PHPKB Knowledge Base Software Logo  
Guru Corner
Online Knowledgebase System  
Knowledge Base Home Knowledge Base Home
Home > All Categories > Dell > SonicWALL > Bandwidth Management on SonicWall NSA
Question Title Bandwidth Management on SonicWall NSA

I was surprised at how easy it was to implement Bandwidth Management on our public wireless using our SonicWALL NSA 240.  Here’s how I did it. Your mileage may vary.

Step one. Log into your SonicWALL.



Step Two. Navigate to Network –> Address Objects and create an “ Object” to match your Public Wireless Traffic. Click “ Add…” under Address Objects. 


 


I created an object called “PublicWiFi-Test” for this example and matched it to traffic on network 192.168.11.0/24 which is the IP address range of our Public Wi-Fi traffic.  You can match to a number of other identifiers as well.



  Step Three.  Navigate to Firewall –> Access Rules.  Change the view style to “ All Rules” and then click “ Add”.

 

Now is when we actually tell the SonicWALL what we want to do with the Public Wireless Traffic. In the window that comes up fill out the fields like I have below. What we are doing is telling the firewall to process traffic that is from the LAN to the WAN, from any Service, matching the PublicWiFi-Test object that we defined earlier, to any destination.

 

On the “ Advanced” tab, leave everything as the default, but check the “ Create a reflexive rule” so that inbound traffic will be matched as well.



On the QoS tab, change the DSCP Marking Action to “ Explicit”. Then change the “ Explicit DSCP Value” to “ 0 – Best effort/Default”.  That way, if you have some other policies downstream that mark or generate traffic with a higher DSCP (like video) the PublicWiFi traffic won’t mess with your video feed.


Now, on the Ethernet BWM tab, you will actually configure the Bandwidth Management. Check the first box and then enter a percent or Kbps value for the Guaranteed bandwidth and the Maximum Bandwidth. This first section will apply your settings to “Outbound” traffic or in Internet terms, Upload Speed. One MB should be a good cap. You can also set the “ Bandwidth Priority” to 7 which is the lowest. I’m not sure which takes precedence since you already set a value in the QoS tab. Now, click the next box and set the download values. At the bottom you can check the “ Enable Tracking Bandwidth Usage” if it makes you happy. Click OK and your ready to go!



Step Four. You can now test your new policy out by going to a site like http://www.speakeasy.net/speedtest If you’ve done it right, your upload and download numbers should match the numbers you set in your policy.

SonicWALL Bandwidth Management

Bandwidth management allows you to assign guaranteed and maximum bandwidth to services and prioritize traffic on all WAN zones. Using access rules, bandwidth management can be enabled on a per-interface basis. Packets belonging to a bandwidth management enabled policy will be queued in the corresponding priority queue before being sent on the bandwidth management-enabled WAN interface. All other packets will be queued in the default queue and will be sent in a First In and First Out (FIFO) manner (a storage method that retrieves the item stored for the longest time).

How SonicWALL Bandwidth Management Works

SonicWALL bandwidth management can assign a portion of the available bandwidth and a priority to each class of network traffic. Priorities rank from 0 (zero), highest, to 7, lowest. Defining a class of traffic that has 0 bandwidth allocated to it effectively blocks the traffic unless there is no other traffic with higher priority on the network. The packet classifier analyzes a packet when it arrives for its packet protocol, source information, and destination information. It then allocates the packet to a class queue where it waits to be processed. If the queue is full, the packet is dropped. Normal retransmission of data ensures that the packet is sent again.

Class queues are processed based on the amount of bandwidth allocated (guaranteed and maximum), and the priority assigned to the class queue. Within the class queue, packets are processed on a first-in, first-out basis. When network traffic reaches the maximum allocated to the class, packets from the next class in priority order are processed. Typically, each class is allocated a portion of the available bandwidth, and when that limit is reached, no more traffic for that particular class is forwarded. But if there is available bandwidth on the network that is not in use by a particular class, a class can temporarily borrow bandwidth and send traffic until the maximum bandwidth allocated to the class is reached. Spare bandwidth is allocated among the highest priority classes until no more bandwidth is available or until all of those classes have reached their maximum bandwidth. If this happens, the remainder of the bandwidth is divided among the next priority classes. This process is repeated until all of the available bandwidth is consumed.

Example Scenario
If you create an access rule for outbound mail traffic (such as SMTP) and enable bandwidth management with the following parameters:

  • Guaranteed bandwidth of 20 percent
  • Maximum bandwidth of 40 percent
  • Priority of 0 (zero)

The outbound SMTP traffic is guaranteed 20 percent of available bandwidth available to it and can get as much as 40 percent of available bandwidth. If this is the only access rule using bandwidth management, it has priority over all other access rules on the SonicWALL security appliance. Other access rules use the remaining bandwidth (minus 20 percent of bandwidth, or greater than minus 20 percent and less than minus 40 percent of bandwidth).

Note: Access rules using bandwidth management have a higher priority than access rules not using bandwidth management. Access rules without bandwidth management are given lowest priority.

Authored by: Guru Corner
Click Here to View all the questions in SonicWALL category.
File Attachments File Attachments
There are no attachment file(s) related to this question.
Article Information Additional Information
Article Number: 280
Created: 2013-07-07 3:45 PM
Rating: No Rating
 
Article Options Article Options
Print Question Print this Question
Export to Adobe PDF Export to PDF File
Export to MS Word Export to MS Word
 
Search Knowledge Base Search Knowledge Base
 
 

Powered by Guru Corner