Document ID: RDWR-DP-V0602_UG1201
209
Chapter 6 – Bandwidth Management
This chapter describes the Bandwidth Management module.
This chapter contains the following sections:
•
Bandwidth Management Overview, page 209
•
Managing Bandwidth Management Global Settings, page 210
•
Bandwidth Management Policies, page 212
•
Bandwidth Management Overview
The Bandwidth Management module includes a feature set that enables you to gain full control over
their available bandwidth. Using these features, you can prioritize applications according to a wide
array of criteria, while taking the bandwidth used by each application into account. For example,
Bandwidth Management allows you to give HTTP traffic priority over SMTP traffic, which, in turn,
may have priority over FTP traffic. At the same time, a Bandwidth Management solution can track
the actual bandwidth used by each application—and either ensure a guaranteed bandwidth for a
certain application and/or set limits as to how much each classified traffic pattern can utilize.
The Bandwidth Management module enables you to define policies that restrict or maintain the
bandwidth that can be sent or received by each application, user, or segment. Therefore, you can
control the maximal bandwidth that DoS attacks can consume from corporate resources—thus
ensuring that mission-critical operations are not affected, maintaining the service level required to
guarantee smooth business operation. In a similar manner, if you are a carrier, you can ensure that
a DoS attack launched on one customer does not compromise another customer’s Service License
Agreement (SLA).
Using the Bandwidth Management module, a device can classify traffic passing through it according
to predefined criteria and can enforce a set of actions on traffic. A comprehensive set of user-
configurable policies controls how the device identifies each packet and what it does with each
packet.
When a packet is matched, the device forwards the packet but drops the packet when maximum
bandwidth is reached.
Application Classification
The BWM module supports the following options for Application Classification:
•
Per Packet—If you configure Application Classification with the Per Packet option, the device
classifies every packet that flows through it. In this mode, every single packet must be
individually classified.
•
Per Session—If you configure Application Classification with the Per Session option, all packets
are classified by session. The BWM module uses an complex algorithm to classify all packets in a
session until a “best fit” policy is found, fully classifying the session. Once the BWM module fully
classifies the session, the module classifies all packets belonging to the same session
accordingly. This not only allows for traffic classification according to application, but also saves
some overhead for the classifier, as it only needs to classify sessions, and not every single
packet.
Summary of Contents for DefensePro 6.02
Page 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Page 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Page 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Page 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Page 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Page 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Page 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Page 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...