Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
Options
Suggested

How to limit UDP traffic?

Michal Talman CZ

Hi,

I have a problem with UDP packet shaping.

I have a special program that downloads data from the internet from a customer via UDP and port 33003.

The problem is that even though I have shaping set up and the data is capped at 250Mbps from the firewall to PC, the source from the internet keeps trying to send data at full speed. see attach.

The line is then congested and there is no traffic at all.

How do I get the source to slow down?



Added TAGs
[edited by: Raphael Alganes at 3:24 PM (GMT -8) on 24 Feb 2025]
  • +1

    In the end we found the following.

    The program works by being connected to the source via SSH and the sending speed is controlled by the program itself.

    The rule is that the sending speed on the WAN interface is always 2x greater than the set shaping or the actual speed at which the data flows into the program.

    I set the shaping to 100Mbit and the data was only 200Mbps at a time on the WAN interface.

    So beware of IBM's ASPERA!

    • 0

      I am not an expert on this but I'm not sure you can shape incoming UDP traffic on a WAN interface. UDP traffic doesn't require acknowledgements from the receiver, it just blasts it out and hopes it arrives, there is no ACK mechanism to make the sender pause, so no way to tell the sender to slow down within the UDP protocol. I believe that programs that use UDP build flow control into their software on top of the UDP protocol not as part of it (unlike TCP). As the firewall only has the UDP controls available it can't stop the packets arriving. Once that traffic is within your network, it can decide to drop the traffic rather than forward it on, which, I guess, is why the shaping works on your LAN interface, the firewall is dropping the excess traffic rather than forwarding it on to the LAN interface.

      As I say said, I am not an expert on this. Maybe someone with greater knowledge can confirm or contradict this.

      Do you know why your program uses UDP to transfer data? UDP is usually used for time sensitive content like voice calls where the data has to be delivered in real time and it makes no sense to retransmit the data.

    • 0

      Are your traffic-shaping settings and WAN-interfaces configured with the correct available bandwith?

      Otherwise traffic shaping might not apply correctly.

    Unfiltered HTML