When multiple flows are configured on a datalink with different attributes, the flows might overlap. In this case, you can use the flowadm show-flow command to display a list of flows on a datalink based on a default ranking order. That is, the first flow in the output is searched first for a given packet and then the next flow is searched. You can change the ranking order of a flow by using the rank property.
For example, say you have created the flow solaris to limit the traffic from a remote IP address as follows.
# flowadm add-flow -l net4 -a remote_ip=192.0.2.3 solaris # flowadm set-flowprop -p maxbw=10K solaris
If you want a packet from the IP address 192.0.2.0 to port 80 to match solaris instead of the http flow, you can set a high rank for the solaris flow as follows:
# flowadm set-flowprop -p rank=1 solaris # flowadm show-flowprop -p rank solaris FLOW PROPERTY PERM VALUE DEFAULT POSSIBLE solaris rank rw 1 -- 1-65535
You can use the flowadm match-flow command to check whether a flow that you want to create overlaps with other existing flows. If there are overlapping flows, you need to check the ranking order. Also, if you have a policy in place to disallow the creation of overlapping flows, you need to check before adding a flow. The command syntax is:
# flowadm match-flow [-P] [[-p] -o field[,...]] [-l link] -a attr=value[,...]
Limits the match to flows on the specified link. If you do not specify a link, flows on all the links are used.
A comma-separated list of attributes that are used as the key for the lookup for a matching flow or flows.
This example shows how to check whether an added flow overlaps with other flows.
The following example displays a flow configured on a system.
# flowadm FLOW LINK PROTO LADDR LPORT RADDR RPORT DIR http net4 tcp -- 80 -- -- bi
When you want to add a another flow backup with the remote IP address 203.0.113.117 on the datalink net4, you can check whether the backup flow overlaps with other flows as follows.
# flowadm match-flow -l net4 -a remote_ip=192.0.2.4 FLOW LINK PROTO LADDR LPORT RADDR RPORT DIR http net4 tcp -- 80 -- -- bi
The output shows that the flows http and backup can overlap for certain packets.