10.2. IDP Traffic Shaping
10.2.1. Overview
The
IDP Traffic Shaping
feature is traffic shaping that is performed based on information coming
from the NetDefendOS
Intrusion Detection and Prevention
(IDP) subsystem (for more information
on IDP see
Section 6.6, “Intrusion Detection and Prevention”
).
Application Related Bandwidth Usage
A typical problem that can be solved with IDP Traffic Shaping is dealing with the traffic
management issues caused by bandwidth hungry applications. A typical example of this is traffic
related to peer-to-peer (P2P) data transfer applications which include such things as
Bit Torrent
and
Direct Connect
.
The high traffic loads created by P2P transfers can often have a negative impact on the quality of
service for other network users as bandwidth is quickly absorbed by such applications. An ISP or
a corporate network administrator may therefore need to identify and control the bandwidth
consumed by these applications and IDP Traffic Shaping can provide this ability.
Combining IDP and Traffic Shaping
One of the issues with controlling a traffic type such as P2P is to be able to distinguish it from
other traffic. The signature database of NetDefendOS IDP already provides a highly effective
means to perform this recognition and as an extension to this, NetDefendOS also provides the
ability to apply throttling through the NetDefendOS traffic shaping subsystem when the
targeted traffic is recognized.
IDP Traffic Shaping is a combination of these two features, where traffic flows identified by the
IDP subsystem automatically trigger the setting up of traffic shaping pipes to control those flows.
10.2.2. Setting Up IDP Traffic Shaping
The steps for IDP Traffic Shaping setup are as follows:
1.
Define an IDP rule that triggers on targeted traffic.
The IDP signature chosen determines which traffic is to be targeted and the signature
usually has the word "
POLICY
" in its name which indicates it relates to specific applications
types.
2.
Select the rule's action to be the Pipe option.
This specifies that IDP Traffic Shaping is to be performed on the connection that triggers the
rule and on subsequent, related connections.
3.
Select a Bandwidth value for the rule.
This is the total bandwidth that will be allowed for the targeted traffic. The traffic measured
is the combination of the flow over the triggering connection plus the flow from any
associated connections, regardless of flow direction.
Connections opened before IDP triggered will not be subject to any restriction.
4.
Optionally enter a Time Window in seconds.
Chapter 10: Traffic Management
798
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...