I stumbled across an old diagram I made a long time ago about the direction of flows on a BlueCoat PacketShaper. Since I’ve been looking for it for about three years, I’ve diagrammed it quickly so that it is here for future reference when I’m working PacketWise in the future. PacketShaper PacketWise is one of my very favourite tools for managing traffic flows, and much preferable to PHB QoS aka DiffServ for many types of use cases.
TCP Flow and Sessions
An TCP flow has four possible directional attribute related to the use of “inside and outside” networks, and whether the flow was initiated from the client to server which sets the “direction” of the flow relative to the Packeteer. The flow is determined by who initiated the three-way handshake. For purposes here, the Client always initiates the TCP connection, and the Server terminates the connection.
TCP Session and Direction
Most people understand the three-way handshake, but not many consider the direction of the session. That is, TCP establishes two connections between each client and server – one in each direction.
The connection from the client to the server is outbound, but is inbound on the server. And vice versa, the server outbound session is inbound on the client. That’s not very useful for being able to define the direction of flows. Because it’s a bit confusing, so I use the term client-to-server session and the server-to-client session.
Why is direction important ?
For a FTP upload server, you might have the reverse condition where the inbound traffic is far more than the outbound.
To make the most of your Internet connection for this case, you could configure the inbound bandwidth on your Internet connection to be 80% FTP, 20% HTTP and the outbound bandwidth to be 20% FTP and 80% HTTP. This gives a far better utilisation, especially in regards to better TCP Windowing and overall TCP goodput.
Inside and Outside
For the purposes of a direction, the PacketShaper is usually connected with the Outside interface to the router, and the Inside interface to the internal switch. This establishes the source / destination directions.
Thus the traffic direction for Outbound is traffic initiated from Inside to Outside, and Inbound from Outside to Inside.
It’s vital to understand this, since the PacketShaper separates flows into Inbound and Outbound in the traffic tree as the primary separation. However, to configure asymmetric flows, we still need to differentiate between client to server, and server to client connections.
Outbound Destination Flows
Extending the logic so far, the PacketShaper will classify outbound flows for clients and servers like this:
Inbound destination Flows
The PacketShaper regards Inbound/Outside and Inbound/Inside in this form relative to the client and server.
The Full Map
This is the diagram I refer to when configuring my PacketShaper and trying to determine the direction of the flows for the purposes of Rate Control. It shows the four possible directions and their relationship to the PacketShaper device.
Hope this helps you as well.
This post would be a lot better if I had some screenshots of the PacketShaper configuration page but, alas, I don’t have any test units to create some dummy web pages to show you how it appears on the page. I wonder if anyone can send some screenshots to [email protected] and I’ll see if I can use them to extend this post.