Traffic shaping essentials

Traffic shaping allows us to prioritize some traffic over other traffic, in order to optimize/improve network performance, and in some cases, lower latency. The purpose of traffic shaping is to make network traffic conform to certain predefined constraints, generally known as either a traffic profile or contract. Your service level agreement (SLA) and/or traffic conditioning agreement (TCA) with your ISP defines what traffic your ISP will accept. One of the basic parameters of this is the data rate. If packets are sent from your local network to the ISP in such a way that violates these agreements, forwarding upstream may be denied. At the very least, forwarding may be not guaranteed. Thus, it is in our interests to make sure that the traffic leaving our network does not violate these agreements, and we utilize a traffic shaper to make sure our traffic does not get dropped or penalized.

The traffic shaper is able to do this because it examines packets; if the packets meet certain criteria, they are handled differently. In this sense, traffic shaping bears similarities to firewall rules. In the case of firewall rules, packets that meet rule criteria are either allowed, blocked, or rejected. In the case of traffic shaping, packets that meet certain criteria (we can call them traffic shaping rules) are put into different queues. These queues are implemented as FIFO buffers. Priority traffic is typically sent immediately, while lower-priority traffic is held until the higher-priority traffic has passed.

Traffic shaping has to be implemented where the router can control the flow of data. Therefore, in pfSense, traffic shaping is always applied when packets are leaving the router. For example, traffic shaping of incoming traffic to the LAN is actually applied when the traffic is leaving the LAN interface. Similarly, traffic shaping of outgoing traffic is applied when traffic is leaving the WAN interface.

Traffic shaping can be used for a variety of purposes. This includes the following:

  • It can be used in a number of different scenarios where low latency is required. This includes VoIP traffic, which, if it is given the same priority as other traffic, may be affected by uploads and downloads. Similarly, if you are playing an online game, you want the response time to be as fast as possible, even if you are simultaneously downloading a file. Other applications can tolerate a higher level of latency. For example, with video streaming using online services, such as Netflix or Hulu, a certain amount of buffering is tolerable.
  • It can be used to limit the amount of bandwidth used by peer-to-peer applications. It can do this in two different ways. One is by lowering the priority of traffic coming to and from well-known peer-to-peer ports. The second is by actually examining the packets and finding out what application is generating them. The latter is known as Layer 7 inspection, or deep packet inspection. Both approaches have strengths and weaknesses. A port-based approach is easy to implement and will work in most cases, but users may be able to circumvent such an approach by using different ports. Layer 7 inspection is generally more effective in identifying peer-to-peer traffic, but it is also CPU-intensive, and it is of no help on encrypted traffic. In addition, small changes to the peer-to-peer protocol can result in Layer 7 inspection not working.
  • It can be used to make asymmetric internet connections work more smoothly. If your download bandwidth is significantly larger than your upload bandwidth, the maximum download speed may seem unattainable because you won't be able to send enough ACK packets back to the target host to keep the traffic flowing. This is most likely as the connection becomes more saturated, for example, if you are downloading a file while simultaneously loading a web page. In these situations, pfSense can prioritize ACK packets, ensuring that traffic flows and that you are able to reach the maximum download speed.
  • In business environments, traffic shaping can be used to prioritize business-related traffic.
  • ISPs have sometimes used traffic shaping to limit bandwidth consumption of certain programs (for example BitTorrent traffic) so they can take on additional customers. This is often controversial, because such connections are often advertised as unlimited connections. Nonetheless, it is yet another example of traffic shaping being used for a specific outcome.
Traffic shaping is a large component of the current debate on net neutrality. Proponents of net neutrality argue (among other things) that internet data should be treated equally, while opponents of net neutrality argue for a two-tier or multi-tiered internet, in effect arguing that there have always been different levels of service and that less regulation would promote greater freedom of choice for the consumer. It is not within the scope of this chapter to deal with the potential impact of net neutrality, which seems in any case to primarily impact the public internet and not private networks, which are the main focus of our discussion.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset