About Bandwidth Shaping
Note: This topic applies to the Glamis Release.
Bandwidth shaping is a licenced feature of your Smoothwall. Bandwidth allows you to shape the traffic throughput of specified external or bridged interfaces. It provides you with the ability to create multi-tiered, application-aware, bandwidth shaping policies.
Bandwidth provides the following features:
| | The ability to create classes of service that guarantee bandwidth allocation to a specific IP address, or groups of IP addresses |
| | The ability to create classes of service that restrict available bandwidth for a specific IP address, or groups or IP addresses |
| | The ability to create classes of service that offer a “best efforts” bandwidth allocation |
| | The ability to guarantee a minimum bandwidth allocation available for specific applications |
| | The ability to restrict specific applications to a maximum bandwidth allocation |
| | The ability to equally reduce the quality of service within a class of service group |
Note: Traffic to and from the Smoothwall’s administration user interface,
However, the following limitations apply:
| | Only traffic using external, or bridged ports can be shaped. |
| | Bandwidth does not block applications from accessing the internet. For a detailed description of how to block applications, see Managing Block Pages . |
| | Traffic that is redirected through Guardian is not classified as originating from the client, but from your Smoothwall instead. |
Note: Traffic shaping configured in the Guardian add-on module may overlap with configuration in Bandwidth. In such cases, both configuration rules are applied, however, the smallest limit always overrides the latter. For example, if Guardian has a policy to limit “news” traffic to two megabits per second, but Bandwidth limits all HTTP traffic to only one megabit per second, only the Bandwidth limit is applied.
About Application Classification
It should be noted that not all applications are classified perfectly. This particularly applies to protocols which are designed to avoid detection, such as BitTorrent, or some peer-to-peer protocols. In some cases, such traffic may be classified as Unknown.
Typically, such protocols use more bandwidth. To guarantee that the protocols are restricted, you can create a policy which restricts the amount of available bandwidth for unknown traffic, and add exceptions for allowed protocols. However, it should be noted that the majority of connections are initially classified as Unknown until several packets are sent. A policy which blocks those protocols, rather than restricts them, may be more practical.
Note: Encrypted, secure packets may be classified as SSL traffic where another application group does not exist. However, it should be noted that there are some protocols that were not originally encrypted, but may have been upgraded using SSL, so may be classified as such now. Also, there are some protocols which use SSL as part of their protocol specification, in which case, these may classified correctly.
For a detailed description of those classifications available in the Bandwidth module, see Standard Smoothwall Application Groups and Deep Packet Inspection Application Groups.