This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

what is the best approach on limiting internal users/application bandwidth? Bandwidth pools or Download throttling.

What I know and tested:

-bandwidth pool and throttling in QoS can both do the job

-bandwidth pool uses traffic shaping while throttling is similar to policing

-bandwidth pools does not drop packets but instead re queues the packets instead

-throttling drops excess packets thus resulting for TCP to resend those dropped packets

-i have 2 ISPs connected with 9mb/1mb and 7mb/1mb download/upload speeds. 

 

My question would be:

what would be the best approach in limiting users bandwidth on the LAN side. for now i have inbound traffic (internet->LAN) controlled by throttling. and my outbound traffic (LAN->Internet) is controlled by bandwidth pools. 

is there any "improvement" or "degradation" on the user experience if I control/limit inbound traffic (Internet->LAN) for the users in the bandwidth pools? since the bandwidth pool uses traffic shaping that smoothens the traffic flow instead of dropping excess packets. attached are some screen shots

 

NEtwork topology                                    ISP 1 QoS settings                                      ISP 2 QoS settings

             

 

Since we have 2 ISPs configured with uplink balancing, I have to configure similar throttling rules on both our ISP interfaces on the UTM. 

DL throttling on ISP 1 interface

DL Throttling on ISP 2 Interface

 

And now, I tried to replicate bandwidth limiting function to our internal LAN users through the "bandwidth pool" tab. while doing this, I turned off all bandwidth limiting rules on the "download throttling" tab to make sure that it is the "bandwidth pool" tab that's doing the limiting. and I've only just made a single rule on the LAN interface of the UTM. 

so far, the download speed limit was working through the "bandwidth pool" rule i've set. screenshot attached below. 

 

to wrap it all up, what would be the best approach if your going to limit download speed on your internal users. is it through the "bandwidth pool" tab that uses traffic shaping? or through the "download throttling" tab that is similar to policing which drops excess packets? 

any inputs are very much welcome. i know my post is quite confusing but i just want to know which way would give our users a better experience in terms of web page loading and response while implementing download limits on their speed. 

 

Thanks!

Jarold



This thread was automatically locked due to age.
Parents
  • Hi, Jarold, and welcome to the UTM Community!

    I would be interested in how you determined the items you listed at the top that you know.  I believe that the same mechanism is used - the excess packets are dropped.

    The advantage of a Bandwidth pool on the External interface as opposed to a Download Throttling rule on the Internal interface is that you can guarantee bandwidth to some traffic without limiting other traffic when it's not necessary to throttle it.

    There are instances where even a Download Throttling rule on the External interface won't guarantee remaining bandwidth because the pipe is filled even though "extra" packets are dropped.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Jarold, and welcome to the UTM Community!

    I would be interested in how you determined the items you listed at the top that you know.  I believe that the same mechanism is used - the excess packets are dropped.

    The advantage of a Bandwidth pool on the External interface as opposed to a Download Throttling rule on the Internal interface is that you can guarantee bandwidth to some traffic without limiting other traffic when it's not necessary to throttle it.

    There are instances where even a Download Throttling rule on the External interface won't guarantee remaining bandwidth because the pipe is filled even though "extra" packets are dropped.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    Thanks for the response.

    I've read about shaping and policing on this link

    "The advantage of a Bandwidth pool on the External interface as opposed to a Download Throttling rule on the Internal interface is that you can guarantee bandwidth to some traffic without limiting other traffic when it's not necessary to throttle it.

    There are instances where even a Download Throttling rule on the External interface won't guarantee remaining bandwidth because the pipe is filled even though "extra" packets are dropped."

    By these statement I believe you are suggesting that the main difference between the two is that Bandwidth Pool have the "guaranteed" speed function and you can also cap it to a certain speed. while Throttling simply caps it without providing the "guaranteed" function.? did I get you right? 

     

    Thanks,

    Jarold

  • That's it, Jarold!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA