Traffic Shaping In Netdefendos - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
10.1.2. Traffic Shaping in
NetDefendOS
•
Providing bandwidth guarantees. This is typically accomplished by treating a certain amount of
traffic (the guaranteed amount) as high priority. Traffic exceeding the guarantee then has the
same priority as "any other traffic", and competes with the rest of the non-prioritized traffic.
Traffic shaping doesn't typically work by queuing up immense amounts of data and then sorting out
the prioritized traffic to send before sending non-prioritized traffic. Instead, the amount of
prioritized traffic is measured and the non-prioritized traffic is limited dynamically so that it won't
interfere with the throughput of prioritized traffic.
10.1.2. Traffic Shaping in NetDefendOS
NetDefendOS offers extensive traffic shaping capabilities for the packets passing through a D-Link
Firewall. Different rate limits and traffic guarantees can be created as policies based on the traffic's
source, destination and protocol, similar to the way in which IP rule set policies are created.
The two key components for traffic shaping in NetDefendOS are:
•
Pipes
•
Pipe Rules
Pipes
A Pipe is the fundamental object for traffic shaping and is a conceptual channel through which
packets of data can flow. It has various characteristics that define how traffic passing through it is
handled. As many pipes as are required can be defined by the administrator. None are defined by
default.
Pipes are simplistic in that they do not care about the types of traffic that pass through them nor the
direction of that traffic. They simply measure the data that passes through them and apply the
administrator configured limits for the pipe as a whole or for Precedences and/or Groups (these are
explained below).
NetDefendOS is capable of handling hundreds of pipes simultaneously, but in reality most scenarios
require only a handful of pipes. It is possible dozens of pipes may be needed in scenarios where
individual pipes are used for individual protocols (or in ISP cases, clients).
Pipe Rules
Pipe Rules make up the Pipe Rule set. Each Rule is defined much like other NetDefendOS policies:
by specifying the source/destination interface/network as well as the Service to which the rule is to
apply. Once a new connection is permitted by the IP rule set, the Pipe rule set is always checked for
matching rules and in the same way, by going from top to bottom. The first matching Pipe Rule, if
any, is used for traffic shaping. The Pipe rule set is initially empty.
When a Pipe Rule is defined, the pipes to be used with that rule are also specified and they are
placed into one of two lists in the Pipe Rule. These lists are:
•
The Forward Chain
These are the pipes that will be used for outgoing (leaving) traffic from the D-Link Firewall.
One, none or a series of pipes may be specified.
•
The Return Chain
These are the pipes that will be used for incoming (arriving) traffic. One, none or a series of
pipes may be specified.
268
Chapter 10. Traffic Management
Advertisement
Table of Contents
