| Home Prev |  cOS Stream 4.00.03 Administration Guide
|
Next |
|---|
A further level of control is provided within a pipe by being able to split pipe bandwidth into individual resource usage by specifying a grouping. A limit and guarantee can then be specified for each user within the group.
Specifying the Grouping Type
A group is specified by setting a value to the Grouping property of a Pipe object. The possible values for this property can be one of the following:
With the Grouping property set, the default behavior is to share the available bandwidth evenly between "users". The term "user" in this context means the set of flows belonging to a unique value within the grouping. For example, if the Grouping property is set to SourceIP, each user corresponds to a unique source IP address.
Grouping by Networks Requires the Size
If the grouping is by source or destination network then these can be specified as either an IPv4 or IPv6 network. In either case, the network size must also be specified using one of the two following Pipe object properties:GroupingIP4NetworkSize
GroupingIP6NetworkSize
Specifying Group Limits
Individual users within a grouping can have a limit specified for them in the Pipe object by setting one of the following Pipe properties:UserLimitBpsTotal
UserLimitPpsTotal
Both properties can be set if either limit is to be applied.
For example, if grouping is by SourceIP and the pipe's UserLimitBpsTotal is specified as 300 Kbps then no single IP address will be allowed more than 300 Kbps of bandwidth. Note that either user limit could also be specified as a percentage (for example, 40%) of the pipe's total capacity.
Dynamic Balancing
A mechanism that is automatically applied when a grouping is used is dynamic balancing. This means that when users in a grouping are competing for the same bandwidth, cOS Stream will distribute the bandwidth evenly across the users.However, this even competition can be deliberately distorted by allocating different precedences to different users within a grouping. Using precedences with grouping is discussed later in this section.
A Simple Grouping Example
Consider another situation where the total bandwidth limit for a pipe is 2 Gigabits/second. If the aim is to allocate this bandwidth amongst many source IP addresses so that no single IP address can take more than 300 Kbps of bandwidth, the following assignments are needed in the Pipe object:Set the pipe's LimitBpsTotal property to 2G.
Set the Grouping property for the pipe to be SourceIP.
Set the pipe's UserLimitBpsTotal property to 300 Kbps.
Bandwidth is now allocated on a "first come, first forwarded" basis but no single source IP address can ever take more than 300 Kbps. No matter how many connections are involved, the combined total bandwidth can still not exceed the pipe's total limit of 2 Gigabits/second.
Example 23.7. Traffic Shaping with Grouping
It is assumed in this example that HTTP flows will originate from wan_net on the wan interface with a destination of the server at the IP address my-server-ip on the dmz interface.
The objective is to have these flows pass through a single traffic shaping pipe with a capacity of 2 Gigabits/second and give each source IP address a limit (and therefore guarantee) of 300K Bps.
Command-Line Interface
First, create a Pipe object with the required limits:
System:/> add Pipe my-group-pipe
LimitBpsTotal=2G
Grouping=SourceIP
UserLimitBpsTotal=300K
Next, create a TrafficProfile:
System:/> add TrafficProfile my-group-tp
ForwardChain=my-group-pipe
Add the TrafficShapingRule objects that will filter the traffic. Change the CLI context to be TrafficShapingRules:
System:/> cc TrafficShapingRulesAdd a rule for HTTP traffic:
System:/TrafficShapingRules> add TrafficShapingRule
SourceInterface=wan
SourceNetwork=wan_net
DestinationInterface=dmz
DestinationNetwork=my-server-ip
Service=http
TrafficProfile=my-group-tp
Return to the default CLI context:
System:/TrafficShapingRules> ccSystem:/>
User Precedence Limits within a Grouping
Different users within a grouping could be assigned different precedences. In addition to the user limit being specified in a Pipe object, individual user precedence limits can also be specified in the Pipe object. User precedence limits can be considered as guarantees for each user within a grouping. For example, precedence 3 might have a limit of 500 Kbps specified and this is saying that a user (for example, each source IP) with precedence 3 will be guaranteed 500 Kbps at the expense of lower precedences.User precedence limits can be specified using one of the following Pipe object properties:
UserLimitBpsN - where N is the precedence.
UserLimitPpsN- where N is the precedence.
Combining the user precedence limit and the user limit means that:
The users for the grouping are first separated by the triggering rules. The TrafficProfile associated with the triggering rule will also set the precedence.
The users are then subject to the user precedence limit.
The combined traffic is subject to the user limit.
Combining Pipe and User Precedence Limits
Let us suppose that grouping is enabled by one of the options, such as source IP, and some user precedence limits (UserLimitBpsN) have been specified. How do these combine with the precedences limits specified for the pipe (LimitBpsN)?In this case where both pipe and user precedence limits are specified, the user precedence limit is a guarantee and the pipe precedence limit is still a limit. For example, if traffic is grouped by source IP and the user limit for precedence 5 (the property UserLimitBps5) is 50 Kbps and the pipe limit for this precedence (LimitBps5) is 200 Kbps then after the fourth unique source IP (4 x 50 = 200 Kbps), the pipe precedence limit is reached and the guarantees may no longer be met.
The illustration below shows this situation, with the grouping selected to be the source IP.
Example 23.8. Traffic Shaping with Grouping and Precedences
It is assumed in this example that all flows will originate from wan_net on the wan interface with a destination of the server at the IP address my_server_ip on the dmz interface.
The objective is to have these flows pass through a single traffic shaping Pipe object with a capacity of 1 Gbps and group the traffic according to its source network. The pipe's UserLimitBpsTotal property will be set so that no single user can utilize more than 95% of the pipe's capacity.
The precedence of traffic inside the group will be set according to the DSCP bits within each packet so only a single TrafficProfile object is needed with the PrecedenceLevel set to MapDSCP.
The pipe's LimitBps7 property will be set to 40% so that this precedence cannot use more than 40% of the pipe's capacity when it competes with other precedences for any bandwidth above the bandwidth "guarantee". The "guarantee" is dynamic and will be the pipe capacity divided by the number of current users. Only when the guarantee is exceeded would a user compete with other users for any spare capacity and the precedence would decide who got that capacity first.
Command-Line Interface
First, create a Pipe object with the required limits:
System:/> add Pipe my-group-prec-pipe
LimitBpsTotal=1G
Grouping=SourceNetwork
GroupingIP4NetworkSize=32
GroupingIP6NetworkSize=112
UserLimitBpsTotal=95%
LimitBps7=40%
Next, create a TrafficProfile:
System:/> add TrafficProfile my-group-prec-tp
ForwardChain=my-group-prec-pipe
PrecedenceMethod=SetDefault
PrecedenceLevel=MapDSCP
Add the TrafficShapingRule object that will filter the traffic. Change the CLI context to be TrafficShapingRules:
System:/> cc TrafficShapingRulesAdd a rule for HTTP traffic:
System:/TrafficShapingRules> add TrafficShapingRule
SourceInterface=wan
SourceNetwork=wan_net
DestinationInterface=dmz
DestinationNetwork=my_server_ip
Service=all_services
TrafficProfile=my-group-prec-tp
Return to the default CLI context:
System:/TrafficShapingRules> ccSystem:/>
For the above setup, assume there are 3 users (from 3 different source networks) called A, B and C. Their precedence is set by their DSCP bits. The three users will each be guaranteed one third (0.33 Gbps) of the pipe's capacity.
If one user is using less than one third of the pipe capacity then the remaining two will compete for the spare capacity if they are already at the one third limit. Their precedence will then decide who wins this competition. However, the highest precedence 7 will be only allowed a maximum of 40% of the pipe. In the absence of precedence 7 traffic, no user will be allowed to use more than 95% of the pipe's capacity.
