How Resource Management Works

With interface-based resource management, you can isolate, prioritize, track, and control data traffic on an individual system. These features also enable you to improve the efficiency and performance of a network. Isolating types of data traffic is especially helpful for network provisioning, establishing service level agreements, billing clients, and diagnosing security problems. The concepts in this section pertain to traffic on an internal virtual network as well to traffic on systems configured in traditional external networks.

Resource control helps to isolate processes to improve a system's efficiency and to make the processes easier to observe and track for accounting purposes. Configuring resource control involves organizing packet traffic on the interface into flows that have the same characteristics. These characteristics are derived from the information contained in the fields of an individual packet's header. Therefore, you can organize packet traffic into flows by one of the following characteristics:

• IP address

• Transport protocol name (UDP, TCP, or SCTP)

• Application port number, for example, port 21 for FTP

• DS field attribute, which is used for quality-of-service in IPv6 packets only. (For more information about the DS field, refer to DS Codepoint in System Administration Guide: IP Services.)

Note that a flow can be based only on one of the previously listed characteristics.

For example, you can create a flow for only FTP packets or only for all packets received from a particular source IP address. You cannot create a flow for packets from port number 21 (FTP) that come only from a specified IP address. Or you cannot create a flow for all traffic from IP address 192.168.1.10, and then create flows for transport layer traffic on 192.168.1.10.

Bandwidth management involves assigning a portion of the interface's bandwidth to each flow. Modern network interfaces, such as GLD.v3 interfaces e1000g, bge, nge, and others, have large amounts of bandwidth available for assignment to flows. When you create a flow, you can allocate bandwidth to it and then give the flow a relative priority among all flows on the interface. Furthermore, if the system has processor sets, you can assign a CPU processor set to a flow.

The resulting set of rules that define the characteristics of all flows on a system make up the system's flow control policy. You implement these rules by using the flowadm command and its set-flowprop subcommand. For complete technical information, refer to the flowadm(1M) man page.

This chapter uses the term flow control to generically refer to both resource control and bandwidth management, unless the text specifically states otherwise.