System Administration Commands ipqosconf(1M)
NAME
ipqosconf - configure the IPQoS facility
SYNOPSIS
/usr/sbin/ipqosconf
/usr/sbin/ipqosconf -a conffile [-vs]
/usr/sbin/ipqosconf -c
/usr/sbin/ipqosconf -f
/usr/sbin/ipqosconf -l
/usr/sbin/ipqosconf -L
DESCRIPTION
The ipqosconf utility configures the Quality of Service
facility of the Internet Protocol (IP). Only superusers can
use this command.
Without arguments, ipqosconf displays the actual IPQoS con-
figuration.
Configuration is not preserved across reboot. You must apply
the configuration every time that the machine reboots. To
apply the configuration early in the boot phase, you can
populate the /etc/inet/ipqosinit.conf file, which is then
read from the svc:/network/initial:default service.
OPTIONS
The following options are supported:
-a conffile Apply the configuration in conffile. If the
conffile is -, ipqosconf reads from stan-
dard input.
-c Populate the boot file with the current con-
figuration.
-f Flush the configuration.
SunOS 5.11 Last change: 18 Dec 2008 1
System Administration Commands ipqosconf(1M)
-l List the current applied configuration.
-L List the current configuration in verbose
mode.
In addition to the information that the -l
option provides, the -L option provides
filters and classes configured through other
means than the iqposconf command. This
option also provides the full set of filters
that were created by ipqosconf by represent-
ing a multi-homed host in a configuration
file
-s Log messages to syslog during an -a opera-
tion.
-v Toggle verbose mode during an -a operation.
The -v option causes all messages to go to
the console in addition to their normal des-
tination. Messages intended to go to syslog,
because the -s flag is set or because it is
a log message, still go to syslog as well as
the console.
CONFIGURATION FILE
The configuration file is composed of a format version and a
succession of configuration (action) blocks. There are dif-
ferent configuration blocks for each type of action that is
being configured.
Format Version
The first line of the configuration file specifies the for-
mat version contained in the configuration file.
The following entry specifies the format version:
fmtversion x.x
where x.x is the format version. 1.0 is the only supported
version.
Configuration Blocks
SunOS 5.11 Last change: 18 Dec 2008 2
System Administration Commands ipqosconf(1M)
Following the format version, are a succession of configura-
tion (action) blocks that are different for each type of
action being configured. A configuration block always has
the following structure:
action {
name actionname
module modulename
paramsclause ""
cfclauses
}
actionname ::= string
modulename ::= ipgpc dlcosmk dscpmk flowacct tswtclmt
tokenmt
paramsclause ::= params {
parameters
paramsstats ""
}
parameters ::= prmnamevalue parameters ""
prmnamevalue ::= paramname paramvalue
Modules
The paramname and the types of paramvalue are specific to
a given module.
paramsstats ::= globalstats boolean
cfclauses ::= classclause cfclauses
filterclause cfclauses ""
classclause ::= class {
name classname
nextaction nextactionname
classstats ""
}
classname ::= string
nextactionname ::= string
classstats ::= enablestats boolean
boolean ::= TRUE FALSE
filterclause ::= filter {
name filtername
class classname
parameters
}
SunOS 5.11 Last change: 18 Dec 2008 3
System Administration Commands ipqosconf(1M)
filtername ::= string
There must be exactly one configuration block belonging to
module ipgpc. The action must be named ipgpc.classify. All
other actions should be reachable from ipgpc by way of
parameters of type action or the nextaction of a class.
The set of types that are used for parameters of the dif-
ferent modules are:
action ::= string
protocol ::= 1..255
port ::= 1..65535
uint8 ::= 0..255
uint32 ::= 0..4294967296
int32 ::= -2147483648..2147483648
address ::=
ifname ::=
enum ::= string { stringlist }
boolean ::= TRUE FALSE
integerarray ::= { rangevaluelist }
mapindex ::= uint32
address ::= ipaddress ipnodename
user ::= uid username
uid ::= 0..65535
username ::= string
stringlist ::= string slentrys
slentrys ::= ',' string slentrys ""
rangevaluelist ::= rangevalueentry rangevalueentrys
rangevalueentry ::= range ':' integerarrayvalue
range ::= uint32 '-' uint32
integerarrayvalue ::= string integerarraynumber
integerarraynumber ::= uint8 uint32
rangevalueentrys ::= ';' rangevalueentry rangevalueentrys ""
ipnodename ::= string
ipaddress ::= v4address v6address
v4address ::= v4ipaddress / v4cidrmask
v4ipaddress
v4cidrmask ::= 1-32
v6address ::= v6ipaddress / v6cidrmask
v6ipaddress
v6cidrmask ::= 1-128
METER module tokenmt configuration syntax:
SunOS 5.11 Last change: 18 Dec 2008 4
System Administration Commands ipqosconf(1M)
redactionname action
yellowactionname action
greenactionname action
committedrate uint32
committedburst uint32
peakrate uint32
peakburst uint32
coloraware boolean
colormap integerarray
globalstats boolean
METER module tswtclmt configuration syntax:
redactionname action
yellowactionname action
greenactionname action
committedrate uint32
peakrate uint32
window uint32
globalstats boolean
MARKER module dscpmk configuration syntax:
nextaction action
dscpmap intarray
dscpdetailedstats boolean
globalstats boolean
MARKER module dlcosmk configuration syntax:
nextaction action
cos mapindex
globalstats boolean
CLASIFIER module ipgpc configuration syntax:
user user
SunOS 5.11 Last change: 18 Dec 2008 5
System Administration Commands ipqosconf(1M)
projid int32
ifname ifname
direction enum {
LOCALIN,
LOCALOUT,
FWDIN,
FWDOUT}
protocol protocol
dsfield uint8
dsfieldmask uint8
saddr address
daddr address
sport port
dport port
priority uint32
precedence uint32
ipversion enum {
V4,
V6 }
globalstats boolean
ACOUNTING module flowacct configuration syntax:
nextaction action
timer uint32
timeout uint32
maxlimit uint32
Types
action A string of characters with a matching
action definition. The character string can
be up to twenty three characters in length.
To allow for spaces the string needs to be
enclosed in quotes and cannot span lines.
Two special actions are pre-defined and can
not have an explicit action definition. The
two pre-defined actions are continue and
drop. continue causes the packet that is
passed to it to continue normal processing.
drop causes the packet that is passed to it
to be dropped.
address A machine name or address recognized by
getipnodebyname(3SOCKET). If a machine name
is specified, and ipversion has been
defined, the query is done using that
SunOS 5.11 Last change: 18 Dec 2008 6
System Administration Commands ipqosconf(1M)
address family. If a machine name is not
specified and ipversion has not been
defined, the query is done using the
AIDEFAULT flag to
getipnodebyname()(..AFINET6..). CIDR
address masks following an IP address are
allowed. Specify the CIDR address masks as
1-32 (for v4) or 1-128 (for v6). CIDR
addresses are disallowed for node names.
enum Either one of the supported values or comma
delimited list of support values, enclosed
in curly braces.
ifname A non-NUL, existing interface name recog-
nized by the SIOGLIFINDEX socket ioctl.
integerarray A comma delimited set of range/value pairs,
enclosed in curly braces.
Specify range in the format x-y, where x
and y are integers that denote the range of
array indexes to which the value applies.
The minimum value for both x and y is 0.
The maximum value for x is particular to
the parameter. Any array indexes not
referred to in the set of ranges are left
at their previous value.
mapindex A non-negative integer used as an index
into any maps associated with a parameter
of this type.
The maximum value of this type is dictated
by the number of entries in the associated
maps. The index starts at 0.
port Either a service name recognized by
getservbyname(3SOCKET) or an integer 1-
65535.
protocol Either a protocol name recognized by
getprotobyname(3SOCKET) or an integer 1-
255.
SunOS 5.11 Last change: 18 Dec 2008 7
System Administration Commands ipqosconf(1M)
string A character string. Enclose string in
quotes. string cannot span multiple lines.
user Either a valid user ID or username for the
system that is being configured.
Parameters
The configuration file can contain the following parameters
coloraware A value of TRUE or FALSE, indicating
whether or not the configured action
takes account of the previous packet
coloring when classifying.
colormap An integer array that defines which
values of the dscp field correspond
with which colors for when the
coloraware parameter is set to TRUE.
committedburst The committed burst size in bits.
committedrate The committed rate in bits per
second.
cos The value used to determine the
underlying driver level priority
applied to the packet which is
defined in 802.1D.
daddr The destination address of the
datagram.
direction The value used to build a filter
matching only part of the traffic.
This parameter is of type enum with
valid values of LOCALIN (local bound
traffic), LOCALOUT (local sourced
traffic), FWDIN (forwarded traffic
entering the system), and FWDOUT
(forwarded traffic exiting the sys-
tem).
SunOS 5.11 Last change: 18 Dec 2008 8
System Administration Commands ipqosconf(1M)
dport The destination port of the datagram.
dscpdetailedstats A value of TRUE or FALSE that deter-
mines whether detailed statistics are
switched on for this dscp action.
Specify TRUE to switch on or FALSE to
switch off.
dscpmap The integerarray that supplies the
values that IP packets with a given
dscp value have their dscp re-marked
with.
The existing value is used to index
into the array where the new value is
taken from. The array is of size 64,
meaning valid indexes are 0-63 and
valid values are also 0-63.
dsfield The DS field of the IP datagram
header. This is an 8-bit value, with
each bit position corresponding with
the same one in the header; this
enables matches to be done on the CU
bits. If you specify this parameter,
you must also specify the
dsfieldmask parameter.
dsfieldmask The mask applied to the dsfield
parameter to determine the bits
against which to match. This is an
8-bit value, with each bit position
corresponding with the same one in
the dsfield parameter.
globalstats A value of TRUE or FALSE to enable or
disable the statistic collection for
this action.
greenactionname The action to be executed for packets
that are deemed to be green.
ifname The name of an interface recognized
by the SIOGLIFINDEX ioctl. This
SunOS 5.11 Last change: 18 Dec 2008 9
System Administration Commands ipqosconf(1M)
parameter is of type ifname.
ipversion This parameter is of type enum and
has valid values of V4 and V6.
If it is set to V4 only then only
ipv4addresses are requested for a
specified hostname. If it is set to
V6, only ipv6 addresses are returned
if there are any, otherwise v4 mapped
v6 addresses are returned. If both V4
and V6 are specified, or if
ipversion is not specified, then
both ipv4 and ipv6 addresses are
requested for a specified hostname.
maxlimit The maximum number of flow entries
present at one time in the flowacct
actions in the memory resident table.
nextaction The action to be executed when the
current action is complete.
This value can be either the name of
an action defined in the configura-
tion file, or one of the two special
action types: drop and continue.
peakburst The peak burst size, for a two rate
meter, or excess burst size, for a
single rate meter, in bits.
peakrate The peak rate in bits per second.
precedence An integer that is used to order
filters. If there are two matching
filters that have the same priority
value, the one with the lower pre-
cedence value is the one matched.
This parameter should be used because
the order of the filters in a confi-
guration file has no influence on
their relative precedence.
SunOS 5.11 Last change: 18 Dec 2008 10
System Administration Commands ipqosconf(1M)
priority An integer that represents the rela-
tive priority of a filter. If there
are two matching filters, the one
with the higher priority value is the
one matched. Multiple filters can
have the same priority.
projid The project ID of the process sending
the data. This value is always -1 for
received traffic.
protocol The Upper Layer Protocol against
which this entry is matched.
redactionname The action to be executed for packets
that are determined to be red.
saddr The source address of the datagram.
sport The source port of the datagram.
timeout The timeout in milliseconds after
which flows are written to the
accounting file.
timer The period in milliseconds at which
timed-out flows are checked for.
user The user ID or username of the pro-
cess sending the data. This value is
always -1 for received traffic.
window The window size in ms.
yellowactionname The action to be executed for packets
that are determined to be yellow.
SECURITY
None.
SunOS 5.11 Last change: 18 Dec 2008 11
System Administration Commands ipqosconf(1M)
EXAMPLES
Example 1 Sending All Traffic From eng to the AF 1 Class of
Service
This example sends all traffic from eng to the AF 1 class of
service. It is documented in four separate steps:
The following step creates a tokenmt action with three out-
comes:
#meter for class 1.
action {
name AFCL1
module tokenmt
params{
committedrate 64
committedburst 75
peakburst 150
globalstats TRUE
redactionname drop
yellowactionname markAF12
greenactionname markAF11
}
}
The following step creates two dscpmk actions:
#class 1, low drop precedence.
action {
name markAF11
module dscpmk
params{
dscpmap {0-63:28}
dscpdetailedstats TRUE
globalstats TRUE
nextaction acct1
}
}
#class 1, medium drop precedence.
action {
name markAF12
module dscpmk
params {
dscpmap {0-63:30}
SunOS 5.11 Last change: 18 Dec 2008 12
System Administration Commands ipqosconf(1M)
dscpdetailedstats TRUE
globalstats TRUE
nextaction acct1
}
}
The following step creates an accounting action:
#billing for transmitted class 1 traffic.
action {
name acct1
module flowacct
params {
timer 10
timeout 30
globalstats TRUE
maxlimit 1024
nextaction continue
}
}
The following step creates an ipgpc action:
#traffic from eng sent, traffic from ebay dropped.
action {
name ipgpc.classify
module ipgpc
class {
name fromeng
enablestats TRUE
nextaction AFCL1
}
class {
name fromebay
enablestats TRUE
nextaction drop
}
filter {
name fromeng
saddr eng-subnet
class fromeng
}
filter {
SunOS 5.11 Last change: 18 Dec 2008 13
System Administration Commands ipqosconf(1M)
name fromebay
saddr ebay-subnet
class fromebay
}
}
FILES
/etc/inet/ipqosinit.conf
Contains the IPQoS configuration loaded at boot time. If
this file exists, it is read from the
network/initial:default service.
/etc/inet/ipqosconf.1.sample
Sample configuration file for an application server
/etc/inet/ipqosconf.2.sample
Sample configuration file that meters the traffic for a
specified application
/etc/inet/ipqosconf.3.sample
Sample configuration file that marks the ethernet
headers of web traffic with a given user priority
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWqosu
Interface Stability Evolving
SEE ALSO
syslog(3C), getipnodebyname(3SOCKET),
getprotobyname(3SOCKET), getservbyname(3SOCKET), attri-
butes(5), dlcosmk(7IP), dscpmk(7IP), flowacct(7IP),
SunOS 5.11 Last change: 18 Dec 2008 14
System Administration Commands ipqosconf(1M)
ipgpc(7IP), ipqos(7IP), tokenmt(7IP), tswtclmt(7IP)
DIAGNOSTICS
ipqosconf sends messages to syslog of facility user, sever-
ity notice when any changes are made to the IPQoS configura-
tion.
Errors that occur during an ipqosconf operation send an
error message to the console by default. For the application
of a new configuration if the -s option is set then these
messages are sent to syslog as facility user, severity error
instead. If the -v option is present during an application
then all error and change notificationmessages are sent to
the console as well as their default destination.
SunOS 5.11 Last change: 18 Dec 2008 15
|
