Document Information
Preface
Part I TCP/IP Administration
1. Solaris TCPIP Protocol Suite (Overview)
2. Planning an IPv4 Addressing Scheme (Tasks
3. Planning an IPv6 Addressing Scheme (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
7. Enabling IPv6 on a Network (Tasks)
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
11. IPv6 in Depth (Reference)
Part II DHCP
12. About Solaris DHCP (Overview)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering DHCP Clients
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
Part III IP Security
19. IP Security Architecture (Overview)
20. Configuring IPsec (Tasks)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
23. Configuring IKE (Tasks)
24. Internet Key Exchange (Reference)
25. Solaris IP Filter (Overview)
26. Solaris IP Filter (Tasks)
Part IV Mobile IP
27. Mobile IP (Overview)
28. Administering Mobile IP (Tasks)
29. Mobile IP Files and Commands (Reference)
Part V IPMP
30. Introducing IPMP (Overview)
31. Administering IPMP (Tasks)
Part VI IP Quality of Service (IPQoS)
32. Introducing IPQoS (Overview)
33. Planning for an IPQoS-Enabled Network (Tasks)
34. Creating the IPQoS Configuration File (Tasks)
Defining a QoS Policy in the IPQoS Configuration File (Task Map)
Tools for Creating a QoS Policy
Creating IPQoS Configuration Files for Web Servers
How to Create the IPQoS Configuration File and Define Traffic Classes
How to Define Filters in the IPQoS Configuration File
How to Define Traffic Forwarding in the IPQoS Configuration File
How to Enable Accounting for a Class in the IPQoS Configuration File
How to Create an IPQoS Configuration File for a Best-Effort Web Server
Providing Differentiated Services on a Router
How to Configure a Router on an IPQoS-Enabled Network
35. Starting and Maintaining IPQoS (Tasks)
36. Using Flow Accounting and Statistics Gathering (Tasks)
37. IPQoS in Detail (Reference)
Glossary
Index
|
Creating an IPQoS Configuration File for an Application Server
This section explains how to create a configuration file for an application server
that provides major applications to customers. The procedure uses as its example the
BigAPPS server from Figure 33-4. The following configuration file defines IPQoS activities for the BigAPPS server. This
server hosts FTP, electronic mail (SMTP), and network news (NNTP) for customers. Example 34-3 Sample IPQoS Configuration File for an Application Server fmt_version 1.0
action {
module ipgpc
name ipgpc.classify
params {
global_stats TRUE
}
class {
name smtp
enable_stats FALSE
next_action markAF13
}
class {
name news
next_action markAF21
}
class {
name ftp
next_action meterftp
}
filter {
name smtpout
sport smtp
class smtp
}
filter {
name newsout
sport nntp
class news
}
filter {
name ftpout
sport ftp
class ftp
}
filter {
name ftpdata
sport ftp-data
class ftp
}
}
action {
module dscpmk
name markAF13
params {
global_stats FALSE
dscp_map{0-63:14}
next_action continue
}
}
action {
module dscpmk
name markAF21
params {
global_stats FALSE
dscp_map{0-63:18}
next_action continue
}
}
action {
module tokenmt
name meterftp
params {
committed_rate 50000000
committed_burst 50000000
red_action_name AF31
green_action_name markAF22
global_stats TRUE
}
}
action {
module dscpmk
name markAF31
params {
global_stats TRUE
dscp_map{0-63:26}
next_action continue
}
}
action {
module dscpmk
name markAF22
params {
global_stats TRUE
dscp_map{0-63:20}
next_action continue
}
}
How to Configure the IPQoS Configuration File for an Application Server
- Log in to the IPQoS-enabled application server, and create a new IPQoS configuration
file with a .qos extension.
For example, you would create the /var/ipqos/BigAPPS.qos file for the application server. Begin
with the following required phrases to start the action statement that invokes
the ipgpc classifier: fmt_version 1.0 action { module ipgpc name ipgpc.classify params { global_stats TRUE } For an explanation of the opening action statement, refer to How to Create the IPQoS Configuration File and Define Traffic Classes.
- Create classes to select traffic from three applications on the BigAPPS server.
Add the class definitions after the opening action statement. class { name smtp enable_stats FALSE next_action markAF13 } class { name news next_action markAF21 } class { name ftp enable_stats TRUE next_action meterftp } - name smtp
Creates a class that is called smtp, which includes email traffic flows to be handled by the SMTP application
- enable_stats FALSE
Enables statistics collection for the smtp class. However, because the value of enable_stats is FALSE, statistics for this class are not taken.
- next_action markAF13
Instructs the ipgpc module to pass packets of the smtp class to the markAF13 action statement after ipgpc completes processing.
- name news
Creates a class that is called news, which includes network news traffic flows to be handled by the NNTP application.
- next_action markAF21
Instructs the ipgpc module to pass packets of the news class to the markAF21 action statement after ipgpc completes processing.
- name ftp
Creates a class that is called ftp, which handles outgoing traffic that is handled by the FTP application.
- enable_stats TRUE
Enables statistics collection for the ftp class.
- next_action meterftp
Instructs the ipgpc module to pass packets of the ftp class to the meterftp action statement after ipgpc completes processing.
For more information about defining classes, refer to How to Create the IPQoS Configuration File and Define Traffic Classes.
- Define filter clauses to select traffic of the classes defined in Step 2.
filter { name smtpout sport smtp class smtp } filter { name newsout sport nntp class news } filter { name ftpout sport ftp class ftp } filter { name ftpdata sport ftp-data class ftp } } - name smtpout
Gives the name smtpout to the filter.
- sport smtp
Selects traffic with a source port of 25, the well-known port for the sendmail (SMTP) application.
- class smtp
Identifies the class to which the filter belongs, in this instance, class smtp.
- name newsout
Gives the name newsout to the filter.
- sport nntp
Selects traffic with a source port name of nntp, the well-known port name for the network news (NNTP) application.
- class news
Identifies the class to which the filter belongs, in this instance, class news.
- name ftpout
Gives the name ftpout to the filter.
- sport ftp
Selects control data with a source port of 21, the well-known port number for FTP traffic.
- name ftpdata
Gives the name ftpdata to the filter.
- sport ftp-data
Selects traffic with a source port of 20, the well-known port number for FTP data traffic.
- class ftp
Identifies the class to which the ftpout and ftpdata filters belong, in this instance ftp.
See Also
How to Configure Forwarding for Application Traffic in the IPQoS Configuration FileThe next procedure shows how to configure forwarding for application traffic. In the
procedure, you define per-hop behaviors for application traffic classes that might have lower
precedence than other traffic on a network. The steps continue building the /var/ipqos/BigAPPS.qos
file in Example 34-3. Before You BeginThe procedure assumes that you have an existing IPQoS configuration file with already-defined
classes and already-defined filters for the applications to be marked.
- Open the IPQoS configuration file that you have created for the application server,
and locate the end of the last filter clause.
In the /var/ipqos/BigAPPS.qos file, the last filter is the following: filter {
name ftpdata
sport ftp-data
class ftp
}
}
- Invoke the marker as follows:
action { module dscpmk name markAF13 - module dscpmk
Invokes the marker module dscpmk.
- name markAF13
Gives the name markAF13 to the action statement.
- Define the per-hop behavior to be marked on electronic mail traffic flows.
params { global_stats FALSE dscp_map{0-63:14} next_action continue } } - global_stats FALSE
Enables statistics collection for the markAF13 marker action statement. However, because the value of enable_stats is FALSE, statistics are not collected.
- dscp_map{0–63:14}
Assigns a DSCP of 14 to the packet headers of the traffic class smtp, which is currently being processed by the marker.
- next_action continue
Indicates that no further processing is required on packets of the traffic class smtp. These packets can then return to the network stream.
The DSCP of 14 tells the marker to set all entries in
the dscp map to the decimal value 14 (binary 001110). The DSCP
of 14 sets the AF13 per-hop behavior. The marker marks packets of
the smtp traffic class with the DSCP of 14 in the DS
field. AF13 assigns all packets with a DSCP of 14 to a high-drop precedence.
However, because AF13 also assures a Class 1 priority, the router still guarantees
outgoing email traffic a high priority in its queue. For a table
of possible AF codepoints, refer to Table 37-2.
- Add a marker action statement to define a per-hop behavior for network news
traffic:
action { module dscpmk name markAF21 params { global_stats FALSE dscp_map{0-63:18} next_action continue } } - name markAF21
Gives the name markAF21 to the action statement.
- dscp_map{0–63:18}
Assigns a DSCP of 18 to the packet headers of the traffic class nntp, which is currently being processed by the marker.
The DSCP of 18 tells the marker to set all entries in
the dscp map to the decimal value 18 (binary 010010). The DSCP
of 18 sets the AF21 per-hop behavior. The marker marks packets of
the news traffic class with the DSCP of 18 in the DS
field. AF21 assures that all packets with a DSCP of 18 receive a low-drop
precedence, but with only Class 2 priority. Thus, the possibility of network news
traffic being dropped is low. See Also
How to Configure Flow Control in the IPQoS Configuration FileTo control the rate at which a particular traffic flow is released
onto the network, you must define parameters for the meter. You can use
either of the two meter modules, tokenmt or tswtclmt, in the IPQoS configuration file.
The next procedure continues to build the IPQoS configuration file for the
application server in Example 34-3. In the procedure, you configure not only the meter but
also two marker actions that are called within the meter action statement. Before You BeginThe steps assume that you have already defined a class and a
filter for the application to be flow-controlled.
- Open the IPQoS configuration file that you have created for the applications server.
In the /var/ipqos/BigAPPS.qos file, you begin after the following marker action: action {
module dscpmk
name markAF21
params {
global_stats FALSE
dscp_map{0-63:18}
next_action continue
}
}
- Create a meter action statement to flow-control traffic of the ftp class.
action { module tokenmt name meterftp - module tokenmt
Invokes thetokenmt meter.
- name meterftp
Gives the name meterftp to the action statement.
- Add parameters to configure the meter's rate.
params { committed_rate 50000000 committed_burst 50000000 - committed_rate 50000000
Assigns a transmission rate of 50,000,000 bps to traffic of the ftp class.
- committed_burst 50000000
Commits a burst size of 50,000,000 bits to traffic of the ftp class.
For an explanation of tokenmt parameters, refer to Configuring tokenmt as a Two-Rate Meter.
- Add parameters to configure traffic conformance precedences:
red_action markAF31 green_action_name markAF22 global_stats TRUE } } - red_action_name markAF31
Indicates that when the traffic flow of the ftp class exceeds the committed rate, packets are sent to the markAF31 marker action statement.
- green_action_name markAF22
Indicates that when traffic flows of class ftp conform to the committed rate, packets are sent to the markAF22 action statement.
- global_stats TRUE
Enables metering statistics for the ftp class.
For more information about traffic conformance, see Meter Module.
- Add a marker action statement to assign a per-hop behavior to nonconformant traffic
flows of class ftp.
action { module dscpmk name markAF31 params { global_stats TRUE dscp_map{0-63:26} next_action continue } } - module dscpmk
Invokes the marker module dscpmk.
- name markAF31
Gives the name markAF31 to the action statement.
- global_stats TRUE
Enables statistics for the ftp class.
- dscp_map{0–63:26}
Assigns a DSCP of 26 to the packet headers of the traffic class ftp whenever this traffic exceeds the committed rate.
- next_action continue
Indicates that no further processing is required on packets of the traffic class ftp. Then these packets can return to the network stream.
The DSCP of 26 instructs the marker to set all entries in the
dscp map to the decimal value 26 (binary 011010). The DSCP of 26
sets the AF31 per-hop behavior. The marker marks packets of the ftp traffic
class with the DSCP of 26 in the DS field. AF31 assures that all packets with a DSCP of 26 receive a
low-drop precedence, but with only Class 3 priority. Therefore, the possibility of nonconformant
FTP traffic being dropped is low. For a table of possible AF codepoints,
refer to Table 37-2.
- Add a marker action statement to assign a per-hop behavior to ftp traffic
flows that conform to the committed rate.
action { module dscpmk name markAF22 params { global_stats TRUE dscp_map{0-63:20} next_action continue } } - name markAF22
Gives the name markAF22 to the marker action.
- dscp_map{0–63:20}
Assigns a DSCP of 20 to the packet headers of the traffic class ftp whenever ftp traffic conforms to its configured rate.
The DSCP of 20 tells the marker to set all entries in
the dscp map to the decimal value 20 (binary 010100). The DSCP of
20 sets the AF22 per-hop behavior. The marker marks packets of the ftp
traffic class with the DSCP of 20 in the DS field. AF22 assures that all packets with a DSCP of 20 receive a medium-drop
precedence with Class 2 priority. Therefore, conformant FTP traffic is assured a medium-drop precedence
among flows that are simultaneously released by the IPQoS system. However, the router
gives a higher forwarding priority to traffic classes with a Class 1
medium-drop precedence mark or higher. For a table of possible AF codepoints, refer
to Table 37-2.
- Add the DSCPs that you have created for the application server to the
appropriate files on the Diffserv router.
See Also
|