We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

VPN Transport Classification

  • Last updated on

VPN transports can be assigned to different classifications and ratings. The following article provides information on the main functionalities of VPN transport classes and IDs.

In this article:

VPN Transport Classes

The three VPN transport classes are: 

  • Bulk – For cheap and unreliable connections. From the cost of metric view, it is the cheapest. Bulk transports are recommended for xDSL or cheap Internet connections.
  • Quality – For a more reliable line, such as business quality Internet line or your MPLS uplink. Typically, MPLS lines are more expensive. As a result, the metric or cost on the Barracuda NG Firewall is also higher for this kind of VPN transport.
  • Fallback – For the most expensive lines. Fallback transports are recommended for dial-in lines that have less bandwidth. For example, you can use this class for an analog modem connection that charges you for the amount of traffic that is sent over the line or a 3G connection without a flat data rate. 

The configuration of classifications and ratings into the VPN transport applies to the usage policy for fallback and load balancing traffic and is done by a firewall Connection Objects. The following diagram shows the usage of different lines for different transport classes, e.g. provider lines for bulk transport (top), a frame relay for quality transport (middle), and UMTS (bottom) for fallback transport:

 

ti_diagram.png


Traffic Intelligence (TI) employment relies upon the following mechanisms to achieve consistent transport selection policies: 

  • Transport quality is defined through the firewall.  Appropriate firewall rules referring to these objects are created in order to activate TI settings.
  • Connection objects define the primary and secondary transport class, and they determine general policy behavior if the preferred transports fail.
  • Connection objects provide protection from "expensive" transports by explicitly excluding their usage.
  • Connection objects may be handled in the context of a master-slave concept by the tunnel endpoints. The connection object may be configured to advertise its settings.

VPN Transport Class IDs

VPN transport classes can be assigned one of eight different class IDs (0 - 7) that define the VPN transport cost in more detail. The class IDs provide you with more configuration options for creating VPN transports in a single VPN tunnel and with a single routing information (higher metrics indicate a more expensive transport). The VPN transport selection in the firewall Connection Objects determines the direction and fallback or load balancing policy for the matched traffic across the VPN tunnel.

ti_transport.jpg

Transport Balancing and Multi-Link Aggregation

The Barracuda NG Firewall provides the functionality to combine traffic across up to four available Internet links, allowing for an increase in bandwidth performance. For more information, see Transport Balancing and Multi-Link Aggregation.

Last updated on