Manage Bandwidth with Traffic ShapingThe traffic of one or more full-speed download sessions take its toll on the overall network performance. The results are:
- Slow web page access and downloads for your customers.
- Network congestion among internal work-stations.
- Lack of responsiveness with interactive services, such as VoIP.
- Random Bandwidth depending on the activities of just a few people.
|The above problems are perfectly natural when unlimited bandwidth capacity is available to everyone within the organization and when the network administrator lacks the tools to manage bandwidth allocation.|
IntroductionThe InJoy Firewall's Traffic Shaping feature offers a solution to the problems mentioned above, by providing easy-to-use bandwidth management and traffic prioritizing capabilities. Additionally, in version 4.0 of InJoy Firewall, the code has been hardened to get even more precise and fair distribution of available bandwidth between the Internet sessions.
|Central Control||Traffic shaping is performed centrally on the gateway computer and no special software is required on the LAN work-stations.|
|Rule driven||With simple firewall rules identifying the traffic to shape, packets can be assigned to a special priority queue or bandwidth can be managed by the rule itself. The rule driven traffic shaping enables you to individually shape any type of traffic and you can also combine traffic shaping with other powerful rule based features, such as time-dependency.|
|Measurable||Through rule-matching counts, the InJoy Firewall access rules monitor provides you with real-time insight into the distribution of packets among individual shaping rules. For a more visual presentation, the Traffic Shaping Statistics monitor allows you to follow the packet distribution in real-time:|
|Pre-configured Samples||Popular ready-to-deploy traffic shaping examples are included and if you just enable traffic shaping in the InJoy Firewall, it's preconfigured to prioritize your traffic - click here to see how.|
Traffic Shaping Features
|Priority Packet Queues||
By placing different types of traffic in different queues and then
assigning these queues different priorities, you can control the
order in which packets are de-queued and sent.
The InJoy Firewall ships with 4 priority queues and a number of traffic shaping rules that make use of these queues. Read more>>
|TRUE IDLE QUEUES - The InJoy Firewall uniquely makes use of OS thread scheduling to prioritize traffic, thereby allowing certain low-priority activities to only take place when the CPU is truly idle. This powerful feature completely prevents important traffic from being affected by less-important, yet high-speed traffic - such as Internet based backup, P2P or game server traffic.|
|Bandwidth capacity per rule||Rule based traffic shaping allows a single firewall rule to limit the bandwidth capacity of all matching traffic. For example, through a single firewall rule, you can limit all outgoing ftp traffic to 10K per second or limit the traffic of an individual user. The possibilities are endless.|
|Group based Traffic shaping||Each host matching a specific rule is provided a 'virtual' pipe of fixed bandwidth capacity. With this method of bandwidth management, it is impossible for one user to affect another in any way. Use this type of bandwidth allocation, to e.g. distribute a maximum of 1Mbps evenly between internal users.|
|Small TCP Packet Promotion||As you download big files and web-pages, your PC has to constantly send small ACK packets to acknowledge the received data. On busy connections, ACK packets are held back by less important traffic and this round-trip latency decreases the download speed. The InJoy Firewall includes technology to promote the ACK packets, thus generally increasing your download speed.|
|Overall Bandwidth Limitation||Limiting the overall bandwidth in either the incoming or outgoing direction allows you to e.g. accommodate special ISP limitations (e.g. capacity-based billing) or prevent ADSL router queues from running full. The resolution is one kilobyte per second.|
Default Priority QueuesThe InJoy firewall ships with traffic shaping turned off, however the following traffic priority classes are defined - waiting to be enabled:
- Priority Class 1 - Running at high priority - 85%
- Priority Class 2 - Running at normal priority - 50%
- Priority Class 3 - Running at low priority - 35%
- Priority Class 4 - Running at idle priority - 10%
Default Traffic Shaping rulesFirewall rules can assign certain types of traffic to certain types of priority classes. The InJoy firewall does it like this - per default:
- All traffic is placed in the low priority queue (3) by default.
- Traffic on ports 1-1024 are placed in the normal priority class (2).
- Interactive traffic of protocols such as: telnet, ssh, www, icq, dns, ftp port 21, irc and ICMP, are placed in the high priority queue (1).
- Outgoing www and ftp data connections (i.e. uploads from your Internet server) are specifically placed in the low-priority queue (3).
- Peer-to-Peer traffic in placed in the idle priority class (4).
Note: The rules are evaluated top-down and they can of course be easily customized for your specific requirements.