We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Example - Advanced Traffic Shaping

  • Last updated on

In this advanced traffic shaping example, the prioritization of Example 1 and the bandwidth assignment of Example 2 are used. Furthermore, the dynamic parameters of the session download volume are used to demonstrate the purpose of the QoS band rules. The setup describes an Internet gateway which services the following:  

  • An application which needs low delivery latency (such as for VoIP).
  • Internet access from the internal network (mainly HTTP traffic).
  • VPN traffic over the Internet.
  • Web access from the Internet (Web shop).
  • A multiprovider setup with a fallback ISDN line (bundled to 512 Kbits). ISDN fallback is implemented with redundant network routes. 

advanced_traffic_shaping.png

From this setup, we expect the following:

  • Low latency delivery for the VoIP application by feeding the VoIP traffic directly into the root node. Other traffic must pass either the B2B or Web node, where it is queued (delayed) if bandwidth saturation occurs. This way, the VoIP traffic may even overtake the traffic waiting in the Web or B2B queues.
  • A minimum of 40% of the Internet bandwidth for VPN traffic. By limiting the Web node to 60%, it is guaranteed that the B2B node will get at least 40% of the available bandwidth (assuming that the amount of VoIP traffic is negligible).
  • High priority treatment for Web access from the Internet (Web Shop).
  • Medium priority treatment for Web access from the internal network to the Internet.
  • Low priority treatment for downloads from the internal network which are larger than 10 MB.
  • For ISDN Fallback operation (provider failure), only the VPN and the VoIP application traffic should be delivered. This is achieved by setting the Web node for the ISDN tree to operate in DROP mode. This way, the ISDN line is protected against unwanted web traffic.
Last updated on