(imported topic written by ErnieF91)
There are tasks to set bandwidth throttling for relay servers, but not clients. I can set the client to use a “throttled” relay server, but then they are always throttled. How does one enable bandwidth throttling for remote users without restricting their bandwidth once they are in the office?
Also, what is a recommended throttle setting for 56K Dial-up users?
Thanks,
Ernie
(imported comment written by Dan_Stein91)
Hi Ernie,
The best way to do this is to use a dynamic setting for bandwidth throttling.
FIrst of all, the setting that controls bandwidth throttling for a client is called _BESClient_Download_Limitbytespersecond.
If you want this setting to automatically change based on the connection type, you’ll have to use a dynamic setting. To do this, right-click on a computer and click on ‘Edit Computer Settings’. Then hit the ‘More options’ button in the lower left hand corner. In the window that comes up you’ll see a place to input custom settings. For the name here you can put _BesClient_Download_Limitbytespersecond. In the ‘value’ field, you would normally put the value of the setting you wanted, such as 2000 (to throttle at 2000 bytes per second), but since we’re doing a dynamic setting that won’t cut it. Instead, in the ‘value’ field you can put a relevance statement surrounded by curly braces {}. WHen you do this, the value of the setting will be controlled by the evaluation of the relevance clause. THis is called a dynamic setting. Tricky!
So for your purposes, the relevance would look something like this:
{ if (…some relevance to determine dial-up…) then “2000” else “0”}
This is a common trick used by many customers, and I’d say most people use 1000-2000 bytes as their throttling for dial-up. (56 kbits = 7000 bytes, so 2000 lets bigfix use about 2/7 of the bandwidth. A throttling setting of 0 turns throttling off.)
Now, the tricky part is figuring out how to determine whether they are connecting remotely. BigFix can’t directly inspect connection speed, but there is usually an easy way to figure it out. Here are three common methods:
Detect VPN - If your employees are using VPN to connect to the office, you can usually detect if the VPN is active. For instance, Cisco VPN has a registry value called ‘TunnelEnabled’ that gets set to 1 when the VPN is active, and you can throttle based on that.
IP Address - If the computers have an IP address that’s not possible on the corporate network, then they are remote.
PPP connection. THe following relevance will determine whether the user is using a point-to-point connection, which indicates dial-up: exists ip interface whose (point to point of it = true) of network
I know the first two methods won’t differentiate dial-up from say, a high-speed connection in a hotel, but usually people want to throttle all types of remote access.
Once you have the relevance set, all that’s left to do is target the setting to the right groups of computers (maybe all laptops?), and you’re good to go.
I hope this helps! I’ll make sure to check back on the forum to see if you have any more questions.
Dan
(imported comment written by Dan_Stein91)
Also Ernie, task number 167 in the BES Support site, entitled BES Client Setting: Download Throttling, will do download throttling for clients. However, it won’t do them dynamically!
(imported comment written by ErnieF91)
Thanks for the information. I’ll try the following tonight when I’m connected remotely:
Q: subnet address of ip interface whose (loopback of it = false) of network = “XXX.XX.XX.0”
A: True
Q: Exists ip interface whose (point to point of it = true) of network
A: False
Q: address of ip interface whose (loopback of it = false) of network as string starts with “XXX.XX.XX.”
A: True
This should relevant with the gateway and ip address of my VPN. I won’t be able to distinquish between hi-speed or dail-up, but it is a start.
(imported comment written by jessewk)
Here’s some example bandwidth throttling policies I’ve used before. Sometimes I’ve combined them in various ways. For example, I’ve used the policy to throttle relays in conjunction with a hop count policy that varies the hop count / throttle rate based on a location property. One thing to note is that these all have an override option built in so that you can override the policy with a client setting if necessary. This way you don’t have to continually update the policy when you need to make a specific exception.
Throttle to 1000 bytes/sec when the hop count to the selected relay is > 2
{
if (((exists setting
"BandwidthOverride" of client) and (exists value of setting
"BandwidthOverride" of client) and (value of setting
"BandwidthOverride" of client =
"1")) OR (exists relay service) OR (exists main gather service)) then
"0"
else
if (exists selected server and upper bound of distance of selected server > 2) then
"1000"
else
"0"
}
Throttle dialup connections to 14400 bytes/sec, throttle clients > 2 hops from their relay to 1000 bytes/sec if the ‘Location By IP Range’ property is not ‘HQ’, and throttle ‘HQ’ clients to 1000 bytes/sec if the hop count to the relay is > 4
{
if (((exists setting
"BandwidthOverride" of client) and (exists value of setting
"BandwidthOverride" of client) and (value of setting
"BandwidthOverride" of client =
"1")) OR (exists relay service) OR (exists main gather service)) then
"0"
else
if (exists ip
interface whose (point to point of it whose (loopback of it =
false)) of network) then (
"14400")
else
if ((exists selected server and upper bound of distance of selected server > 2 and (not exists setting
"Location By IP Range" of client OR not exists value of setting
"Location By IP Range" of client OR (value of setting
"Location By IP Range" of client) as string !=
"HQ")) OR (exists selected server and upper bound of distance of selected server > 4 and (exists setting
"Location By IP Range" of client AND exists value of setting
"Location By IP Range" of client AND (value of setting
"Location By IP Range" of client) as string =
"HQ"))) then (
"1000")
else (
"0")
}
Throttle relays to 2560 bytes/sec during business hours (M-F 7am-6pm; Sat 7am-2pm) (BES 6.0+)
{
if (((exists setting
"BandwidthOverride" of client) and (exists value of setting
"BandwidthOverride" of client) and (value of setting
"BandwidthOverride" of client =
"1"))) then
"0"
else
if exists relay service then (
if ((disjunction of (it = Monday; it = Tuesday; it = Wednesday; it = Thursday; it = Friday) of current day_of_week AND (hour_of_day of time (local time zone) of now) >= 7 AND (hour_of_day of time (local time zone) of now) < 18) OR (current day_of_week = Saturday AND (hour_of_day of time (local time zone) of now) >= 7 AND (hour_of_day of time (local time zone) of now) < 14)) then
"2560"
else
"0")
else
"0"
}
Instructions:
Select any 2 computers on the computers tab.
Right-click --> Edit computer settings…
Check the ‘Custom Setting’ box.
For ‘Name’, input: _BESClient_Download_LimitBytesPerSecond
For ‘Value’, input the throttling relevance, including the curly braces {}.
On the ‘Target’ tab, select the second radio button and target as desired (ususally all computers).
On the ‘Message’ tab, make sure all boxes are unchecked
On the constraints tab, uncheck all boxes and select ‘Run independently of user presence’
Double check everything, click OK, and enter your password.
Other Notes:
Please test these policies carefully. In step 6, instead of targeting all computers, chose only a couple machines and make sure these settings respond as expected.
There are override settings specified for each of these polices. If you need to override the policy, don’t do it by editing the policies above. Instead, just create a new setting on the client and call it ‘BandwidthOverride’ and set the value to ‘1’.
These types of policies work well for locking computers too. Just replace _BESClient_Download_LimitBytesPerSecond with __LockState and change BandwidthOverride to LockOveride.
(imported comment written by ErnieF91)
Thanks for the options. I checked the distance to to the Relay server and it was still only 1. I think this is due to the relay server and the VPN device both at the Data Center.
I set the _BESClient_Download_LimitBytesPerSecond to {if (Exists ip interface whose (point to point of it = true) of network) then “2000” else “0”} and the value in the registry did indeed change to 2000.
The business hours one is intriguing. Would this 7am-6pm thing still work for clients in other time zones?
(imported comment written by jessewk)
Yes, all relevance is evaluated using client local time unless server time is specifically requested. So that would be 7am-6pm for whatever timezone the relay is in.
(imported comment written by ErnieF91)
Is there a way to determine Hi-Speed VPN vs 56K Dial-up?
Group Policy uses the following algorithm:
algorithm (where ms = milliseconds):
1.Ping the server with 0 bytes of data and time the number of milliseconds. This value is time#1. If it is less than 10 ms, exit (assume a fast link).
2.Ping the server with 2 KB of uncompressible data, and time the number of milliseconds. This value is time#2. The algorithm uses a compressed .jpg file for this.
3.DELTA=time#2-time#1. This removes the overhead of session setup, with the result being equal to the time to move 2 KB of data.
4.Calculate Delta three times, adding to TOTAL each DELTA value.
5.TOTAL/3 = Average of DELTA, in milliseconds.
6.2 * (2 KB) * (1000 millisec/sec) / DELTA Average millisec = X
7.X = (4000 KB/sec) / DELTA Average
8.Z Kilobits per second (Kbps) = (4000 KB/sec) / DELTA Average) *(8 bits/byte)
9.Z Kbps = 32000 kbps/Delta Avg.
Two KB of data have moved in each direction (this is represented by the leading factor two on the left side in step six above) through each modem, Ethernet card, or other device in the loop once.
The resulting Z value is evaluated against the policy setting. A default of less than 500 Kbps is considered a slow link; otherwise it is a fast link. This value may be set through Group Policy in the Administrative Templates node.
(imported comment written by jessewk)
Ernie,
Detecting bandwidth is actually very difficult to do (bandwidth is “bursty” and most efficient measurements use up all the bandwidth for the test). I would expect the group policy technique above to frequently fail to find the correct value. Currently there isn’t really any good solution by any vendor.
(imported comment written by jessewk)
In BES 7.0, BES Agents and can now throttle network communication automatically and in real-time based on the current bandwidth available. This allows BES Agents in network constrained environments (such as modem or VPN users) to use more bandwidth if the network is idle or less bandwidth if there is other network activity. Dynamic bandwidth detection works without flooding the pipe with traffic, instead using novel techniques developed by BigFix.
(imported comment written by pmullins91)
jessewk
In BES 7.0, BES Agents and can now throttle network communication automatically and in real-time based on the current bandwidth available. This allows BES Agents in network constrained environments (such as modem or VPN users) to use more bandwidth if the network is idle or less bandwidth if there is other network activity. Dynamic bandwidth detection works without flooding the pipe with traffic, instead using novel techniques developed by BigFix.
Sorry to bring up this dead thread…
Could someone clarify whether the above indicates that beginning with v7 there is no need to set any throttling settings, as the clients do this automagically?
Thanks.
(imported comment written by BenKus)
Hey pmullins,
Not quite… You can/should enable static throttling whenever necessary in your LAN if you have any bandwidth restrictions that might cause you problems. And for remote computers that are connecting over the WAN, you can consider enabling Dynamic Bandwidth Throttling, which will try to keep the network traffic from interfering with other traffic on the wire (but you still will want to enable this using a Task on the BigFix support site).
Ben
(imported comment written by pmullins91)
Ah well, it was worth a shot. 
Thanks for the clarification Ben.
(imported comment written by anjums91)
HI i have enabled the static throttling for patch updation. But some how its not working , always the bigfix is taking 32kbps even if i set it to 4/8/16 kbps. I using the following settings To throttle bandwidth used by a client:
“_BESClient_Download_LimitBytesPerSecond”
To throttle bandwidth by a Relay from the Server (per connection)
“_BESGather_Download_LimitBytesPerSecond”
To throttle the cumulative file downloads at any given time on a Relay/Server:
“_BESRelay_HTTPServer_ThrottleKBPS”
It appears that you are only using “_BESGather_Download_LimitBytesPerSecond”.
(imported comment written by Paul_Kerpa)
Anjums,
The setting prior to 7.2.1.357 was limited with a floor of 4096 bytes this translates to 32.768kbps, after the upgrade to 7.2.1.357 we changed this setting to a floor of 1024 bytes 8.192kbps.
You can find the full change list at the following URL.
http://support.bigfix.com/bes/changes/fullchangelist-72.txt
“Fixed issue where relay static throttling has a minimum rate of 4096 bytes/sec (new value is 1024 bytes/sec) (bug 18840)”
(imported comment written by SystemAdmin)
I am working with utilizing this setting. 1 question.
A user goes from copper to wireless. This dynamic change happens right away, or when the devices reports back to BigFix?
(imported comment written by SystemAdmin)
Also, I am noticing that the value for this property is showing ‘0’, both on copper and on wireless. I am trying to verify that this setting is actually working.
(imported comment written by SystemAdmin)
I am struggling with this yet. I have the below statement to put into the dynamic setting, yet it does not seem to be taking set.
if (((exists ((addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= “10.17.0.0” as version and it <= “10.17.255.254” as version) OR exists((addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= “10.60.0.0” as version and it <= “10.60.255.254” as version)OR exists((addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= “10.242.116.0” as version and it <= “10.242.116.254” as version) then “2000” else “0”)))
(imported comment written by BenKus)
Did you use {} when you put it in? (http://support.bigfix.com/cgi-bin/kbdirect.pl?id=281)
Ben
(imported comment written by SystemAdmin)
Yes I did. Sorry, I should have put that in here as well.