The precedence defined as the minimum pipe precedence has a special meaning: it acts as the Best
Effort Precedence. All packets arriving at this precedence will always be processed on a "first come,
first forwarded" basis and cannot be sent to another precedence.
Packets with a higher precedence and that exceed the limits of that precedence will automatically be
transferred down into this Best Effort precedence and they will no longer be treated differently from
packets with lower priorities. This approach is used since a precedence limit is also a guarantee for
that precedence.
Figure 10.4. Minimum and Maximum Pipe Precedence
Precedences have no effect until the total bandwidth allocated for a pipe is reached. In other words
when the pipe is "full". At that point traffic is prioritized by NetDefendOS with higher precedence
packets being sent before lower precedence packets. The lower precedence packets are buffered. If
buffer space becomes exhausted then they are dropped.
Applying Precedences
Continuing from the previous example, we add the requirement that SSH and Telnet traffic is to
have a higher priority than all other traffic. To do this we add a Pipe Rule specifically for SSH and
Telnet and set the priority in the rule to be a higher priority, say 2. We specify the same pipes in this
new rule as are used for other traffic.
The effect of doing this is that the SSH and Telnet rule sets the higher priority on packets related to
these services and these packets are sent through the same pipe as other traffic. The pipe then makes
sure that these higher priority packets are sent first when the total bandwidth limit specified in the
pipe's configuration is exceeded. Lower priority packets will be buffered and sent when higher
priority traffic uses less than the maximum specified for the pipe. The buffering process is
sometimes referred to as "throttling back" since it reduces the flow rate.
The Need for Guarantees
A problem can occur however if the prioritized traffic is a continuous stream such as real-time
audio, resulting in continuous use all available bandwidth and resulting in unacceptably long
queuing times for other services such as surfing, DNS or FTP. A means is therefore required to
ensure that lower priority traffic gets some portion of bandwidth and this is done with Bandwidth
Guarantees.
10.1.7. Guarantees
10.1.7. Guarantees
Chapter 10. Traffic Management
385
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...