SysMaster - Support - Tech Guides

In the standard transparent implementation of SysMaster, NA2 (network Adapter 2) is mapped to the internal side (LAN). Usually this is the side where users are located, so the traffic going towards him/her (user we try to limit) will be Outbound from NA2.

So NA 2 should be assigned to Outbound Traffic. The next step is to define a class. The class will instruct SysMaster as to what bandwidth it should allocate and what priority is should assign to the traffic destined to the users. Priority "one" is the highest, and "eight" the lowest, where by default it is set to "four". It is recommended that all classes have priority "four", until you decide to assign higher priority to a class.

After we define the limiting rate, the next step is to specify how to filter out the traffic destined to the target user (or group of user) for this class. Since the traffic has, as its final destination the target users, SysMaster should use his/her IP address as an identification parameter in order to associate the traffic with him/her. So if we specify:

Any packets coming from outside to the user will have to comply with the traffic rules for the respective class. We can assign multiple users (filters) within the class; this way they will share common bandwidth allocation (virtual channel). If multiple filters are competing for the same bandwidth allocation, it is recommended to select the SFQ (Stochastic Fair Queuing) option in the class properties. This way SysMaster will provide equal access for all users to the bandwidth recourses of the class (versus first-in-first-out, FIFO).

User with Dynamic IP address

In this case all settings are as above, except that the identifying parameter will be:

If our goal is to limit the traffic going to a particular user not in general, but for certain services only, than SysMaster will have to know the TCP/UDP port of the service. For Example: if we want to restrict the download of "kazaa" files to this user, the filter will look like this:

IMPORTANT: MAC addresses can be specified in an Outbound Class filter only as a destination, and in an Inbound Filter as a Source. This means that, if you need to set a filter, capturing the traffic from a MAC address, it should be specified as a source MAC address in an Inbound filter of the network adapter adjacent to this MAC address. If you wish to capture the traffic destined for this MAC, then specify it as a destination MAC address in a filter of an Outbound Class assigned to a network adapter adjacent to the MAC address.

For example: If the class rate is set to 10KBytes/sec, the user download traffic associated with "kazaa" files will be limited to 10KBytes/sec, but in the same time he/she will not be restricted if downloading simultaneously a PDF file.

For each adapter, besides the classes with desired rate, SysMaster must have one Default class for the rest of the traffic, which did not match any of the filters in the above classes. It is recommended to assign lower priority (7 or 8) and the maximum throughput of the adapter to this class. For instance: if we have a 10/100 Mb adapter, you can assign 12,800 Kbytes/s rate. The only other option to be changed is Default Yes

Since the packets are matched against each class (or the filter(s) in each class, to be exact) and if a match is found the packet are allowed in (without further filtering), it's important how we position the classes in the list. And most important is the Default class to be the last one in the list. If new classes are to be added, the Insert button should be used. Otherwise, all packets will go through the Default class, and since it does not have any filters will go straight in (or out) and the rest of the classes will be useless. The same will happen if we have a class with wider filter settings created above a stricter filter; the packets just won't have the chance to reach down to the next class after they were allowed in.

The Outbound classes and Inbound filters work the same way as in the inbound direction, except that destination MAC and destination IP addresses will become source MAC and source IP addresses, and vice versa, and configurations for adapters will switch places.