Bandwidth Control FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
Line 18: Line 18:


Usually, when creating a rule you want to specify your conditions like "Source Address" = "192.168.1.100" AND "Client has no Quota" is True. With the second condition this rule matches on the first session of 192.168.1.100 and immediately given a quota.  The next time the rules are evaluated this rule will not match because of the "Client does not have quota" condition fails, and the rest of the rules are evaluated normally.
Usually, when creating a rule you want to specify your conditions like "Source Address" = "192.168.1.100" AND "Client has no Quota" is True. With the second condition this rule matches on the first session of 192.168.1.100 and immediately given a quota.  The next time the rules are evaluated this rule will not match because of the "Client does not have quota" condition fails, and the rest of the rules are evaluated normally.


=== I added a rule to add a client to the penalty box, and now the client is exempt from all prioritization rules. Why? ===
=== I added a rule to add a client to the penalty box, and now the client is exempt from all prioritization rules. Why? ===

Latest revision as of 02:20, 21 April 2016


Why are the rules evaluated on the first ten packets of a session?

Often rules involve session "meta-data" conditions such as HTTP: Hostname or Application Control: Application. These meta-data tags are usually completed fairly quickly (first few packets) but they are usually not known until the first few packets. As such the session is evaluated initially and the next 9 packets. This is to ensure that all rules that involve meta-data have a chance to fire. After the first ten packets the meta-data typically does not change and the rules are no longer consulted.


Dropping a Quota does not seem to work. Why?

If you have a rule set to give quotas automatically if a host doesn't have a quota it is probably being given a new quota again very quickly which gives the appearance that you can't delete the quota.


I added a rule to add quotas and the quotas are constantly being refilled and/or full. Why?

Rules are evaluated in order. The action for the first matching rule is taken.

If the first rule is the list say if "Source Address" = "192.168.1.100" then "Give Client a Quota" of "100Mb" then this rule will match EVERY time the rule is evaluated when Source Address = "192.168.1.100." In other words, every time that 192.168.1.100 creates a session it will be given a new quota because that is exactly what the rule says to do. This also ensures that 192.168.1.100 is entirely exempt from any rules following this rule because this rule will ALWAYS match on all sessions from 192.168.1.100.

Usually, when creating a rule you want to specify your conditions like "Source Address" = "192.168.1.100" AND "Client has no Quota" is True. With the second condition this rule matches on the first session of 192.168.1.100 and immediately given a quota. The next time the rules are evaluated this rule will not match because of the "Client does not have quota" condition fails, and the rest of the rules are evaluated normally.


I added a rule to add a client to the penalty box, and now the client is exempt from all prioritization rules. Why?

The same reason as the above FAQ. Rules are evaluated in order. The action for the first matching rule is taken.

If you create a rule at the top that says if "Source Address" = "192.168.1.100" then "Send Client to Penalty Box" then every time the rule is evaluated on traffic from 192.168.1.100 it will be sent to the penalty box and no further rules are evaluated. This effectively exempts 192.168.1.100 from all rules that follow because Rules are evaluated in order. The action for the first matching rule is taken.

Usually, when creating a penalty box rule you want to specify your conditions like "Source Address" = "192.168.1.100" AND "Client is in Penalty Box" is NOT True. With the second condition this rule matches on the first session of 192.168.1.100, which is immediately put in the penalty box. The next time the rules are evaluated this rule will not match because of the "Client is in Penalty Box" is true and the condition specified it should be NOT true. At this point the rest of the rules are evaluated normally, except 192.168.1.100 is in the penalty box as expected.