Guarantees; Minimum And Maximum Pipe Precedence - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

10.1.7. Guarantees

The precedence defined as the minimum pipe precedence has a special meaning: it acts as the Best
Effort Precedence. All packets arriving at this precedence will always be processed on a "first come,
first forwarded" basis and cannot be sent to another precedence.
Packets with a higher precedence and that exceed the limits of that precedence will automatically be
transferred down into this Best Effort precedence and they will no longer be treated differently from
packets with lower priorities. This approach is used since a precedence limit is also a guarantee for
that precedence.
Figure 10.4. Minimum and Maximum Pipe Precedence
Precedences have no effect until the total bandwidth allocated for a pipe is reached. In other words
when the pipe is "full". At that point traffic is prioritized by NetDefendOS with higher precedence
packets being sent before lower precedence packets. The lower precedence packets are buffered. If
buffer space becomes exhausted then they are dropped.
Applying Precedences
Continuing from the previous example, we add the requirement that SSH and Telnet traffic is to
have a higher priority than all other traffic. To do this we add a Pipe Rule specifically for SSH and
Telnet and set the priority in the rule to be a higher priority, say 2. We specify the same pipes in this
new rule as are used for other traffic.
The effect of doing this is that the SSH and Telnet rule sets the higher priority on packets related to
these services and these packets are sent through the same pipe as other traffic. The pipe then makes
sure that these higher priority packets are sent first when the total bandwidth limit specified in the
pipe's configuration is exceeded. Lower priority packets will be buffered and sent when higher
priority traffic uses less than the maximum specified for the pipe. The buffering process is
sometimes referred to as "throttling back" since it reduces the flow rate.
The Need for Guarantees
A problem can occur however if the prioritized traffic is a continuous stream such as real-time
audio, resulting in continuous use all available bandwidth and resulting in unacceptably long
queuing times for other services such as surfing, DNS or FTP. A means is therefore required to
ensure that lower priority traffic gets some portion of bandwidth and this is done with Bandwidth
Guarantees.
10.1.7. Guarantees
385
Chapter 10. Traffic Management

Advertisement

Table of Contents
loading

Table of Contents