Can I limit Windows Bandwidth?

Posted on 2010-11-29
Medium Priority
Last Modified: 2012-05-10
Hi everyone and thanks in advance for your help.

I recently had a Virtual Machine on one of my servers in a Data Center compromised because an intern disabled the firewall while doing some testing that one of our Engineers for some stupid reason decided an intern should be allowed access to a live production server.

Anyways, the server was compromised and was uploading at over 300MB/s... yeh MB/s not mb/s. So anyways the data center called me and asked me what was up... So I found the VM causing the issue, powered it down, and labeled it as infected.

One of the engineers wanted to investigate it even though he had no idea what he was doing. So I said it was ok, but he would have to view it using the VMWare server console because I was going to disable the Virtual NIC. I guess he didn't like the lag in the console so he re-enabled the NIC and figured re-enabling the firewall would fix it.

However it didn't and instead of staying under our allocated bandwidth of 20MB/s it once again spiked up to 300+ for almost a week.. We were just charged $2800 in overages... On top of our monthly bill of $600. I was luckily able to get it down to $800 through a little bit of begging and pleading.

I'm going to be implementing a switch in there eventually that I can set a certain bandwidth metric on it and configure it for bursting, but for the time being I'm curious if there is a free/open source program or way of doing this on Windows.

I just want to be able to configure the program to not allow any more than 20MB/s out of the NIC.And another thing that would be nice is that if it sustains a certain bandwidth usage for a certain amount of time it would send a notification.

Technically if there's a program that at least does the 2nd part that would work..

I've found several paid programs  that would do this but no free... I don't know of a way to do this with the wimpy windows routing commands.

Hopefully I gave enough info on this for you to understand what I want.

Thanks a lot!!
Question by:keith_opswat
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

gardara earned 668 total points
ID: 34235688
I do not know of any free software that can limit bandwith in windows. But the free version of NetBalancer can run 5 process priorities/limits. Maby that's enough for you?

What I would do tho is to set up monitoring on your servers.

I use nagios to monitor the bandwith of all my servers, it sends me notifications with warnings and is highly customizable.
However the nagios server runs only on linux, but you can monitor windows machines.. I noticed that you said that you run virtual machines... Running a virtual machine with linux/nagios might be smart to monitor bandwidth and other things on your virtual machines.

Cacti is quite good too and can monitor machines and send out email warnings, it runs on both windows and linux: http://www.cacti.net/

Good luck.

Assisted Solution

roticanaitelur earned 664 total points
ID: 34246111
Hi, I'm not sure what VM version are you using. I guess you can take a look at the traffic shaping. Hmm ... simply assigned this server into a dedicated port in the vswitch and introduce traffic shaping. Hope this helps.

LVL 29

Assisted Solution

pwindell earned 668 total points
ID: 34252354
The answer is called Users Beatings,...and at the extreme,...Public User Beatings.

There is no technical solution for human stupidity.   You told the guy what not to do and he did it anyway,..it is that simple.

To stop the big internet bill set the firewall to totally deny anything coming from that machines IP#.  Then it can communicate to the LAN,... but not leave the LAN.  Fix the VM.  The remove the restriction on the firewall.   Pretty straight forward.
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

LVL 29

Expert Comment

ID: 34252370
Or just remove the Default Gateway on the VM's nic before you enable the communication,..then it can communicate but not leave it's local subnet.

Author Closing Comment

ID: 34258639
I agree with you pwindell about the user beatings... Anyways I use Pandora FMS but am thinking about switching to Nagios. So I know that's an option I was just hoping someone knew a quick fix type way but I see that there really isn't except for having a switch or router in place that sets the bandwidth on the line.

I'll be dividing the points up among some of the answers. Thanks a lot for your input guys.
LVL 29

Expert Comment

ID: 34258874
I see that there really isn't except for having a switch or router in place that sets the bandwidth on the line.

Actually I gave two ways,...very simple ones,...and has nothing to do with bandwidth.   Bandwidth has nothing to do with the solution,...stop looking at bandwidth.

Once you fix the infection of the machine the problem will no longer exist.
LVL 32

Expert Comment

ID: 34259874
>Once you fix the infection of the machine the problem will no longer exist.

Throttling is a band-aid to stem the flow until the source can be found/fixed.  From a remote admin standpoint, it would be prudent to have such a tool.  Sometimes leaving the connection up, but limited, can assist in analysis.
LVL 29

Expert Comment

ID: 34260207
Yes, having some kind of throttling ability in a generic sense could be useful.  But you don't need it for this case.  You stem the flow at the firewall by denying the machine internet access or by eliminating its ability to route by removing the default gateway.  Repair the infection on the machine.  Then reverse the previous measures.  In two hours or less you could have the machine fixed and that would be the end of it.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question