Topic
23 replies Latest Post - ‏2011-02-11T01:42:03Z by BenKus
ErnieF91
ErnieF91
18 Posts
ACCEPTED ANSWER

Pinned topic Bandwidth Throttling for Remote Users

‏2006-08-30T21:35:57Z |
There are tasks to set bandwidth throttling for relay servers, but not clients. I can set the client to use a "throttled" relay server, but then they are always throttled. How does one enable bandwidth throttling for remote users without restricting their bandwidth once they are in the office?

Also, what is a recommended throttle setting for 56K Dial-up users?

Thanks,
Ernie
Updated on 2011-02-11T01:42:03Z at 2011-02-11T01:42:03Z by BenKus
  • Dan_Stein91
    Dan_Stein91
    2 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-08-31T00:52:42Z  in response to ErnieF91
    Hi Ernie,

    The best way to do this is to use a dynamic setting for bandwidth throttling.

    FIrst of all, the setting that controls bandwidth throttling for a client is called _BESClient_Download_Limitbytespersecond.

    If you want this setting to automatically change based on the connection type, you'll have to use a dynamic setting. To do this, right-click on a computer and click on 'Edit Computer Settings'. Then hit the 'More options' button in the lower left hand corner. In the window that comes up you'll see a place to input custom settings. For the name here you can put _BesClient_Download_Limitbytespersecond. In the 'value' field, you would normally put the value of the setting you wanted, such as 2000 (to throttle at 2000 bytes per second), but since we're doing a dynamic setting that won't cut it. Instead, in the 'value' field you can put a relevance statement surrounded by curly braces {}. WHen you do this, the value of the setting will be controlled by the evaluation of the relevance clause. THis is called a dynamic setting. Tricky!

    So for your purposes, the relevance would look something like this:

    { if (...some relevance to determine dial-up...) then "2000" else "0"}

    This is a common trick used by many customers, and I'd say most people use 1000-2000 bytes as their throttling for dial-up. (56 kbits = 7000 bytes, so 2000 lets bigfix use about 2/7 of the bandwidth. A throttling setting of 0 turns throttling off.)

    Now, the tricky part is figuring out how to determine whether they are connecting remotely. BigFix can't directly inspect connection speed, but there is usually an easy way to figure it out. Here are three common methods:

    1. Detect VPN - If your employees are using VPN to connect to the office, you can usually detect if the VPN is active. For instance, Cisco VPN has a registry value called 'TunnelEnabled' that gets set to 1 when the VPN is active, and you can throttle based on that.
    2. IP Address - If the computers have an IP address that's not possible on the corporate network, then they are remote.
    3. PPP connection. THe following relevance will determine whether the user is using a point-to-point connection, which indicates dial-up: exists ip interface whose (point to point of it = true) of network

    I know the first two methods won't differentiate dial-up from say, a high-speed connection in a hotel, but usually people want to throttle all types of remote access.

    Once you have the relevance set, all that's left to do is target the setting to the right groups of computers (maybe all laptops?), and you're good to go.

    I hope this helps! I'll make sure to check back on the forum to see if you have any more questions.

    Dan
  • Dan_Stein91
    Dan_Stein91
    2 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-08-31T00:55:04Z  in response to ErnieF91
    Also Ernie, task number 167 in the BES Support site, entitled BES Client Setting: Download Throttling, will do download throttling for clients. However, it won't do them dynamically!
  • ErnieF91
    ErnieF91
    18 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-08-31T21:55:48Z  in response to ErnieF91
    Thanks for the information. I'll try the following tonight when I'm connected remotely:

    Q: subnet address of ip interface whose (loopback of it = false) of network = "XXX.XX.XX.0"
    A: True
    Q: Exists ip interface whose (point to point of it = true) of network
    A: False
    Q: address of ip interface whose (loopback of it = false) of network as string starts with "XXX.XX.XX."
    A: True
    This should relevant with the gateway and ip address of my VPN. I won't be able to distinquish between hi-speed or dail-up, but it is a start.
  • jessewk
    jessewk
    233 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-09-01T02:18:23Z  in response to ErnieF91
    Here's some example bandwidth throttling policies I've used before. Sometimes I've combined them in various ways. For example, I've used the policy to throttle relays in conjunction with a hop count policy that varies the hop count / throttle rate based on a location property. One thing to note is that these all have an override option built in so that you can override the policy with a client setting if necessary. This way you don't have to continually update the policy when you need to make a specific exception.

    Throttle to 1000 bytes/sec when the hop count to the selected relay is > 2
    
    
    {
    
    if (((exists setting 
    "BandwidthOverride" of client) and (exists value of setting 
    "BandwidthOverride" of client) and (value of setting 
    "BandwidthOverride" of client = 
    "1")) OR (exists relay service) OR (exists main gather service)) then 
    "0" 
    
    else 
    
    if (exists selected server and upper bound of distance of selected server > 2) then 
    "1000" 
    
    else 
    "0"
    }
    

    Throttle dialup connections to 14400 bytes/sec, throttle clients > 2 hops from their relay to 1000 bytes/sec if the 'Location By IP Range' property is not 'HQ', and throttle 'HQ' clients to 1000 bytes/sec if the hop count to the relay is > 4
    
    
    {
    
    if (((exists setting 
    "BandwidthOverride" of client) and (exists value of setting 
    "BandwidthOverride" of client) and (value of setting 
    "BandwidthOverride" of client = 
    "1")) OR (exists relay service) OR (exists main gather service)) then 
    "0" 
    
    else 
    
    if (exists ip 
    
    interface whose (point to point of it whose (loopback of it = 
    
    false)) of network) then (
    "14400") 
    
    else 
    
    if ((exists selected server and upper bound of distance of selected server > 2 and (not exists setting 
    "Location By IP Range" of client OR not exists value of setting 
    "Location By IP Range" of client OR (value of setting 
    "Location By IP Range" of client) as string != 
    "HQ")) OR (exists selected server and upper bound of distance of selected server > 4 and (exists setting 
    "Location By IP Range" of client AND exists value of setting 
    "Location By IP Range" of client AND (value of setting 
    "Location By IP Range" of client) as string = 
    "HQ"))) then (
    "1000") 
    
    else (
    "0")
    }
    

    Throttle relays to 2560 bytes/sec during business hours (M-F 7am-6pm; Sat 7am-2pm) (BES 6.0+)
    
    
    {
    
    if (((exists setting 
    "BandwidthOverride" of client) and (exists value of setting 
    "BandwidthOverride" of client) and (value of setting 
    "BandwidthOverride" of client = 
    "1"))) then 
    "0" 
    
    else 
    
    if exists relay service then (
    
    if ((disjunction of (it = Monday; it = Tuesday; it = Wednesday; it = Thursday; it = Friday) of current day_of_week AND (hour_of_day of time (local time zone) of now) >= 7 AND (hour_of_day of time (local time zone) of now) < 18) OR (current day_of_week = Saturday AND (hour_of_day of time (local time zone) of now) >= 7 AND (hour_of_day of time (local time zone) of now) < 14)) then 
    "2560" 
    
    else 
    "0") 
    
    else 
    "0"
    }
    

    Instructions:
    1) Select any 2 computers on the computers tab.
    2) Right-click --> Edit computer settings...
    3) Check the 'Custom Setting' box.
    4) For 'Name', input: _BESClient_Download_LimitBytesPerSecond
    5) For 'Value', input the throttling relevance, including the curly braces {}.
    6) On the 'Target' tab, select the second radio button and target as desired (ususally all computers).
    7) On the 'Message' tab, make sure all boxes are unchecked
    8) On the constraints tab, uncheck all boxes and select 'Run independently of user presence'
    9) Double check everything, click OK, and enter your password.

    Other Notes:

    Please test these policies carefully. In step 6, instead of targeting all computers, chose only a couple machines and make sure these settings respond as expected.

    There are override settings specified for each of these polices. If you need to override the policy, don't do it by editing the policies above. Instead, just create a new setting on the client and call it 'BandwidthOverride' and set the value to '1'.

    These types of policies work well for locking computers too. Just replace _BESClient_Download_LimitBytesPerSecond with __LockState and change BandwidthOverride to LockOveride.
  • ErnieF91
    ErnieF91
    18 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-09-01T05:30:18Z  in response to ErnieF91
    Thanks for the options. I checked the distance to to the Relay server and it was still only 1. I think this is due to the relay server and the VPN device both at the Data Center.

    I set the _BESClient_Download_LimitBytesPerSecond to {if (Exists ip interface whose (point to point of it = true) of network) then "2000" else "0"} and the value in the registry did indeed change to 2000.

    The business hours one is intriguing. Would this 7am-6pm thing still work for clients in other time zones?
  • jessewk
    jessewk
    233 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-09-01T06:36:31Z  in response to ErnieF91
    Yes, all relevance is evaluated using client local time unless server time is specifically requested. So that would be 7am-6pm for whatever timezone the relay is in.
  • ErnieF91
    ErnieF91
    18 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-09-01T18:50:56Z  in response to ErnieF91
    Is there a way to determine Hi-Speed VPN vs 56K Dial-up?

    Group Policy uses the following algorithm:
    algorithm (where ms = milliseconds):

    1.Ping the server with 0 bytes of data and time the number of milliseconds. This value is time#1. If it is less than 10 ms, exit (assume a fast link).
    2.Ping the server with 2 KB of uncompressible data, and time the number of milliseconds. This value is time#2. The algorithm uses a compressed .jpg file for this.
    3.DELTA=time#2-time#1. This removes the overhead of session setup, with the result being equal to the time to move 2 KB of data.
    4.Calculate Delta three times, adding to TOTAL each DELTA value.
    5.TOTAL/3 = Average of DELTA, in milliseconds.
    6.2 * (2 KB) * (1000 millisec/sec) / DELTA Average millisec = X
    7.X = (4000 KB/sec) / DELTA Average
    8.Z Kilobits per second (Kbps) = (4000 KB/sec) / DELTA Average) *(8 bits/byte)
    9.Z Kbps = 32000 kbps/Delta Avg.

    Two KB of data have moved in each direction (this is represented by the leading factor two on the left side in step six above) through each modem, Ethernet card, or other device in the loop once.

    The resulting Z value is evaluated against the policy setting. A default of less than 500 Kbps is considered a slow link; otherwise it is a fast link. This value may be set through Group Policy in the Administrative Templates node.
  • jessewk
    jessewk
    233 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2006-09-02T00:46:35Z  in response to ErnieF91
    Ernie,

    Detecting bandwidth is actually very difficult to do (bandwidth is "bursty" and most efficient measurements use up all the bandwidth for the test). I would expect the group policy technique above to frequently fail to find the correct value. Currently there isn't really any good solution by any vendor.
  • jessewk
    jessewk
    233 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2007-08-02T20:17:41Z  in response to ErnieF91
    In BES 7.0, BES Agents and can now throttle network communication automatically and in real-time based on the current bandwidth available. This allows BES Agents in network constrained environments (such as modem or VPN users) to use more bandwidth if the network is idle or less bandwidth if there is other network activity. Dynamic bandwidth detection works without flooding the pipe with traffic, instead using novel techniques developed by BigFix.
  • pmullins91
    pmullins91
    8 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2009-07-09T18:31:59Z  in response to ErnieF91
    jessewk
    In BES 7.0, BES Agents and can now throttle network communication automatically and in real-time based on the current bandwidth available. This allows BES Agents in network constrained environments (such as modem or VPN users) to use more bandwidth if the network is idle or less bandwidth if there is other network activity. Dynamic bandwidth detection works without flooding the pipe with traffic, instead using novel techniques developed by BigFix.
    Sorry to bring up this dead thread...

    Could someone clarify whether the above indicates that beginning with v7 there is no need to set any throttling settings, as the clients do this automagically?

    Thanks.
  • BenKus
    BenKus
    1800 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2009-07-10T07:26:42Z  in response to ErnieF91
    Hey pmullins,

    Not quite.... You can/should enable static throttling whenever necessary in your LAN if you have any bandwidth restrictions that might cause you problems. And for remote computers that are connecting over the WAN, you can consider enabling Dynamic Bandwidth Throttling, which will try to keep the network traffic from interfering with other traffic on the wire (but you still will want to enable this using a Task on the BigFix support site).

    Ben
  • pmullins91
    pmullins91
    8 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2009-07-10T14:04:50Z  in response to ErnieF91
    Ah well, it was worth a shot. ;)

    Thanks for the clarification Ben.
  • anjums91
    anjums91
    1 Post
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2009-08-25T08:33:02Z  in response to ErnieF91
    HI i have enabled the static throttling for patch updation. But some how its not working , always the bigfix is taking 32kbps even if i set it to 4/8/16 kbps. I using the following settings To throttle bandwidth used by a client:
    "_BESClient_Download_LimitBytesPerSecond"

    To throttle bandwidth by a Relay from the Server (per connection)
    "_BESGather_Download_LimitBytesPerSecond"

    To throttle the cumulative file downloads at any given time on a Relay/Server:
    "_BESRelay_HTTPServer_ThrottleKBPS"

    It appears that you are only using "_BESGather_Download_LimitBytesPerSecond".
  • Paul_Kerpa
    Paul_Kerpa
    2 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2009-08-26T00:33:46Z  in response to ErnieF91
    Anjums,

    The setting prior to 7.2.1.357 was limited with a floor of 4096 bytes this translates to 32.768kbps, after the upgrade to 7.2.1.357 we changed this setting to a floor of 1024 bytes 8.192kbps.

    You can find the full change list at the following URL.

    http://support.bigfix.com/bes/changes/fullchangelist-72.txt

    "Fixed issue where relay static throttling has a minimum rate of 4096 bytes/sec (new value is 1024 bytes/sec) (bug 18840)"
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-08T19:16:01Z  in response to ErnieF91
    I am working with utilizing this setting. 1 question.

    A user goes from copper to wireless. This dynamic change happens right away, or when the devices reports back to BigFix?
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-08T19:45:57Z  in response to ErnieF91
    Also, I am noticing that the value for this property is showing '0', both on copper and on wireless. I am trying to verify that this setting is actually working.
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-09T21:25:46Z  in response to ErnieF91
    I am struggling with this yet. I have the below statement to put into the dynamic setting, yet it does not seem to be taking set.

    if (((exists ((addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= "10.17.0.0" as version and it <= "10.17.255.254" as version) OR exists((addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= "10.60.0.0" as version and it <= "10.60.255.254" as version)OR exists((addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= "10.242.116.0" as version and it <= "10.242.116.254" as version) then "2000" else "0")))
  • BenKus
    BenKus
    1800 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-10T04:36:47Z  in response to ErnieF91
    Did you use {} when you put it in? (http://support.bigfix.com/cgi-bin/kbdirect.pl?id=281)

    Ben
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-10T13:05:47Z  in response to ErnieF91
    Yes I did. Sorry, I should have put that in here as well.
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-10T13:59:12Z  in response to ErnieF91
    I did add the relevance and it did register that change on the client. However, when I placed the device in the opposite state, it did not change the download limit to what I have called out in the relevance. (perhaps because the IP address is being returned as 'multiple results'? Perhaps a conflict?)

    Also, when the change was made, it removes my relevance lanquage, and entered a 0 (which is what the setting should have been at that IP state).

    So, I am curious as to how dynamic is this value.

    I'm sorry if this is confusing.
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-10T14:17:41Z  in response to ErnieF91
    I was reading about the relevance statement (addresses of adapters whose (cidr string of it = wake on lan subnet cidr string) of network) which might help me, but unsure how to implement this into my dynamic property, how to write the langeage.
  • SystemAdmin
    SystemAdmin
    2038 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-10T14:23:09Z  in response to ErnieF91
    Ok, I think i have this, but looking for input. I run this in the API tester, and it seems to take a lot fof time to evaluate, which concerns me in the real work applications.

    if exists ((addresses of adapters whose (cidr string of it = wake on lan subnet cidr string) of network) as string as version) whose (it >= "10.71.0.0" as version and it <= "10.71.255.254" as version) OR exists((addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= "10.60.0.0" as version and it <= "10.60.255.254" as version)OR exists((addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= "10.242.116.0" as version and it <= "10.242.116.254" as version) then "2000" else "0"
  • BenKus
    BenKus
    1800 Posts
    ACCEPTED ANSWER

    Re: Bandwidth Throttling for Remote Users

    ‏2011-02-11T01:42:03Z  in response to ErnieF91
    The Client Tester API will always be slowish because the agent only will periodically respond to it... I think this will be a pretty fast expression so I don't think you need to worry too much about the speed of it from a CPU or resourcing perspective...

    In the case of the dynamic setting, the agent will not switch over instantaneously... Depending on the circumstance, it might be a bit of time (measured in seconds and minutes) for the agent to double-check this setting. Setting actions run with higher priority than other actions so it should be pretty fast (but you do need to wait at least a little while... I would say 3 minutes if I had to guess on average, but you will need to try it out in your deployment to know for sure...)

    Ben