Traffic Shaping In Netdefendos - D-Link NetDefend DFL-210 User Manual

10.1.3. Traffic Shaping in NetDefen-
dOS
• Prioritizing traffic according to the administrator's choice; if the traffic in a higher priority in-
creases while a communications line is full, traffic in lower priorities should be temporarily lim-
ited to make room for the high-priority traffic.
• Providing bandwidth guarantees. This is typically accomplished by treating a certain amount of
traffic (the guaranteed amount) as a higher priority, and traffic exceeding the guarantee as the
same priority as "any other traffic", which then gets to compete with the rest of the non-
prioritized traffic.
Well-built traffic shapers do not normally work by queuing up immense amounts of data and then
sorting out prioritized traffic to send before sending non-prioritized traffic. Rather, they attempt to
measure the amount of prioritized traffic and then limit the non-prioritized traffic dynamically so
that it won't interfere with the throughput of prioritized traffic.

10.1.3. Traffic Shaping in NetDefendOS

NetDefendOS offers extensive traffic shaping capailities. Since any D-Link Firewall is a central and
vital part of a network, there are many benefits of having it handle traffic control.
The D-Link traffic shaper has the following key features:
Pipe based
Close integration with the fire-
wall rule-set
Traffic prioritizing and band-
width limiting
Grouping
Dynamic bandwidth balancing
Pipe chaining
Traffic guarantees
IPsec integration
Traffic shaping in NetDefendOS is handled by a concept
based on "pipes", where each pipe has several prioritizing,
limiting and grouping possibilities. Individual pipes may be
chained in different ways to construct bandwidth management
units that far exceed the capabilities of one single pipe.
Each firewall rule may be assigned to one or more pipes, indi-
vidually.
Each pipe contains a number of priority levels, each with its
own bandwidth limit specified in kilobits per second and/or
packets per second. Limits may also be specified for the total
of the pipe.
Traffic through a pipe can be automatically grouped into pipe
users, where each pipe user can be configured in the same
way as the main pipe.
Traffic may be grouped with respect to a number of paramet-
ers, for instance source or destination IP network, IP address
or port number.
The traffic shaper can be used to dynamically balance the
bandwidth allocation of different pipe users if the pipe as a
whole has exceeded its limits.
This means that available bandwidth is evenly balanced with
respect to the chosen grouping for the pipe.
When pipes are assigned to rules, up to eight pipes may be
connected to form a chain. This permits filtering and limiting
to be handled in a very sophisticated manner.
With the proper pipe configuration, traffic shaping may be
used to guarantee bandwidth (and thereby quality) for traffic
through the firewall.
Bandwidth and priorities may be configured for IPsec VPN
tunnels as well as for ordinary firewall rules.
210
Chapter 10. Traffic Management