Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Bandwidth Manager

The bandwidth manager is used to shape or prioritize incoming and outgoing network traffic. You can limit and prioritize bandwidth based on IP address, IP address ranges and ports.

Installation

This app has been superseded by the Bandwidth and QoS app…however, if you would like to install this legacy app, from the Linux command line (as root), run:

yum -y install app-bandwidth

You can find this feature in the menu system at the following location:

Network|Bandwidth and QoS|Bandwidth

Best Practices

Before getting started with the bandwidth configuration, it is important to know about best practices. There are two ways to approach bandwidth management:

  • Limit low priority traffic in an effort to improve speeds for high priority traffic
  • Reserve bandwidth for high priority traffic which will shuffle low priority traffic aside

It is impossible to predetermine what types of traffic will be low priority, but typically quite easy to identify important traffic (VoIP being an obvious one). Therefore, reserving bandwidth for high priority traffic is the best way to proceed with bandwidth management.

Configuration

External Interface Upload/Download Settings

The upstream and downstream rates for your external (Internet) interfaces must be specified in order to optimize the underlying bandwidth engine. If you set these values below your actual upload/download rates, then you will find your bandwidth capped by these lower values.

We recommend the SpeedTest.net online tool for measuring actual bandwidth. Please perform these tests when network traffic is low (off hours) and without a web proxy running.

If you are on a connection with a large asymmetrical ratio (e.g. 25 MB download, but only 1 MB upload), you may need to adjust your upload value to a higher value.

Add Bandwidth Rule

The basic Add Bandwidth Rule provides a simple way to specify bandwidth rules on your system. If you need more fine grained control over your bandwidth rules, see the next section: Add Advanced Rule.

Mode

There are two types of bandwidth modes available.

  • Limit - clamps the bandwidth at a maximum rate
  • Reserve - guarantees the specified bandwidth

With reserve mode enabled, the system will guarantee the minimum bandwidth and use more if it is available. When all the bandwidth that has been reserved/limited is in use, then the system will share the bandwidth proportionately.

Service

The network service, e.g. web traffic.

Direction

You must specify the direction of the bandwidth flow.

  • Flowing to your network – a user on your LAN downloading a file over the web.
  • Flowing from your network – a user on your LAN uploading a file via a peer-to-peer network.
  • Flowing to your system – inbound mail going to the mail server running on your system.
  • Flowing from your system – outbound mail from the system's mail server getting delivered to various locations on the Internet.

Rate

The bandwidth rate to reserve/limit in kilobits per second.

Greed

The greed level tells the bandwidth manager how to handle any extra available bandwidth on your network. Consider the following example:

  • A 1000 kbps connection to the Internet
  • 200 kbps reserved for web traffic, low greed
  • 300 kbps reserved for mail traffic, high greed
  • 500 kbps unallocated

If both mail and web traffic require 900 kbps each, mail traffic will get its full 300 kbps allotment, plus the majority (but not all) of the unallocated 500 kbps since the bandwidth rule is greedy. Web traffic will be guaranteed its 200 kbps, but will only get a small portion of the unallocated bandwidth.

Add Advanced Rule

Understanding the many options in the advanced bandwidth rules can be tricky. Please take a look at some of the examples in the next section for helpful hints.

Nickname

An easy to remember name to remind you of the purpose of the bandwidth rule.

IP Address/Range

The IP address parameter can contain:

  • A single IP address
  • A IP address range
  • nothing

If this field is left blank, then the bandwidth rule will be used by all IP addresses will.

When specifying an IP address range with a starting and ending IP (for example, 192.168.1.100 to 192.168.1.200), each of the individual IP addresses will be assigned the configured rule. For example, the following bandwidth rule would clamp downloads from every workstation on 192.168.1.254 to a maximum of 100 kbps:

  • IP Address Range - Destination - 192.168.1.1 : 192.168.1.254
  • Direction - Download
  • Rate - 100 kbps
  • Ceiling - 100 kbps

An alternative bandwidth range can be specified using [Network Notation|network/netmask]]. In this case, the range of IP addresses are treated as a single bandwidth rule. For example, the following bandwidth rule would clamp downloads for 192.168.1.x to a maximum of 500 kbps:

  • IP Address Range - Destination - 192.168.1.0/24
  • Direction - Download
  • Rate - 500 kbps
  • Ceiling - 500 kbps

If only one person on the 192.168.1.0/24 network was downloading, the would get the 500 kbps. If two people were downloading, they would share the 500 kbps.

Direction

The direction of the network packet flow that you desire.

  • Flowing to your network – a user on your LAN downloading a file over the web.
  • Flowing from your network – a user on your LAN uploading a file via a peer-to-peer network.

Match Address

You can specify a matching address for an advanced rule. For example, if you want to limit traffic going to the LAN IP address of 192.168.1.100, you would specify this rule as a Destination type with IP 192.168.1.100.

If the IP is left empty, then all IPs will be affected.

Match Port

You can specify a matching port for an advanced rule. For example, if you would like to limit all download web traffic to your LAN, you would specify this rule as a Source type with port 80.

If the port is left empty, then all ports will be affected.

Rate

The upload/download speed to reserve (guarantee) for the service.

Ceiling

The maximum upload/download speed allowed for the service. If you would like the rule to use all available bandwidth, leave this field blank. If you set rate and ceiling to the same value, then you will be clamping bandwidth uploads at the ceiling rate.

Greed

The greed level tells the bandwidth manager how to handle any extra available bandwidth on your network. Consider the following example:

  • A 1000 kbps connection to the Internet
  • 200 kbps reserved for web traffic, low greed
  • 300 kbps reserved for mail traffic, high greed
  • 500 kbps unallocated

If both mail and web traffic require 900 kbps each, mail traffic will get its full 300 kbps allotment, plus the majority (but not all) of the unallocated 500 kbps since the bandwidth rule is greedy. Web traffic will be guaranteed its 200 kbps, but will only get a small portion of the unallocated bandwidth.

Web Proxy Gotchas

Having a web proxy configured either on a ClearOS gateway or some other local proxy server complicates matters. As soon as a web request is made via the proxy, the source IP address for the request is lost. In other words, configuring bandwidth rules using an IP address on your local network will not have an effect for any traffic going through the proxy. See the examples for ways to limit bandwidth to your proxy server.

Examples

Unless otherwise specified, fields should be left blank or with defaults.

Limit Web Proxy Downloads to 300 kbps

If you have the web proxy enabled for your network, you can limit how much bandwidth can be used for web downloads. A Basic Rule is used for limiting the speed of web downloads:

  • Type: Basic
  • Service: HTTP
  • Direction: Flowing to the system
  • Rate: 300 kbps
  • Greed: Low

If you run your proxy in non-transparent or WPAD mode, you can also limit secure web traffic (HTTPS). Add a similar rule, but with HTTPS instead of HTTP:

  • Type: Basic
  • Service: HTTPS
  • Direction: Flowing to the system
  • Rate: 300 kbps
  • Greed: Low

If you run your proxy in transparent mode, HTTPS traffic does not pass through the proxy. In this case, you want to limit HTTPS flows to your network:

  • Type: Basic
  • Service: HTTPS
  • Direction: Flowing to the network
  • Rate: 300 kbps
  • Greed: Low

Limit Web Downloads to Workstation 192.168.1.100 to 200 kbps

Do you have a user on your network that hogs the network with downloads and video streams via a web browser? You can clamp this user to a slower speed using the following example:

  • Type: Advanced
  • Nickname: web_hog
  • Direction: Flowing to the network
  • Match Address: Destination - 192.168.1.100
  • Match Port: Source - 80
  • Rate: 200 kbps
  • Ceiling: 200 kbps
  • Greed: Medium

If you need to limit all traffic going to 192.168.1.100, remove the Match Port rule (leave it blank).

Limit Uploads from Workstation 192.168.1.100 to 200 kbps

This type of rule is useful for limiting peer-to-peer uploads for a specific user on your network.

  • Type: Advanced
  • Nickname: upload_hog
  • Direction: Flowing from the network
  • Match Address: Source - 192.168.1.100
  • Rate: 200 kbps
  • Ceiling: 200 kbps
  • Greed: Medium

Limit Downloads from Internet Host 1.2.3.4 to 250 kbps

Software updates (for example antivirus signature updates) on desktop systems can choke a network, especially when all the systems perform the update at the same time. The following example shows how to limit downloads from 1.2.3.4 to 250 kbps (even if your Internet connection is idle).

  • Type: Advanced
  • Nickname: slow_sw_updates
  • Direction: Flowing to the network
  • Match Address: Source - 1.2.3.4
  • Rate: 250 kbps
  • Ceiling: 250 kbps
  • Greed: Lowest

Reserve Bandwidth to/from a VoIP/SIP Provider

If you have a SIP provider for your VoIP system, you will want to reserve bandwidth for this traffic. You will need to provide two bandwidth rules – one for traffic from your provider, and one for traffic to your provider.

Traffic from SIP Provider

  • Type: Advanced
  • Nickname: from_sip
  • Direction: Flowing to the network
  • Match Address: Source - 1.2.3.4
  • Rate: 800 kbps
  • Greed: Highest

Traffic to SIP Provider

  • Type: Advanced
  • Nickname: to_sip
  • Direction: Flowing from the network
  • Match Address: Destination - 1.2.3.4
  • Rate: 800 kbps
  • Greed: Highest

Limit Bandwidth on a Specific LAN

If you have a segmented LAN network, you may want to limit bandwidth on a low priority LAN (for example, a guest wireless network). Here is an example for a limiting LAN 192.168.10.0/24 to 1000 kbps. To limit downloads from end users on the LAN:

  • Type: Advanced
  • Nickname: lan_10_downloads
  • Direction: Flowing to the network
  • Match Address: Destination - 192.168.10.0/24
  • Rate: 1000 kbps
  • Ceiling: 1000 kbps
  • Greed: Medium

To limit uploads from end users on the LAN:

  • Type: Advanced
  • Nickname: lan_10_uploads
  • Direction: Flowing from the network
  • Match Address: Source - 192.168.10.0/24
  • Rate: 1000 kbps
  • Ceiling: 1000 kbps
  • Greed: Medium

Units - kbit/s, kbps, Mbps, and Other Confusing Notation

Depending on where you are and who you are talking too, there are different measurement units used for bandwidth. Here are some tips to help with converting from one unit to another – capitalization is important:

Conversion tips:

  • Mega is 1000 times larger than kilo
  • A byte is 8 times larger than a bit

Examples:

  • 1 Megabit per second is approximately 1000 kilobits per second
  • 1 Megabyte per second is approximately 8000 kilobits per second
content/en_us/6_bandwidth_manager.txt · Last modified: 2016/03/16 07:24 by bchambers

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A6_bandwidth_manager&1710820176