1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Groups; Traffic Grouped Per Ip Address - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

10.1.9. Groups

telnet-in pipes.
Notice that we did not set a total limit for the ssh-in and telnet-in pipes. We do not need to since the
total limit will be enforced by the std-in pipe at the end of the respective chains.
The ssh-in and telnet-in pipes act as a "priority filter": they make sure that no more than the
reserved amount, 64 and 32 kbps, respectively, of precedence 2 traffic will reach std-in. SSH and
Telnet traffic exceeding their guarantees will reach std-in as precedence 0, the best-effort
precedence of the std-in and ssh-in pipes.
10.1.9. Groups
NetDefendOS provides further granularity of control within pipes through the ability to split pipe
bandwidth according to either the packet's source/destination network, IP, port or interface. This is
referred to as creating Groups where the members of a group, sometimes called the users, can have
limits and guarantees applied to them. The most common usage of this division of traffic is to group
by IP or interface.
If grouping by port is used then this implicitly also includes the IP address so that port 1024 of
computer A is not the same as port 1024 of computer B and individual connections are indentifiable.
If grouping by network is chosen, the network size should be also be specified (this has the same
meaning as the netmask).
A Simple Groups Scenario
If the total bandwidth limit for a pipe is 400 bps and we want to allocate this bandwidth amongst
many destination IP adddresses so no one IP address can take more then 100 bps of bandwidth, we
select "Per DestIP" grouping and enter the total limit for the grouping as 100 bps. Bandwidth is then
allocated on a "first come, first forwarded" basis but no one destination IP address can ever take
more than 100 bps. No matter how many connections are involved the combined total bandwidth
can still not excede the pipe limit of 400 bps.
Figure 10.4. Traffic grouped per IP address.
Note
Here, the ordering of the pipes in the return chain is important. Should std-in appear
before ssh-in and telnet-in, then traffic will reach std-in at the lowest precedence only
and hence compete for the 250 kbps of available bandwidth with other traffic.
275
Chapter 10. Traffic Management

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents