Firewall > QoS Mapping
486
SonicOS Enhanced 4.0 Administrator Guide
f. Start off with the highest priority ring 0 and process all queues in this priority in a round
robin fashion. H323 has Pkt3 of 500B which is sent since it can use up to max = 2560
(MBW-GBW). Now Link credit = 7500 and max = 2060.
g. Move to the next queue in this priority ring which is VNC queue. Pkt3 of 500B is sent
out leaving link credit = 7000B and class max = 140 (MBW-GBW - 500).
h. Move to the next queue in this priority ring. Since H323 queue is empty already we
move to the next queue which is VNC again.
i. From VNC queue Pkt4 of 40B is sent out leaving link credit = 6960 and class max =
100. Pkt5 of 500B is not sent since class max is not enough.
j. Now we move onto next lower priority queue. Since priority rings 1 through 3 are empty
we choose priority ring 4 which has the rule queue for FTP. Pkt2 of 1000B is sent which
leaves with link credit = 6000 and class max = 280. Since there are no other queues in
this priority, FTP queue is processed again. But since class max is not enough for Pkt3
of 1500B it is not sent.
k. Move to the next lower priority ring which is 7 for Yahoo Messenger. Pkt1 of 1200B is
sent leaving link credit = 4800 and class max = 80. Since no other queues exist in this
priority, this queue is processed again. Pkt2 of 1500B is not sent since it cannot be
accommodated with max = 80.
l. At this point, all the queues under all priority rings are processed for the current time
slice.
Inbound Bandwidth Management
Inbound BWM can be used to shape inbound TCP and UDP traffic. TCP’s intrinsic flow control
behavior is used to manage ingress bandwidth. To manage inbound UDP traffic, CBQ is used
by the ingress module to queue the incoming packets. TCP rate is inherently controlled by the
rate of receipt of ACKs; i.e. TCP sends out packets out on the network at the same rate as it
receives ACKs. For IBWM, the sending rate of a TCP source will be reduced by controlling the
rate of ACKs to the source. By delaying an ACK to the source, round-trip time (RTT) for the flow
is increased, thus reducing the source’s sending rate.
An ingress module monitors and records the ingress rate for each traffic class. It also monitors
the egress ACKs and queues them if the ingress rate has to be reduced. According to ingress
BW availability and average rate, the ACKs will be released.