D-Link DFL-1660 User Manual page 405
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (595 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
10.1.12. More Pipe Examples
The pipe chaining can be used as a solution to the problem of VPN overhead. A limit which allows
for this overhead is placed on the VPN tunnel traffic and non-VPN traffic is inserted into a pipe that
matches the speed of the physical link.
To do this we first create separate pipes for the outgoing traffic and the incoming traffic. VoIP
traffic will be sent over a VPN tunnel that will have a high priority. All other traffic will be sent at
the best effort priority (see above for an explanation of this term). Again, we will assume a 2/2
Mbps symmetric link.
The pipes required will be:
•
vpn-in
•
Priority 6: VoIP 500 kpbs
•
Priority 0: Best effort
Total: 1700
•
vpn-out
•
Priority 6: VoIP 500 kpbs
•
Priority 0: Best effort
Total: 1700
•
in-pipe
•
Priority 6: VoIP 500 kpbs
Total: 2000
•
out-pipe
•
Priority 6: VoIP 500 kpbs
Total: 2000
The following pipe rules are then needed to force traffic into the correct pipes and precedence
levels:
Rule
Name
vpn_voip_out
vpn_out
vpn_voip_in
vpn_in
out
in
With this setup, all VPN traffic is limited to 1700 kbps, the total traffic is limited to 2000 kbps and
VoIP to the remote site is guaranteed 500 kbps of capacity before it is forced to best effort.
SAT with Pipes
Forward
Return
Src
Source
Pipes
Pipes
Int
Network
vpn-out
vpn-in
lan
lannet
out-pipe
in-pipe
vpn-out
vpn-in
lan
lannet
out-pipe
in-pipe
vpn-in
vpn-out
vpn
vpn_remote_net
in-pipe
out-pipe
vpn-in
vpn-out
vpn
vpn_remote_net
in-pipe
out-pipe
out-pipe in-pipe
lan
lannet
in-pipe
out-pipe wan all-nets
Dest
Destination
Int
Network
vpn
vpn_remote_net
vpn
vpn_remote_net
lan
lannet
lan
lannet
wan all-nets
lan
lannet
405
Chapter 10. Traffic Management
Service
H323
All
H323
All
All
All
Prec
6
0
6
0
0
0
Advertisement
Table of Contents
Troubleshooting
