Basic questions in relation to traffic shaping

  • Hello,

    I have a few questions about some basic networking aspects related to traffic shaping.
    Please bear with me (it's a bit long). This will help to eventually understand and properly set up traffic shaping.
    If anyone has the answers, please do respond to help clarify.
    Please correct me where I'm wrong.

    Let's take the case of a firewall with 1 LAN and 1 WAN interfaces.
    One LAN user initiates a connection to a web or FTP server on the Internet.
    The user can either start an upload or a download.
    The firewall has a rule on the LAN tab in the firewall rules to allow the connection.
    This rule will create entries in the state table when matched and it will also match return traffic.

    As far as I understood, the firewall maintains one state table containing source & destination IP addresses, port numbers and protocol.

    1. Is this correct or is there a state table for each interface?

    I'm asking because in another post, I learnt that states are created on both interfaces (incoming on LAN and outgoing on WAN for a connection initiated from a LAN user).
    Whether a LAN user makes an upload or download, the states are as above: incoming on LAN and outgoing on WAN.

    Now, suppose the LAN user uploads a file to a remote server.
    We can say that the bulk of the data flows from LAN to Internet, while ACK packets flow in the opposite direction.
    For a download initiated by the same LAN user, the bulk of the data flows from the Internet to the LAN, while ACK packets flow in the opposite direction.

    2. Are the same states (incoming on LAN and outgoing on WAN) created in both cases (upload & download initiated from LAN)?

    I also learned in another post that we have to match/shape where the state is created.
    I also know that we can only shape traffic going out from an interface.

    3. Now, when I create a queue on any interface (LAN or WAN) and specify the bandwidth, I suppose I am specifying the bandwidth to which I want to shape the traffic going out of that interface. Is this correct?
    If yes, then a queue attached to LAN implies shaping download and a queue on WAN implies shaping upload.

    Once I get answers to the above questions, we can carry on clarifying other issues.

    Thanks a lot for all your help.

Log in to reply