Managing Network Virtualization and Network Resources in Oracle® Solaris 11.3

Updated: April 2018

Overlapping Flows

When multiple flows are configured on a datalink with different attributes, the flows might overlap. In this case, you can use the flowadm show-flow command to display a list of flows on a datalink based on a default ranking order. That is, the first flow in the output is searched first for a given packet and then the next flow is searched. You can change the ranking order of a flow by using the rank property.

For example, say you have created the flow solaris to limit the traffic from a remote IP address as follows.

# flowadm add-flow -l net4 -a remote_ip= solaris
# flowadm set-flowprop -p maxbw=10K solaris

If you want a packet from the IP address to port 80 to match solaris instead of the http flow, you can set a high rank for the solaris flow as follows:

# flowadm set-flowprop -p rank=1 solaris
# flowadm show-flowprop -p rank solaris
FLOW         PROPERTY        PERM VALUE          DEFAULT        POSSIBLE
solaris      rank            rw    1             --             1-65535

You can use the flowadm match-flow command to check whether a flow that you want to create overlaps with other existing flows. If there are overlapping flows, you need to check the ranking order. Also, if you have a policy in place to disallow the creation of overlapping flows, you need to check before adding a flow. The command syntax is:

# flowadm match-flow [-P] [[-p] -o  field[,...]] [-l link] -a attr=value[,...]
–l link

Limits the match to flows on the specified link. If you do not specify a link, flows on all the links are used.

–a attr=value[,...]

A comma-separated list of attributes that are used as the key for the lookup for a matching flow or flows.

Example 82  Checking the Overlapping Flows

This example shows how to check whether an added flow overlaps with other flows.

The following example displays a flow configured on a system.

# flowadm
FLOW        LINK     PROTO LADDR             LPORT RADDR             RPORT DIR
http        net4     tcp   --                80    --                --    bi

When you want to add a another flow backup with the remote IP address on the datalink net4, you can check whether the backup flow overlaps with other flows as follows.

# flowadm match-flow -l net4 -a remote_ip=
FLOW        LINK     PROTO LADDR             LPORT RADDR             RPORT DIR
http        net4     tcp   --                80    --                --    bi

The output shows that the flows http and backup can overlap for certain packets.