D-Link DFL-260 Product Manual - Page 465
IDP Traffic Shaping, 10.2.1. Overview, 10.2.2. Setting Up IDP Traffic Shaping
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 465 highlights
10.2. IDP Traffic Shaping Chapter 10. Traffic Management 10.2. IDP Traffic Shaping 10.2.1. Overview The IDP Traffic Shaping feature is traffic shaping that is performed based on information coming from the NetDefendOS Intrusion Detection and Prevention (IDP) subsystem (for more information on IDP see Section 6.5, "Intrusion Detection and Prevention"). Application Related Bandwidth Usage A typical problem that can be solved with IDP Traffic Shaping is dealing with the traffic management issues caused by bandwidth hungry applications. A typical example of this is traffic related to peer-to-peer (P2P) data transfer applications which include such things as Bit Torrent and Direct Connect. The high traffic loads created by P2P transfers can often have a negative impact on the quality of service for other network users as bandwidth is quickly absorbed by such applications. An ISP or a corporate network administrator may therefore need to identify and control the bandwidth consumed by these applications and IDP Traffic Shaping can provide this ability. Combining IDP and Traffic Shaping One of the issues with controlling a traffic type such as P2P is to be able to distinguish it from other traffic. The signature database of NetDefendOS IDP already provides a highly effective means to perform this recognition and as an extension to this, NetDefendOS also provides the ability to apply throttling through the NetDefendOS traffic shaping subsystem when the targeted traffic is recognized. IDP Traffic Shaping is a combination of these two features, where traffic flows identified by the IDP subsystem automatically trigger the setting up of traffic shaping pipes to control those flows. 10.2.2. Setting Up IDP Traffic Shaping The steps for IDP Traffic Shaping setup are as follows: 1. Define an IDP rule that triggers on targeted traffic. The IDP signature chosen determines which traffic is to be targeted and the signature usually has the word "POLICY" in its name which indicates it relates to specific applications types. 2. Select the rule's action to be the Pipe option. This specifies that IDP Traffic Shaping is to be performed on the connection that triggers the rule and on subsequent, related connections. 3. Select a Bandwidth value for the rule. This is the total bandwidth that will be allowed for the targeted traffic. The traffic measured is the combination of the flow over the triggering connection plus the flow from any associated connections, regardless of flow direction. Connections opened before IDP triggered will not be subject to any restriction. 4. Optionally enter a Time Window in seconds. This will be the period of time after rule triggering during which traffic shaping is applied to any associated connections that are opened. Typically, a P2P transfer starts with an initial connection to allow transfer of control 465