Solaris Bandwidth Manager 1.5 Administration Guide

Chapter 2 Architecture

Product Structure

Solaris Bandwidth Manager contains the following major components:

The diagram below shows the architecture of Solaris Bandwidth Manager.

Figure 2-1 Solaris Bandwidth Manager Architecture

Graphic

Administration Tool

You can use the administration tool, batool, to configure Solaris Bandwidth Manager. It has two modes:

The administration tool communicates with the kernel module through the policy agent. batool sends configuration changes to the kernel module, and the kernel module sends statistics to batool.

See Chapter 5, Configuring Solaris Bandwidth Manager Using batool for a more detailed description of batool and how to use it. You can also configure Solaris Bandwidth Manager by editing the configuration files, or from a directory service.

The Policy Agent

The policy agent is the communications hub of Solaris Bandwidth Manager. It controls the information sent to and from all other components, and the policies that they operate. It is implemented using the Java Dynamic ManagementTM Kit framework. It contains a set of Java management beans (m-beans) and their exported interfaces. See Appendix A, Policy Agent Architecture for more detail on the architecture of the policy agent.

Flows

A flow is a complete exchange of information between a sender and a recipient, as seen from the user's point of view. Examples of flows include sending a mail message, or downloading a web page.

A flow is defined by:

Since the TOS value can change during the lifetime of a flow, a flow can move from one class to another. However, this is not recommended, as packet ordering can be compromised.

Information about all current flows is stored in a cache. When a packet arrives, its flow characteristics are compared with the cache information to see whether it is part of an existing flow or whether a new flow has started. The cache record includes the flow identification information and the following statistics:


Note -

A flow is terminated 60 seconds after the last packet in the flow was detected. This is not configurable.


Monitoring flows rather than classes gives a more accurate picture of network usage, at finer granularity. This enables you to predict future network needs more accurately, and gives you information that can be used in accounting.

You can use batool to view flow statistics. See Chapter 8, Statistics. You can also use any billing or accounting package that is compatible with version 5 of the CISCO NetFlow protocol.

Type of Service Support

An IP packet contains a type of service (TOS) field. Its purpose is to convey information about how the packet should be processed. Solaris Bandwidth Manager can use this information when classifying a packet. It can also change the information, to influence how the packet is processed.

"IP Specification of TOS" is a summary of the type of service definition from the IP specification. "Solaris Bandwidth Manager and Type of Service" explains how Solaris Bandwidth Manager interacts with TOS.

IP Specification of TOS

The IP specification includes a definition of a Type of Service field in an IP packet header. This is intended to be used by upper-layer protocols to pass information to the Internet layer about how to optimize routing for the packet.

Network topology means that there are often a number of available routes between the source and destination of a packet. Some routes are more reliable than others. Some are expensive, with high call setup or usage charges, while some are low-cost but slow. The most suitable route for a packet depends on the application and user, and might even vary with other factors such as the time of day. For example, if you are a system administrator monitoring a remote system, you need to receive alarm traffic as rapidly as possible regardless of the cost, because the cost of routing the alarm is significantly lower than the cost incurred by a system problem. However, if you start to get a document by ftp from the same system at the end of your working day, intending to use it the following day, a low-cost, slow route is sufficient.

The Internet Layer has no direct knowledge of how to optimize a route for a given application or user. The TOS facility was intended to provide hints about how best to route a packet, influencing both queueing algorithms and routing. It contains a 3-bit precedence field and a 4-bit TOS field. The setting of precedence field indicates one of the following values for the precedence:

The possible settings of the TOS field are:

The TOS facility has not been widely used in the past, but the Internet Engineering Task Force (IETF) is now working to modify the definition of TOS and to encourage its use.

Solaris Bandwidth Manager and Type of Service

The Type of Service facility is provided by the IP protocol to convey information about how individual packets should be directed over the Internet. The TOS field controls the routing and queueing algorithms in gateway operations.

The TOS byte contains a Precedence field, a TOS field and an Empty field.

Graphic

For more information, refer to RFC 1349 Type of Service in the Internet Protocol Suite, by P. Almquist.

Solaris Bandwidth Manager Modes

Solaris Bandwidth Manager can be used in one of two modes: server mode or IP-transparent mode.

Server Mode

On a host that is a source of IP traffic, run Solaris Bandwidth Manager in server mode. A host is a source of IP traffic if has only one network connection, to either the WAN or the LAN, or because it is a router of traffic.

Figure 2-2 Solaris Bandwidth Manager in Server Mode

Graphic

Figure 2-3 Solaris Bandwidth Manager on a Router in Server Mode

Graphic

When an interface for which bandwidth management is configured is initialized (usually at system startup), the ipqos module is pushed on to the IP stack, between IP and the interface. The Solaris Bandwidth Manager policy agent reads the configuration file and loads the configuration information into the ipqos module. The ipqos module then processes all traffic according to the configured definitions.


Note -

If a firewall is running on the same machine, install Solaris Bandwidth Manager on an interface that is not running encryption software.


IP-Transparent Mode

On a host that is between a LAN and a router, run Solaris Bandwidth Manager in IP-transparent mode.

This mode is called IP-transparent because the host running Solaris Bandwidth Manager is completely transparent to the IP network and is perceived as just another machine connected to the LAN. The LAN and the WAN behave as though they are directly connected through the router only. It is not necessary to modify the routing tables.

Figure 2-4 Network Configuration Without Solaris Bandwidth Manager

Graphic

Figure 2-5 Network Configuration--IP-Transparent Mode

Graphic

Kernel Architecture

The Kernel contains three modules which receive, filter, classify, schedule and forward the packets between the LAN and the router. The logical flow of data in IP-transparent mode is shown by the dashed lines in Figure 2-6.

ipqos1 

implemented into the IP stack by autopush.ba and autopush_usr.ba during system startup. This module monitors the packets arriving at the host from the LAN but only processes packets addressed to the host machine.

ipqos2 

implemented when the policy agent is started. This module monitors the packets arriving at the host from the LAN, and is used to filter and distribute them within the kernel. 

ipqos3 

implemented when the policy agent is started. This module interface monitors the packets arriving at the host from the LAN or WAN and classifies and schedules them. The classes for the configuration file are stored in this module. 

Traffic Flow From the LAN

Traffic from the LAN to the host running Solaris Bandwidth Manager is received by the LAN interface.

If the destination IP address of the packet is the host running Solaris Bandwidth Manager it is dropped by ipqos2 as it will have already been sent up the IP stack by ipqos1.

If the destination IP address of the packet is not the host running Solaris Bandwidth Manager then the packet is forwarded directly to the router in the following cases:

Otherwise, the packet will be classifed and scheduled by ipqos3.

Traffic Flow From the WAN

Traffic from the WAN is forwarded to the LAN via ipqos3 and ipqos2.

Figure 2-6 Traffic Flow in IP-Transparent Mode

Graphic

Only ipqos3 can be configured via the configuration file so any reference to the interface in this file must be the WAN interface. Configure the network device option in the configuration file to reference the LAN interface in one of the following ways:

Non-IP Packets

Non-IP traffic bypasses ipqos if the nonip_mode parameter is set to direct. These packets are not logged in the flow statistics. If set to ipqos, the traffic is sent to the default class, or the root class if no default class is configured.

Multicast Routing and Solaris Bandwidth Manager

In server mode, Solaris Bandwidth Manager does not distinguish between multicast and other types of traffic. However, if you are using Solaris Bandwidth Manager in IP-transparent mode, it is not possible to predict automatically whether a router will forward a multicast packet, since this depends on your network configuration.

Therefore, there are three options to control how Solaris Bandwidth Manager handles multicast traffic. Choose the most appropriate option for your network: