Quality Of Service / Bandwidth Management - Alcatel-Lucent Security Management Server (SMS) Release 9.4 Technical Overview

Alcatel-Lucent VPN Firewall Brick

Quality of Service / Bandwidth Management

...................................................................................................................................................................................................................................
Overview
Bandwidth Management features provide the ability to both guarantee service as well
as limit overloads, thereby helping to ensure the end-user experience is not
compromised, even during an attempted attack. Additionally, these features are
designed to help the Service Provider manage individual Customer bandwidth. This
feature works in conjunction with the specific Denial of Service Protection features
described in the next section.
Quality of Service features are provided via a Class-Based Queuing (CBQ) model.
Resources are allocated in a tree-like structure, by dividing them downwards into
Classes, from the root (the physical interface) all the way to the leaves (individual
sessions through a given Virtual Firewall). Packets that required more resource than
allocated can borrow resources if permitted, or are queued otherwise. Queued packets
will remain queued until either the queue fills up, in which case they will be cleared in
an as-needed basis, or until sufficient resources are freed, in which case they will be
transmitted.
The CBQ class hierarchy is predefined on the Brick; it has four distinct levels:
• Physical Port
• Virtual Firewall
• Policy Rule
• Session
Again, all QoS enforcement is provided on stateful traffic that traverses the Brick
device, so the session is affected, not just individual packets. Note that session-level
Quality-of-Service control provides a direct control and effect with respect to the user
experience.
Quality of service parameters may be specified at any level in the tree. In particular,
every Virtual Firewall, and every Firewall Policy Rule may have QoS parameters
configured. Offered parameters differ depending on the level, but the choices range
from the following:
Guarantees and limits on:
• New Sessions Per Second
• Packets Per Second
• Bits Per Second
Guarantees provide ways to ensure that a given session can borrow and burst up to
whatever capacity is desired, while still ensuring enough bandwidth for all users at
times of peak demand. Limits provide hard controls that the Brick device will enforce -
by dropping packets, if it becomes necessary.
...................................................................................................................................................................................................................................
260-100-022R9.4
Issue 1, June 2009
™
Security Appliance
1-19