Firewall > QoS Mapping
487
SonicOS Enhanced 4.0 Administrator Guide
Algorithm for Inbound Bandwidth Management
IBWM maintains eight priority rings, where each priority ring has one queue for a rule that has
IBWM enabled. The IBWM pool is processed from the highest to lowest priority ring further
shaping the traffic. IBWM employs three key algorithms:

Ingress Rate Update

This algorithm processes each packet from the WAN and updates the ingress rate of the class
to which it belongs. It also marks the traffic class if it has over utilized the link.
a. Determine that the packet is from the WAN zone and is a firewall packet.
b. Add the packet length to the sum of packet lengths received so far in the current time
slice. Deduct the minimum of (GBW, packet length) from link’s credit.
c. If the sum is greater than the class’s credit, mark the class to be over utilizing the link.
d. If the packet length is greater than the link’s credit, mark the link as well as the class to
be over utilized.

Egress ACK monitor

This algorithm depicts how the egress ACKs are monitored and processed.
a. Determine that the packet is to the WAN zone and is a TCP ACK.
b. If class or interface is marked as over utilizing, queue the packet in the appropriate
ingress rule queue.

Process ACKs

This algorithm is used to update the BW parameters per class according to the amount of BW
usage in the previous time slice. Amount of BW usage is given by the total number of bytes
received for the class in the previous time slice. The algorithm is also used to process the
packets from the ingress module queues according to the available credit for the class.
Credit-Based Processing
A class will be in debt when its BW usage is more than the GBW for a particular time slice. All
the egress ACKs for the class are then queued until the debt is reduced to zero. At each
successive time slice, debt is deducted by GBW and if link BW is left, (MBW – GBW) is also
deducted.
Compute BW usage in the previous time slice:
a. Compute average ingress rate using the amount of BW usage by the class.
b. If the BW usage is more than the class credit, record the difference as debt. If link BW
is left over, deduct (MBW - GBW) from debt.
c. Compute the class and link credit for the current time slice:
If the class is in debt, deduct GBW from debt and also from link’s credit, indicating
that the class has already used up its GBW for the current time slice.
If class is not in debt and there are packets arriving for this class, accumulate link
credit; i.e. add GBW to credit at each time slice.
Class is marked as over utilizing if debt is nonzero.
d. Process packets from ingress pool from highest priority ring to lowest priority ring.