Weblog

Crossbow flows is one of the new features introduced by Project Crossbow. The important aspects of flows are 1) how is a packet classified into a flow, 2) what happens once it has been classified and 3) how can you keep track of the flows' traffic.

Flow classification is straightforward and is apparent from how the flow is created with flowadm(1M) through the use of attributes.

#flowadm add-flow -l <link> -a <attribute> -p <property> <flowname>

• Flows can be created with one of the following sets of attributes
  • source ip
  • dest ip
  • transport/[local port]
  • dsfield/[mask]

It is important to note that you cannot combine attributes in one flow and you cannot add flows with different types of attributes on the same link. The only exceptions are transport + local port and dsfield + mask. This is required to avoid an overly complex set of restrictions as well as a complex (and slow) classifier. (Yes, we tried)

additionally...

• Flows must have unique names. Otherwise you wouldn't be able to delete a flow with only the name or make sense of statistics for flows with the same name.
• Flows are created on links. This includes the primary link like e1000g0 or bge0 as well as virtual links such as vnics, aggregations or vlans. Creating a flow on an etherstub doesn't really make sense and is not allowed.
• There must be at least 1 attribute for each flow. Without attributes, the flow would take all the traffic for a link and wouldn't be very useful.

Valid Flows

#flowadm add-flow -l vnic1 -a local_ip=10.1.1.1 flow1
#flowadm add-flow -l vnic1 -a local_ip=10.1.1.2 flow2
#flowadm add-flow -l vnic1 -a local_ip=10.1.1.3 flow3

#flowadm add-flow -l vnic2 -a remote_ip=192.168.0.4 flow4
#flowadm add-flow -l vnic2 -a remote_ip=192.168.0.5 flow5
#flowadm add-flow -l vnic2 -a remote_ip=192.168.0.6 flow6

#flowadm add-flow -l e1000g0 -a transport=tcp flowtcp
#flowadm add-flow -l e1000g0 -a transport=udp flowudp
#flowadm add-flow -l e1000g0 -a transport=sctp flowsctp

#flowadm add-flow -l nxge3 -a transport=tcp flowtcp
#flowadm add-flow -l nxge3 -a transport=tcp,port=80 flowhttp
#flowadm add-flow -l nxge3 -a transport=tcp,port=23 flowtelnet

#flowadm add-flow -l bge1 -a dsfield=0x3/oxff flowds3
#flowadm add-flow -l bge1 -a dsfield=0x4/oxff flowds4
#flowadm add-flow -l bge1 -a dsfield=0x5/oxff flowds5

Invalid Flows

#flowadm add-flow -l vnic1 -a local_ip=10.1.1.1 flow1
#flowadm add-flow -l vnic1 -a local_ip=10.1.1.2 flow1
(flows must have unique names)
 
#flowadm add-flow -l etherstub1 -a local_ip=10.1.1.1 flow1
(flows can't be created on etherstubs)
 
#flowadm add-flow -l vnic1 -a local_ip=10.1.1.1,remote_ip=192.168.0.4 flow1
(cannot have more than 1 type of attribute for one flow)
 
#flowadm add-flow -l vnic1 -a local_ip=10.1.1.1 flow1
#flowadm add-flow -l vnic2 -a remote_ip=192.168.0.4 flow4
(cannot have different types of attributes on different flows on one link)

( Jan 20 2009, 04:18:07 PM PST ) Permalink