The Quotas page is used to specify the actions to apply when usage quotas are exceeded.
Topics:
- What is a quota?
- How do I specify a quota?
- How do I modify an existing quota?
- How do I delete a quota?
What is a quota?
Quotas are limits on the amount of traffic that an IP address is allowed to generate over a given interval. For example, a quota might be set to trigger if an IP address averages over 10Mb/s of traffic for 15 minutes.
Quotas are not the same as hardware rate limits. If you were to set a 10Mb/s rate limit on an IP address, it would never be able to generate more than 10Mb/s of traffic. Limiting each IP address' traffic to avoid oversubscribing the network is an extremely conservative policy that is expensive to implement and provides users with poor (but predictable) network performance. In most networks, a small group of addresses is responsible for generating most of the traffic. The quota controller is used to identify addresses that are generating excessive traffic so that bandwidth limits are only applied to those addresses, ensuring fair access to the network for everyone.
How do I specify a quota?
Click on the New button to create a new quota.
The quota form has the following parameters:
- Enabled, Enable or Disable this quota.
- Path, limit the control to a particular group of addresses. In order for path filtering to work, you must add CIDRs to the configuration for each group of addresses want to assign quotas to (see How do I edit groupings?).
- Control Type, the type of control action to take when an address exceeds its traffic quota. Options are: Priority and Rate Limit (see Controller>Settings.
- Interval, the interval over which to calculate the traffic totals.
- Traffic, specify which traffic to count for each address. Options are: Off-Site, Outside Zone, Outside Group and All. In order for these values to be correctly computed you need to make sure that you have added CIDRs to the configuration for all the locally assigned address space (see How do I edit groupings?).
- Trigger, the average traffic rate (computed over the specified interval) that will trigger a control action.
- Clear, the percentage of the Trigger rate that the traffic must fall below before the control action will be removed.
- Where, a filter used to restrict the traffic that will contribute to the computed traffic rate.
- Comment, a comment used to identify the quota and explain its purpose.
A basic filter expression consists of the name of an attribute, an operator and a set of comma separated values. The allowed operators are:
- = equals
- != not equals
- ~ matches a reqular expression
- !~ does not match a regular expression
Expressions can be combined using brackets and the boolean operators:
- & boolean AND
- | boolean OR
The following examples illustrate typical where filters:
- ipsource = 10.1.1.23
- ipdestination != 10.0.0.0/24,10.0.1.0/24
- serverport = TCP:80,TCP:81,TCP:8080-8088
- sourcezone ~ research.*
- ipsource = 10.0.0.1 & ipdestination = 10.0.0.2
- ipsource = 10.0.0.1 & (sourceport = TCP:80 | destinationport = TCP:80)
- sourcezone = EXTERNAL | destinationzone = EXTERNAL
Note: The special zone EXTERNAL refers to addresses that aren't contained in any of the CIDRs specified using File > Configure.
WARNING Care should be taken if a value in a filter expression contains any of the following special characters: (, ), &, |, !, =, ~, ",', \, comma or space. If the value contains any of these characters then the whole value string can be enclosed in single or double quotes, or the special characters can be individually escaped with a \. The following examples show different ways of using the value "Research & Development" in filters:
- serverzone = "Research & Development", Sales
- clientzone = 'Research & Development'
- sourcezone = Research\ \&\ Development
- serverpath = ">>Research & Development>Data Center"
Note: Special characters typically occur because they are used in Zone or Group names when configuring Traffic Sentinel (see File>Configure). Care should be taken when filtering on zone, group or path attributes.
How do I modify an existing quota?
Click on the Edit button next to the quota that you want to modify to edit the quota settings.
How do I delete a quota?
Click on the Remove button next to the quota you want to delete.