We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Traffic Shaping

  • Last updated on

Limited network resources make bandwidth prioritization necessary. To ensure that important, business-critical applications are given enough bandwidth, the firewall provides traffic shaping (also known as "packet shaping" and "QoS" (Quality of Service)) methods to let you prioritize network resources according to factors such as the time of day, application type, and user identity. You can identify the traffic and assign its priority using access rules.

Video Demo

Watch the video below for a short demo on how to configure bandwidth policies and QoS.

Traffic Classification

Classification by the access ruleset is static - it does not change after the session is initiated. For classification according to dynamic factors such as the time of day or download volume, the firewall provides the QoS band.

Network data can be shaped in the following ways:

  • Outbound shaping – The traffic is shaped before it is delivered to a network interface.
  • Inbound shaping – The traffic is shaped after it is received by a network interface.

Bandwidth Policies

There are eight different bandwidth policies. They are listed in the following table, in order of decreasing priority:

Bandwidth Policy Description
VoIP Highest priority before all other bandwidth policies. Traffic is sent with no delay.
Interactive Highest priority.
Business Very high priority.
Internet Medium priority. If more than 10 MB of data is transferred in one session, the priority of the traffic in that session drops to the same as Background.
Background Next lower priority.
Low Low priority. Low and Lowest Priority are limited to 5% of the available bandwidth.
Lowest Priority Lowest priority. Low and Lowest Priority are limited to 5% of the available bandwidth.
Choke

Applications assigned this are unusable, but will not seek another way to send traffic. For example, if you wish to block Skype traffic, assign this policy to the Skype application.

  • VoIP will always be given first priority. The same applies for Interactive, which is limited to 90% of the overall available bandwidth, thus always leaving at least 10% for VoIP traffic.
  • The bandwidth ratio of Business : Internet : Background is 10:2:1 for residual bandwidth that is not used by VoIP or Interactive. In addition, Internet has a built-in size limit of 10 MB, after which a session is downgraded to Background, thus receiving a smaller bandwidth ratio after the limit is exceeded.
  • The LowPrio virtual interface is limited to 5% of the overall available bandwidth. The bandwidth ratio of the LowPrio : LowestPrio : Choke shaping connectors is 10:2:1.
  • The Choke virtual interface is limited to 0.1% of the overall bandwidth. These shaping connectors are ideally used to slow down somewhat unnecessary traffic and applications that cannot be completely blocked. 

Queues and Rate Limits

The following diagram shows how the eight bandwidth policies are divided into queues:

  • The Priority Queues always take precedence. 
  • The Regular Queues can use unlimited bandwidth. 
  • The Rate Limiting Queues are collectively limited to 5% of the maximum link bandwidth. 

The rate limits always apply, so even if there is no other traffic, the traffic in the Rate Limiting Queues never uses more than 5% of the bandwidth.

The classes within the Regular and Rate Limiting queues are weighted relative to the other classes in the same queue. Class weights are enforced only when the link is saturated. 

qos_scheme.png

In order to use traffic shaping, you must refer to it in an access rule. For instructions on how to configure traffic shaping, see How to Create and Apply QoS Bands.

Last updated on