Bandwidth shaping / rate limiting specific applications

  • 3
  • Question
  • Updated 4 years ago
  • Answered
Since Netflix takes up almost 50% of our bandwidth on campus, I would like to be able to identify and limit Netflix traffic at the access point. Is that possible with the current version? If so, can someone point me in the right direction with how to set this up?
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes

Posted 5 years ago

  • 3
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
From the help file for 6.1r2 HMOP

I have never used this but this is the area you would configure it.

you can selectively apply it to networks, SSIDs etc..

You can control the flow of services identified at Layer 3 and 4 (network services) or at Layer 7 (application services) by using QoS to limit traffic flow and prioritize or deprioritize the transmissions and firewall rules to allow or block it. The configuration of QoS (Quality of Service) involves two major components:

A classifier map to map various applications in incoming traffic to Aerohive classes. Through this map, you can prioritize mission-critical applications by assigning them to higher classes and deprioritize others by assigning them to lower classes. After providing the scheduling and data rate limiting defined for that class of service, an Aerohive device can then map outgoing traffic to the appropriate QoS class for an 802.11e, 802.1p, or DiffServ classification system through the application of a marker map. This carries the QoS classification onward with the frame as the Aerohive device forwards it to the next forwarding device in the network. You apply classifier and marker maps to a network policy.
A rate control and queuing profile to define the scheduling and data rate limiting for traffic in all Aerohive QoS classes. You apply a rate control and queuing profile to user profiles.

Each component of the QoS configuration is explained in the sections that follow.

Aerohive provides two types of IP firewall policies: a network firewall policy that runs on Aerohive routers and applies to all traffic within a network, and an IP firewall policy that runs on AerohiveAPs and applies to traffic belonging to specific user profiles. The first type of firewall identifies services at Layers 3 and 4 in the OSI model (the network and transport layers). The second type of firewall can identify services at the Layers 3 and 4 or at Layer 7 (the application layer) and which is described here immediately following the QoS configuration. Using this procedure, you can add QoS Rate Control and Queuing to a user profile.

Application-based QoS and IP firewall policies are only supported on APs. They are not supported on branch routers.

To create a classifier map for an existing network policy:

Click Configuration, highlight a network policy for a wireless deployment whose QoS and IP firewall settings you want to modify, and then click OK.

On the Configure Interfaces & User Access panel, click Edit next to Additional Settings, expand the QoS Settings section, and then click the New icon ( + ) next to Classifier Map.
Enter the following to begin creating a classifier map:

Name: Enter a name for the classifier map. This is the name that will appear in the Classifier Map drop-down list in the network policy.

Description: Type a useful note about the map for future reference.

Services: Select the check box to display the Services table, which at this point just displays its heading.

Click the New icon ( + ) to the right of Logging, and then enter the following:

Service: From the drop-down list, choose Application Services. The Select Applications dialog box appears. Move the applications that you want to assign to an Aerohive QoS class from the Available Applications list to the Selected Applications list by clicking to the right of an application name and then clicking the right arrow. (Selecting the application name itself causes a pop-up window with additional information about the application to appear.) To filter the display of applications by application name or group name, enter all or part of a name in the Filter by field and click the magnifying glass icon.

When done, click OK. HiveManager returns to the Classifier Maps > New dialog box.

Continue configuring the classifier map for the services you selected, and then click the Save icon at the right of the row:

QoS Class: Choose the Aerohiveclass to which you want to map the selected applications. By default, the higher the class is, the higher its priority is.

Action: Choose Permit to pass traffic through the APs. If you choose Deny, the APs will block it.

The permit and deny actions in a QoS policy enable devices to enforce a simple stateless firewall policy that inspects packets individually, not within the context of an ongoing session. For example, a stateless firewall configured with a policy that permits outgoing requests does not associate the corresponding incoming responses as being related to the permitted outgoing requests. You must configure a separate policy permitting the return traffic. On the other hand, a stateful firewall maintains a table internally so that it can associate related outgoing and incoming traffic as part of the same session. A stateful firewall with a policy permitting outgoing traffic also permits the corresponding incoming traffic.

Because the firewall policy that you will configure next for user profiles is stateful and provides more complete coverage, choose Permit here within the context of the classifier map and set your firewall policy rules in the next section.

Logging: Select the check box to enable devices to log traffic that matches the service-to-Aerohiveclass mapping. (Devices log traffic whether the action is permit or deny.) The main use of logging traffic is to see if the devices are receiving expected-or unexpected-types of traffic when you debug connectivity issues. You can see the log entries in the event log on the devices (show logging buffered). Also, if you configure the device to send event logs to a syslog server, you can see the log entries there.

You can edit individual service-to-Aerohive class mappings by clicking the Edit icon (pencil) and remove them by clicking the Delete icon.

To add more application services to the classifier map, repeat the previous steps. When done, click the Save button in the upper right corner of the dialog box.
Choose the classifier map that you just created in the Classifier Map drop-down list.
You can also create a marker map to map classes from the Aerohive QoS class system to an 802.11e, 802.1p, or DiffServ classification system and apply that marking on all outbound traffic. Then the next forwarding device in the network can apply an appropriate level of service to the traffic it receives from the Aerohivedevice. (See the HiveManager Help for information about configuring marker maps.)
To add the classifier and marker maps to the network policy, click Save at the top of the Additional Setting panel. HiveManager returns to the Configure Interface & User Access panel.

HiveManager returns to the Configure Interface & User Access panel.

Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
Thanks for the detailed answer. I may have some more questions once I have time to walk through the explanation in my environment.
Photo of Jason Hills

Jason Hills

  • 78 Posts
  • 3 Reply Likes
Probably a silly question, but does the Classifier Map settings require similar QoS settings to be applied on the Switches/Routers?
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
QoS should be end to end