D-Link DFL-260E User Manual page 470

10.1.10. More Pipe Examples
Total: 1700
• vpn-out
• Priority 6: VoIP 500 kpbs
• Priority 0: Best effort
Total: 1700
• in-pipe
• Priority 6: VoIP 500 kpbs
Total: 2000
• out-pipe
• Priority 6: VoIP 500 kpbs
Total: 2000
The following pipe rules are then needed to force traffic into the correct pipes and precedence
levels:
Rule
Name
vpn_voip_out
vpn_out
vpn_voip_in
vpn_in
out
in
With this setup, all VPN traffic is limited to 1700 kbps, the total traffic is limited to 2000 kbps and
VoIP to the remote site is guaranteed 500 kbps of capacity before it is forced to best effort.
SAT with Pipes
If SAT is being used, for example with a web server or ftp server, that traffic also needs to be forced
into pipes or it will escape traffic shaping and ruin the planned quality of service. In addition, server
traffic is initiated from the outside so the order of pipes needs to be reversed: the forward pipe is the
in-pipe and the return pipe is the out-pipe.
A simple solution is to put a "catch-all-inbound" rule at the bottom of the pipe rule. However, the
external interface (wan) should be the source interface to avoid putting into pipes traffic that is
coming from the inside and going to the external IP address. This last rule will therefore be:
Rule
Name
all-in
Forward Return Src
Pipes Pipes Int
vpn-out vpn-in lan
out-pipe in-pipe
vpn-out vpn-in lan
out-pipe in-pipe
vpn-in vpn-out vpn
in-pipe out-pipe
vpn-in vpn-out vpn
in-pipe out-pipe
out-pipe in-pipe lan
in-pipe out-pipe wan
Forward Return Source
Pipes Pipes Interface
in-pipe out-pipe wan
Source Dest
Network Int
lannet vpn vpn_remote_net
lannet vpn vpn_remote_net
vpn_remote_net lan
vpn_remote_net lan
lannet wan
all-nets lan
Source Dest
Network Interface
all-nets core
470
Chapter 10. Traffic Management
Destination Selected
Network Service
H323
All
lannet H323
lannet All
all-nets All
lannet All
Dest Selected Prece
Network Service dence
all-nets All
Prece
dence
6
0
6
0
0
0
0