Shaping Rules

Speed limitation rules provide restriction of the maximum speed for requests from individual users, user groups or IP address sets based on the values provided in rule options. Rules are ordered, and you can easily change the order using the appropriate buttons on the toolbar or the commands in the context menu of rules. After a new connection has been detected, Bandwidth Splitter starts checking rules in the order of sequence for matching the connection details. The first rule that fully matches this connection is applied to limit the speed.

Note. Due to presence of the Destinations option in Shaping Rules, it may be that several rules simultaneously match different connections of the same client. Thus the overall authorised speed for the client will equal the sum of the authorised speeds for these rules. Due to this it is necessary to set up rules carefully.

Shaping Rules (click to enlarge figure)

To create a Shaping Rule, in the console tree of Forefront TMG Management, right click Shaping Rules, point to New, and then click Rule. Proceed with following the instructions of the wizard. Note that the rule elements necessary to create the rule should be set up before starting the wizard.

The below is a description of the Shaping Rules options and their effect.

On the General tab, supply the name for the rule and its description. You can also enable or disable the rule here by selecting or deselecting the Enable option.

Use the Applies To tab to specify objects for the rule to apply to. You can select IP address sets or user sets. Exclusions can also be set up here.

On the Destinations tab, specify destination IP address sets to which the rule applies.

Use the Schedule tab to set up the schedule for the current rule. The default setting is Always, but you can select any other scheduling option from those configured in Forefront TMG.

The Action tab is used to set the speed limits to be provided by the rule.

Action tab of Shaping Rule Properties (click to enlarge figure)

If the No shaping mode is selected, the transfer rate for clients under this rule will not be restricted.

You can select different shaping modes: shape sum of incoming and outgoing traffic, shape separately incoming and outgoing traffic, shape incoming traffic only, shape outgoing traffic only. Set the speed limits allowed by the rule in kilobits per second.

Forefront TMG cache content can be supplied on request both unrestricted in speed (in case the Don't shape cached web content option is selected) and with speed restrictions set up by the rule in the same way as for all other traffic (if the checkbox is not selected).

The HTTP Boost mode lets essentially accelerate web surfing. Viewing of web pages is often discontinuous: first the page is loaded, then a pause follows (as the user reads and analyses the content) when no requests are transmitted, then a link transfer follows and another page is opened. HTTP Boost mode temporarily enables a user who has been inactive for a certain minimum period of time to work at a speed higher than main speed limit value. Such short accelerations allow making surfing much more comfortable.

HTTP Boost options are configured individually for each Shaping Rule. HTTP Boost speed limit, HTTP Boost duration and the time of absence of user activity necessary to reactivate the HTTP Boost mode (Inactivity period to restart) are to be set up for each rule.

Note. The types of content for which the HTTP Boost mode is used are set on the Advanced tab of the general options of Bandwidth Splitter. HTTP Boost mode is turned off for all other content and firewall connections, i.e. the basic rules of speed limitation are applied all the time.

Select Limit number of connections to limit the number of simultaneous connections for the rule. If any web requests are sent after this limit is exceeded, the user can see a message that the allowed number of connections has been reached.

The Shaping Type option, defining the way the rule is applied, is very important. Depending on the value of this option, the effect of the rule may be very different.

Select Assign bandwidth individually to each applicable user/address to apply the speed and connection number limitations under the rule individually to each user or host that matches the rule, i.e. separately from each other.

Select Distribute bandwidth between all applicable users/addresses to apply the speed and connection number limitations under the rule to all users or hosts as a whole.

Parameter Static bandwidth distribution (available only when selected Distribute bandwidth between all applicable users/addresses) controls what happens when some users to whom this rule applies don't use all their allowed bandwidth.
For example, if rule has speed limit 100 kbits/s, and 2 users concurrently have active connections, then usually each of them will be limited to 100 / 2 = 50 kbits/s. But if one of these users use just 30 kbits/s, then it is possible to distribute unused bandwidth between other users, so they will have oportunity to use more bandwidth. Actually this means that their speed limit will be increased.
So, in this example, if Static bandwidth distribution is unchecked (default), speed limit of second user will become 100 - 30 = 70 kbits/s. This limit is dynamic, so when first user will use more bandwidth, speed limit of second user will be decreased.
If Static bandwidth distribution is checked, then regardless of how much bandwidth both users use, their speed limit will be 100 / 2 = 50 kbits/s.

Use the Extra tab to configure additional rule options.

If the Apply this rule only when client's traffic quota has been exceeded option is checked, then this shaping rule will be applied only when user's traffic quota counter reaches zero. In all other cases, Bandwidth Splitter will continue to search for a shaping rule that corresponds to client's connections.
When shaping rule with this option is applied, it also means that user's access will not be blocked despite traffic quota is exceeded.
Note that if you want to use this option, you should place the shaping rule where this option is selected above another rule which is used when quota is not exceeded. Otherwise the former rule will never be applied.

If the Don't count traffic on account of traffic quota checkbox is selected, the traffic allowed by this rule will not be taken into account in traffic usage counters when counting the allowed traffic quota. This is useful, for example, if there is a high-speed connection with some networks and there is no need to limit that traffic while limiting traffic to other destinations. Note, that this flag also implies that access will be allowed by this rule even if user traffic quota is exceeded.

See also
Quota Rules
Group Restrictions
Distributed shaping rules


© BNTC Software. All rights reserved.