Bandwidth Shaping using QoS

Bandwidth Policies
Shaping using QoS Policies

Applicable Version: 10.00 onwards

Overview
Bandwidth Shaping is the process of manipulating, managing or controlling (shaping) portions of a
network connection and determining the allowed bandwidth consumption based on types of activities.
It is used to limit or direct bandwidth consumption by users. An administrator may use bandwidth
shaping to limit a users ability to take too much control over the Internet gateway. Bandwidth shaping
is also called bandwidth allocation or referred to as a bandwidth management tool.

Cyberoam allows administrators to manipulate the bandwidth consumption in their network by means
of various QoS policies, and other bandwidth monitoring and controlling features. This article
describes how an administrator can shape out the bandwidth consumption in a typical network setup.

Scenario
Consider a hypothetical network setup wherein the LAN consists of all users and DMZ consists of
servers. Cyberoam acts as the Internet Gateway. The total Bandwidth capacity of the ISP link
terminating on Cyberoam WAN, i.e., total traffic going out of Cyberoam WAN, is 10 Mbps. Bandwidth
Allocation is as follows:

5 Mbps of dedicated bandwidth to servers in the DMZ, which can expand upto 10 Mbps under
less or no traffic scenario.
3 Mbps of dedicated bandwidth to users surfing business-specific websites and applications,
which can expand upto 10 Mbps under less or no traffic scenario.
2 Mbps of bandwidth for rest of the traffic, which can expand upto 10 Mbps under less or no traffic
scenario.

Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).

Step 1: Create Required QoS Policies

Create Three (3) QoS policies to allocate required bandwidth to resources in the network.

Rule 1: Rule for DMZ Servers

Go to QoS > Policy > Policy and click Add to create a new policy according to parameters given
below.

Parameter Value Description

Name DMZServer_5Mbps Name to identify the Policy.

Select any one option to specify for
Policy Based On Firewall Rule
which the policy is to be created.
 Bandwidth Shaping using QoS Policies

Select the policy type.

Available Options:
Strict - User cannot exceed the defined
Policy Type Committed bandwidth limit.
Committed - User is allocated the
guaranteed amount of bandwidth and
can draw bandwidth up to the defined
burstable limit, if available.
Select any one option to specify
implementation strategy of policy.
Total(Upload + Download)
Implementation On
Available options:
- Total(Upload + Download)
- Individual(Upload/Download)
Set the bandwidth priority. Priority can
be set from 0 (highest) to 7 (lowest)
Priority 1 [Business Critical]
depending on the traffic required to be
shaped.
Set the guaranteed and burstable
bandwidth.
Guaranteed Burstable
640 - 1152 Note:
Upload and Download
Cyberoam calculates bandwidth in Kilo
Bytes per second. (I Kilo Byte per
second = 8 Kilo bits per second)
Select any one to specify the bandwidth
Bandwidth Usage Type Shared
usage: Individual or Shared.

Click OK to save policy.

 Bandwidth Shaping using QoS Policies

Rule 2: Rule for Business Critical Web Surfing

Go to QoS > Policy > Policy and click Add to create a new policy according to parameters given
below.

Parameter Value Description

Name BusinessRelated_3Mbps Name to identify the Policy.

Select any one option to specify for

Policy Based On Web Category
which the policy is to be created.
Select policy type

Available Options:
Strict - User cannot exceed the defined
Policy Type Committed bandwidth limit.
Committed - User is allocated the
guaranteed amount of bandwidth and
can draw bandwidth up to the defined
burst-able limit, if available.
Select any one option to specify
implementation strategy of policy.
Total(Upload + Download)
Implementation On
Available options:
- Total(Upload + Download)
- Individual(Upload/Download)
Set the bandwidth priority. Priority can
be set from 0 (highest) to 7 (lowest)
Priority 1 [Business Critical]
depending on the traffic required to be
shaped.
Set the guaranteed and burstable
bandwidth.

Guaranteed Burstable
384 - 1152 Note:
Upload and Download
Cyberoam calculates bandwidth in Kilo
Bytes per second. (I Kilo Byte per
second = 8 Kilo bits per second)
Select any one to specify the bandwidth
Bandwidth Usage Type Shared
usage: Individual or Shared.
 Bandwidth Shaping using QoS Policies

Click OK to save policy.

Step 2: Apply the QoS Policies

Apply the QoS Policies created in Step 1 to respective Firewall Rules and Web Categories.

Apply Policy DMZServer_5Mbps to Firewall Rule

Create a DMZ-WAN Firewall Rule and apply the QoS Policy as shown below.
 Bandwidth Shaping using QoS Policies

Apply Policy BusinessRelated_3Mbps to Web Category(s)

Apply the Policy BusinessRelated_3Mbps to one or more Web Categories that classify business
critical websites for your organization. Here, as an example, we have applied the policy
BusinessRelated_3Mbps to BusinessAndEconomy Web Category.
 Bandwidth Shaping using QoS Policies

Step 3: Set the Bandwidth Cap

By default, Cyberoam is set with a Bandwidth Cap (maximum bandwidth limit of the network) of 100
Mbps. The Bandwidth Cap is recommended to be set as 10% less of the total bandwidth capacity
obtained from the ISP. This is necessary to facilitate minor fluctuations from the ISPs side.

You can set the bandwidth cap, or maximum bandwidth limit, by following the steps below.

1. Logon to Cyberoam CLI Console (Telnet or SSH)

2. Choose option 4. Cyberoam Console and press Enter

3. Execute the following command to set maximum bandwidth limit.

console> set bandwidth max-limit <number in Kilo Bytes per seconds>

Here, we have set the max bandwidth as 1152 Kbps (10 Mbps = 10240 Kbps; 10240 10% =
9216 Kbps; 9216/8 = 1152 KBps or Kilo Bytes per second).

Note:

Cyberoam calculates bandwidth in Kilo Bytes per second. (I Kilo Byte per second = 8 Kilo bits per
second)

To check the maximum bandwidth limit in Cyberoam, execute the command:

console> show bandwidth max-limit.

 Bandwidth Shaping using QoS Policies

Step 4: Prioritize Bandwidth Allocation to Real Time Traffic

Allocate bandwidth for real time traffic having QoS policy with priority 0 (like VOIP) by executing the
following command.

console> set bandwidth allocation-behavior realtime

Step 5: Handle Traffic to which QoS Policies are NOT Applied

You can define bandwidth restrictions on traffic to which QoS Policies are NOT applied by executing
the following commands.

Enforce Bandwidth Guarantee

This ensures that the guaranteed bandwidth (as specified in QoS policies) is available to users to
which the policies are applied. To enforce bandwidth guarantee, execute the following command

console> set bandwidth guarantee enforced

Set Default Policy

If bandwidth guarantee is enforced (as shown above), you can define a Default Bandwidth Policy to
be applied on the traffic on which policies are not applied. You can set the default policy by executing
the following command.

console> set bandwidth default-policy guaranteed <number> burstable <number>

priority <number>

In the default policy, you can set the guaranteed and burstable bandwidth and priority on this traffic.

Note:

This bandwidth is applicable on Internal (LAN and DMZ) to External zone (WAN and VPN) traffic and
External to Internal zone traffic. Default Guaranteed bandwidth = 0 kbps, Burstable bandwidth = max-
limit, priority = 7 (lowest).

The above configuration enables shaping and fair distribution of the total bandwidth available to a
network. You can view the summary of how bandwidth is distributed in your network using the
command: show bandwidth total-guaranteed-bw.

Document Version 1.1 29 July, 2014