ipqos/goldweb/ flow
    acctadm -e

    Invokes acctadm with the -e option. The -e option enables the arguments that follow.


    States that only data for the eight basic flowacct attributes is to be recorded in the file.


    Specifies the fully qualified path name of the file to hold the flow records from flowacct.


    Instructs acctadm to enable flow accounting.

  3. View information about flow accounting on the IPQoS system by typing acctadm without arguments.

    acctadm generates the following output:

    Task accounting: inactive
           Task accounting file: none
         Tracked task resources: none
       Untracked task resources: extended
             Process accounting: inactive
        Process accounting file: none
      Tracked process resources: none
    Untracked process resources: extended,host,mstate
                Flow accounting: active
           Flow accounting file: /var/ipqos/goldweb/
         Tracked flow resources: basic
       Untracked flow resources: dsfield,ctime,lseen,projid,uid

    All entries but the last four are for use with the Solaris Resource Manager feature. The next table explains the entries that are specific to IPQoS.



    Flow accounting: active

    Indicates that flow accounting is turned on. 

    Flow accounting file: /var/ipqos/goldweb/

    Gives the name of the current flow-accounting file. 

    Tracked flow resources: basic

    Indicates that only the basic flow attributes are tracked. 

    Untracked flow resources: dsfield,ctime,lseen,projid,uid

    Lists the flowacct attributes that are not tracked in the file.

  4. (Optional) Add the extended attributes to the accounting file.

    # acctadm -e extended -f /var/ipqos/goldweb/ flow
  5. (Optional) Return to recording only the basic attributes in the accounting file.

    # acctadm -d extended -e basic -f /var/ipqos/goldweb/

    The -d option disables extended accounting.

  6. View the contents of a flow-accounting file.

    Instructions for viewing the contents of a flow-accounting file are in Perl Interface to libexacct in System Administration Guide: Virtualization Using the Solaris Operating System.

See Also

Gathering Statistical Information

You can use the kstat command to generate statistical information from the IPQoS modules. Use the following syntax:

/bin/kstat -m ipqos-module-name

You can specify any valid IPQoS module name, as shown in Table 31–5. For example, to view statistics that are generated by the dscpmk marker, you use the following form of kstat:

/bin/kstat -m dscpmk

For technical details, refer to the kstat(1M) man page.

Example 30–1 kstat Statistics for IPQoS

Here is an example of possible results from running kstat to obtain statistics about the flowacct module.

# kstat -m flowacct
module: flowacct                        instance: 3     
name:   Flowacct statistics             class:    flacct 
        bytes_in_tbl                    84
        crtime                          345728.504106363
        epackets                        0
        flows_in_tbl                    1
        nbytes                          84
        npackets                        1
        snaptime                        345774.031843301
        usedmem                         256
class: flacct

Gives the name of the class to which the traffic flows belong, in this example flacct.


Total number of bytes in the flow table. The total number of bytes is the sum in bytes of all the flow records that currently reside in the flow table. The total number of bytes for this flow table is 84. If no flows are in the table, the value for bytes_in_tbl is 0.


The last time that this kstat output was created.


Number of packets that resulted in an error during processing, in this example 0.


Number of flow records in the flow table, which in this example is 1. When no records are in the table, the value for flows_in_tbl is 0.


Total number of bytes that are seen by this flowacct action instance, which is 84 in the example. The value includes bytes that are currently in the flow table. The value also includes bytes that have timed out and are no longer in the flow table.


Total number of packets that are seen by this flowacct action instance, which is 1 in the example. npackets includes packets that are currently in the flow table. npackets also includes packets that have timed out—are no longer in the flow table.


Memory in bytes in use by the flow table that is maintained by this flowacct instance. The usedmem value is 256 in the example. The value for usedmem is 0 when the flow table does not have any flow records.