8. Traffic Shaping Example
This is a simple example of how to configure traffic shaping in your firewall.
8.1. Before you begin, check the maximum download rate
In order to determine the size of the pipes, you need to know the average download rate of your WAN interface. To do so, you need to run the following command on a machine in that WAN:
$ curl -o /dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip |
A download of a very large file will start. After some minutes, you can cancel it (by pressing Ctrl+C) and take a look at the download statistics. You'll see something like this:
The value under the Average Download column is what you need. In this network, after a 91-second test, we obtained an Average Download Rate of 211Kb/s. To make sure we're not surpassing it, we will substract 10% from this value and use it as a maximum. We'll assume we have a maximum bandwidth of 190 Kb/s.
8.2. Setting Up the Pipes
For our example we will set up two pipes: one limited to 150 Kb/s for high-speed connections, and one limited to 40 Kb/s for low-speed connections.
8.3. Setting Up the Queues
In our high-speed connections, we want to have two queues: one for high-priority connections (weight 90) and one for low-priority connections (weight 30).
8.4. Setting Up the Rules
After defining our pipes and queues graph, we need to define the rules to filter the actual traffic:
- SSH connections will be redirected to High-priority queue beneath High-speed pipe.
- HTTP connections will be redirected to Low-priority queue beneath High-speed pipe.
- All other connections will be redirected to Low-speed pipe.
1 comment:
thanks for shearing nice info
Post a Comment