< Home

Web: Example for Configuring Dynamic Even Distribution to Equally Distribute Bandwidth Resources to Users

This section provides an example for configuring dynamic even distribution to equally and dynamically assign bandwidth resources to each user based on the number of online users.

Networking Requirements

As shown in Figure 1, the number of online users of department A in an enterprise is not fixed. To prevent some employees from exclusively occupying the limited bandwidth resources, the enterprise requires to enable the bandwidth management function on the FW to evenly and dynamically distribute the bandwidth resources to the online users. Specific requirements are as follows:

  • The maximum downstream bandwidth of department A cannot exceed 60 Mbit/s.
  • The bandwidth resources (60 Mbit/s) of department A must be equally and dynamically assigned to each user in department A based on the number of online users.
Figure 1 Networking diagram for configuring dynamic even distribution to equally distribute bandwidth resources to users

Configuration Roadmap

  1. Set interface IP addresses and assign the interfaces to security zones.
  2. Configure a traffic profile for department A, set the overall maximum downstream bandwidth to 60 Mbit/s, and select dynamic even distribution for the per-user traffic limiting mode.
  3. Configure a traffic policy for department A and reference the traffic profile configured for department A.
  • Upstream and downstream depend on the direction of FW bandwidth policy. For simplicity, upstream refers to the direction from Trust to Untrust, and downstream refers to Untrust to DMZ in this section.
  • Assuming that the security zones, routers, and security policies have been configured, this section introduces only how to configure bandwidth management.

Procedure

  1. Set interface IP addresses and assign the interfaces to security zones.
    1. Choose Network > Interface.
    2. Click for GE0/0/3 and set the parameters as follows:

      Zone trust
      IPv4
      IP Address 10.3.0.1/24

    3. Click OK.
    4. Repeat the preceding steps to configure interface GE0/0/1.

      Zone untrust
      IPv4
      IP Address 1.1.1.1/24

  2. Configure a traffic profile for department A.
    1. Choose Policy > Bandwidth Management > Traffic Profile.

    2. Click Add and set the parameters as follows:

      Name

      profile_dep_a

      Traffic Limiting Mode

      Upstream and downstream bandwidth
      Global Traffic Limiting

      Reference Mode

      Exclusive mode

      Downstream Bandwidth Maximum

      60 Mbit/s
      Per-IP/User Traffic Limit

      Traffic Limiting Object

      Per-user

      Dynamic Even Distribution

      Enable

    3. Click OK.
  3. Configure bandwidth management for department A.
    1. Choose Policy > Bandwidth Management > Traffic Policy.

    2. Click Add and set the parameters as follows:

      In the example, user authentication configuration for department A has been completed.

      Name

      policy_dep_a

      Source Zone

      trust

      Destination Zone

      untrust

      User

      dep_a

      Action

      Limit

      Traffic Profile

      profile_dep_a

    3. Click OK.

Verification

Configuration Scripts

This section provides only the script related to the example.

#                                                                               
sysname FW           
#                                                                               
interface GigabitEthernet0/0/1   
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#                                                                               
interface GigabitEthernet0/0/3   
 undo shutdown
 ip address 10.3.0.1 255.255.255.0
#                                                                               
firewall zone trust                                                             
 set priority 85                                                                
 add interface GigabitEthernet0/0/3   
#                                                                               
firewall zone untrust                                                           
 set priority 5                                                                 
 add interface GigabitEthernet0/0/1   
#                                                                               
traffic-policy                                                                  
 profile profile_dep_a                                                          
  bandwidth maximum-bandwidth whole downstream 60000                            
  bandwidth average per-user manual multiplier 1 minimum 1000                   
 rule name policy_dep_a                                                         
  source-zone trust                                                             
  destination-zone untrust                                                      
  user user-group /default/dep_a                                                
  action qos profile profile_dep_a                                              

# The following user/group creation configuration is stored in the database, but not in the configuration profile.
user-manage group /default/dep_a
Parent Topic: Traffic Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >