VPN transports can be assigned to different classifications and ratings. The following article provides information on the main functionalities of VPN transport classes and IDs.
In this article:
VPN Transport Classes
The three VPN transport classes are:
- Bulk – For cheap and unreliable connections. From the cost of metric view, it is the cheapest. Bulk transports are recommended for xDSL or cheap Internet connections.
- Quality – For a more reliable line, such as business quality Internet line or your MPLS uplink. Typically, MPLS lines are more expensive. As a result, the metric or cost on the Barracuda NG Firewall is also higher for this kind of VPN transport.
- Fallback – For the most expensive lines. Fallback transports are recommended for dial-in lines that have less bandwidth. For example, you can use this class for an analog modem connection that charges you for the amount of traffic that is sent over the line or a 3G connection without a flat data rate.
The configuration of classifications and ratings into the VPN transport applies to the usage policy for fallback and load balancing traffic and is done by a firewall Connection Objects. The following diagram shows the usage of different lines for different transport classes, e.g. provider lines for bulk transport (top), a frame relay for quality transport (middle), and UMTS (bottom) for fallback transport:
Traffic Intelligence (TI) employment relies upon the following mechanisms to achieve consistent transport selection policies:
- Transport quality is defined through the firewall. Appropriate firewall rules referring to these objects are created in order to activate TI settings.
- Connection objects define the primary and secondary transport class, and they determine general policy behavior if the preferred transports fail.
- Connection objects provide protection from "expensive" transports by explicitly excluding their usage.
- Connection objects may be handled in the context of a master-slave concept by the tunnel endpoints. The connection object may be configured to advertise its settings.
VPN Transport Class IDs
VPN transport classes can be assigned one of eight different class IDs (0 - 7) that define the VPN transport cost in more detail. The class IDs provide you with more configuration options for creating VPN transports in a single VPN tunnel and with a single routing information (higher metrics indicate a more expensive transport). The VPN transport selection in the firewall Connection Objects determines the direction and fallback or load balancing policy for the matched traffic across the VPN tunnel.
Transport Balancing and Multi-Link Aggregation
The Barracuda NG Firewall provides the functionality to combine traffic across up to four available Internet links, allowing for an increase in bandwidth performance. For more information, see Transport Balancing and Multi-Link Aggregation.