Supplying a DSCP to the Marker
The DSCP is 6 bits in length. The DS field is 1 byte long. When you define a DSCP, the marker marks the first 6 significant bits of the packet header with the DS codepoint. The remaining 2 least-significant bits are unused.
To define a DSCP, you use the following parameter within a marker action statement:
dscp_map{0-63:DS_codepoint} |
The dscp_map parameter is a 64-element array, which you populate with the (DSCP) value. dscp_map is used to map incoming DSCPs to outgoing DSCPs that are applied by the dscpmk marker.
You must specify the DSCP value to dscp_map in decimal notation. For example, you must translate the EF codepoint of 101110 into the decimal value 46, which results in dscp_map{0-63:46}. For AF codepoints, you must translate the various codepoints that are shown in Table 37-2 to decimal notation for use with dscp_map.
Using the dlcosmk Marker With VLAN Devices
The dlcosmk marker module marks a forwarding behavior in the MAC header of a datagram. You can use dlcosmk only on an IPQoS system with a VLAN interface.
dlcosmk adds four bytes, which are known as the VLAN tag, to the MAC header. The VLAN tag includes a 3-bit user-priority value, which is defined by the IEEE 801.D standard. Diffserv-aware switches that understand VLAN can read the user-priority field in a datagram. The 801.D user priority values implement the class-of-service (CoS) marks, which are well known and understood by commercial switches.
You can use the user-priority values in the dlcosmk marker action by defining the class of service marks that are listed in the next table.
Table 37-3 801.D User-Priority Values
Class of Service | Definition |
---|---|
0 | Best effort |
1 | Background |
2 | Spare |
3 | Excellent effort |
4 | Controlled load |
5 | Video less than 100ms latency |
6 | Video less than 10ms latency |
7 | Network control |
For more information on dlcosmk, refer to the dlcosmk(7ipp) man page.
IPQoS Configuration for Systems With VLAN Devices
This section introduces a simple network scenario that shows how to implement IPQoS on systems with VLAN devices. The scenario includes two IPQoS systems, machine1 and machine2, that are connected by a switch. The VLAN device on machine1 has the IP address 10.10.8.1. The VLAN device on machine2 has the IP address 10.10.8.3.
The following IPQoS configuration file for machine1 shows a simple solution for marking traffic through the switch to machine2.
Example 37-2 IPQoS Configuration File for a System With a VLAN Device
fmt_version 1.0 action { module ipgpc name ipgpc.classify filter { name myfilter2 daddr 10.10.8.3 class myclass } class { name myclass next_action mark4 } } action { name mark4 module dlcosmk params { cos 4 next_action continue global_stats true } } |
In this configuration, all traffic from machine1 that is destined for the VLAN device on machine2 is passed to the dlcosmk marker. The mark4 marker action instructs dlcosmk to add a VLAN mark to datagrams of class myclass with a CoS of 4. The user-priority value of 4 indicates that the switch between the two machines should give controlled load forwarding to myclass traffic flows from machine1.
flowacct Module
The IPQoS flowacct module records information about traffic flows, a process that is referred to as flow accounting. Flow accounting produces data that can be used for billing customers or for evaluating the amount of traffic to a particular class.
Flow accounting is optional. flowacct is typically the final module that metered or marked traffic flows might encounter before release onto the network stream. For an illustration of flowacct's position in the Diffserv model, see Figure 32-1. For detailed technical information about flowacct, refer to the flowacct(7ipp) man page.
To enable flow accounting, you need to use the Solaris exacct accounting facility and the acctadm command, as well as flowacct. For the overall steps in setting up flow accounting, refer to Setting Up Flow Accounting (Task Map).
flowacct Parameters
The flowacct module gathers information about flows in a flow table that is composed of flow records. Each entry in the table contains one flow record. You cannot display a flow table.
In the IPQoS configuration file, you define the following flowacct parameters to measure flow records and to write the records to the flow table:
timer - Defines an interval, in milliseconds, when timed-out flows are removed from the flow table and written to the file that is created by acctadm
timeout - Defines an interval, in milliseconds, which specifies how long a packet flow must be inactive before the flow times out
Note - You can configure timer and timeout to have different values.
max_limit - Places an upper limit on the number of flow records that can be stored in the flow table
For an example of how flowacct parameters are used in the IPQoS configuration file, refer to How to Configure Flow Control in the IPQoS Configuration File.
Flow Table
The flowacct module maintains a flow table that records all packet flows that are seen by a flowacct instance. A flow is identified by the following parameters, which include the flowacct 8-tuple:
Source address
Destination address
Source port
Destination port
DSCP
User ID
Project ID
Protocol Number
If all the parameters of the 8-tuple for a flow remain the same, the flow table contains only one entry. The max_limit parameter determines the number of entries that a flow table can contain.
The flow table is scanned at the interval that is specified in the IPQoS configuration file for the timer parameter. The default is 15 seconds. A flow "times out" when its packets are not seen by the IPQoS system for at least the timeout interval in the IPQoS configuration file. The default time out interval is 60 seconds. Entries that have timed out are then written to the accounting file that is created with the acctadm command.