Differentiated Limits Using Chains - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
10.1.6. Precedences
Chapter 10. Traffic Management
The Incorrect Solution
Two "surfing" pipes for inbound and outbound traffic could be set up. However, it is not usually
required to limit outbound traffic since most web surfing usually consists of short outbound server
requests followed by long inbound responses.
A surf-in pipe is therefore first created for inbound traffic with a 125 kbps limit. Next, a new Pipe
Rule is set up for surfing that uses the surf-in pipe and it is placed before the rule that directs
everything else through the std-in pipe. That way web surfing traffic goes through the surf-in pipe
and everything else is handled by the rule and pipe created earlier.
Unfortunately this will not achieve the desired effect, which is allocating a maximum of 125 kbps to
inbound surfing traffic as part of the 250 kbps total. Inbound traffic will pass through one of two
pipes: one that allows 250 kbps, and one that allows 125 kbps, giving a possible total of 375 kbps of
inbound traffic but this exceeds the real limit of 250 kbps.
The Correct Solution
To provide the solution, create a chain of the surf-in pipe followed by the std-in pipe in the pipe
rule for surfing traffic. Inbound surfing traffic will now first pass through surf-in and be limited to a
maximum of 125 kbps. Then, it will pass through the std-in pipe along with other inbound traffic,
which will apply the 250 kbps total limit.
Figure 10.3. Differentiated Limits Using Chains
If surfing uses the full limit of 125 kbps, those 125 kbps will occupy half of the std-in pipe leaving
125 kbps for the rest of the traffic. If no surfing is taking place then all of the 250 kbps allowed
through std-in will be available for other traffic.
This does not provide a bandwidth guarantee for web browsing but instead limits it to 125 kbps and
provides a 125 kbps guarantee for everything else. For web browsing the normal rules of first-come,
first-forwarded will apply when competing for the 125 kbps bandwidth. This may mean 125 kbps,
but it may also mean much slower speed if the connection is flooded.
Setting up pipes in this way only puts limits on the maximum values for certain traffic types. It does
not give priorities to different types of competing traffic.
497
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
