Page 164 SonicWALL Internet Security Appliance Administrator’s Guide
SonicWALL Bandwidth Management
Bandwidth management is a means of allocating bandwidth resources to critical applications on a
network. By controlling the amount of bandwidth to an application or user, the network
administrator can reduce network traffic congestion, prevent a small number of users from
consuming all available bandwidth, or allow priority applications to run smoothly.
Bandwidth management works by allocating traffic to a class based upon application type, source
or destination addresses, or a combination of both. Traffic is then scheduled according to minimum
and maximum bandwidth configured for each traffic type.
Bandwidth Management is controlled by the SonicWALL Internet Security Appliance on outbound
traffic only. It is activated in the Ethernet tab. Configuring Bandwidth Management is handled in the
Rules tab of the Access section, which allows you to manage outgoing traffic according to TCP/IP or
UDP ports, services (FTP, HTTP, E-mail, SIP, etc.) and source and destination IP addresses. VPN
traffic can also be managed by enabling bandwidth management on the VPN Configure tab, and
then specifying the Guaranteed, Maximum, and priority of all VPN traffic through the SonicWALL.
Alert Bandwidth management cannot be configured for individual VPN Security Associations. It can
only be configured for all VPN traffic.
How SonicWALL Bandwidth Management Works
SonicWALL Bandwidth Management can assign a portion of the available bandwidth and a priority
to each class of network traffic. Priorities rank from 0 (zero), highest, to 7, lowest. Defining a class
of traffic that has 0 bandwidth allocated to it effectively blocks the traffic unless there is no other
traffic with higher priority on the network.
The packet classifier analyzes a packet when it arrives for its packet protocol, source information,
and destination information. It then allocates the packet to a class queue where it waits to be
processed. If the queue is full, the packet is dropped. Normal retransmission of data ensures that
the packet is sent again.
Class queues are processed based on the amount of bandwidth allocated (guaranteed and
maximum), and the priority assigned to the class queue. Within the class queue, packets are
processed on a first-in, first-out basis. When network traffic reaches the maximum allocated to the
class, packets from the next class in priority order are processed.
Typically, each class is allocated a portion of the available bandwidth, and when that limit is
reached, no more traffic for that particular class is forwarded. But if there is available bandwidth on
the network that is not in use by a particular class, a class can temporarily borrow bandwidth and
send traffic until the maximum bandwidth allocated to the class is reached.
Spare bandwidth is allocated among the highest priority classes until no more bandwidth is
available or until all of those classes have reached their maximum bandwidth. If this happens, the
remainder of the bandwidth is divided among the next priority classes. This process is repeated until
all of the available bandwidth is consumed