Traffic Shaping In Netdefendos - D-Link NetDefend DFL-210 User Manual
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
10.1.2. Traffic Shaping in
NetDefendOS
Traffic Shaping Objectives
Traffic shaping operates by measuring and queuing IP packets with respect to a number of
configurable parameters. The objectives are:
•
Applying bandwidth limits and queuing packets that exceed configured limits, then sending
them later when bandwidth demands are lower.
•
Dropping packets if packet buffers are full. The packets to be dropped should be chosen from
those that are responsible for the congestion.
•
Prioritizing traffic according to administrator decisions. If traffic with a high priority increases
while a communication line is full, traffic with a low priority can be temporarily limited to make
room for the higher priority traffic.
•
Providing bandwidth guarantees. This is typically accomplished by treating a certain amount of
traffic (the guaranteed amount) as high priority. The traffic that is in excess of the guarantee then
has the same priority as other traffic, competing with all the other non-prioritized traffic.
Traffic shaping does not typically work by queuing up immense amounts of data and then sorting
out the prioritized traffic to send before sending non-prioritized traffic. Instead, the amount of
prioritized traffic is measured and the non-prioritized traffic is limited dynamically so that it will not
interfere with the throughput of prioritized traffic.
10.1.2. Traffic Shaping in NetDefendOS
NetDefendOS offers extensive traffic shaping capabilities for the packets passing through the
NetDefend Firewall. Different rate limits and traffic guarantees can be created as policies based on
the traffic's source, destination and protocol, similar to the way in which security policies are created
based on IP rules.
The two key components for traffic shaping in NetDefendOS are:
•
Pipes
•
Pipe Rules
Pipes
A Pipe is the fundamental object for traffic shaping and is a conceptual channel through which
packets of data can flow. It has various characteristics that define how traffic passing through it is
handled. As many pipes as are required can be defined by the administrator. None are defined by
default.
Pipes are simplistic in that they do not care about the types of traffic that pass through them nor the
direction of that traffic. They simply measure the data that passes through them and apply the
administrator configured limits for the pipe as a whole or for Precedences and/or Groups (these are
explained later in Section 10.1.6, "Precedences").
NetDefendOS is capable of handling hundreds of pipes simultaneously, but in reality most scenarios
require only a handful of pipes. It is possible that dozens of pipes might be needed in scenarios
where individual pipes are used for individual protocols. Large numbers of pipes might also be
Note: Traffic shaping will not work with the SIP ALG
Any traffic connections that trigger an IP rule with a service object that uses the SIP
ALG cannot be also subject to traffic shaping.
403
Chapter 10. Traffic Management
Advertisement
Table of Contents
Troubleshooting
