SonicWALL Internet Security Appliances manual SonicWALL Bandwidth Management

SonicWALL Bandwidth Management

Bandwidth management is a means of allocating bandwidth resources to critical applications on a network. By controlling the amount of bandwidth to an application or user, the network administrator can reduce network traffic congestion, prevent a small number of users from consuming all available bandwidth, or allow priority applications to run smoothly.

Bandwidth management works by allocating traffic to a class based upon application type, source or destination addresses, or a combination of both. Traffic is then scheduled according to minimum and maximum bandwidth configured for each traffic type.

Bandwidth Management is controlled by the SonicWALL Internet Security Appliance on outbound traffic only. It is activated in the Ethernet tab. Configuring Bandwidth Management is handled in the Rules tab of the Access section, which allows you to manage outgoing traffic according to TCP/IP or UDP ports, services (FTP, HTTP, E-mail, SIP, etc.) and source and destination IP addresses. VPN traffic can also be managed by enabling bandwidth management on the VPN Configure tab, and then specifying the Guaranteed, Maximum, and priority of all VPN traffic through the SonicWALL.

Alert Bandwidth management cannot be configured for individual VPN Security Associations. It can only be configured for all VPN traffic.

How SonicWALL Bandwidth Management Works

SonicWALL Bandwidth Management can assign a portion of the available bandwidth and a priority to each class of network traffic. Priorities rank from 0 (zero), highest, to 7, lowest. Defining a class of traffic that has 0 bandwidth allocated to it effectively blocks the traffic unless there is no other traffic with higher priority on the network.

The packet classifier analyzes a packet when it arrives for its packet protocol, source information, and destination information. It then allocates the packet to a class queue where it waits to be processed. If the queue is full, the packet is dropped. Normal retransmission of data ensures that the packet is sent again.

Class queues are processed based on the amount of bandwidth allocated (guaranteed and maximum), and the priority assigned to the class queue. Within the class queue, packets are processed on a first-in, first-out basis. When network traffic reaches the maximum allocated to the class, packets from the next class in priority order are processed.

Typically, each class is allocated a portion of the available bandwidth, and when that limit is reached, no more traffic for that particular class is forwarded. But if there is available bandwidth on the network that is not in use by a particular class, a class can temporarily borrow bandwidth and send traffic until the maximum bandwidth allocated to the class is reached.

Spare bandwidth is allocated among the highest priority classes until no more bandwidth is available or until all of those classes have reached their maximum bandwidth. If this happens, the remainder of the bandwidth is divided among the next priority classes. This process is repeated until all of the available bandwidth is consumed

Page 164 SonicWALL Internet Security Appliance Administrator’s Guide