Advanced Bandwidth Management

Advanced Bandwidth Management enables you to manage specific classes of traffic based on their priority and maximum bandwidth settings. Advanced Bandwidth Management consists of three major components:

•	Classifier – classifies packets that pass through the firewall into the appropriate traffic class.

•	Estimator – estimates and calculates the bandwidth used by a traffic class during a time interval to determine if that traffic class has available bandwidth.

•	Scheduler – schedules traffic for transmission based on the bandwidth status of the traffic class provided by the estimator.

This graphic illustrates the basic concepts of Advanced Bandwidth Management.

Figure 18. Advanced Bandwidth Management: Basic concepts

Bandwidth management configuration is based on policies that specify bandwidth limitations for traffic classes. A complete bandwidth management policy consists of two parts: a classifier and a bandwidth rule.

A bandwidth rule specifies the actual parameters, such as priority, guaranteed bandwidth, maximum bandwidth, and per-IP bandwidth management, and is configured in a bandwidth object. Bandwidth rules identify and organize packets into traffic classes by matching specific criteria.

A classifier is an access rule or application rule in which a bandwidth object is enabled. Access rules and application rules are configured for specific interfaces or interface zones.

The first step in bandwidth management is that all packets that pass through the SonicOS firewall are assigned a classifier (class tag). The classifiers identify packets as belonging to a particular traffic class. Classified packets are then passed to the BWM engine for policing and shaping. The SonicOS uses two types of classifiers:

•	Access Rules

•	Application Rules

A rule that has sub elements is known as a parent rule.

The following table shows the parameters that are configured in a bandwidth object:

 

 

Table 53. Configuring a bandwidth object: Parameters

Name	Description
Guaranteed Bandwidth	The bandwidth that is guaranteed to be provided for a particular traffic class.
Maximum Bandwidth	The maximum bandwidth that a traffic class can utilize.
Traffic Priority	The priority of the traffic class. 0 – highest priority 7 – lowest priority
Violation Action	The firewall action that occurs when traffic exceeds the maximum bandwidth. Delay – packets are queued and sent when possible. Drop – packets are dropped immediately.
Enable Per-IP Bandwidth Management	The elemental feature that enables the firewall to support time-critical traffic, such as voice and video, effectively. When per-IP BWM is enabled, the elemental bandwidth settings are applied to each individual IP under its parent rule.

After packets have been tagged with a specific traffic class, the BWM engine gathers them for policing and shaping based on the bandwidth settings that have been defined in a bandwidth object, enabled in an access rule, and attached to application rules.

Classifiers also identify the direction of packets in the traffic flow. Classifiers can be set for either the egress, ingress, or both directions. For Bandwidth Management, the terms ingress and egress are defined as follows:

•	Ingress – Traffic from initiator to responder in a particular traffic flow.

•	Egress – Traffic from responder to initiator in a particular traffic flow.

For example, a client behind Interface X0 has a connection to a server which is behind Interface X1. The following table shows:

•	Direction of traffic flow in each direction for client and server

•	Direction of traffic on each interface

•	Direction indicated by the BWM classifier

 

Table 54. Direction of traffic

Direction of Traffic Flow	Direction of Interface X0	Direction of Interface X1	BWM Classifier
Client to Server	Egress	Ingress	Egress
Server to Client	Ingress	Egress	Ingress

To be compatible with traditional bandwidth management settings in WAN zones, the terms inbound and outbound are still supported to define traffic direction. These terms are only applicable to active WAN zone interfaces.

•	Outbound – Traffic from LAN\DMZ zone to WAN zone (Egress).

•	Inbound – Traffic from WAN zone to LAN\DMZ zone (Ingress).

Elemental Bandwidth Settings

Elemental bandwidth settings provide a method of allowing a single BWM rule to apply to the individual elements of that rule. Per-IP Bandwidth Management is an “Elemental” feature that is a sub-option of Bandwidth Object. When Per-IP BWM is enabled, the elemental bandwidth settings are applied to each individual IP under its parent rule.

The Elemental Bandwidth Settings feature enables a bandwidth object to be applied to individual elements under a parent traffic class. Elemental Bandwidth Settings is a sub-option of Firewall > Bandwidth Objects, the parent rule or traffic class. The following table shows the parameters that are configured under Elemental Bandwidth Settings; see Configuring Bandwidth Objects .

 

 

Table 55. Elemental Bandwidth settings: Parameters

Name	Description
Enable Per-IP Bandwidth Management	When enabled, the maximum elemental bandwidth setting applies to each IP address under the parent traffic class, which allows the firewall to support time-critical traffic, such as voice and video, effectively.
Maximum Bandwidth	The maximum elemental bandwidth that can be allocated to an IP address under the parent traffic class. The maximum elemental bandwidth cannot be greater than the maximum bandwidth of its parent class.

When you enable Per-IP Bandwidth Management, each individual IP under its parent rule will be applied to the elemental bandwidth settings.

Zone-Free Bandwidth Management

The zone-free bandwidth management feature enables bandwidth management on all interfaces regardless of their zone assignments. Previously, bandwidth management only applied to these zones:

•	LAN/DMZ to WAN/VPN

•	WAN/VPN to LAN/DMZ

In SonicOS 6.2, zone-free bandwidth management can be performed across all interfaces regardless of zone.

Zone-free bandwidth management allows administrators to configure the maximum bandwidth limitation independently, in either the ingress or egress direction, or both, and apply it to any interfaces using Access Rules and Application Rules.

NOTE: Interface bandwidth limitation is only available on physical interfaces. Failover and load balancing configuration does not affect interface bandwidth limitations.

Weighted Fair Queuing

Traditionally, SonicOS bandwidth management distributes traffic to 8 queues based on the priority of the traffic class of the packets. These 8 queues operate with strict priority queuing. Packets with the highest priority are always transmitted first.

Strict priority queuing can cause high priority traffic to monopolize all of the available bandwidth on an interface, and low priority traffic will consequently be stuck in its queue indefinitely. Under strict priority queuing, the scheduler always gives precedence to higher priority queues. This can result in bandwidth starvation to lower priority queues.

Weighted Fair queuing (WFQ) alleviates the problem of bandwidth starvation by servicing packets from each queue in a round robin manner, so that all queues are serviced fairly within a given time interval. High priority queues get more service and lower priority queues get less service. No queue gets all the service because of its high priority, and no queue is left unserviced because of its low priority.

For example, Traffic Class A is configured as Priority 1 with a maximum bandwidth of 400 kbps. Traffic Class B is configured as Priority 3 with a maximum bandwidth of 600 kbps. Both traffic classes are queued to an interface that has a maximum bandwidth of only 500kbps. Both queues will be serviced based on their priority in a round robin manner. So, both queues will be serviced, but Traffic Class A will be transmitted faster than Traffic Class B.

The following table shows the shaped bandwidth for each consecutive sampling interval:

 

 

Table 56. Shaped bandwidth for consecutive sampling intervals

Sampling Interval	Traffic Class A		Traffic Class B
	Incoming kbps	Shaped kbps	Incoming kbps	Shaped kbps
1	500	380	500	120
2	500	350	500	150
3	400	300	800	200
4	600	400	400	100
5	200	180	600	320
6	200	200	250	250