firewall_bwm
Bandwidth management (BWM) is a means of allocating bandwidth resources to critical applications on a network. SonicOS Enhanced offers an integrated traffic shaping mechanism through its ingress and egress BWM interfaces. BWM can be applied to traffic in either the ingress or egress directions, or both.
This chapter contains the following sections:
• “Understanding Bandwidth Management” section on page 610
– “Packet Queuing” section on page 610
– “Firewall Settings > BWM Page” section on page 611
– “Action Objects” section on page 612
• “Global Bandwidth Management” section on page 612
– “Configuring Global Bandwidth Management” section on page 613
– “Configuring Global BWM on an Interface” section on page 614
– “Configuring BWM in an Access Rules” section on page 615
– “Configuring BWM in an Action Object” section on page 616
– “Configuring Application Rules” section on page 617
– “Configuring App Flow Monitor” section on page 620
• “Advanced Bandwidth Management” section on page 623
– “Elemental Bandwidth Settings” section on page 625
– “Zone-Free Bandwidth Management” section on page 625
– “Weighted Fair Queuing ” section on page 626
• “Configuring Advanced Bandwidth Management” section on page 626
– “Enabling Advanced Bandwidth Management” section on page 626
– “Configuring Bandwidth Policies” section on page 627
– “Setting Interface Bandwidth Limitations” section on page 632
• “Upgrading to Advanced Bandwidth Management” section on page 634
• “Glossary” section on page 636
Note Although BWM is a fully integrated Quality of Service (QoS) system, wherein classification and shaping is performed on the single SonicWALL appliance, effectively eliminating the dependency on external systems and thus obviating the need for marking, it is possible to concurrently configure BWM and QoS (layer 2 and/or layer 3 marking) settings on a single Access Rule. This allows those external systems to benefit from the classification performed on the SonicWALL even after it has already shaped the traffic. Refer to “Firewall Settings > QoS Mapping” section on page 653 for BWM QoS details.
Understanding Bandwidth Management
BWM is controlled by the SonicWALL Security Appliance on ingress and egress traffic. It allows network administrators to guarantee minimum bandwidth and prioritize traffic based on access rules created in the Firewall > Access Rules page. By controlling the amount of bandwidth to an application or user, the network administrator can prevent a small number of applications or users from consuming all available bandwidth. Balancing the bandwidth allocated to different network traffic and then assigning priorities to traffic improves network performance. The SonicOS provides eight priority queues (0 – 7 or Realtime – Lowest).
Three types of bandwidth management are available:
|
When Global bandwidth management is enabled on an interface, all traffic to and from that interface is bandwidth managed.
If the bandwidth management type is None, and there are three traffic types that are using an interface, and the link capacity of the interface is 100 Mbps, the cumulative capacity for all three types of traffic is 100 Mbps.
If the bandwidth management type is changed from None to Global, and the available ingress and egress traffic is configured at 10 Mbps, then by default, all three traffic types are sent to the medium priority queue.
The medium priority queue, by default, has a guaranteed bandwidth of 50 percent and a maximum bandwidth of 100 percent. If no Global bandwidth management policies are configured, the cumulative link capacity for each traffic type is 10 Mbps.
BWM rules each consume memory for packet queuing, so the number of allowed queued packets and rules on SonicOS Enhanced is limited by platform (values are subject to change):
|
BWM works by first enabling bandwidth management in the Firewall Settings > BWM page, enabling BWM on an interface/firewall/app rule, and then allocating the available bandwidth for that interface on the ingress and egress traffic. It then assigns individual limits for each class of network traffic. By assigning priorities to network traffic, applications requiring a quick response time, such as Telnet, can take precedence over traffic requiring less response time, such as FTP.
To view the BWM configuration, navigate to the Firewall Settings > BWM page.
This page consists of the following entities:
Note The defaults are set by SonicWALL to provide BWM ease-of-use. It is recommended that you review the specific bandwidth needs and enter the values on this page accordingly.
• Bandwidth Management Type Option:
– Advanced — Any zone can have guaranteed and maximum bandwidth and prioritized traffic assigned per interface.
– Global — All zones can have assigned guaranteed and maximum bandwidth to services and have prioritized traffic.
– None — Disables BWM.
Note When you change the Bandwidth Management Type from Global to Advanced, the default BWM actions that are in use in any App Rules policies are automatically converted to Advanced BWM settings.
When you change the Type from Advanced to Global, the default BWM actions are converted to BWM Global-Medium. The firewall does not store your previous action priority levels when you switch the Type back and forth. You can view the conversions on the Firewall > App Rules page.
• Priority Column — Displays the priority number and name.
• Enable Checkbox — When checked, the priority queue is enabled.
• Guaranteed and Maximum\Burst Text Field — Enables the guaranteed and maximum/burst rates. The corresponding Enable checkbox must be checked in order for the rate to take effect. These rates are identified as a percentage. The configured bandwidth on an interface is used in calculating the absolute value. The sum of all guaranteed bandwidth must not exceed 100%, and the guaranteed bandwidth must not be greater than the maximum bandwidth per queue.
Note The default settings for this page consists of three priorities with preconfigured guaranteed and maximum bandwidth. The medium priority has the highest guaranteed value since this priority queue is used by default for all traffic not governed by a BWM-enabled policy.
Action Objects define how the App Rules policy reacts to matching events. You can customize an action or select one of the predefined default actions. The predefined actions are displayed in the App Control Policy Settings page when you add or edit a policy from the App Rules page.
Custom BWM actions behave differently than the default BWM actions. Custom BWM actions are configured by adding a new action object from the Firewall > Action Objects page and selecting the Bandwidth Management action type. Custom BWM actions and policies using them retain their priority level setting when the Bandwidth Management Type is changed from Global to Advanced, and from Advanced to Global.
A number of BWM action options are also available in the predefined, default action list. The BWM action options change depending on the Bandwidth Management Type setting on the Firewall Settings > BWM page. If the Bandwidth Management Type is set to Global, all eight levels of BWM are available. If the Bandwidth Management Type is set to Advanced, no priorities are set. The priorities are set by configuring a bandwidth object under Firewall > Bandwidth Objects.
The following table lists the predefined default actions that are available when adding a policy.
|
Global Bandwidth Management can be configured using the following methods:
Note This section uses Global BWM as the Bandwidth Management Type (Firewall Settings > BWM).
• “Configuring Global Bandwidth Management” section on page 613
• “Configuring Global BWM on an Interface” section on page 614
• “Configuring BWM in an Action Object” section on page 616
• “Configuring BWM in an Access Rules” section on page 615
• “Configuring Application Rules” section on page 617
• “Configuring App Flow Monitor” section on page 620
Configuring Global Bandwidth Management
To set the Bandwidth Management type to Global:
1. On the SonicWall Security Appliance, go to Firewall Settings > BWM.
Step 9: Set the Bandwidth Management Type option to Global.
Step 10: Enable the priorities that you want by selecting the appropriate checkboxes in the Enable column.
Note You must enable the priorities in this dialog to be able to configure these priorities in Access Rules, App Rules, and Action Objects.
Step 11: Enter the Guaranteed bandwidth percentage that you want for each selected priority.
Step 12: Enter the Maximum\Burst bandwidth percentage that you want for each selected priority.
Step 13: Click Accept.
Configuring Global BWM on an Interface
To configure Global BWM on an interface:
1. On the SonicWall Security Appliance, go to Network > Interfaces.
Step 14: Click the Configure button for the appropriate interface.
Step 15: Click the Advanced tab.
Step 16: Under Bandwidth Management, select the Enable Interface Egress Bandwidth Limitation option.
When this option is selected, the total egress traffic on the interface is limited to the amount specified in the Enable Interface Ingress Bandwidth Limitation box. When this option is not selected, no bandwidth limitation is set at the interface level, but egress traffic can still be shaped using other options.
Step 17: In the Maximum Interface Egress Bandwidth (kbps) box, enter the maximum egress bandwidth for the interface (in kilobytes per second).
Step 18: Select the Enable Interface Ingress Bandwidth Limitation option.
When this option is selected, the total ingress traffic is limited to the amount specified in the Maximum Interface Ingress Bandwidth box. When this option is not selected, no bandwidth limitation is set at the interface level, but ingress traffic can still be shaped using other options.
Step 19: In the Maximum Interface Ingress Bandwidth (kbps) box, enter the maximum ingress bandwidth for the interface (in kilobytes per second).
Step 20: Click OK.
Configuring BWM in an Access Rules
You can configure BWM in each Access Rule. This method configures the direction in which to apply BWM and sets the priority queue.
Note Before you can configure any priorities in an Access Rule, you must first enable the priorities that you want to use on the Firewall Settings > BWM page. Refer to the Firewall Settings > BWM page to determine which priorities are enabled. If you select a Bandwidth Priority that is not enabled on the Firewall Settings > BWM page, the traffic is automatically mapped to priority 4 (Medium). See “Configuring Global Bandwidth Management” section on page 613.
Priorities are listed in the Access Rules diaglog Bandwidth Priority list as follows:
• 0 Realtime
• 1 Highest
• 2 High
• 3 Medium High
• 4 Medium
• 5 Medium Low
• 6 Low
• 7 Lowest
To configure BWM in an Access Rule:
1. Navigate to the Firewall > Access Rules page.
Step 21: Click the Configure icon for the rule you want to edit.
The Edit Rule General tab dialog is displayed.
Step 22: Click the BWM tab.
Step 23: Select the Enable Egress Bandwidth Management ( 'allow' rules only) option.
Step 24: Select the appropriate egress priority from the Bandwidth Priority list.
Step 25: Select the Enable Ingress Bandwidth Management ( 'allow' rules only) option.
Step 26: Select the appropriate ingress priority from the Bandwidth Priority list.
Step 27: Click OK.
Configuring BWM in an Action Object
If you do not want to use the predefined Global BWM actions or policies, you have the option to create a new one that fits your needs.
To create a new BWM action object for Global bandwidth management, perform the following steps:
1. Navigate to the Firewall > Action Objects page.
Step 28: Click Add New Action Object at the bottom of the page.
The Action Object Settings dialog is displayed.
Step 29: In the Action Name field, enter a name for the action object.
Step 30: In the Action list, select Bandwidth Management.
Step 31: Select the Enable Egress Bandwidth Management option.
Step 32: In the Bandwidth Priority list, select the egress priority you want.
Step 33: Select the Enable Ingress Bandwidth Management option.
Step 34: In the Bandwidth Priority list, select the ingress priority you want.
Step 35: Click OK.
Configuring BWM in an Application Rule allows you to create policies that regulate bandwidth consumption by specific file types within a protocol, while allowing other file types to use unlimited bandwidth. This enables you to distinguish between desirable and undesirable traffic within the same protocol.
Application Rule BWM supports the following Policy Types:
• SMTP Client
• HTTP client
• HTTP Server
• FTP Client
• FTP Client File Upload
• FTP Client File Download
• FTP Data Transfer
• POP3 Client
• POP3 Server
• Custom Policy
• IPS Content
• App Control Content
• CFS
Note You must first enable BWM as follows before you can configure BWM in an Application Rule.
Before you configure BWM in an App Rule:
1. Enable the priorities you want to use in Firewall Settings > BWM. See “Configuring Global Bandwidth Management” section on page 613.
Step 36: Enable BWM in an Action Object. See the “Configuring BWM in an Action Object” section on page 616.
Step 37: Configure BWM on the Interface. See the “Configuring Global BWM on an Interface” section on page 614 respectively.
To configure BWM in an Application Rule:
1. Navigate to the Firewall > App Rules page.
Step 38: Under App Rules Policies, in the Heading row, click Action.
The page will sort by Action type.
Step 39: Click the Configure icon in the Configure column for the policy you want to configure.
The App Control Policy Settings dialog is displayed.
Step 40: In the Action Object list, select the BWM action object that you want.
Step 41: Click OK.
BWM can also be configured from the App Flow Monitor page by selecting a service type application or a signature type application and then clicking the Create Rule button. The Bandwidth Management options available there depend on the enabled priority levels in the Global Priority Queue table on the Firewall Settings > BWM page. The priority levels enabled by default are High, Medium, and Low.
Note You must have SonicWALL Application Visualization enabled before proceeding.
To configure BWM using the App Flow Monitor, perform the following steps:
1. Navigate to the Dashboard > App Flow Monitor page.
Step 42: Check the service-based applications or signature-based applications to which you want to apply global BWM.
Note General applications cannot be selected. Service-based applications and signature-based applications cannot be mixed in a single rule.
Note Create rule for service-based applications will result in creating a firewall access rule and create rule for signature-based applications will create an application control policy.
Step 43: Click Create Rule.
The Create Rule pop-up is displayed.
Step 44: Select the Bandwidth Manage radio button, and then select a global BWM priority.
Step 45: Click Create Rule.
A confirmation pop-up is displayed.
Step 46: Click OK.
Step 47: Navigate to Firewall > Access Rules page (for service-based applications) and Firewall > App Rules (for signature-based applications) to verify that the rule was created.
Note For service-based applications, the new rule is identified with a tack in the Comments column and a prefix in Service column of ~services=<service name>. For example, ~services=NTP&t=1306361297.
Note For signature-based applications, the new rule is identified with a prefix, ~BWM_Global-<priority>=~catname=<app_name> in the Name column and in the Object column prefix ~catname=<app_name>.
Advanced Bandwidth Management enables administrators to manage specific classes of traffic based on their priority and maximum bandwidth settings. Advanced Bandwidth Management consists of three major components:
• Classifier – classifies packets that pass through the firewall into the appropriate traffic class.
• Estimator – estimates and calculates the bandwidth used by a traffic class during a time interval to determine if that traffic class has available bandwidth.
• Scheduler – schedules traffic for transmission based on the bandwidth status of the traffic class provided by the estimator.
This graphic illustrates the basic concepts of Advanced Bandwidth Management.
Bandwidth management configuration is based on policies which specify bandwidth limitations for traffic classes. A complete bandwidth management policy consists of two parts: a classifier and a bandwidth rule.
A classifier specifies the actual parameters, such as priority, guaranteed bandwidth, and maximum bandwidth, and is configured in a bandwidth object. Classifiers identify and organize packets into traffic classes by matching specific criteria.
A bandwidth rule is an access rule or application rule in which a bandwidth object is enabled. Access rules and application rules are configured for specific interfaces or interface zones.
The first step in bandwidth management is that all packets that pass through the SonicOS firewall are assigned a classifier (class tag). The classifiers identify packets as belonging to a particular traffic class. Classified packets are then passed to the BWM engine for policing and shaping. The SonicOS uses two types of classifiers:
• Access Rules
• Application Rules
The following table shows the classifiers that are configured in a bandwidth object:
|
After packets have been tagged with a specific traffic class, the BWM engine gathers them for policing and shaping based on the bandwidth settings that have been defined in a bandwidth object, enabled in an access rule, and attached to application rules.
Classifiers also identify the direction of packets in the traffic flow. Classifiers can be set for either the egress, ingress, or both directions. For Bandwidth Management, the terms ingress and egress are defined as follows:
• Ingress – Traffic from initiator to responder in a particular traffic flow.
• Egress – Traffic from responder to initiator in a particular traffic flow.
For example, a client behind Interface X0 has a connection to a server which is behind Interface X1. The following table shows:
• Direction of traffic flow in each direction for client and server
• Direction of traffic on each interface
• Direction indicated by the BWM classifier
|
To be compatible with traditional bandwidth management settings in WAN zones, the terms inbound and outbound are still supported to define traffic direction. These terms are only applicable to active WAN zone interfaces.
• Outbound – Traffic from LAN\DMZ zone to WAN zone (Egress).
• Inbound – Traffic from WAN zone to LAN\DMZ zone (Ingress).
The Elemental Bandwidth Settings feature enables a bandwidth object to be applied to individual elements under a parent traffic class. Elemental Bandwidth Settings is a sub-option of Firewall > Bandwidth Objects. The following table shows the parameters that are configured under Elemental Bandwidth Settings.
|
When you enable Per-IP Bandwidth Management, the IP address of the initiator is used as the key to identify an elemental traffic flow. The Responder IP address is ignored.
Zone-Free Bandwidth Management
The zone-free bandwidth management feature enables bandwidth management on all interfaces regardless of their zone assignments. Previously, bandwidth management only applied to these zones:
• LAN\DMZ to WAN\VPN
• WAN\VPN to LAN\DMZ
In SonicOS 5.9, zone-free bandwidth management can be performed across all interfaces regardless of zone.
Zone-free bandwidth management allows administrators to configure the maximum bandwidth limitation independently, in either the ingress or egress direction, or both, and apply it to any interfaces using Access Rules and Application Rules.
Note Interface bandwidth limitation is only available on physical interfaces. Failover and load balancing configuration does not affect interface bandwidth limitations.
Traditionally, SonicOS bandwidth management distributes traffic to 8 queues based on the priority of the traffic class of the packets. These 8 queues operate with strict priority queuing. Packets with the highest priority are always transmitted first.
Strict priority queuing can cause high priority traffic to monopolize all of the available bandwidth on an interface, and low priority traffic will consequently be stuck in its queue indefinitely. Under strict priority queuing, the scheduler always gives precedence to higher priority queues. This can result in bandwidth starvation to lower priority queues.
Weighted Fair queuing (WFQ) alleviates the problem of bandwidth starvation by servicing packets from each queue in a round robin manner, so that all queues are serviced fairly within a given time interval. High priority queues get more service and lower priority queues get less service. No queue gets all the service because of its high priority, and no queue is left unserviced because of its low priority.
For example, Traffic Class A is configured as Priority 1 with a maximum bandwidth of 400 kbps. Traffic Class B is configured as Priority 3 with a maximum bandwidth of 600 kbps. Both traffic classes are queued to an interface that has a maximum bandwidth of only 500kbps. Both queues will be serviced based on their priority in a round robin manner. So, both queues will be serviced, but Traffic Class A will be transmitted faster than Traffic Class B.
The following table shows the shaped bandwidth for each consecutive sampling interval:
| |||||||||||||||||||||||||||||||||||||||
Configuring Advanced Bandwidth Management
Advanced Bandwidth Management is configured as follows:
• “Enabling Advanced Bandwidth Management” section on page 626
• “Configuring Bandwidth Policies” section on page 627
• “Setting Interface Bandwidth Limitations” section on page 632
Enabling Advanced Bandwidth Management
To enable Advanced Bandwidth Management:
1. On the SonicWall Security Appliance, go to Firewall Settings > BWM.
Step 48: Set the Bandwidth Management Type option to Advanced.
Step 49: Click Accept.
Note When Advanced BWM is selected, the priorities fields are disabled and cannot be set here. Under Advanced BWM, the priorities are set in bandwidth policies. See “Configuring Bandwidth Policies” section on page 627.
Configuring Bandwidth Policies
Bandwidth policies are configured as follows:
• “Configuring a Bandwidth Object” section on page 627
• “Enabling Elemental Bandwidth Management” section on page 629
• “Enabling a Bandwidth Object in an Access Rule” section on page 630
• “Enabling a Bandwidth Object in an Action Object” section on page 631
Configuring a Bandwidth Object
To configure a bandwidth object:
1. On the SonicWall Security Appliance, go to Firewall > Bandwidth Objects.
Step 50: Click the Add button to create a new Bandwidth Object.
or
Click the Configure button of the Bandwidth Object you want to change.
Step 51: Click the General tab.
Step 52: In the Name box, enter a name for this bandwidth object.
Step 53: In the Guaranteed Bandwidth box, enter the amount of bandwidth that this bandwidth object will guarantee to provide for a traffic class (in kbps or Mbps).
Step 54: In the Maximum Bandwidth box, enter the maximum amount of bandwidth that this bandwidth object will provide for a traffic class.
The actual allocated bandwidth may be less than this value when multiple traffic classes compete for a shared bandwidth.
Step 55: In the Traffic Priority box, enter the priority that this bandwidth object will provide for a traffic class. The highest priority is 0. The lowest priority is 7.
When multiple traffic classes compete for shared bandwidth, classes with the highest priority are given precedence.
Step 56: In the Violation Action box, enter the action that this bandwidth object will provide (delay or drop) when traffic exceeds the maximum bandwidth setting.
Delay specifies that excess traffic packets will be queued and sent when possible.
Drop specifies that excess traffic packets will be dropped immediately.
Step 57: In the Comment box, enter a text comment or description for this bandwidth object.
Enabling Elemental Bandwidth Management
Elemental Bandwidth Management enables the SonicOS to enforce bandwidth rules and policies on each individual IP that passes through the firewall.
To enable elemental bandwidth management in a bandwidth object:
1. On the SonicWall Security Appliance, go to Firewall > Bandwidth Objects.
Step 58: Click the Configure button of the Bandwidth Object you want to change.
Step 59: Click the Elemental tab.
Step 60: Select the Enable Per-IP Bandwidth Management option.
When enabled, the maximum elemental bandwidth setting applies to each individual IP under the parent traffic class.
Step 61: In the Maximum Bandwidth box, enter the maximum elemental bandwidth that can be allocated to a protocol under the parent traffic class.
Enabling a Bandwidth Object in an Access Rule
Bandwidth objects (and their configurations) can be enabled in Access Rules.
To enable a bandwidth object in an Access Rule:
1. On the SonicWall Security Appliance, go to Firewall > Access Rules.
Step 62: Click the Add button to create a new Access Rule.
or
Click the Configure button for the appropriate Access Rule.
Step 63: Click the BWM tab.
Step 64: To enable a bandwidth object for the egress direction, under Bandwidth Management, select the Enable Egress Bandwidth Management box.
Step 65: From the Select a Bandwidth Object list, select the bandwidth object you want for the egress direction.
Step 66: To enable a bandwidth object for the ingress direction, under Bandwidth Management, select the Enable Ingress Bandwidth Management box.
Step 67: From the Select a Bandwidth Object list, select the bandwidth object you want for the ingress direction.
Step 68: To enable bandwidth usage tracking, select the Enable Tracking Bandwidth Usage option.
Step 69: Click OK.
Enabling a Bandwidth Object in an Action Object
To enable a bandwidth object in an action object:
1. On the SonicWall Security Appliance, go to Firewall > Action Objects.
Step 70: If creating a new action object, in the Action Name list, enter a name for the action object.
Step 71: From the Action list, select Bandwidth Management.
Step 72: In the Bandwidth Aggregation Method list, select the appropriate bandwidth aggregation method.
Step 73: To enable bandwidth management in the egress direction, select the Enable Egress Bandwidth Management option.
Step 74: From the Bandwidth Object list, select the bandwidth object for the egress direction.
Step 75: To enable bandwidth management in the ingress direction, select the Enable Ingress Bandwidth Management option.
Step 76: From the Bandwidth Object list, select the bandwidth object for the ingress direction.
Step 77: To enable bandwidth usage tracking, select the Enable Tracking Bandwidth Usage option.
Setting Interface Bandwidth Limitations
To set the bandwidth limitations for an interface:
1. On the SonicWall Security Appliance, go to Network > Interfaces.
Step 78: Click the Configure button for the appropriate interface.
Step 79: Click the Advanced tab.
Step 80: Under Bandwidth Management, select the Enable Interface Egress Bandwidth Limitation option.
When this option is selected, the total egress traffic on the interface is limited to the amount specified in the Enable Interface Ingress Bandwidth Limitation box. When this option is not selected, no bandwidth limitation is set at the interface level, but egress traffic can still be shaped using other options.
Step 81: In the Maximum Interface Egress Bandwidth (kbps) box, enter the maximum egress bandwidth for the interface (in kilobytes per second).
Step 82: Select the Enable Interface Ingress Bandwidth Limitation option.
When this option is selected, the total ingress traffic is limited to the amount specified in the Maximum Interface Ingress Bandwidth box. When this option is not selected, no bandwidth limitation is set at the interface level, but ingress traffic can still be shaped using other options.
Step 83: In the Maximum Interface Ingress Bandwidth (kbps) box, enter the maximum ingress bandwidth for the interface (in kilobytes per second).
Step 84: Click OK.
Upgrading to Advanced Bandwidth Management
Advanced Bandwidth Management uses Bandwidth Objects as the configuration method. Bandwidth objects are configured under Firewall > Bandwidth Objects, and can then be enabled in Access Rules.
Traditional Bandwidth Management configuration is not compatible with SonicOS 5.9 firmware. However, to ensure that customers can maintain their current network settings, customers can use the Advanced Bandwidth Management Upgrade feature, when they install the SonicOS 5.9 firmware.
The Advanced Bandwidth Upgrade feature automatically converts all active, valid, traditional BWM configurations to the Bandwidth Objects design model.
In traditional BWM configuration, the BWM engine only affects traffic when it is transmitted through the primary WAN interface or the active load balancing WAN interface. Traffic that does not pass through these interfaces, is not subject to bandwidth management regardless of the Access Rule or App Rule settings.
Under Advanced Bandwidth Management, the BWM engine can enforce Bandwidth Management settings on any interface.
During the Advanced Bandwidth Management Upgrade process, the SonicOS translates the traditional BWM settings into a default Bandwidth Object and links it to the original classifier rule (Access Rule or App Rule). The auto-generated default Bandwidth Object inherits all the BWM parameters for both the Ingress and Egress directions.
The two following graphics show the traditional BWM settings. The graphic that follows them shows the new Bandwidth Objects which are automatically generated during the Advanced Bandwidth Management Upgrade process.
This graphic shows the traditional Access Rule settings from the Firewall > Access Rules > Configure dialog.
This graphic shows the traditional Action Object settings from the Firewall > Action Object > Configure dialog.
This graphic shows the four new Bandwidth Objects which are automatically generated during the Advanced Bandwidth Management Upgrade process. These settings can be viewed on the Firewall > Bandwidth Objects screen.
Bandwidth Management (BWM): Refers to any of a variety of algorithms or methods used to shape traffic or police traffic. Shaping often refers to the management of outbound traffic, while policing often refers to the management of inbound traffic (also known as admission control). There are many different methods of bandwidth management, including various queuing and discarding techniques, each with their own design strengths. SonicWALL employs a Token Based Class Based Queuing method for inbound and outbound BWM, as well as a discard mechanism for certain types of inbound traffic.
Guaranteed Bandwidth: A declared percentage of the total available bandwidth on an interface which will always be granted to a certain class of traffic. Applicable to both inbound and outbound BWM. The total Guaranteed Bandwidth across all BWM rules cannot exceed 100% of the total available bandwidth. SonicOS Enhanced 5.0 and higher enhances the Bandwidth Management feature to provide rate limiting functionality. You can now create traffic policies that specify maximum rates for Layer 2, 3, or 4 network traffic. The Guaranteed Bandwidth can also be set to 0%.
Ingress BWM: The ability to shape the rate at which traffic enters a particular interface. For TCP traffic, actual shaping occurs when the rate of the ingress flow can be adjusted by the TCP Window Adjustment mechanism. For UDP traffic, a discard mechanism is used since UDP has no native feedback controls.
Maximum Bandwidth: A declared percentage of the total available bandwidth on an interface defining the maximum bandwidth to be allowed to a certain class of traffic. Applicable to both inbound and outbound BWM. Used as a throttling mechanism to specify a bandwidth rate limit. The Bandwidth Management feature is enhanced to provide rate limiting functionality. You can now create traffic policies that specify maximum rates for Layer 2, 3, or 4 network traffic. This enables bandwidth management in cases where the primary WAN link fails over to a secondary connection that cannot handle as much traffic.The Maximum Bandwidth can be set to 0%, which will prevent all traffic.
Egress BWM: Conditioning the rate at which traffic is sent out an interface. Outbound BWM uses a credit (or token) based queuing system with 8 priority rings to service different types of traffic, as classified by Access Rules.
Priority: An additional dimension used in the classification of traffic. SonicOS uses eight priority values (0 = highest, 7 = lowest) to comprise the queue structure used for BWM. Queues are serviced in the order of their priority.
Queuing: To effectively make use of the available bandwidth on a link. Queues are commonly employed to sort and separately manage traffic after it has been classified.