D-Link DFL-260E User Manual for DFL-260E - Page 496
Pipe Groups, A Port Grouping Includes the IP Address, Grouping by Networks Requires the Size
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 496 highlights
10.1.7. Pipe Groups Chapter 10. Traffic Management Set the return chain of the port 23 rule to telnet-in followed by std-in. Set the priority assignment for both rules to Use defaults from first pipe; the default precedence of both the ssh-in and telnet-in pipes is 2. Using this approach rather than hard-coding precedence 2 in the rule set, it is easy to change the precedence of all SSH and Telnet traffic by changing the default precedence of the ssh-in and telnet-in pipes. Notice that we did not set a total limit for the ssh-in and telnet-in pipes. We do not need to since the total limit will be enforced by the std-in pipe at the end of the respective chains. The ssh-in and telnet-in pipes act as a "priority filter": they make sure that no more than the reserved amount, 64 and 32 kbps, respectively, of precedence 2 traffic will reach std-in. SSH and Telnet traffic exceeding their guarantees will reach std-in as precedence 0, the best-effort precedence of the std-in and ssh-in pipes. Note: The return chain ordering is important Here, the ordering of the pipes in the return chain is important. Should std-in appear before ssh-in and telnet-in, then traffic will reach std-in at the lowest precedence only and hence compete for the 250 kbps of available bandwidth with other traffic. 10.1.7. Pipe Groups NetDefendOS provides a further level of control within pipes through the ability to split pipe bandwidth into individual resource users within a group and to apply a limit and guarantee to each user. Individual users can be distinguished according to one of the following: • Source IP • Destination IP • Source Network • Destination Network • Source Port (includes the IP) • Destination Port (includes the IP) • Source Interface • Destination Interface This feature is enabled by enabling the Grouping option in a pipe. The individual users of a group can then have a limit and/or guarantee specified for them in the pipe. For example, if grouping is done by source IP then each user corresponds to each unique source IP address. A Port Grouping Includes the IP Address If a grouping by port is selected then this implicitly also includes the IP address. For example, port 1024 of host computer A is not the same as port 1024 of host computer B. It is the combination of port and IP address that identifies a unique user in a group. Grouping by Networks Requires the Size If the grouping is by source or destination network then the network size must also be specified In 496