Creating Differentiated Limits With Chains - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

10.1.5. Creating Differentiated Limits
with Chains
gw-world:/> add Pipe std-out LimitKbpsTotal=2000
Web Interface
1.
Go to Traffic Management > Traffic Shaping > Pipes > Add > Pipe
2.
Specify a name for the pipe, eg. std-out
3.
Enter 2000 in Total textbox
4.
Click OK
After creating a pipe for outbound bandwidth control, add it to the forward pipe chain of the rule created in the
previous example:
CLI
gw-world:/> set PipeRule Outbound ForwardChain=std-out
Web Interface
1.
Go to Traffic Management > Traffic Shaping > Pipe Rules
2.
Right-click on the piperule you created in the previous example and choose Edit
3.
Under the Traffic Shaping tab, select std-out in the Forward Chain list
4.
Click OK
This results in all outbound connections being limited to 2 Mbps in each direction.

10.1.5. Creating Differentiated Limits with Chains

In the previous examples a static traffic limit for all outbound connections was applied. What if we
want to limit web surfing more than other traffic? We could set up two "surfing" pipes for inbound
and outbound traffic. However, we most likely won't need to limit outbound traffic because surfing
usually consists of short outbound requests followed by long inbound answers. Let's assume the
total bandwidth limit is 250 kbps and 125 kbps of that is to be allocated to web surfing inbound
traffic. A surf-in pipe is therefore setup for inbound traffic with a 125 kbps limit.
Next a new Pipe Rule is set up for surfing that uses the surf-in pipe and it is placed before the rule
that directs "everything else" through the std-in pipe. That way surfing traffic goes through the
surf-in pipe and everything else is handled by the rule and pipe created earlier.
Unfortunately this will not achieve the desired effect, which is allocating a maximum of 125 kbps to
inbound surfing traffic as part of the 250 kbps total. Inbound traffic will pass through one of two
pipes: one that allows 250 kbps, and one that allows 125 kbps, giving a possible total of 375 kbps of
inbound traffic.
To solve this we create a chain of the surf-in pipe followed by the std-in pipe in the surfing traffic
Pipe Rule. Inbound surf traffic will now first pass through surf-in and be limited to a maximum of
125 kbps. Then, it will pass through the std-in pipe along with other inbound traffic, which will
apply the 250 kbps total limit. If surfing uses the full limit of 125 kbps, those 125 kbps will occupy
half of the std-in pipe leaving 125 kbps for the rest of the traffic. If no surfing is taking place then
all of the 250 kbps allowed through std-in will be available for other traffic.
This is not a bandwidth guarantee for web browsing but it is a 125 kbps bandwidth guarantee for
everything except web browsing. For web browsing the normal rules of first-come, first-forwarded
will apply when competing for bandwidth. This may mean 125 kbps, but it may also mean much
slower speed if the connection is flooded.
271
Chapter 10. Traffic Management

Advertisement

Table of Contents
loading

Table of Contents