D-Link DFL-260 Product Manual - Page 455
Pipe Groups, A Port Grouping Includes the IP Address, Grouping by Networks Requires the Size
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 455 highlights
10.1.7. Pipe Groups Chapter 10. Traffic Management Set the priority assignment for both rules to Use defaults from first pipe; the default precedence of both the ssh-in and telnet-in pipes is 2. Using this approach rather than hard-coding precedence 2 in the rule set, you can easily change the precedence of all SSH and Telnet traffic by changing the default precedence of the ssh-in and telnet-in pipes. Notice that we did not set a total limit for the ssh-in and telnet-in pipes. We do not need to since the total limit will be enforced by the std-in pipe at the end of the respective chains. The ssh-in and telnet-in pipes act as a "priority filter": they make sure that no more than the reserved amount, 64 and 32 kbps, respectively, of precedence 2 traffic will reach std-in. SSH and Telnet traffic exceeding their guarantees will reach std-in as precedence 0, the best-effort precedence of the std-in and ssh-in pipes. Note: The return chain ordering is important Here, the ordering of the pipes in the return chain is important. Should std-in appear before ssh-in and telnet-in, then traffic will reach std-in at the lowest precedence only and hence compete for the 250 kbps of available bandwidth with other traffic. 10.1.7. Pipe Groups NetDefendOS provides a further level of control within pipes through the ability to split pipe bandwidth into individual resource users within a group and to apply a limit and guarantee to each user. Individual users can be distinguished according to one of the following: • Source IP • Destination IP • Source Network • Destination Network • Source Port (includes the IP) • Destination Port (includes the IP) • Source Interface • Destination Interface This feature is enabled by enabling the Grouping option in a pipe. The individual users of a group can then have a limit and/or guarantee specified for them in the pipe. For example, if grouping is done by source IP then each user corresponds to each unique source IP address. A Port Grouping Includes the IP Address If a grouping by port is selected then this implicitly also includes the IP address. For example, port 1024 of host computer A is not the same as port 1024 of host computer B. It is the combination of port and IP address that identifies a unique user in a group. Grouping by Networks Requires the Size If the grouping is by source or destination network then the network size must also be specified In other words the netmask for the network must be specified for NetDefendOS. 455