Previous
IPQoS in Detail (Reference)
This chapter contains reference materials that provide in-depth details about the following IPQoS topics:
For an overview, refer to Chapter 32, Introducing IPQoS (Overview). For planning information, refer to Chapter 33, Planning for an IPQoS-Enabled Network (Tasks). For procedures for configuring IPQoS, refer to Chapter 34, Creating the IPQoS Configuration File (Tasks).
IPQoS Architecture and the Diffserv Model
This section describes the IPQoS architecture and how IPQoS implements the differentiated services (Diffserv) model that is defined inRFC 2475, An Architecture for Differentiated Services. The following elements of the Diffserv model are included in IPQoS:
Classifier
Meter
Marker
In addition, IPQoS includes the flow-accounting module and the dlcosmk marker for use with virtual local area network (VLAN) devices.
Classifier Module
In the Diffserv model, the classifier is responsible for organizing selected traffic flows into groups on which to apply different service levels. The classifiers that are defined in RFC 2475 were originally designed for boundary routers. In contrast, the IPQoS classifier ipgpc is designed to handle traffic flows on hosts that are internal to the local network. Therefore, a network with both IPQoS systems and a Diffserv router can provide a greater degree of differentiated services. For a technical description of ipgpc, refer to the ipgpc(7ipp) man page.
The ipgpc classifier does the following:
Selects traffic flows that meet the criteria specified in the IPQoS configuration file on the IPQoS-enabled system
The QoS policy defines various criteria that must be present in packet headers. These criteria are called selectors. The ipgpc classifier compares these selectors against the headers of packets that are received by the IPQoS system. ipgpc then selects all matching packets.
Separates the packet flows into classes, network traffic with the same characteristics, as defined in the IPQoS configuration file
Examines the value in the packet's differentiated service (DS) field for the presence of a differentiated services codepoint (DSCP)
The presence of the DSCP indicates whether the incoming traffic has been marked by the sender with a forwarding behavior.
Determines what further action is specified in the IPQoS configuration file for packets of a particular class
Passes the packets to the next IPQoS module specified in the IPQoS configuration file, or returns the packets to the network stream
For an overview of the classifier, refer to Classifier (ipgpc) Overview. For information on invoking the classifier in the IPQoS configuration file, refer to IPQoS Configuration File.
IPQoS Selectors
The ipgpc classifier supports a variety of selectors that you can use in the filter clause of the IPQoS configuration file. When you define a filter, always use the minimum number of selectors that are needed to successfully retrieve traffic of a particular class. The number of filters you define can impact IPQoS performance.
The next table lists the selectors that are available for ipgpc.
Table 37-1 Filter Selectors for the IPQoS Classifier
Selector | Argument | Information Selected |
|---|---|---|
saddr | IP address number. | Source address. |
daddr | IP address number. | Destination address. |
sport | Either a port number or service name, as defined in /etc/services. | Source port from which a traffic class originated. |
dport | Either a port number or service name, as defined in /etc/services. | Destination port to which a traffic class is bound. |
protocol | Either a protocol number or protocol name, as defined in /etc/protocols. | Protocol to be used by this traffic class. |
dsfield | DS codepoint (DSCP) with a value of 0-63. | DSCP, which defines any forwarding behavior to be applied to the packet. If this parameter is specified, the dsfield_mask parameter must also be specified. |
dsfield_mask | Bit mask with a value of 0-255. | Used in tandem with the dsfield selector. dsfield_mask is applied to the dsfield selector to determine which of its bits to match against. |
if_name | Interface name. | Interface to be used for either incoming or outgoing traffic of a particular class. |
if_groupname | Interface group name. | Interface group to be used for either incoming or outgoing traffic of a particular class. |
user | Number of the UNIX user ID or user name to be selected. If no user ID or user name is on the packet, the default -1 is used. | User ID that is supplied to an application. |
projid | Number of the project ID to be selected. | Project ID that is supplied to an application. |
priority | Priority number. Lowest priority is 0. | Priority that is given to packets of this class. Priority is used to order the importance of filters for the same class. |
direction | Argument can be one of the following: | Direction of packet flow on the IPQoS machine. |
LOCAL_IN | Input traffic local to the IPQoS system. | |
LOCAL_OUT | Output traffic local to the IPQoS system. | |
FWD_IN | Input traffic to be forwarded. | |
FWD_OUT | Output traffic to be forwarded. | |
precedence | Precedence value. Highest precedence is 0. | Precedence is used to order filters with the same priority. |
ip_version | V4 or V6 | Addressing scheme that is used by the packets, either IPv4 or IPv6. |
Meter Module
The meter tracks the transmission rate of flows on a per-packet basis. The meter then determines whether the packet conforms to the configured parameters. The meter module determines the next action for a packet from a set of actions that depend on packet size, configured parameters, and flow rate.
The meter consists of two metering modules, tokenmt and tswtclmt, which you configure in the IPQoS configuration file. You can configure either module or both modules for a class.
When you configure a metering module, you can define two parameters for rate:
committed-rate - Defines the acceptable transmission rate in bits per second for packets of a particular class
peak-rate - Defines the maximum transmission rate in bits per second that is allowable for packets of a particular class
A metering action on a packet can result in one of three outcomes:
green - The packet causes the flow to remain within its committed rate.
yellow - The packet causes the flow to exceed its committed rate but not its peak rate.
red - The packet causes the flow to exceed its peak rate.
You can configure each outcome with different actions in the IPQoS configuration file. Committed rate and peak rate are explained in the next section.