MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

My filtering limits are not working as I expected them to.

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x Frequently Asked Questions
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Wed Oct 09, 02 17:38    Post subject: My filtering limits are not working as I expected them to. Reply with quote

The limit parameter functions by counting packets exclusively, and thus does not function by looking at the size of these packets. To limit the bandwidth one has to know the size of the packets and make a mathematical operation from this starting point. Otherwise one would just be limiting the number of packets not the bandwidth used. This adds a level of complexity if you are trying to use Filter Limits to shape traffic since not all packets are of the same size. For instance while an FTP packet may always be the largest possible (1.5kb) a telnet session often sends one packet for each letter pressed on the keyboard.

Also, using low burst levels (<5) is not as reliable for limiting throughput as higher values (>10) so we recommend using always 10 or higher for this parameter.

To use limit rules to control bandwidth one will have to:
  1. Choose the right mix of limit and burst to meet your throughput needs.
  2. Identify specifically the traffic that you wish to limit.

    The numbers below shows that mixing the two parameters will provide different throughput possibilities. It is recommended to test the data transfers that one wishes to limit to be sure that the desired goal has be reached. Please note that these are not guaranteed throughputs, just the results of tests with a particular FTP server and transferred file. Be sure to make your own tests to verify your filters meet your needs.
Code:
Limit/s Burst   Kbps    Seconds Bytes
200     30      1550    23.7    3830272
100     30      1030    35.6    3830272
50      30      712.06  52.7    3830272
30      30      428.68  87.6    3830272
20      30      285.63  131.5   3830272
10      30      143.16  262.3   3830272
5       30      71.33   528.5   3830272
200     15      1000    36.7    3830272
100     15      715.04  52.5    3830272
50      15      564.97  66.5    3830272
30      15      403.76  93      3830272
20      15      284.37  132.1   3830272
10      15      138.43  271.3   3830272
5       15      71.04   528.6   3830272
200     10      702.06  53.5    3830272
100     10      543.91  69      3830272
50      10      447.89  83.8    3830272
30      10      289.42  129.7   3830272
20      10      283.19  132.6   3830272
10      10      136.86  274.4   3830272
5       10      71.07   528.3   3830272
200     5       435.05  86.3    3830272
100     5       273.98  137.1   3830272
50      5       204.77  183.4   3830272
30      5       188.8   198.9   3830272
20      5       163.07  230.3   3830272
10      5       115.17  326     3830272
5       5       60.13   624.5   3830272



Here are 3 sample filter rules in the Filter> Forward tables

Rule 1: FROM lan TO wan PROT any ACTION accept
Rule 2: FROM wan TO lan PROT any ACTION accept LIMIT 200/s BURST 30
Rule 3: PROT any ACTION drop

For testing purposes in our example we left open all communication from LAN to WAN and only
limited data coming back. To limit data in both directions the rules have to be changed as shown below:

Rule 1: PROT any ACTION accept LIMIT 200/s BURST 30
Rule 2: PROT any ACTION drop

To change the throughput one could change the LIMIT and BURST to these samples taken from the table above...

i) 64kbps= LIMIT 5 BURST 10 (~70kbps)
ii) 128kbps= LIMIT 10 BURST 10 (~135kbps)
iii) 256kbps= LIMIT 20 BURST 10 (~280kbps)
iv) 512kbps= LIMIT 100 BURST 10 (~540kbps)

NOTE that using higher bursts allow for more bursty network traffic (this depends on how smoothly data travels over the selected networks.)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x Frequently Asked Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group