Home > Security Appliances > Firewall and Traffic Shaping > Traffic Shaping Settings

Traffic Shaping Settings

The MX appliance/Z1 gateway includes an integrated Layer 7 packet inspection engine, enabling you to set QoS policies, load balancing, and prioritization based on traffic types and applications.

Uplink configuration

This section allows you to configure bandwidth settings, list update frequency, primary uplink, load balancing, and layer 3 uplink preferences.

Uplink bandwidth settings

This option allows you to configure the upload and download bandwidth of the uplinks. This information is needed for traffic load balancing between the active WAN / Internet ports as well as for limiting upload and download traffic through the WAN ports. You can configure Uplink 1, Uplink 2, and the cellular uplink individually. To configure different upload and download bandwidths for a particular uplink, click the details button next to that uplink's bandwidth slider.

This option determines which uplink should be the primary connection. VPN traffic and management traffic to the Meraki Dashboard use the primary uplink. If load balancing is disabled, all traffic will use the primary uplink unless an uplink preference is configured specifying otherwise.

Load balancing

When enabled, Load balancing spreads Internet traffic across both uplinks proportional to the Internet1 and Internet2 bandwidths specified above.

Example: If Internet1 bandwidth is 9 Mbps and Internet2 bandwidth is 1 Mbps, the load-balancing algorithm sends 90% of the traffic through the Internet 1 uplink and 10% of the traffic through the Internet 2 uplink.

Uplink preferences

Use this option to direct traffic matching a layer 3 definition out a particular uplink. A common use case involves sending traffic from different VLANs through different Internet uplinks, or sending a particular type of traffic such as FTP traffic out a particular uplink based on the destination port.

List update interval

This setting determines how often the MX should check for updates to security lists. You can specify an Hourly, Daily, or Weekly update interval. To specify different intervals depending on which uplink is being used to download lists, click "details". This can be useful if you want to control bandwidth usage due to security list downloads on a low-bandwidth WAN link or cellular uplink.

Features affected by this setting include IDS/IPS, Top Sites Content Filtering, and Malware Scanning.

Global bandwidth limits

This setting allows you to put limits on each client devices total network traffic (incoming / outgoing). The minimum limit on the throughput is 20 kb/s. Click details or simple to switch between two possible modes.

  • simple: Single setting that applies to both upload and download traffic throughput. Move the slider control right or left to set the limits.
  • details: Allows you to set different limits on upload and download throughput. Enter the limits manually in kb/s. You can also use this mode to create more-precise per-client limits than in simple mode.

Enable SpeedBurst: To provide a better user experience in bandwidth-limited environments, an administrator can enable SpeedBurst by selecting the Enable Speedburst checkbox. SpeedBurst allows users to exceed their assigned limit in a "burst" for a short period of time, providing a more satisfying Internet browsing experience while still preventing any one user from using more than his or her fair share of bandwidth over the longer term. Users are allowed up to four times their allotted bandwidth limit for a period of up to five seconds.

Traffic shaping rules

To optimize your network, you can create shaping policies to apply per-user controls on a per-application basis. This allows you to reduce bandwidth for recreational applications such as peer-to-peer file sharing programs, and to prioritize bandwidth for your business-critical enterprise applications.

Creating Shaping Rules

Click Create a new rule to add a traffic shaping rule. Traffic shaping policies consist of a series of rules that are performed in the order in which they appear in the policy, similar to custom firewall rules. There are two main components to each rule: the type of traffic to be limited or shaped (rule definition), and how that traffic should be limited or shaped (rule actions).

Rule Definition

Rules can be defined in two ways:

  • You can select from various predefined application categories such as Video & Music, Peer-to-Peer, or Email.
  • You can create rules by specifying HTTP hostnames (for example, salesforce.com), port numbers (such as 80), IP ranges (such as 192.168.0.0/16), or IP address range and port combinations (such as 192.168.0.0/16:80).

The rule action is enforced on all traffic that matches the specifications you select. By clicking Add an expression, you can create additional specifications for traffic that is shaped according to the same rule action.

Rule Actions

Traffic-matching-specified rule sets can be shaped or prioritized.

  • Bandwidth limits can be specified to ignore any limits specified for the whole network, to obey the specified limits, or to apply more-restrictive limits than the network limits. Use the bandwidth slider control to choose the appropriate limit for each type of traffic. To specify asymmetric limits on uploads and downloads, click details next to the bandwidth slider control.

  • Priority can be set to High, Normal, or Low, allowing the MX series to prioritize a given network flow relative to the rest of the network traffic. The ratios are as follows:

    • High: 4/7

    • Normal: 2/7

    • Low: 1/7

  • Quality of Service (QoS) prioritization can be applied to Layer 3 traffic. To prioritize traffic at Layer 3, select a value for the DSCP tag in the IP header on all incoming and outgoing IP packets. This also affects the Wi-Fi Multimedia (WMM) priority of the traffic.

For the Priority feature to work as desired, ensure that uplink throughput settings are accurate.

For QoS prioritization to work as desired, ensure that upstream networking equipment supports QoS prioritization as well.

Creating a Sample Traffic-Shaping Rule

Here is an example of how to set up a traffic shaping policy with multiple traffic-shaping rules. (For detailed examples, refer to the Deployment Guides chapter.)
To prioritize VoIP and minimize peer-to-peer traffic and gaming, create a new traffic-shaping policy by following the steps below:

  1. In the Rule #1 Definition pull-down menu, choose VoIP & video conferencing.
  2. Under Bandwidth limit, choose Ignore network limit.
  3. In the Priority pull-down menu, choose High.
  4. Under DSCP tagging, choose 7 (WMM Voice).
  5. Click Add a new shaping rule.
  6. In the Rule #2 Definition pull-down menu, choose Peer-to-peer (P2P).
  7. Click Add an expression.
  8. In the new pull-down menu, choose Gaming.
  9. In the Bandwidth limit section, click Choose a limit and use the slider to choose a low throughput (the minimum is 20 kb/s).
  10. Save your changes by clicking Save Changes at the bottom of the page.

HTTP content caching

When this setting is enabled, the MX will cache web content on its local hard drive. This can improve end-user experience by reducing page load times and file download times for frequently accessed web content. This option is not available on the MX60, MX60W, MX64, MX64W, MX65, or MX65W.

You must to post a comment.
Last modified
14:25, 13 May 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 4366

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case