Document Information
Preface
Part I TCP/IP Administration
1. Solaris TCPIP Protocol Suite (Overview)
2. Planning an IPv4 Addressing Scheme (Tasks
3. Planning an IPv6 Addressing Scheme (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
7. Enabling IPv6 on a Network (Tasks)
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
11. IPv6 in Depth (Reference)
Part II DHCP
12. About Solaris DHCP (Overview)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering DHCP Clients
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
Part III IP Security
19. IP Security Architecture (Overview)
20. Configuring IPsec (Tasks)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
23. Configuring IKE (Tasks)
24. Internet Key Exchange (Reference)
25. Solaris IP Filter (Overview)
26. Solaris IP Filter (Tasks)
Part IV Mobile IP
27. Mobile IP (Overview)
28. Administering Mobile IP (Tasks)
29. Mobile IP Files and Commands (Reference)
Part V IPMP
30. Introducing IPMP (Overview)
31. Administering IPMP (Tasks)
Part VI IP Quality of Service (IPQoS)
32. Introducing IPQoS (Overview)
33. Planning for an IPQoS-Enabled Network (Tasks)
34. Creating the IPQoS Configuration File (Tasks)
Defining a QoS Policy in the IPQoS Configuration File (Task Map)
Tools for Creating a QoS Policy
Creating an IPQoS Configuration File for an Application Server
How to Configure the IPQoS Configuration File for an Application Server
How to Configure Forwarding for Application Traffic in the IPQoS Configuration File
How to Configure Flow Control in the IPQoS Configuration File
Providing Differentiated Services on a Router
How to Configure a Router on an IPQoS-Enabled Network
35. Starting and Maintaining IPQoS (Tasks)
36. Using Flow Accounting and Statistics Gathering (Tasks)
37. IPQoS in Detail (Reference)
Glossary
Index
|
Creating IPQoS Configuration Files for Web Servers
This section introduces the IPQoS configuration file by showing how to create
a configuration for a premium web server. The section then shows how
to configure a completely different level of service in another configuration file for
a server that hosts personal web sites. Both servers are part of the
network example that is shown in Figure 33-4. The following configuration file defines IPQoS activities for the Goldweb server. This
server hosts the web site for Goldco, the company that has purchased a
premium SLA. Example 34-1 Sample IPQoS Configuration File for a Premium Web Server fmt_version 1.0
action {
module ipgpc
name ipgpc.classify
params {
global_stats TRUE
}
class {
name goldweb
next_action markAF11
enable_stats FALSE
}
class {
name video
next_action markEF
enable_stats FALSE
}
filter {
name webout
sport 80
direction LOCAL_OUT
class goldweb
}
filter {
name videoout
sport videosrv
direction LOCAL_OUT
class video
}
}
action {
module dscpmk
name markAF11
params {
global_stats FALSE
dscp_map{0-63:10}
next_action continue
}
}
action {
module dscpmk
name markEF
params {
global_stats TRUE
dscp_map{0-63:46}
next_action acct
}
}
action {
module flowacct
name acct
params {
enable_stats TRUE
timer 10000
timeout 10000
max_limit 2048
}
} The following configuration file defines IPQoS activities on Userweb. This server hosts
web sites for individuals with low-priced, or best-effort, SLAs. This level of
service guarantees the best service that can be delivered to best-effort customers after
the IPQoS system handles traffic from customers with more expensive SLAs. Example 34-2 Sample Configuration for a Best-Effort Web Server fmt_version 1.0
action {
module ipgpc
name ipgpc.classify
params {
global_stats TRUE
}
class {
name Userweb
next_action markAF12
enable_stats FALSE
}
filter {
name webout
sport 80
direction LOCAL_OUT
class Userweb
}
}
action {
module dscpmk
name markAF12
params {
global_stats FALSE
dscp_map{0-63:12}
next_action continue
}
}
How to Create the IPQoS Configuration File and Define Traffic ClassesYou can create your first IPQoS configuration file in whatever directory is easiest
for you to maintain. The tasks in this chapter use the directory
/var/ipqos as the location for IPQoS configuration files. The next procedure builds the
initial segment of the IPQoS configuration file that is introduced in Example 34-1.
Note - As you create the IPQoS configuration file, be very careful to start
and end each action statement and clause with curly braces ({ }). For an
example of the use of braces, see Example 34-1.
- Log in to the premium web server, and create a new IPQoS configuration
file with a .qos extension.
Every IPQoS configuration file must start with the version number fmt_version 1.0 as
its first uncommented line.
- Follow the opening parameter with the initial action statement, which configures the
generic IP classifier ipgpc.
This initial action begins the tree of action statements that compose the IPQoS
configuration file. For example, the /var/ipqos/Goldweb.qos file begins with the initial action statement
to call the ipgpc classifier. fmt_version 1.0 action { module ipgpc name ipgpc.classify - fmt_version 1.0
Begins the IPQoS configuration file.
- action {
Begins the action statement.
- module ipgpc
Configures the ipgpc classifier as the first action in the configuration file.
- name ipgpc.classify
Defines the name of the classifier action statement, which must always be ipgpc.classify.
For detailed syntactical information about action statements, refer to action Statement and the ipqosconf(1M)
man page.
- Add a params clause with the statistics parameter global_stats.
params { global_stats TRUE } The parameter global_stats TRUE in theipgpc.classify statement enables statistics gathering for that action.
global_stats TRUE also enables per-class statistics gathering wherever a class clause definition specifies enable_stats TRUE. Turning on statistics impacts performance. You might want to gather statistics on a
new IPQoS configuration file to verify that IPQoS works properly. Later, you can
turn off statistics collection by changing the argument to global_stats to FALSE. Global statistics are but one type of parameter you can define in a
params clause. For syntactical and other details about params clauses, refer to
params Clause and the ipqosconf(1M) man page.
- Define a class that identifies traffic that is bound for the premium server.
class { name goldweb next_action markAF11 enable_stats FALSE } This statement is called a class clause. A class clause has the following
contents. - name goldweb
Creates the class goldweb to identify traffic that is bound for the Goldweb server.
- next_action markAF11
Instructs the ipgpc module to pass packets of the goldweb class to the markAF11 action statement. The markAF11 action statement calls the dscpmk marker.
- enable_stats FALSE
Enables statistics taking for the goldweb class. However, because the value of enable_stats is FALSE, statistics for this class are not turned on.
For detailed information about the syntax of the class clause, see class Clause and
the ipqosconf(1M) man page.
- Define a class that identifies an application that must have highest-priority forwarding.
class { name video next_action markEF enable_stats FALSE } - name video
Creates the class video to identify streaming video traffic that is outgoing from the Goldweb server.
- next_action markEF
Instructs the ipgpc module to pass packets of the video class to the markEF statement after ipgpc completes processing. The markEF statement calls the dscpmk marker.
- enable_stats FALSE
Enables statistics collection for the video class. However, because the value of enable_stats is FALSE, statistics collection for this class is not turned on.
See Also
How to Define Filters in the IPQoS Configuration FileThe next procedure shows how to define filters for a class in
the IPQoS configuration file. Before You BeginThe procedure assumes that you have already started file creation and have
defined classes. The steps continue building the /var/ipqos/Goldweb.qos file that is created in How to Create the IPQoS Configuration File and Define Traffic Classes.
Note - As you create the IPQoS configuration file, be very careful to start
and end each class clause and each filter clause with curly braces ({ }).
For an example of the use of braces, use Example 34-1.
- Open the IPQoS configuration file, and locate the end of the last class
that you defined.
For example, on the IPQoS-enabled server Goldweb, you would start after the following
class clause in /var/ipqos/Goldweb.qos: class {
name video
next_action markEF
enable_stats FALSE
}
- Define a filter clause to select outgoing traffic from the IPQoS system.
filter { name webout sport 80 direction LOCAL_OUT class goldweb } - name webout
Gives the name webout to the filter.
- sport 80
Selects traffic with a source port of 80, the well-known port for HTTP (web) traffic.
- direction LOCAL_OUT
Further selects traffic that is outgoing from the local system.
- class goldweb
Identifies the class to which the filter belongs, in this instance, class goldweb.
For syntactical and detailed information about the filter clause in the IPQoS configuration
file, refer to filter Clause.
- Define a filter clause to select streaming video traffic on the IPQoS system.
filter { name videoout sport videosrv direction LOCAL_OUT class video } - name videoout
Gives the name videoout to the filter.
- sport videosrv
Selects traffic with a source port of videosrv, a previously defined port for the streaming video application on this system.
- direction LOCAL_OUT
Further selects traffic that is outgoing from the local system.
- class video
Identifies the class to which the filter belongs, in this instance, class video.
See Also
How to Define Traffic Forwarding in the IPQoS Configuration FileThe next procedure shows how to define traffic forwarding by adding per-hop behaviors
for a class into the IPQoS configuration file. Before You BeginThe procedure assumes that you have an existing IPQoS configuration file with already
defined classes and already defined filters. The steps continue building the /var/ipqos/Goldweb.qos
file from Example 34-1.
Note - The procedure shows how to configure traffic forwarding by using the dscpmk
marker module. For information about traffic forwarding on VLAN systems by using the
dlclosmk marker, refer to Using the dlcosmk Marker With VLAN Devices.
- Open the IPQoS configuration file, and locate the end of the last filter
you defined.
For example, on the IPQoS-enabled server Goldweb, you would start after the following
filter clause in /var/ipqos/Goldweb.qos: filter {
name videoout
sport videosrv
direction LOCAL_OUT
class video
}
} Note that this filter clause is at the end of the ipgpc
classifier action statement. Therefore, you need a closing brace to terminate the filter
and a second closing brace to terminate the action statement.
- Invoke the marker with the following action statement.
action { module dscpmk name markAF11 - module dscpmk
Calls the marker module dscpmk.
- name markAF11
Gives the name markAF11 to the action statement.
The previously defined class goldweb includes a next_action markAF11 statement. This statement sends
traffic flows to the markAF11 action statement after the classifier concludes processing.
- Define actions for the marker to take on the traffic flow.
params { global_stats FALSE dscp_map{0-63:10} next_action continue } } - global_stats FALSE
Enables statistics collection for the markAF11 marker action statement. However, because the value of enable_stats is FALSE, statistics are not collected.
- dscp_map{0–63:10}
Assigns a DSCP of 10 to the packet headers of the traffic class goldweb, which is currently being processed by the marker.
- next_action continue
Indicates that no further processing is required on packets of the traffic class goldweb, and that these packets can return to the network stream.
The DSCP of 10 instructs the marker to set all entries in the
dscp map to the decimal value 10 (binary 001010). This codepoint indicates that
packets of the goldweb traffic class are subject to the AF11 per-hop behavior.
AF11 guarantees that all packets with the DSCP of 10 receive a
low-drop, high-priority service. Thus, outgoing traffic for premium customers on Goldweb is given
the highest priority that is available for the Assured Forwarding (AF) PHB. For
a table of possible DSCPs for AF, refer to Table 37-2.
- Start another marker action statement.
action { module dscpmk name markEF - module dscpmk
Calls the marker module dscpmk.
- name markEF
Gives the name markEF to the action statement.
- Define actions for the marker to take on the traffic flow.
params { global_stats TRUE dscp_map{0-63:46} next_action acct } } - global_stats TRUE
Enables statistics collection on class video, which selects streaming video packets.
- dscp_map{0–63:46}
Assigns a DSCP of 46 to the packet headers of the traffic class video, which is currently being processed by the marker.
- next_action acct
Instructs the dscpmk module to pass packets of the class video to the acct action statement after dscpmk completes processing. The acct action statement invokes the flowacct module.
The DSCP of 46 instructs the dscpmk module to set all entries in
the dscp map to the decimal value 46 (binary 101110) in the DS
field. This codepoint indicates that packets of the video traffic class are
subject to the Expedited Forwarding (EF) per-hop behavior.
Note - The recommended codepoint for EF is 46 (binary 101110). Other DSCPs assign AF
PHBs to a packet.
The EF PHB guarantees that packets with the DSCP of 46 are given
the highest precedence by IPQoS and Diffserv-aware systems. Streaming applications require highest-priority service,
which is the rationale behind assigning to streaming applications the EF PHBs in
the QoS policy. For more details about the expedited forwarding PHB, refer to
Expedited Forwarding (EF) PHB.
- Add the DSCPs that you have just created to the appropriate files on
the Diffserv router.
For more information, refer to How to Configure a Router on an IPQoS-Enabled Network. See Also
How to Enable Accounting for a Class in the IPQoS Configuration FileThe next procedure shows how to enable accounting on a traffic class
in the IPQoS configuration file. The procedure shows how to define flow accounting
for the video class, which is introduced in How to Create the IPQoS Configuration File and Define Traffic Classes. This class selects streaming
video traffic, which must be billed as part of a premium customer's SLA.
Before You BeginThe procedure assumes that you have an existing IPQoS configuration file with already
defined classes, filters, metering actions, if appropriate, and marking actions, if appropriate. The
steps continue building the /var/ipqos/Goldweb.qos file from Example 34-1.
- Open the IPQoS configuration file, and locate the end of the last action
statement you defined.
For example, on the IPQoS-enabled server Goldweb, you would start after the following
markEF action statement in /var/ipqos/Goldweb.qos. action {
module dscpmk
name markEF
params {
global_stats TRUE
dscp_map{0-63:46}
next_action acct
}
}
- Begin an action statement that calls flow accounting.
action { module flowacct name acct - module flowacct
Invokes the flow-accounting module flowacct.
- name acct
Gives the name acct to the action statement
- Define a params clause to control accounting on the traffic class.
params { global_stats TRUE timer 10000 timeout 10000 max_limit 2048 next_action continue }
} - global_stats TRUE
Enables statistics collection on the class video, which selects streaming video packets.
- timer 10000
Specifies the duration of the interval, in milliseconds, when the flow table is scanned for timed-out flows. In this parameter, that interval is 10000 milliseconds.
- timeout 10000
Specifies the minimum interval time out value. A flow “times out” when packets for the flow are not seen during a time out interval. In this parameter, packets time out after 10000 milliseconds.
- max_limit 2048
Sets the maximum number of active flow records in the flow table for this action instance.
- next_action continue
Indicates that no further processing is required on packets of the traffic class video, and that these packets can return to the network stream.
The flowacct module gathers statistical information on packet flows of a particular class
until a specified timeout value is reached. See Also
How to Create an IPQoS Configuration File for a Best-Effort Web ServerThe IPQoS configuration file for a best-effort web server differs slightly from an
IPQoS configuration file for a premium web server. As an example, the
procedure uses the configuration file from Example 34-2.
- Log in to the best-effort web server.
- Create a new IPQoS configuration file with a .qos extension.
fmt_vesion 1.0 action { module ipgpc name ipgpc.classify params { global_stats TRUE } The /var/ipqos/userweb.qos file must begin with the partial action statement to invoke
the ipgpc classifier. In addition, the action statement also has a params clause
to turn on statistics collection. For an explanation of this action statement, see
How to Create the IPQoS Configuration File and Define Traffic Classes.
- Define a class that identifies traffic that is bound for the best-effort web
server.
class { name userweb next_action markAF12 enable_stats FALSE } - name userweb
Creates a class that is called userweb for forwarding web traffic from users.
- next_action markAF1
Instructs the ipgpc module to pass packets of the userweb class to the markAF12 action statement after ipgpc completes processing. The markAF12 action statement invokes the dscpmk marker.
- enable_stats FALSE
Enables statistics collection for the userweb class. However, because the value of enable_stats is FALSE, statistics collection for this class does not occur.
For an explanation of the class clause task, see How to Create the IPQoS Configuration File and Define Traffic Classes.
- Define a filter clause to select traffic flows for the userweb class.
filter { name webout sport 80 direction LOCAL_OUT class userweb } } - name webout
Gives the name webout to the filter.
- sport 80
Selects traffic with a source port of 80, the well-known port for HTTP (web) traffic.
- direction LOCAL_OUT
Further selects traffic that is outgoing from the local system.
- class userweb
Identifies the class to which the filter belongs, in this instance, class userweb.
For an explanation of the filter clause task, see How to Define Filters in the IPQoS Configuration File.
- Begin the action statement to invoke the dscpmk marker.
action { module dscpmk name markAF12 - module dscpmk
Invokes the marker module dscpmk.
- name markAF12
Gives the name markAF12 to the action statement.
The previously defined class userweb includes a next_action markAF12 statement. This statement sends
traffic flows to the markAF12 action statement after the classifier concludes processing.
- Define parameters for the marker to use for processing the traffic flow.
params { global_stats FALSE dscp_map{0-63:12} next_action continue } } - global_stats FALSE
Enables statistics collection for the markAF12 marker action statement. However, because the value of enable_stats is FALSE, statistics collection does not occur.
- dscp_map{0–63:12}
Assigns a DSCP of 12 to the packet headers of the traffic class userweb, which is currently being processed by the marker.
- next_action continue
Indicates that no further processing is required on packets of the traffic class userweb, and that these packets can return to the network stream.
The DSCP of 12 instructs the marker to set all entries in the
dscp map to the decimal value 12 (binary 001100). This codepoint indicates that
packets of the userweb traffic class are subject to the AF12 per-hop behavior.
AF12 guarantees that all packets with the DSCP of 12 in the
DS field receive a medium-drop, high-priority service.
- When you complete the IPQoS configuration file, apply the configuration.
See Also
|