The bandwidth manager is used to shape or prioritize incoming and outgoing network traffic. You can limit and prioritize bandwidth based on IP address, IP address ranges and ports.
This app has been superseded by the Bandwidth and QoS app…however, if you would like to install this legacy app, from the Linux command line (as root), run:
yum -y install app-bandwidth
You can find this feature in the menu system at the following location:
<navigation>Network|Bandwidth and QoS|Bandwidth</navigation>
Before getting started with the bandwidth configuration, it is important to know about best practices. There are two ways to approach bandwidth management:
It is impossible to predetermine what types of traffic will be low priority, but typically quite easy to identify important traffic (VoIP being an obvious one). Therefore, reserving bandwidth for high priority traffic is the best way to proceed with bandwidth management.
The upstream and downstream rates for your external (Internet) interfaces must be specified in order to optimize the underlying bandwidth engine. If you set these values below your actual upload/download rates, then you will find your bandwidth capped by these lower values.
We recommend the SpeedTest.net online tool for measuring actual bandwidth. Please perform these tests when network traffic is low (off hours) and without a web proxy running.
The basic Add Bandwidth Rule provides a simple way to specify bandwidth rules on your system. If you need more fine grained control over your bandwidth rules, see the next section: Add Advanced Rule.
There are two types of bandwidth modes available.
With reserve mode enabled, the system will guarantee the minimum bandwidth and use more if it is available. When all the bandwidth that has been reserved/limited is in use, then the system will share the bandwidth proportionately.
The network service, e.g. web traffic.
You must specify the direction of the bandwidth flow.
The bandwidth rate to reserve/limit in kilobits per second.
The greed level tells the bandwidth manager how to handle any extra available bandwidth on your network. Consider the following example:
If both mail and web traffic require 900 kbps each, mail traffic will get its full 300 kbps allotment, plus the majority (but not all) of the unallocated 500 kbps since the bandwidth rule is greedy. Web traffic will be guaranteed its 200 kbps, but will only get a small portion of the unallocated bandwidth.
Understanding the many options in the advanced bandwidth rules can be tricky. Please take a look at some of the examples in the next section for helpful hints.
An easy to remember name to remind you of the purpose of the bandwidth rule.
The IP address parameter can contain:
If this field is left blank, then the bandwidth rule will be used by all IP addresses will.
When specifying an IP address range with a starting and ending IP (for example, 192.168.1.100 to 192.168.1.200), each of the individual IP addresses will be assigned the configured rule. For example, the following bandwidth rule would clamp downloads from every workstation on 192.168.1.254 to a maximum of 100 kbps:
An alternative bandwidth range can be specified using [Network Notation|network/netmask]]. In this case, the range of IP addresses are treated as a single bandwidth rule. For example, the following bandwidth rule would clamp downloads for 192.168.1.x to a maximum of 500 kbps:
If only one person on the 192.168.1.0/24 network was downloading, the would get the 500 kbps. If two people were downloading, they would share the 500 kbps.
The direction of the network packet flow that you desire.
You can specify a matching address for an advanced rule. For example, if you want to limit traffic going to the LAN IP address of 192.168.1.100, you would specify this rule as a Destination type with IP 192.168.1.100.
If the IP is left empty, then all IPs will be affected.
You can specify a matching port for an advanced rule. For example, if you would like to limit all download web traffic to your LAN, you would specify this rule as a Source type with port 80.
If the port is left empty, then all ports will be affected.
The upload/download speed to reserve (guarantee) for the service.
The maximum upload/download speed allowed for the service. If you would like the rule to use all available bandwidth, leave this field blank. If you set rate and ceiling to the same value, then you will be clamping bandwidth uploads at the ceiling rate.
The greed level tells the bandwidth manager how to handle any extra available bandwidth on your network. Consider the following example:
If both mail and web traffic require 900 kbps each, mail traffic will get its full 300 kbps allotment, plus the majority (but not all) of the unallocated 500 kbps since the bandwidth rule is greedy. Web traffic will be guaranteed its 200 kbps, but will only get a small portion of the unallocated bandwidth.
Having a web proxy configured either on a ClearOS gateway or some other local proxy server complicates matters. As soon as a web request is made via the proxy, the source IP address for the request is lost. In other words, configuring bandwidth rules using an IP address on your local network will not have an effect for any traffic going through the proxy. See the examples for ways to limit bandwidth to your proxy server.
Unless otherwise specified, fields should be left blank or with defaults.
If you have the web proxy enabled for your network, you can limit how much bandwidth can be used for web downloads. A Basic Rule is used for limiting the speed of web downloads:
If you run your proxy in non-transparent or WPAD mode, you can also limit secure web traffic (HTTPS). Add a similar rule, but with HTTPS instead of HTTP:
If you run your proxy in transparent mode, HTTPS traffic does not pass through the proxy. In this case, you want to limit HTTPS flows to your network:
Do you have a user on your network that hogs the network with downloads and video streams via a web browser? You can clamp this user to a slower speed using the following example:
If you need to limit all traffic going to 192.168.1.100, remove the Match Port rule (leave it blank).
This type of rule is useful for limiting peer-to-peer uploads for a specific user on your network.
Software updates (for example antivirus signature updates) on desktop systems can choke a network, especially when all the systems perform the update at the same time. The following example shows how to limit downloads from 1.2.3.4 to 250 kbps (even if your Internet connection is idle).
If you have a SIP provider for your VoIP system, you will want to reserve bandwidth for this traffic. You will need to provide two bandwidth rules – one for traffic from your provider, and one for traffic to your provider.
If you have a segmented LAN network, you may want to limit bandwidth on a low priority LAN (for example, a guest wireless network). Here is an example for a limiting LAN 192.168.10.0/24 to 1000 kbps. To limit downloads from end users on the LAN:
To limit uploads from end users on the LAN:
Depending on where you are and who you are talking too, there are different measurement units used for bandwidth. Here are some tips to help with converting from one unit to another – capitalization is important:
Conversion tips:
Examples: