Support
Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland
|
 Posted: Wed Oct 09, 02 17:38 Post subject: My filtering limits are not working as I expected them to. |
 |
|
The limit parameter functions by counting packets exclusively, and thus does not function by looking at the size of these packets. To limit the bandwidth one has to know the size of the packets and make a mathematical operation from this starting point. Otherwise one would just be limiting the number of packets not the bandwidth used. This adds a level of complexity if you are trying to use Filter Limits to shape traffic since not all packets are of the same size. For instance while an FTP packet may always be the largest possible (1.5kb) a telnet session often sends one packet for each letter pressed on the keyboard.
Also, using low burst levels (<5) is not as reliable for limiting throughput as higher values (>10) so we recommend using always 10 or higher for this parameter.
To use limit rules to control bandwidth one will have to:
- Choose the right mix of limit and burst to meet your throughput needs.
- Identify specifically the traffic that you wish to limit.
The numbers below shows that mixing the two parameters will provide different throughput possibilities. It is recommended to test the data transfers that one wishes to limit to be sure that the desired goal has be reached. Please note that these are not guaranteed throughputs, just the results of tests with a particular FTP server and transferred file. Be sure to make your own tests to verify your filters meet your needs.
| Code: | Limit/s Burst Kbps Seconds Bytes
200 30 1550 23.7 3830272
100 30 1030 35.6 3830272
50 30 712.06 52.7 3830272
30 30 428.68 87.6 3830272
20 30 285.63 131.5 3830272
10 30 143.16 262.3 3830272
5 30 71.33 528.5 3830272
200 15 1000 36.7 3830272
100 15 715.04 52.5 3830272
50 15 564.97 66.5 3830272
30 15 403.76 93 3830272
20 15 284.37 132.1 3830272
10 15 138.43 271.3 3830272
5 15 71.04 528.6 3830272
200 10 702.06 53.5 3830272
100 10 543.91 69 3830272
50 10 447.89 83.8 3830272
30 10 289.42 129.7 3830272
20 10 283.19 132.6 3830272
10 10 136.86 274.4 3830272
5 10 71.07 528.3 3830272
200 5 435.05 86.3 3830272
100 5 273.98 137.1 3830272
50 5 204.77 183.4 3830272
30 5 188.8 198.9 3830272
20 5 163.07 230.3 3830272
10 5 115.17 326 3830272
5 5 60.13 624.5 3830272 |
Here are 3 sample filter rules in the Filter> Forward tables
Rule 1: FROM lan TO wan PROT any ACTION accept
Rule 2: FROM wan TO lan PROT any ACTION accept LIMIT 200/s BURST 30
Rule 3: PROT any ACTION drop
For testing purposes in our example we left open all communication from LAN to WAN and only
limited data coming back. To limit data in both directions the rules have to be changed as shown below:
Rule 1: PROT any ACTION accept LIMIT 200/s BURST 30
Rule 2: PROT any ACTION drop
To change the throughput one could change the LIMIT and BURST to these samples taken from the table above...
i) 64kbps= LIMIT 5 BURST 10 (~70kbps)
ii) 128kbps= LIMIT 10 BURST 10 (~135kbps)
iii) 256kbps= LIMIT 20 BURST 10 (~280kbps)
iv) 512kbps= LIMIT 100 BURST 10 (~540kbps)
NOTE that using higher bursts allow for more bursty network traffic (this depends on how smoothly data travels over the selected networks.) |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
