D-Link NetDefend DFL-210 User Manual page 391
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
10.1.12. More Pipe Examples
The reason for using 2 different pipes in this case, is that these are easier to match to the physical
link capacity. This is especially true with asynchronous links such as ADSL.
First, two pipes called in-pipe and out-pipe need to be created with the following parameters:
Pipe Name
in-pipe
out-pipe
Dynamic Balancing should be enabled for both pipes. Instead of PerDestIP and PerSrcIP we could
have used PerDestNet and PerSrcNet if there were several networks on the inside.
The next step is to create the following Pipe Rule which will force traffic to flow through the pipes.
Rule
Name
all_1mbps
The rule will force all traffic to the default precedence level and the pipes will limit total traffic to
their 1 Mbps limit. Having Dynamic Balancing enabled on the pipes means that all users will be
allocated a fair share of this capacity.
Using Several Precedences
We now extend the above example by allocating priorities to different kinds of traffic accessing the
Internet from a headquarters office.
Lets assume we have a symmetric 2/2 Mbps link to the Internet. We will allocate descending
priorities and traffic requirements to the following users:
•
Priority 6 - VoIP (500 kpbs)
•
Priority 4 - Citrix (250 kpbs)
•
Priority 2 - Other traffic (1000 kpbs)
•
Priority 0 - Web plus remaining from other levels
To implement this scheme, we can use the in-pipe and out-pipe. We first enter the Pipe Limits for
each pipe. These limits correspond to the list above and are:
•
Priority 6 - 500
•
Priority 4 - 250
•
Priority 2 - 1000
Now create the Pipe Rules:
Rule
Forward
Name
Pipes
web_surf
out-pipe
voip
out-pipe
citrix
out-pipe
other
out-pipe
Min Prec
Def Prec
0
0
0
0
Forward
Return
Pipes
Pipes
out-pipe
in-pipe
Return
Source
Pipes
Interface
in-pipe
lan
in-pipe
lan
in-pipe
lan
in-pipe
lan
Max Prec
Grouping
7
PerDestIP
7
PerSrcIP
Source
Source
Interface
Network
lan
lannet
Source
Destination
Network
Interface
lannet
wan
lannet
wan
lannet
wan
lannet
wan
391
Chapter 10. Traffic Management
Net size
Pipe limit
24
1000kb
24
1000kb
Destination
Destination
Interface
Network
wan
all-nets
Destination
Service
Network
all-nets
http_all
all-nets
H323
all-nets
citrix
all-nets
All
Service
all
Prec
0
6
4
2
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
