Cisco ASA 5510 VPN Bandwidth Throttling
Is it possible to limit how much bandwidth a particular VPN session takes up or to at least limit the amount of bandwidth all VPN sessions take up on the ASA? We had some updates go out from SCCM and that took up too much bandwidth. Thank you.
ASKER
Thanks Mike. Please send any details you can when possible!
Hi,
the setting I mean is the rate limits tab. It only appears on your remote DPs. There are 3 settings you can use: unlimited, pulse and limited.
TechNet:
◾Unlimited when sending to this destination: Specifies that Configuration Manager sends content to the distribution point with no rate limit restrictions.
◾Pulse mode: Specifies the size of the data blocks that are sent to the distribution point. You can also specify a time delay between sending each data block. Use this option when you must send data across a very low bandwidth network connection to the distribution point. For example, you might have constraints to send 1 KB of data every five seconds, regardless of the speed of the link or its usage at a given time.
◾Limited to specified maximum transfer rates by hour: Specify this setting to have a site send data to a distribution point by using only the percentage of time that you configure. When you use this option, Configuration Manager does not identify the networks available bandwidth, but instead divides the time it can send data into slices of time. Then data is sent for a short block of time, which is followed by blocks of time when data is not sent. For example, if the maximum rate is set to 50%, Configuration Manager transmits data for a period of time followed by an equal period of time when no data is sent. The actual size amount of data, or size of the data block, is not managed. Instead, only the amount of time during which data is sent is managed.
Ref: https://technet.microsoft.com/en-us/library/ded46139-8692-4dd6-bd80-64f7b4045924#BKMK_ModifyDistributionPointSettings
---
You have to plan how you want to split the traffic with your network team. A good summary is here:
https://msitpros.com/?p=1727
but there is also the concurrent package settings you can change too:
http://nikifoster.wordpress.com/2012/10/18/controlling-concurrent-package-distribution-in-sccm-2/>
Between the two, you have strong control, per DP, of how and when ConfigMgr pushes anything out.
Mike
the setting I mean is the rate limits tab. It only appears on your remote DPs. There are 3 settings you can use: unlimited, pulse and limited.
TechNet:
◾Unlimited when sending to this destination: Specifies that Configuration Manager sends content to the distribution point with no rate limit restrictions.
◾Pulse mode: Specifies the size of the data blocks that are sent to the distribution point. You can also specify a time delay between sending each data block. Use this option when you must send data across a very low bandwidth network connection to the distribution point. For example, you might have constraints to send 1 KB of data every five seconds, regardless of the speed of the link or its usage at a given time.
◾Limited to specified maximum transfer rates by hour: Specify this setting to have a site send data to a distribution point by using only the percentage of time that you configure. When you use this option, Configuration Manager does not identify the networks available bandwidth, but instead divides the time it can send data into slices of time. Then data is sent for a short block of time, which is followed by blocks of time when data is not sent. For example, if the maximum rate is set to 50%, Configuration Manager transmits data for a period of time followed by an equal period of time when no data is sent. The actual size amount of data, or size of the data block, is not managed. Instead, only the amount of time during which data is sent is managed.
Ref: https://technet.microsoft.com/en-us/library/ded46139-8692-4dd6-bd80-64f7b4045924#BKMK_ModifyDistributionPointSettings
---
You have to plan how you want to split the traffic with your network team. A good summary is here:
https://msitpros.com/?p=1727
but there is also the concurrent package settings you can change too:
http://nikifoster.wordpress.com/2012/10/18/controlling-concurrent-package-distribution-in-sccm-2/>
Between the two, you have strong control, per DP, of how and when ConfigMgr pushes anything out.
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all. Very helpful!
You can throttle SCCM very easily and comprehensively - I think the setting is on the DP itself. You can set the time (in hours) and the bandwidth. This setting is per boundary, so will match the VPN IP range for you.
If you need more detail I can look Monday when I have it in front of me :).
Mike