sonicos 5.8.1 global bwm feature module-1

8/3/2019 SonicOS 5.8.1 Global BWM Feature Module-1

http://slidepdf.com/reader/full/sonicos-581-global-bwm-feature-module-1 1/18

1Global Bandwidth Management Feature Module

SonicOS 5.8.1: Configuring the GlobalBandwidth Management Service

Document ScopeThis feature guide describes the global bandwidth management (BWM) feature available inSonicOS Enhanced 5.8.1.0.

This document contains the following sections:

• “Feature Overview”– “What Is Global BWM?”– “Benefits” section on page 2– “How Does Global BWM Work?” section on page 2– “Platforms” section on page 3

• “Using Global BWM” section on page 4– “Firewall Settings > BWM” section on page 4– “Configuring Global BWM” section on page 6

• “Configuring Interfaces” section on page 6

• “Configuring Firewall Access Rules” section on page 8

• “Configuring Application Rules” section on page 9

• “Configuring App Flow Monitor” section on page 15

• “Glossary” section on page 18



Feature Overview

2 Global Bandwidth Management Feature Module

Feature OverviewThis section provides an introduction to the global BWM feature and contains the followingsubsections:

• “What Is Global BWM?”

• “Benefits” section on page 2

• “How Does Global BWM Work?” section on page 2

• “Platforms” section on page 3

What Is Global BWM?Bandwidth management (BWM) is a means of allocating bandwidth resources to criticalapplications on a network.

Global BWM is controlled by the SonicWALL Security Appliance on ingress (inbound) andegress (outbound) traffic. It allows network administrators to guarantee minimum bandwidthand prioritize traffic based on access rules created in the Firewall > Access Rules page on the

SonicWALL management interface. Balancing the bandwidth allocated to different networktraffic and then assigning priorities to traffic can improve network performance.

BenefitsGlobal BWM provides the following benefits:

• Simple bandwidth management on all interfaces.

• Bandwidth management on ingress and egress traffic.

• Users can specify bandwidth management priori ty per interface, in firewall rules, app rules,or through App Flow Monitor.

• Default bandwidth management queue for all traffic.

How Does Global BWM Work?Global BWM works by first enabling bandwidth management on an interface and then allocatingthe available bandwidth for that interface on the ingress and egress traffic. It then assignsindividual limits for each class of network traffic. By assigning priorities to network traffic,applications requiring a quick response time, such as Telnet, can take precedence over trafficrequiring less response time, such as FTP.

Global BWM provides eight priority queues. Three priority queues are set by default:

• 2 — High

• 4 — Medium: Default priority for all traffic that is not managed by a BWM enabled FirewallAccess rule or Application Control Policy.

• 6 — Low

When global BWM is enabled on an interface, all of the traffic to and from that interface isbandwidth managed. For example, with bandwidth management type none, if there are threetraffic types (1, 2, and 3) that are using an interface with the link capability of 100 Mbps, thecumulative capacity for all three types is 100 Mbps.



Feature Overview


When bandwidth management type Global is enabled on that interface and the availableingress and egress traffic are configured to 10 Mbps, the following occurs:

By default, the traffic types are sent to the Medium (4) Priority queue. This queue has, bydefault, a Guaranteed percentage of 50 and a Maximum percentage of 100. These values meanthat the cumulative link capability is 10 Mbps with no global BWM enabled policies configured.

PlatformsThe global BWM feature is available in SonicOS Enhanced 5.8.1.0.

• SonicWALL NSA E8500




• SonicWALL NSA 5000


• SonicWALL NSA 3500• SonicWALL NSA 2400


• SonicWALL TZ 210 / 210 Wireless





Using Global BWM


Using Global BWMThis section contains the following subsections:

• “Firewall Settings > BWM” section on page 4

• “Configuring Global BWM” section on page 6

Firewall Settings > BWMTo view the BWM configuration, navigate to the Firewall Settings > BWM page.

This page consists of the following entities:



Using Global BWM


Note The defaults are set by SonicWALL to provide BWM ease-of-use. It is recommended thatyou review the specific bandwidth needs and enter the values on this page accordingly.

• Bandwidth Management Type Option:– WAN — Only WAN zones can have assigned guaranteed and maximum bandwidth to

services and have prioritized traffic.– Global — (Default) All zones can have assigned guaranteed and maximum bandwidth

to services and have prioritized traffic.– None — Disables BWM.

• Priority Column — Displays the priority number and name.

• Enable Checkbox — When checked, the priority queue is enabled.

• Guaranteed and Maximum\Burst Text Field — Enables the guaranteed andmaximum/burst rates. The corresponding Enable checkbox must be checked in order forthe rate to take effect. These rates are identified as a percentage. The configuredbandwidth on an interface is used in calculating the absolute value. The sum of allguaranteed bandwidth must not exceed 100%, and the guaranteed bandwidth must not begreater than the maximum bandwidth per queue.

The default settings for this page consists of three priorities with preconfigured guaranteed andmaximum bandwidth. The medium priority has the highest guaranteed value since this priorityqueue is used by default for all traffic not governed by a BWM enabled policy.

Note Every time the Bandwidth Management Type is changed, all bandwidth managementsettings on the Firewall Rules will be reset to the factory defaults; therefore, you MUST reconfigure those rules.



Using Global BWM


Configuring Global BWMGlobal BWM can be configured using the following methods:

• “Configuring Interfaces” section on page 6

• “Configuring Firewall Access Rules” section on page 8

• “Configuring Application Rules” section on page 9

• “Configuring App Flow Monitor” section on page 15

Configuring Interfaces

You can configure global BWM for each interface.

To configure global BWM per interface, perform the following steps:

Step 1 Navigate to the Network > Interfaces page.

Step 2 Click the Configure icon in the Configure column for the interface for which you want to setglobal BWM. The Edit Interface dialog is displayed.



Using Global BWM


Step 3 Click the Advanced tab.

Step 4 Under Bandwidth Management, check Enable Egress or Enable Ingress or both checkboxes,and then enter the available bandwidth in kilobits per second (Kbps).

Step 5 Click OK .



Using Global BWM


Configuring Firewall Access Rules

You can configure global BWM for each firewall rule. This method configures the direction inwhich to apply BWM and sets the priority queue.

To configure global BWM for a firewall rules, perform the following steps:

Step 1 Navigate to the Firewall > Access Rules page.Step 2 Click the Configure icon for the rule you want to edit.

The Edit Rule General tab dialog is displayed.

Step 3 Click the Ethernet BWM tab.

Step 4 Select the checkboxes, select the Bandwidth Priority, and then click OK .

Note All priorities will be displayed (Realtime – Lowest) regardless if all have been configured. Referto the Firewall Settings > BWM page to determine which priorities are enabled. If the BandwidthManagement Type is set to Global and you select a Bandwidth Priority that is not enabled, thetraffic is automatically mapped to the level 4 priority (Medium). For a BWM Type of WAN, thedefault priority is level 7 (Low).



Using Global BWM


Step 5 Verify that BWM has been set.

Configuring Application Rules

Application layer BWM allows you to create policies that regulate bandwidth consumption byspecific file types within a protocol, while allowing other file types to use unlimited bandwidth.This enables you to distinguish between desirable and undesirable traffic within the sameprotocol. Application layer bandwidth management is supported for all Application matches, aswell as custom App Rules policies using HTTP client, HTTP Server, Custom, and FTP filetransfer types.

Note It is a best practice to configure BWM settings before configuring App Control policies thatuse BWM.

After bandwidth management is enabled on the interface, you can configure BWM for a specificapplication rule on the Firewall > App Rules page.

To configure global BWM for a specific application, perform the following steps:

Step 1 Navigate to the Firewall > App Rules page.



Using Global BWM


Step 2 Under App Rules Policies, select the Action Type: Bandwidth Management . The page will sort by Action Type Bandwidth Management.

Step 3 Click the Configure icon in the Configure column for the policy you want to change. The Edit App Control Policy window is displayed.

Step 4 Change the Action Object to the desired policy, and then click OK .

Note All priorities will be displayed (Realtime – Lowest) regardless if all have been configured.Refer to the Firewall Settings > BWM page to determine which priorities are enabled. If youselect a Bandwidth Priority that is not enabled, the traffic is automatically mapped to theMedium Priority (default).

The change will take effect when you return to the App Rules page.



Using Global BWM


Understanding BWM Action Objects

Action Objects define how the App Rules policy reacts to matching events. You can customizean action or select one of the predefined default actions. The predefined actions are displayedin the App Control Policy Settings page when you add or edit a policy from the App Rules page.

Custom BWM actions behave differently than the default BWM actions. Custom BWM actionsare configured by adding a new action object from the Firewall > Action Objects page andselecting the Bandwidth Management action type. Custom BWM actions and policies usingthem retain their priority level setting when the Bandwidth Management Type is changed fromGlobal to WAN, and from WAN to Global.

A number of BWM action options are also available in the predefined, default action list. TheBWM action options change depending on the Bandwidth Management Type setting on theFirewall Settings > BWM page. If the Bandwidth Management Type is set to Global, all eightlevels of BWM are available. If the Bandwidth Management Type is set to WAN, the predefinedactions list includes three levels of WAN BWM.

The following table lists the predefined default actions that are available when adding a policy.

If BWM Type = Global If BWM Type = WAN

• BWM Global-Realtime

• BWM Global-Highest

• BWM Global-High

• BWM Global-Medium High

• BWM Global-Medium

• BWM Global-Medium Low

• BWM Global-Low

• BWM Global-Lowest

• WAN BWM High

• WAN BWM Medium

• WAN BWM Low



Using Global BWM


• Maximum Bandwidth

• Enable Tracking Bandwidth Usage

In case of a BWM type of WAN, the configuration of these options is included in the followingsteps.

Note All priorities will be displayed (0 –7) regardless if all have been configured. Refer to theFirewall Settings > BWM page to determine which priorities are enabled. If you select aBandwidth Priority that is not enabled, the traffic is automatically mapped to the MediumPriority (default).

Step 4 In the Bandwidth Aggregation Method drop-down list, select one of the following:

• Per Policy – When multiple policies are using the same Bandwidth Management action,each policy can consume up to the configured bandwidth even when the policies are activeat the same time.

• Per Action – When multiple policies are using the same Bandwidth Management action,the total bandwidth is limited as configured for all policies combined if they are active at thesame time.

Step 5 Do one or both of the following:

• To manage outbound bandwidth, select the Enable Outbound Bandwidth Management checkbox.



Using Global BWM


• To manage inbound bandwidth, select the Enable Inbound Bandwidth Management checkbox.

Step 6 To specify the Guaranteed Bandwidth , optionally enter a value either as a percentage or askilobits per second. In the drop-down list, select either percentage (%) or Kbps .

If you plan to use this custom action for rate limiting rather than guaranteeing bandwidth, youdo not need to change the Guaranteed Bandwidth field.

Step 7 To specify the Maximum Bandwidth , optionally enter a value either as a percentage or askilobits per second. In the drop-down list, select either percentage (%) or Kbps .

If you plan to use this custom action for guaranteeing bandwidth rather than rate limiting, youdo not need to change the Maximum Bandwidth field.

Step 8 For Bandwidth Priority , select a priority level from the drop-down list, where 0 is the highestand 7 is the lowest.

Step 9 Optionally select Enable Tracking Bandwidth Usage to track the usage. When bandwidthusage tracking is enabled, you can view the usage in the Action Properties tooltip by mousingover the BWM action of a policy on the Firewall > App Rules page.

Step 10 Click OK .

You can see the resulting action in the Action Objects screen.



Using Global BWM


Configuring App Flow Monitor

BWM can also be configured from the App Flow Monitor page by selecting a service typeapplication or a signature type application and then clicking the Create Rule button. TheBandwidth Management options available there depend on the enabled priority levels in theGlobal Priority Queue table on the Firewall Settings > BWM page. The priority levels enabledby default are High, Medium, and Low.

Note You must have the SonicWALL Application Visualization application enabled beforeproceeding.

To configure BWM using the App Flow Monitor, perform the following steps:

Step 1 Navigate to the Dashboard > App Flow Monitor page.

Step 2 Check the service-based applications or signature-based applications to which you want toapply global BWM.

Note General applications cannot be selected. Service-based applications and signature-basedapplications cannot be mixed in a single rule.



Using Global BWM


Note Create rule for service-based applications will result in creating a firewall access rule andcreate rule for signature-based applications will create an application control policy.

Step 3 Click Create Rule . The Create Rule pop-up is displayed.

Step 4 Select the Bandwidth Manage radio button, and then select a global BWM priority.Step 5 Click Create Rule .

A confirmation pop-up is displayed.

Service-based Application Options Signature-based Application Options



Using Global BWM


Step 6 Click OK .

Step 7 Navigate to Firewall > Access Rules page (for service-based applications) and Firewall >App Rules (for signature-based applications) to verify that the rule was created.

Note For service-based applications, the new rule is identified with a tack in the Commentscolumn and a prefix in Service column of ~services=<service name>. For example,~services=NTP&t=1306361297.

Note For signature-based applications, the new rule is identified with a prefix,~BWM_Global-<priority>=~catname=<app_name> in the Name column and in the Objectcolumn prefix ~catname=<app_name>.

Service-based Application Successful Signature-based Application Successful



Glossary

GlossaryBandwidth Management (BWM): Refers to any variety of algorithms or methods used toshape or police traffic.

Guaranteed Bandwidth: A percentage of the total available bandwidth on an interface, whichwill always be granted to a certain class of traffic. The total Guaranteed Bandwidth across all

BWM rules cannot exceed 100% of the total available bandwidth. The Guaranteed Bandwidthcan also be set to 0%.

Inbound (Ingress) BWM: The ability to shape the rate at which traffic enters a particularinterface.

Maximum Bandwidth: A percentage of the total available bandwidth on an interface definingthe maximum bandwidth to be allowed to a certain class of traffic. The Maximum Bandwidth canbe set to 0%, which will prevent all traffic. When both Guaranteed and Maximum bandwidth areset to 0% and the priority is assigned to a particular traffic type, in any policy, that particulartraffic will be dropped due to zero assigned bandwidth.

Outbound (Egress) BWM: Conditioning the rate at which traffic is sent from an interface.Outbound BWM uses a credit (or token) based queuing system with 8 priority rings to servicedifferent types of traffic, as classified by Access Rules.

Priority: An additional dimension used in the classification of traffic. SonicOS uses eightpriority values (0 = highest, 7 = lowest) to comprise the queue structure used for BWM. Queuesare serviced in the order of their priority.

Queuing: To effectively make use of the available bandwidth on a link. Queues are commonlyemployed to sort and separately manage traffic after it has been classified.

Part Number: 232-000740-00_Rev_A

Solution Document Version History

Version Number Date Notes1 6/11 This document was created.

sonicos 5.8.1 global bwm feature module-1

Documents