It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Example - Advanced Traffic Shaping

  • Last updated on

In this advanced traffic shaping example, the prioritization of Example 1 and the bandwidth assignment of Example 2 are used. Furthermore, the dynamic parameters of the session download volume are used to demonstrate the purpose of the QoS band rules. The setup describes an Internet gateway that services the following:  

  • An application that needs low delivery latency (such as for VoIP).
  • Internet access from the internal network (mainly HTTP traffic).
  • VPN traffic over the Internet.
  • Web access from the Internet (Web shop).
  • A multi-provider setup with a fallback ISDN line (bundled to 512 Kbits). ISDN fallback is implemented with redundant network routes.

adv_traffic_shaping.png

From this setup, we expect the following:

  • Low latency (Round Trip Time) delivery for the VoIP application by feeding the VoIP traffic directly into the root node. Other traffic must pass either the B2B or Web node, where it is queued (delayed) if bandwidth saturation occurs. This way, the VoIP traffic may even overtake the traffic waiting in the Web or B2B queues.
  • A minimum of 40% of the Internet bandwidth for VPN traffic. By limiting the Web node to 60%, the B2B node will get at least 40% of the available bandwidth (assuming that the amount of VoIP traffic is negligible).
  • High priority treatment for web access from the Internet (web shop).
  • Medium priority treatment for web access from the internal network to the Internet.
  • Low priority treatment for downloads from the internal network that are larger than 10 MB.
  • For ISDN Fallback operation (provider failure), only the VPN and the VoIP application traffic should be delivered. This is achieved by setting the Web node for the ISDN tree to operate in DROP mode. In this way, the ISDN line is protected against unwanted web traffic.