- 1 About Bandwidth Control
- 2 Settings
- 3 Reports
- 4 Related Topics
- 5 Bandwidth Control FAQs
- 5.1 Why are the rules evaluated on the first ten packets of a session?
- 5.2 Dropping a Quota does not seem to work. Why?
- 5.3 I added a rule to add quotas and the quotas are constantly being refilled and/or full. Why?
- 5.4 I added a rule to add a client to the penalty box, and now the client is exempt from all prioritization rules. Why?
About Bandwidth Control
Bandwidth Control gives you the power to monitor and control bandwidth usage on your network. It can be used to ensure that your network continues to operate smoothly and that bandwidth is shared optimally based on what is important to you. Many organizations struggle with bandwidth problems such as students watching online videos or clients using BitTorrent while more important tasks struggle to complete for bandwidth. You can use Bandwidth Control to do things like give high priority to Video Chat or slow down all traffic coming out of machines using BitTorrent.
This section reviews the different settings and configuration options available for Bandwidth Control.
This displays the current status and some statistics.
The setup wizard configures the initial configuration of Bandwidth Control - please pay attention to the prompts as they provide valuable information on how the application works and the answers to your questions will determine the configuration.
- Configure WAN download and upload bandwidth: After the welcome screen, you will be asked to set the bandwidth rates of your WAN interface.
- This is the most important setting in the configuration of Bandwidth Control. If you are unsure it is recommended to run some bandwidth tests when there is no other activity to determine the true download and upload rates of your WAN connection. Entering a value around 95%-100% of the measured value is typically ideal. If the value is too low, Bandwidth Control will unnecessarily limit bandwidth to the value you have entered. If the value is too high, Bandwidth Control will be less effective as it will over-allocate bandwidth and lose some ability to differentiate by priority. You will be asked to repeat this process for each WAN interface.
- Choose a starting configuration: After setting the WAN settings, choose a starting configuration that best suites your organization.
- Each configuration's goals are described as well as what is prioritized and deprioritized. These rules can be customized later - this is just a starting configuration.
- Quotas: In addition to the starting configuration, quotas can also be configured.
- Most sites will not need quotas, however quotas can be extremely useful in some scenarios to prevent users from monopolizing resources. To enable quotas, click on Enable and provide information that best suites your organization.
- Quota Clients: The clients will be given quotas. Be careful to not give a range that includes any servers and machines that you don't want to have quotas.
- Quota Expiration: The expiration time of each quota (or length of time the quota will be in use.) After a quota expires a new quota will be granted.
- Quota Size: The size of the quota each host is granted (in bytes).
- Quota Exceeded Priority: The priority given to hosts after they exceed their quota (if they do so).
More information on Quotas and how they work can be found in the Quotas section.
After this your configuration of Bandwidth Control is complete and Bandwidth Control is enabled!
The rules tab contains most of the configuration and settings controlling the behavior of Bandwidth Control. Rules determine the action that will be taken when traffic passes through Bandwidth Control. For each session the rules are evaluated in order until the first match is found, then the action associated with the matching rule is performed and the data chunk is sent on its way. If no rule is found the no action is taken. If the session has been given no priority it is given the default QoS priority, which is normally Medium.
Note: Unlike most Rules in other apps, the rules in Bandwidth Control are consulted not only when the session is formed but also again on the first ten packets because some matchers such as "HTTP: Hostname" or "Application Control: Application" are not known until several packets into the session. Also, all of a host's sessions will be reevaluated when they are added/removed to the penalty box or when a quota is exceeded so active sessions will be reprioritized accordingly.
Extensive rule sets can be created (and imported and exported) that carefully assign the correct priorities to the desired traffic and perform the desired actions at the desired times.
The Rules documentation describes how rules work and how they are configured.
- Set Priority Sets the matching session to the chosen priority.
- Priority The priority to be assigned.
- Send Client to Penalty Box: Sends the matching client to the Penalty Box.
- Penalty Time is the time they'll spend in the Penalty Box.
- Give Client a Quota: Gives the client IP a quota
- Quota Expiration defines how long their quota will last
- "End of Hour" means the quota will expire at the 59th minute of the hour.
- "End of Day" means the quota will expire at 11:59pm of the day.
- "End of Week" means the quota will expire 1 minute before the end of week (Saturday 11:59pm if US-localized)
- An integer can also be specified for the number of seconds the quota will last from the creation date.
- Quota Size defines the size of their quota.
- Quota Expiration defines how long their quota will last
The overall effect of Bandwidth Control is to map traffic to priorities which are enforced by the QoS engine. There are 7 Priorities: Very High, High, Medium, Low, Limited, Limited More, and Limited Severely.
The first four priorities can be thought of as "normal" - Very High, High, Medium, and Low. They are given certain precedence over bandwidth rights. Very High traffic has the option to consume bandwidth before High, Medium, and Low. The Very High bucket will be assigned the largest amount of bandwidth, less to High, even less to Medium, and much less to Low.
The other three - Limited, Limited More, and Limited Severely - are different in that they will never use all available bandwidth. The classes are punitive because they will limit bandwidth to a percentage of the whole even if there is more available.
To read much more in depth about the effects of prioritization and how bandwidth allotment works, see QoS.
Note: Effective Bandwidth Shaping is all about assigning the correct priorities such that important traffic is never starved by less important traffic.
A fundamental principle is that limiting traffic to a fixed low rate enforcement is almost never the right thing to do because wasted bandwidth is irrecoverable. In cases where the desire is to starve less important traffic it should be assigned a lesser priority (medium or low) so that it can still consume all bandwidth if no more important tasks are available. This means the less important task will finish quicker so that later these resources are free and this occurs definitionally at no expense to higher priority traffic, ever.
The priorites that limit to less than 100% even when the bandwidth is unused (Limited, Limited More, and Limited Severely by default) are useful for punitive situations.
Quotas are set amounts of data that can be used over a certain amount of time. This is useful for sites where you want to punish excessive usage. For example, in a hotel we want each IP to get 1 GB a day, but if this amount is exceeded it will be considered excessive and that host can be treated differently (be blocked, receive less bandwidth, etc). By using quotas and rules, bandwidth abusers are handled automatically requiring no administrator intervention.
Quotas can be assigned to Users or Hosts and the current quota status can be viewed by clicking on Users or Hosts accordingly. All sessions' data passing through untangle gets counted against the corresponding Host or User.
The Reports tab provides a view of all reports and events for all traffic handled by Bandwidth Control.
This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings. All pre-defined reports will be listed along with any custom reports that have been created.
Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.
Pre-defined report queries:
|Bandwidth Control Summary||A summary of Bandwidth Control actions.|
|Bandwidth Usage||The approximate averaged data transfer rate (total, sent, received) over time.|
|Top Hostnames Usage||The bandwidth usage of the top hostnames.|
|Top Hostnames (by total bytes)||The sum of the data transferred grouped by hostname.|
|Top Hostnames (by received bytes)||The sum of the received data grouped by hostname.|
|Top Hostnames (by sent bytes)||The sum of the sent data grouped by hostname.|
|Top Clients Usage||The bandwidth usage of the top clients.|
|Top Clients (by total bytes)||The sum of the data transferred grouped by client address.|
|Top Usernames Usage||The bandwidth usage of the top usernames.|
|Top Usernames (by total bytes)||The sum of the data transferred grouped by username.|
|Top Server Port Usage||The bandwidth usage by top server port.|
|Top Ports (by total bytes)||The sum of the data transferred grouped by server port.|
|Top Ports (by received bytes)||The sum of the data received grouped by server port.|
|Top Ports (by sent bytes)||The sum of the data sent grouped by server port.|
|Top Applications Usage||The bandwidth usage of the top applications.|
|Top Application (by total bytes)||The sum of the data transferred grouped by Application Control application.|
|Top Application (by received bytes)||The sum of the data sent grouped by Application Control application.|
|Top Application (by sent bytes)||The sum of the data sent grouped by Application Control application.|
|Top Categories Usage||The bandwidth usage of the top application categories.|
|Top Category (by total bytes)||The sum of the data transferred grouped by Application Control category.|
|Top Priorities Usage||The bandwidth usage by priority.|
|Top Priorities (by total bytes)||The sum of the data transferred grouped by priority.|
|Top Countries Usage||The bandwidth usage by top countries.|
|Top Countries (by total bytes)||The sum of the data transferred grouped by country.|
|Bypassed (by total bytes)||The sum of the data transferred grouped by bypassed.|
|All Sessions||All sessions processed by Bandwidth Control.|
|Quota Events||Shows when quotas are assigned or expired.|
|Prioritized Sessions||All sessions prioritized by Bandwidth Control.|
The tables queried to render these reports:
Bandwidth Control FAQs
Why are the rules evaluated on the first ten packets of a session?
Often rules involve session "meta-data" conditions such as HTTP: Hostname or Application Control: Application. These meta-data tags are usually completed fairly quickly (first few packets) but they are usually not known until the first few packets. As such the session is evaluated initially and the next 9 packets. This is to ensure that all rules that involve meta-data have a chance to fire. After the first ten packets the meta-data typically does not change and the rules are no longer consulted.
Dropping a Quota does not seem to work. Why?
If you have a rule set to give quotas automatically if a host doesn't have a quota it is probably being given a new quota again very quickly which gives the appearance that you can't delete the quota.
I added a rule to add quotas and the quotas are constantly being refilled and/or full. Why?
Rules are evaluated in order. The action for the first matching rule is taken.
If the first rule is the list say if "Source Address" = "192.168.1.100" then "Give Client a Quota" of "100Mb" then this rule will match EVERY time the rule is evaluated when Source Address = "192.168.1.100." In other words, every time that 192.168.1.100 creates a session it will be given a new quota because that is exactly what the rule says to do. This also ensures that 192.168.1.100 is entirely exempt from any rules following this rule because this rule will ALWAYS match on all sessions from 192.168.1.100.
Usually, when creating a rule you want to specify your conditions like "Source Address" = "192.168.1.100" AND "Client has no Quota" is True. With the second condition this rule matches on the first session of 192.168.1.100 and immediately given a quota. The next time the rules are evaluated this rule will not match because of the "Client does not have quota" condition fails, and the rest of the rules are evaluated normally.
I added a rule to add a client to the penalty box, and now the client is exempt from all prioritization rules. Why?
The same reason as the above FAQ. Rules are evaluated in order. The action for the first matching rule is taken.
If you create a rule at the top that says if "Source Address" = "192.168.1.100" then "Send Client to Penalty Box" then every time the rule is evaluated on traffic from 192.168.1.100 it will be sent to the penalty box and no further rules are evaluated. This effectively exempts 192.168.1.100 from all rules that follow because Rules are evaluated in order. The action for the first matching rule is taken.
Usually, when creating a penalty box rule you want to specify your conditions like "Source Address" = "192.168.1.100" AND "Client is in Penalty Box" is NOT True. With the second condition this rule matches on the first session of 192.168.1.100, which is immediately put in the penalty box. The next time the rules are evaluated this rule will not match because of the "Client is in Penalty Box" is true and the condition specified it should be NOT true. At this point the rest of the rules are evaluated normally, except 192.168.1.100 is in the penalty box as expected.