Configuring bandwidth prioritization

  • Article

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to configure DiffServ for Web traffic. Forefront TMG supports bandwidth control for HTTP and HTTPS traffic by providing packet prioritization using the Differentiated Services (DiffServ) protocol.

Configuring DiffServ consists of the following steps:

  1. Enable traffic prioritization using DiffServ.

  2. Create priorities.

  3. Configure prioritization for URLs and domains.

  4. Configure a network to use DiffServ. At least one network should be configured.

Where to start: To modify DiffServ properties, in the Forefront TMG Management console tree, click the Web Access Policy node. Then, under Related Tasks, click Configure DiffServ Preferences.

Enabling traffic prioritization using DiffServ

  • On the General tab, select that Enable network traffic prioritization according to DiffServ (Quality of Service) BITS.

Configuring priorities

  1. On the Priorities tab, click Add.

  2. In the Add Priority dialog box, do the following:

    • In Priority name, type a name for this priority.

    • In DiffServ bits, type the appropriate six-digit binary string that represents the DiffServ value (this is also known as DSCP, the Differentiation Services Codepoint). The binary string should match the binary string used by your router for a particular Quality of Service (QoS) setting.

  3. On the Priorities tab, select Apply a size limit to this priority if the priority should apply only to requests or responses of a maximum size. Then, in Size limit, specify the maximum size in bytes.

  4. Select Allow special handling of request and response headers if Forefront TMG should handle headers with a different (higher) priority than other parts of requests and responses. This option applies to the first block of traffic, and not to the first packet.

  5. Then, in Use this priority, select the priority to apply to headers.

Assigning DiffServ prioritization to a URL

  1. On the URLs tab, click Add.

  2. In the Add URL Priority dialog box, do the following:

    • In URL, type a URL to prioritize. Use an asterisk (wildcard character) at the end of the URL to specify a group of URLs.

    • In Priority, select the priority to assign to the specified URL.

  3. In the URLs tab, use the UP ARROW and DOWN ARROW keys to place the URLs in priority order. If a more general URL precedes a specific URL, the specific URL will never be matched.

Forefront TMG uses the priorities listed on the URLs tab to apply DiffServ to content that can be inspected by Forefront TMG. Content that is tunneled over HTTPS cannot be inspected, and a URL priority should not be used. As an alternative, use a domain name.

Assigning DiffServ prioritization to a domain

  1. On the Domains tab, click Add.

  2. In the Add Domain Priority dialog box, do the following:

  3. In Domain, type a domain to prioritize. Use an asterisk (wildcard character) to specify an entire domain.

  4. In Priority, select the priority to assign to the specified domain.

  5. In the URLs tab, use the UP ARROW and DOWN ARROW keys to order the domain priorities.

Configuring a network to use DiffServ

  • On the Networks tab, select the networks to which DiffServ should be applied. Note that packet prioritization using DiffServ only works in networks whose routers support Quality of Service (QoS) functionality.

Concepts

Configuring publishing