DiffServ in firewall rules

The code points from the DiffServ field can be evaluated by firewall rules for further control over QoS parameters such as minimum bandwidth or PMTU reduction.

In LANconfig, the parameters for evaluating the DiffServ fields are set when the QoS rule is defined:





Depending on the selected DSCP type (BE, CS, AF, EF), additional drop-down lists enable you to set the applicable values. Alternatively, the DSCP decimal value can be entered directly. A table listing the valid values can be found under What is DiffServ?.

When configuring from the command line, these parameters are entered here: Setup > IP-Router > Firewall > Rule-List

The rule in the firewall is extended by the condition "@d" and the DSCP (Differentiated Services Code Point). The code point can be specified either by its name (CS0 - CS7, AF11 to AF 43, EF or BE) or its decimal or hexadecimal representation. For example, “Expedited Forwarding” can be specified as “@dEF”, “@d46” or “@d0x2e”. Collective names (CSx or AFxx) are also possible.

Examples:

The examples listed here reserve a required bandwidth for Voice-over-IP phone calls. The first element “%Lcds0 @dAFxx %A“ accepts packets marked with DSCP “AFxx” that are used for signaling calls. Voice data marked with EF is transmitted prioritized by the entry “%Qcds32@dEF” with a guaranteed bandwidth of 32 kbps. In parallel, “%Fprw256 @dEF” sets the PMTU to 256 bytes in order to guarantee the necessary bandwidth in the receive direction.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo