A guide to using the bandwidth limit settings for users, including an explanation of how Squid interacts with this feature. You might want to do this if you're experiencing a slow network due to your users using a lot of bandwidth, for example, streaming high definition videos.
Bandwidth Limiting policies are not cumulative; they are read from top to bottom and if any top policy matches, it will be the only one applied. For this reason, you must place specific policies at the top, and more generic policies at the bottom.
Unauthenticated IPs is considered a separate user-group. Anyone falling under that will be matched based on the bandwidth policy for Unauthenticated IPs so you will have to include this group specifically in a policy.
The performance optimization message appears when you have more than one "Squid worker" on your system which is a performance optimization. Because of that there is a possibility users will receive a lower bandwidth if they go through just one "squid worker" as the bandwidth allocation is divided between the workers.
You can see the number of squid workers by running a diagnostics check in the System > Diagnostics > Functionality tests page (under Guardian tests); the Functionality test results page shows the Number of workers under the Guardian info results section. Note that this is not Number of worker threads.
If you have multiple Squid workers, you set the bandwidth limit value to be what you originally want.
For example:
If you want to limit bandwidth to 500 kilobytes per second (Kbytes/s), you would set Guardian to 500 Kbytes/s.
However, if you measure the speed for a single download you will see that a client only gets 250 Kbytes/s if two workers or 125 Kbytes/s if four workers. But over several connections (most browsers open several) and over several clients (usually one bucket is shared over several clients) then you will get the desired 500 Kbytes/s in total.
If you try and double the amount to 1000 Kbytes/s for two workers, you will get the 500 Kbytes/s for a single connection, but by making multiple connections (or several clients) can get 1000 Kbytes/s which is not the 500 Kbytes/s that was intended.
Things to Consider When Setting Bandwidth Limiting
- We recommend that you create bandwidth limiting policies for the Unauthenticated IPs user group as well, because it can be used to bypass the web filter.
- You set all whitelisted web filtering policies to bypass bandwidth limiting.
- After creating all required bandwidth limiting policies, ensure that you clear the cache and restart the web proxy (Web proxy > Web proxy > Settings).
- If creating policies for a specific user group (Who) and enable Shared between clients, the bandwidth limit is shared for the whole group. Leaving this blank means each individual user gets the configured value.
- Be aware that the unit used to limit bandwidth is kilobytes per second, so:
- 512 Kbytes/s = 4 megabits per second (Mbps)
- 8,000 Kbytes/s = 62.5 Mbps
- 16,000 = 125 Mbps
See our help topic, Creating bandwidth limiting policies.
See the knowledge base article, Understanding the Web Proxy Bandwidth Limiter and the Bandwidth Module