Hello,
I plan to use Wingate 6. Please let me know If I can implement the bandwidth control policy like described below.
We have 256kbit/s SDSL Internet connection and use it for different services. As far, as I learned from manual, the bandwidth control feature controls bandwidth on INTERNAL interface, so it can limit the traffic speed to and/or from the local users. My task is different: I need to ensure that all Wingate's services on EXTERNAL interface of the Wingate server machine (including web-proxy, email, NAT) are using no more then 128 kbit/s of the bandwidth in either way: incoming and outgoing.
It would be nice if I can control this type of traffic more flexible: exclude local computers or services from being affected by this limitation. For example: In general all local users will use web-proxy to browse the Internet and Wingate's mail server to send and receive emails. But several users will use an application which uses NAT, and I would like this application to be excluded from limitation.
Thanks in advance,
Anton
BANDWIDTH Control ++
Moderator: Qbik Staff
14 posts
• Page 1 of 1
by genie » Jan 24 06 10:28 am
Yes, you can create a filter, that works on the given set of IP/port combination - and if the IP address is set for the local external IP address, then all Wingate services will be limited by the restriction applied.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by Ant0n » Jan 24 06 10:14 pm
Thank you for the information.
So if I'll create a filter that will work on the external IP of Wingate's server machine, will it affect all traffic on the external interface or only Wingate's traffic?
As far, as I understand, the bandwidth control feature works on the "driver" level, and if I'll have any other programs or services that will use Internet (through external IP, of course), will this feature affect them also?
Thanks,
Anton
So if I'll create a filter that will work on the external IP of Wingate's server machine, will it affect all traffic on the external interface or only Wingate's traffic?
As far, as I understand, the bandwidth control feature works on the "driver" level, and if I'll have any other programs or services that will use Internet (through external IP, of course), will this feature affect them also?
Thanks,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
by Ant0n » Jan 25 06 4:14 am
Hello,
expiring troubles with bandwidth limiting:
1) under Extended Networking -> Bandwidth control created Restriction "128kbps" (Priority Level 1, Kilobits of traffic = 128 kbits);
2) under Rules created a Rule (Protocol=All, +Control Max TCP Window, +Apply to Inducted Traffic, +Apply to Traffic to/from the Local Machine, Apply Restriction: "128kbps", Source/Destination: +Rule is bi-directional, Source of traffic: External IP address+mask, +Any port, Destination for traffic: Any, Time frame: All the time)
3) Users still can download @ 256 kbit/s :(
Thanks,
Anton
expiring troubles with bandwidth limiting:
1) under Extended Networking -> Bandwidth control created Restriction "128kbps" (Priority Level 1, Kilobits of traffic = 128 kbits);
2) under Rules created a Rule (Protocol=All, +Control Max TCP Window, +Apply to Inducted Traffic, +Apply to Traffic to/from the Local Machine, Apply Restriction: "128kbps", Source/Destination: +Rule is bi-directional, Source of traffic: External IP address+mask, +Any port, Destination for traffic: Any, Time frame: All the time)
3) Users still can download @ 256 kbit/s :(
Thanks,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
by Ant0n » Jan 25 06 6:34 am
Hello,
I would like to extend the question, if possible.
My task is outlined in the first message: to limit the overall usage of the Internet channel.
Let's propose that the external network card of the Wingate's server machine has 10.1.1.3 address, mask is 255.255.255.0 and gateway is 10.1.1.1 (SDSL modem is 10.1.1.1 and it also performs NAT).
How exactly should I configure the bandwidth limiter feature to ensure that all Wingate's services on the external interface of the Wingate server machine (including web-proxy, mail server sending and collecting) are using no more then 128 kbit/s of the bandwidth in either way: incoming and outgoing?
Thanks in advance,
Anton
I would like to extend the question, if possible.
My task is outlined in the first message: to limit the overall usage of the Internet channel.
Let's propose that the external network card of the Wingate's server machine has 10.1.1.3 address, mask is 255.255.255.0 and gateway is 10.1.1.1 (SDSL modem is 10.1.1.1 and it also performs NAT).
How exactly should I configure the bandwidth limiter feature to ensure that all Wingate's services on the external interface of the Wingate server machine (including web-proxy, mail server sending and collecting) are using no more then 128 kbit/s of the bandwidth in either way: incoming and outgoing?
Thanks in advance,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
by Ant0n » Jan 25 06 10:17 pm
Hello,
here are the answers:
1) no other NAT/traffic shaping software installed - positive;
2) download speed - it can be noticed by viewing the Network-Ext. adapter-Performance graph in Wingate and, of course, @ the client's side.
Please advise the settings for my task, if possible.
Thanks in advance,
Anton
here are the answers:
1) no other NAT/traffic shaping software installed - positive;
2) download speed - it can be noticed by viewing the Network-Ext. adapter-Performance graph in Wingate and, of course, @ the client's side.
Please advise the settings for my task, if possible.
Thanks in advance,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
by genie » Jan 26 06 12:21 am
If this traffic is a download, then bandwidth shaping would not work fully - since Wingate has virtually no control over the sending side (apart from TCP window size control), it is fairly hard to throttle down incoming flow efficiently. The client, though, should see only reduced bandwidth.
Anyway, are there other rules added there? Can you export and send to me HKLM/Software/Qbik registry branch?
Anyway, are there other rules added there? Can you export and send to me HKLM/Software/Qbik registry branch?
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by Ant0n » Jan 26 06 12:25 am
Hello,
...
have just checked it again:
Bandwidth Control feature works on internal interface, for example I can limit the traffic flow from local interface of the Wingate's server machine to a desired LAN host,
-but-
Bandwidth Control feature does NOT work on external interface. If I set up the rule which contains the IP address of the external interface, such a rule does not affect bandwidth at all.
Any ideas?
Thanks,
Anton
...
have just checked it again:
Bandwidth Control feature works on internal interface, for example I can limit the traffic flow from local interface of the Wingate's server machine to a desired LAN host,
-but-
Bandwidth Control feature does NOT work on external interface. If I set up the rule which contains the IP address of the external interface, such a rule does not affect bandwidth at all.
Any ideas?
Thanks,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
by adrien » Jan 26 06 10:10 am
Hi Anton
what you are seeing is that packets being sent by the WinGate machine are being restricted successfully, but packets being received by the WinGate machine are not being restricted that well.
This is because WinGate has no control over how quickly the server on the internet decides to send data to it.
This is a classic issue with all bandwidth control, and there have been many discussions on it - the general consensus is that it is not particularly effective trying to choke incoming traffic. TCP algorithms allow you to try and coax the sending end to slow down sending, but in the end you still require the cooperation of the sender for this to work. For UDP and other protocols that do not do acknowledgement and flow control, there's nothing you can do, the sender will send at whatever speed they desire.
Once the packet has come down the pipe to WinGate, it has already consumed your most limited resource, being your internet bandwidth. To drop those packets doesn't free up any bandwidth on your link.
Adrien
what you are seeing is that packets being sent by the WinGate machine are being restricted successfully, but packets being received by the WinGate machine are not being restricted that well.
This is because WinGate has no control over how quickly the server on the internet decides to send data to it.
This is a classic issue with all bandwidth control, and there have been many discussions on it - the general consensus is that it is not particularly effective trying to choke incoming traffic. TCP algorithms allow you to try and coax the sending end to slow down sending, but in the end you still require the cooperation of the sender for this to work. For UDP and other protocols that do not do acknowledgement and flow control, there's nothing you can do, the sender will send at whatever speed they desire.
Once the packet has come down the pipe to WinGate, it has already consumed your most limited resource, being your internet bandwidth. To drop those packets doesn't free up any bandwidth on your link.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by Ant0n » Jan 26 06 10:48 pm
Dear adrien,
thank you very much for the information.
It seems that I understand you fully. Although I'm not an IP "guru", I do have understanding of the basic things. My case is the case of lasy Internet provider. What I need exactly is to receive one type of traffic faster than the other from the Internet over my slow 256kbit/s channel. Priority traffic is VoIP traffic and RDP traffic. Instead of naming types of traffic, which may be difficult to prioritize on the particular DSLAM hardware, I can name exact priority IP addresses. But my provider keeps on telling me that it is not possible to establish prioriries at all.
So I am forced to keep a part of my small bandwidth free to ensure there's always a place for priority traffic.
Ok. Let's go back to our limiting feature. I don't know if I am allowed to name the other products here, but now I'm using the limiter which controls up- channel AND down-channel. Of course down-channel is controlled not precisely, there are a lot of peaks on the graph, but if I establish a long-lived connection (f.e. email downloading), it limits the bandwidth quite well. So probably you should think about implementing this feature in the next version of Wingate.
Thanks,
Anton
thank you very much for the information.
It seems that I understand you fully. Although I'm not an IP "guru", I do have understanding of the basic things. My case is the case of lasy Internet provider. What I need exactly is to receive one type of traffic faster than the other from the Internet over my slow 256kbit/s channel. Priority traffic is VoIP traffic and RDP traffic. Instead of naming types of traffic, which may be difficult to prioritize on the particular DSLAM hardware, I can name exact priority IP addresses. But my provider keeps on telling me that it is not possible to establish prioriries at all.
So I am forced to keep a part of my small bandwidth free to ensure there's always a place for priority traffic.
Ok. Let's go back to our limiting feature. I don't know if I am allowed to name the other products here, but now I'm using the limiter which controls up- channel AND down-channel. Of course down-channel is controlled not precisely, there are a lot of peaks on the graph, but if I establish a long-lived connection (f.e. email downloading), it limits the bandwidth quite well. So probably you should think about implementing this feature in the next version of Wingate.
Thanks,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
by Ant0n » Jan 27 06 1:40 am
Dear genie,
please excuse me, but I'm unable to proceed with experimenting any more. I've implemented a working software infrastructure which fulfills all my requirenments, and it seems to be stable (for 24 hours by now :)
I can assure you there was no effect of the external throttling. There was a rule for internal throttling - it worked, then I changed IP address in this rule for external - no effect.
Thanks and best regards,
Anton
please excuse me, but I'm unable to proceed with experimenting any more. I've implemented a working software infrastructure which fulfills all my requirenments, and it seems to be stable (for 24 hours by now :)
I can assure you there was no effect of the external throttling. There was a rule for internal throttling - it worked, then I changed IP address in this rule for external - no effect.
Thanks and best regards,
Anton
- Ant0n
- Posts: 10
- Joined: Jan 24 06 1:59 am
14 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest