This component of Radware’ APSolute OS architecture requires an additional license for each device.
The Bandwidth Management module extends comprehensive control over bandwidth resource allocation, to prioritize all network traffic and guarantee service levels for mission critical applications. Bandwidth management policies enable the classification of traffic by user, applications, and service pricing models for the configuration and full enforcement of premium services, and differentiating application performance by business requirements, while regulating site-wide bandwidth consumption and costs.
Bandwidth Management offers a robust classification engine. Users may be differentiated between types of traffic according to any of the above parameters and to define the appropriate handing of the traffic class. This ensures that the quality of service and allocated bandwidth is appropriate for each identified type of traffic, ensuring that service is consistent and reliable.
Functionality of the bandwidth management module includes
• Prioritizing traffic based on source IP, destination IP, addresses, and range of addresses, application, port, and content/URL.
• Bandwidth limitation by source and destination IP addresses and groups of addresses, application, port, content/URL, and cookies.
• Guaranteed bandwidth per class of traffic.
• Bandwidth borrowing may be invoked when the allocated bandwidth for certain priority queues reaches its limit. In such cases, if bandwidth for other queues is not being utilized, it can be “borrowed” in order to alleviate potential bottlenecks during traffic bursts.
• A combination of prioritization and bandwidth limitation can be assigned to each class of traffic, ensuring the optimal implementation of traffic policies.
• Allows differentiating services for groups of users by content.
• Dynamic priority setting through the session.
• Diff-Serv support including fulfillment and honoring of an assigned priority.
• Multiple scheduling dispatch mechanisms including Weighted Round Robin, Class Based Queuing and Random Early Drop ensure a flexible, configurable, and optimized scheduling mechanism.
o Weighted Round Robin (WRR) – This scheduling algorithm forwards packets from each queue according to its priority until bandwidth limitation
is met. It is most used when the user wants to tune bandwidth management according to the priority of each class.
o Class Based Queuing (CBQ) – According to CBQ algorithm, within each priority queue, packets are scheduled from each class of traffic ensuring that there is no starvation of any class. This ensures that all classes within the same priority queue evenly share the bandwidth and that bandwidth limitation and guarantees are met. This algorithm is more suitable for management by bandwidth limitations. Support for borrowing bandwidth between queues is built into the CBQ algorithm and ensures overall optimization of bandwidth usage. The user can specify which classes are entitled to borrow traffic and which classes can be borrowed from.
o Random Early Drop (RED) – When queues overflow, this is mechanism randomly drops packets from lower priority queues. Because of the nature of the traffic, dropped packets are resent.
LinkProof Lab 9 – Bandwidth Management on the LinkProof (using CLI)
Lab Goals:
• Lab A – Bandwidth Management Setup
• Lab B – Basic Block Policy
• Lab C – Working with queues and bandwidth limits
• Lab D – Advanced Bandwidth Management Policies
• Lab E – Bandwidth per flow
• Lab A – Bandwidth Management Setup
Lab Goals:
• Setting up Initial Bandwidth Management components.
• Working with Classes a. Setting Up Networks b. Viewing Filters c. Port Groups
Note: It is difficult to generate enough traffic in a lab environment to saturate the bandwidth available. In order to illustrate the features detailed in this lab, the guaranteed minimum and borrowing
bandwidth limits have been set artificially low
Step By Step:
1. Create several network entities following the guidelines below.
Network Name Network Mode
IP Address or From Mask or To IP
LAN Mask 192.168.0.0 255.255.0.0
LAN IP Range 10.10.110.1 10.10.110.50
DNS Mask 4.2.2.0 255.255.255.0
ISP 1 IP Range 1.1.1.20 1.1.1.254
ISP 2 IP Range 2.2.2.20 2.2.2.254
Classes modify network create <Name> <Sub Index> <-switch value>
Switches:
classes modify network create LAN 0 -a 192.168.0.0 -s 255.255.0.0 -m "IP Mask"
classes modify network create LAN 1 -f 10.10.110.1 -t 10.10.110.50 -m "IP Range"
classes modify network create DNS 0 -a 4.2.2.0 -s 255.255.255.0 -m
"IP Mask"
classes modify network create ISP1 0 -a 1.1.1.20 -f 1.1.1.20 -t 1.1.1.254 -m "IP Range"
classes modify network create ISP2 0 -f 2.2.2.20 -t 2.2.2.254 -m
"IP Range"
2. Update the policies to activate the settings:
bwm update-policies set 1
3. Once complete it should look like the following:
4. We create a physical port group named MyPorts using port 1-4.
classes modify physical-port-groups create MyPorts 1 classes modify physical-port-groups create MyPorts 2 classes modify physical-port-groups create MyPorts 3 classes modify physical-port-groups create MyPorts 4 bwm update-policies set 1
5. Now we adapt the global BWM Parameters.
Set the following parameters:
a. RED = Global
bwm global red-mode set global
b. Check Dynamic Borrowing
bwm global dynamic-borrowing set enable
c. Set the SRP management IP address to 192.168.150.254
LP 6.x:
statistics protocol management-ip set 192.168.150.254 LP 5.x:
statistics reporting management-ip set 192.168.150.254
statistics protocol status set enabled
d. Enable ALL the reporting options
bwm statistics reporting set true bwm statistics status set enabled
e. Reboot the device to activate the changes
reboot
• Lab B – Creating a Simple Block Policy in BWM Lab Goals:
• Create a Bandwidth Management policy to block pings to the target server.
• Test the policy.
Step By Step
1. Ping an external address to make sure you get a response for example 4.2.2.2.
2. Create a new policy to block outbound ping traffic.
3. Use the information below to create the policy:
Policy Name Block-Ping
Source LAN
Destination any
Direction One Way
Action Block
Service Type Basic Filter
Service Name icmp
Reporting Report Block Packets
LP 6.x:
bwm modify policy create BlockPing dst any src LAN ac Block -dr "One Way" -pt "Basic Filter" -p icmp -rep "Report Blocked Packets"
bwm modify policy-extensions set Block-Ping -cp "Before Changes"
bwm update-policies set 1
LP 5.x:
bwm modify policy create BlockPing dst any src LAN ac Block -dr "One Way" -pt "filter" -p icmp -rbp 1
bwm global nat-handling dynamic-nat set "Local Address Classification"
bwm global nat-handling static-nat set "Local Address Classification"
bwm update-policies set 1
4. Try to ping the same address from step1 and it should now fail.
If you have the console connected you should also have a trap saying the session was blocked.
• Lab C – Creating a simple minimum and maximum policy Lab Goals:
• Create multiple policies using existing services.
• Test the policy.
Step By Step:
1. Open up an HTTP session to some website and FTP sites to verify connection speed or gauge how fast the connections will load.
2. Create a policy for FTP traffic.
Policy Name FTP
Service Type Regular Service Service Name ftp-session
bwm modify policy create FTP -dst any -src LAN -pr 0 -gbw 100 -pt
"Basic Filter" -p ftp-session -mbw 150
bwm modify policy-extensions set FTP -cp "Before Changes"
LP 5.x:
bwm modify policy create FTP -dst any -src LAN -pr 0 -gbw 100 -pt
"filter" -p ftp-session -bl 150
3. Add a second entry for HTTP, with the following parameters:
Policy Name HTTP
Service Type Regular Service
Service Name HTTP
Source LAN
Destination any
Direction Two Way
Action Forward
Priority 1
Guaranteed Bandwidth 100 Borrowing Limit or
Maximal Bandwidth
150
LP 6.x:
bwm modify policy create HTTP -dst any -src LAN -pr 0 -gbw 100 -pt
"Basic Filter" -p http -mbw 150
bwm modify policy-extensions set HTTP -cp "Before Changes"
LP 5.x:
bwm modify policy create HTTP -dst any -src LAN -pr 0 -gbw 100 -pt
"filter" -p http -bl 150
4. Now we have to Update Active Policies
bwm update-policies set 1
5. To verify if the policy is configured correctly issue
bwm active policy
And you should see these new policies in the list.
6. From your Client, FTP to a site and download a file, also go to various web pages for about 2 minutes.
7. Issue the following command during this period to monitor the bandwidth policies.
bwm monitor policy-bandwidth
8. Stop the FTP session.
9. If time permits, repeat this lab using other guaranteed and maximal values to see the different behavior.
End of Radware LinkProof Training Thank you