Nebula [NSG] - traffic shaping and global bandwidth limits

Created - Updated
Serhii Boiarynov
Print Friendly and PDF
Have more questions? Submit a request

We will explain some more details about the function Global bandwidth limits function in the Nebula Control Center. The function you can find under the gateway - traffic shaping menu. The option is used to limit a client's outbound or inbound bandwidth. Please keep in mind that this is a Nebula Advanced Feature, which means you will need to have a Pro License to use this function. Otherwise, you need to Upgrade to Pro Pack to unlock this feature. 

The function looks like this:

Go to Site-wide -> Configure -> Security gateway -> Traffic shaping

First, we will describe the single options, and then we will give you an example.

  • Source First IP 
    • Enter the first IP address in a range of source IP addresses for which the security gateway applies the rule.
  • Source Last IP
    • Enter the last IP address in a range of source IP addresses for which the security gateway applies the rule.
  • Destination IPs
    • Enter the destination IP address(es) for which the security gateway applies the rule.
      Enter any if the rule is effective for every destination.
  • Port(s)
    • Enter the port number(s) (1-65535) to which the packets go. The security gateway applies the rule to the packets that go to the corresponding service port. Any means all service ports.
  • Protocol
    • Select TCP or UDP if you want to specify a protocol for the rule. Otherwise, select Any.
      Any means all services
  • Down/Up slider
    • Set the maximum upstream/downstream bandwidth for traffic from an individual source IP address. Click a lock icon to change the lock state. If the lock icon is locked, the bandwidth limit you set applies to both inbound and outbound traffic. If the lock is unlocked, you can set inbound and outbound traffic to have different transmission speeds.
  • Priority
    • Enter a number between 1 and 7 to set the priority for traffic that matches this policy. The smaller the number, the higher the priority.
      Traffic with a higher priority is given bandwidth before traffic with a lower priority.

Example:
Customer a is having 3 VLAN

  • VLAN 1 - 192.168.1.2 - 192.168.1.250
  • VLAN 2 - 192.168.2.2 - 192.168.2.250
  • VLAN 3 - 192.168.3.2 - 192.168.3.250

In total, he has a 30 Mbit connection he wants to share with each VLAN equally.
By default, the NSG is using the "shared" concept.  

That means that each rule entered in the list will share the bandwidth in total. So if you have a range of 248 addresses, those 248 addresses will share the bandwidth. 

 

 

Articles in this section

See more
Was this article helpful?
0 out of 2 found this helpful
Share