beautypg.com

Amer Networks E5Web GUI User Manual

Page 677

background image

Rule
Name

Forward
Pipes

Return
Pipes

Source
Interface

Source
Network

Dest
Interface

Dest
Network

Selected
Service

Prece
dence

other

out-other
out-pipe

in-other
in-pipe

lan

lannet

wan

all-nets

all_services

2

Note that in-other and out-other are first in the pipe chain in both directions. This is because we
want to limit the traffic immediately, before it enters the in-pipe and out-pipe and competes with
VoIP, Citrix and Web-surfing traffic.

A VPN Scenario

In the cases discussed so far, all traffic shaping is occurring inside a single Clavister Security
Gateway. VPN is typically used for communication between a headquarters and branch offices in
which case pipes can control traffic flow in both directions. With VPN it is the tunnel which is the
source and destination interface for the pipe rules.

An important consideration which has been discussed previously, is allowance in the Pipe Total
values for the overhead used by VPN protocols. As a rule of thumb, a pipe total of 1700 bps is
reasonable for a VPN tunnel where the underlying physical connection capacity is 2 Mbps.

It is also important to remember to insert into the pipe all non-VPN traffic using the same
physical link.

The pipe chaining can be used as a solution to the problem of VPN overhead. A limit which allows
for this overhead is placed on the VPN tunnel traffic and non-VPN traffic is inserted into a pipe
that matches the speed of the physical link.

To do this we first create separate pipes for the outgoing traffic and the incoming traffic. VoIP
traffic will be sent over a VPN tunnel that will have a high priority. All other traffic will be sent at
the best effort priority (see above for an explanation of this term). Again, a 2/2 Mbps symmetric
link is assumed.

The pipes required will be:

vpn-in

Priority 6: VoIP 500 kpbs

Priority 0: Best effort

Total: 1700

vpn-out

Priority 6: VoIP 500 kpbs

Priority 0: Best effort

Total: 1700

in-pipe

Priority 6: VoIP 500 kpbs

Total: 2000

out-pipe

Priority 6: VoIP 500 kpbs

Chapter 10: Traffic Management

677

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: