The IPQoS flowacct module records information about traffic flows, a process that is referred to as flow accounting. Flow accounting produces data that can be used for billing customers or for evaluating the amount of traffic to a particular class.
Flow accounting is optional. flowacct is typically the final module that metered or marked traffic flows might encounter before release onto the network stream. For an illustration of flowacct's position in the Diffserv model, see Figure 26–1. For detailed technical information about flowacct, refer to the flowacct(7ipp) man page.
To enable flow accounting, you need to use the Solaris exacct accounting facility and the acctadm command, as well as flowacct. For the overall steps in setting up flow accounting, refer to Setting Up Flow Accounting (Task Map).
The flowacct module gathers information about flows in a flow table that is composed of flow records. Each entry in the table contains one flow record. You cannot display a flow table.
In the IPQoS configuration file, you define the following flowacct parameters to measure flow records and to write the records to the flow table:
timer – Defines an interval, in milliseconds, when timed-out flows are removed from the flow table and written to the file that is created by acctadm
timeout – Defines an interval, in milliseconds, which specifies how long a packet flow must be inactive before the flow times out
You can configure timer and timeout to have different values.
max_limit – Places an upper limit on the number of flow records that can be stored in the flow table
For an example of how flowacct parameters are used in the IPQoS configuration file, refer to How to Configure Flow Control in the IPQoS Configuration File.
The flowacct module maintains a flow table that records all packet flows that are seen by a flowacct instance. A flow is identified by the following parameters, which include the flowacct 8–tuple:
Source address
Destination address
Source port
Destination port
DSCP
User ID
Project ID
Protocol Number
If all the parameters of the 8–tuple for a flow remain the same, the flow table contains only one entry. The max_limit parameter determines the number of entries that a flow table can contain.
The flow table is scanned at the interval that is specified in the IPQoS configuration file for the timer parameter. The default is 15 seconds. A flow “times out” when its packets are not seen by the IPQoS system for at least the timeout interval in the IPQoS configuration file. The default time out interval is 60 seconds. Entries that have timed out are then written to the accounting file that is created with the acctadm command.
A flowacct record contains the attributes described in the following table.
Table 31–4 Attributes of a flowacct Record
Attribute Name |
Attribute Contents |
Type |
---|---|---|
src-addr-address-type |
Source address of the originator. address-type is either v4 for IPv4 or v6 for IPv6, as specified in the IPQoS configuration file. |
Basic |
dest-addr-address-type |
Destination address for the packets. address-type is either v4 for IPv4 or v6 for IPv6, as specified in the IPQoS configuration file. |
Basic |
src-port |
Source port from which the flow originated. |
Basic |
dest-port |
Destination port number to which this flow is bound. |
Basic |
protocol |
Protocol number for the flow. |
Basic |
total-packets |
Number of packets in the flow. |
Basic |
total-bytes |
Number of bytes in the flow. |
Basic |
action-name |
Name of the flowacct action that recorded this flow. |
Basic |
creation-time |
First time that a packet is seen for the flow by flowacct. |
Extended only |
last-seen |
Last time that a packet of the flow was seen. |
Extended only |
diffserv-field |
DSCP in the outgoing packet headers of the flow. |
Extended only |
user |
Either a UNIX User ID or user name, which is obtained from the application. |
Extended only |
projid |
Project ID, which is obtained from the application. |
Extended only |
You use the acctadm command to create a file in which to store the various flow records that are generated by flowacct. acctadm works in conjunction with the extended accounting facility. For technical information about acctadm, refer to the acctadm(1M) man page.
The flowacct module observes flows and fills the flow table with flow records. flowacct then evaluates its parameters and attributes in the interval that is specified by timer. When a packet is not seen for at least the last_seen plus timeout values, the packet times out. All timed-out entries are deleted from the flow table. These entries are then written to the accounting file each time the interval that is specified in the timer parameter elapses.
To invoke acctadm for use with the flowacct module, use the following syntax:
acctadm -e file-type -f filename flow
Invokes acctadm with the -e option. The -e indicates that a resource list follows.
Specifies the attributes to be gathered. file-type must be replaced by either basic or extended. For a list of attributes in each file type, refer to Table 31–4.
Creates the filefile-name to hold the flow records.
Indicates that acctadm is to be run with IPQoS.