Classifying Data Streams

Introduction

The goal of classification is to categorize each traffic stream that passes through the network. By identifying all traffic, the server is able to perform different types of processing depending on the stream type such as prioritization, quality of service and class based speed limiting.

The class system inspects each network packet and identifes which stream it belongs to. It does this by checking the properties for the packet including the network adapter it arrived on, source and destination addresses, protocol, size and other information. After the packet is identified the server places the packet into a corresponding queue for further processing.

Packets are stored in the queue for a short period of time until they are ready to be sent by the processing system. Rules determine the delay, queue depth, priority and other processing information that applies to each queue.

Layer 2 Inspection

The server operates at Layer 2 in the network stack which allows it to view all of the properties for each stream including Ethernet, IP and TCP/UDP information. At this layer the traffic is broken down from streams into packets which range between 54 and 1518 bytes in size.

Each packet contains identifing information in the form of a virtual envelope called a header. Headers comprise of protocol specific data such as source and destination address, packet size, layer number and other properties.

Each layer in the network stack attaches its own header to the packet containing information that is specific to that layer. This allows the server to classify all layered protocol information such as MAC address and packet size information at layer 2, IP addresses at layer 3 and TCP ports at layer 4.

There are also types of stream information that are not specific to any layer such as direction and network adapter. These properties are recorded and used to classify packets into their appropriate queues.

Queueing Criteria

There are a number of methods available to sort traffic into queues. The different criteria that may be used to classify streams are as follows:

  • Network Adapter - The network interface that corresponds to the stream. For incoming data this is the adapter the stream is being received on, for outgoing data it is the adapter the stream is being sent on. Note that this is the network interface on the Bandwidth Controller server, not the client or internet site being used.
  • Direction - The direction of travel for the stream, i.e. whether it is an upload or a download. The context of this parameter is from the point of view of the internet connection. So any data sent from the local network to the modem is upload, any data received from the internet is download. Adapter orientation must be set correctly in the program options for direction to be properly determined (Internet-facing and LAN-facing settings).
  • Protocol - The data stream's Layer 2 - 4 protocol. Possible values are IP, TCP, UDP, ICMP, or Other. 'Other' protocol is used to identify all traffic types that are not covered by built-in protocols.
  • Local Endpoint - The local computer for the connection. The local endpoint consists of an address (MAC address, IP address or domain name) or an address group. It may also contain an optional TCP / UDP port or port range.
  • Remote Endpoint - The remote computer for the connection. The remote endpoint consists of an address (MAC address, IP address or domain name) or an address group. It may also contain an optional TCP / UDP port or port range.

Group Policies

Group policies are used in situations where an entire group of users must be classified into a single queue. Rather than specifying an address as the local or remote endpoint, a group policy is used to specify a collection of addresses.

Group policies are implemented in the form of Address Groups which are configured in the View, Address Groups menu within the client application. The Address Group window allows the administrator to define the groups that can be used for rule classification. Once a group is created it is stored on the server and may be used in any rule endpoints as long the the classification critera contains a protocol that supports addressing such as IP, TCP, UDP or ICMP.

Following are some of the benefits of using address groups:

  • Rule complexity - If a there are several rules that apply to the same group of computers it is possible to reduce complexity by placing those addresses into a single group, rather than creating a separate rule for each computer.
  • Non-contigous address ranges - Often it is necessary to classify a group of computers that do not have IP addresses in a simple range (e.g. from 192.168.1.20 to 192.168.1.30). In these cases address groups allow a group of computers to share a single queue even if their addresses are not allocated in a range. For example, 3 computers with addresses of 10.0.0.48, 192.168.2.67 and 192.168.2.104.