The precedence defined as the minimum pipe precedence has a special meaning: it acts as the Best
Effort Precedence. All packets arriving at this precedence will always be processed on a "first come,
first forwarded" basis and cannot be sent to another precedence.
Packets with a higher precedence and that exceed the limits of that precedence will automatically be
transferred down into this Best Effort precedence and they will no longer be treated differently from
packets with lower priorities. This approach is used since a precedence limit is also a guarantee for
that precedence.
Figure 10.4. Minimum and Maximum Pipe Precedence
Precedences have no effect until the total bandwidth allocated for a pipe is reached. In other words
when the pipe is "full". At that point traffic is prioritized by NetDefendOS with higher precedence
packets being sent before lower precedence packets. The lower precedence packets are buffered. If
buffer space becomes exhausted then they are dropped.
Applying Precedences
Continuing from the previous example, we add the requirement that SSH and Telnet traffic is to
have a higher priority than all other traffic. To do this we add a Pipe Rule specifically for SSH and
Telnet and set the priority in the rule to be a higher priority, say 2. We specify the same pipes in this
new rule as are used for other traffic.
The effect of doing this is that the SSH and Telnet rule sets the higher priority on packets related to
these services and these packets are sent through the same pipe as other traffic. The pipe then makes
sure that these higher priority packets are sent first when the total bandwidth limit specified in the
pipe's configuration is exceeded. Lower priority packets will be buffered and sent when higher
priority traffic uses less than the maximum specified for the pipe. The buffering process is
sometimes referred to as "throttling back" since it reduces the flow rate.
The Need for Guarantees
A problem can occur however if the prioritized traffic is a continuous stream such as real-time
audio, resulting in continuous use all available bandwidth and resulting in unacceptably long
queuing times for other services such as surfing, DNS or FTP. A means is therefore required to
ensure that lower priority traffic gets some portion of bandwidth and this is done with Bandwidth
Guarantees.
10.1.7. Guarantees
10.1.7. Guarantees
Chapter 10. Traffic Management
385
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...