Bandwidth Control (Beta)
Bandwidth Control (Beta)
This feature is currently in Beta and only available for web traffic (HTTPs), Internet Protocol Security (IPSec), Generic Route Encapsulation (GRE). If you want to enable this feature, contact your Sales team.
Bandwidth Control allows you to ensure that your organization’s bandwidth usage for business-critical applications is prioritized and bandwidth usage for non-work related traffic is limited. For example, if a network admin has determined that video streaming traffic is hogging bandwidth and degrading business-critical application performance across multiple locations, video streaming traffic can be limited to 5% of total bandwidth at each location. Bandwidth Control can be configured to take effect only if there is a contention in the network (network congestion). If there is no congestion, applications will not be rate limited.
The primary steps to configure Bandwidth Control Policies include:
- Configure your traffic steering method in the Netskope UI.
- Create links for the sites you’re steering traffic from.
- Create Traffic Classification Policies to define the type of traffic you want to limit.
- Create Bandwidth Control Policies for the links and traffic classes you created.
To begin creating Bandwidth Control Policies, go to Policy > Bandwidth Control.
Links allow you to specify the locations to which you want to enable Bandwidth Control.
To create a link:
- Click the Link tab.
- Click New Link.
- The New Link window appears:
- Link Name: Enter a name for your link.
- Link Size: Enter the maximum bandwidth for your tunnels. The tunnel size can be up to 1 Gbps.
- Definition: Select the tunnels configured on your tenant. You can add multiple tunnels for a single location.
- Click Save.
Configuring Traffic Classification Policies
Traffic Classification Policies allow you to define the type of traffic you want to limit with Bandwidth Control.
Go to the Traffic Classification Policy tab. On this page, you must create traffic classes and create rules for these classes.
You can create up to seven traffic classes.
To create a traffic class:
- Under Traffic Class, click +NEW.
- The New Traffic Class window appears:
- Enter a Name for the traffic class.
- (Optional) Enter a description for the traffic class.
- Click Save. You can also click Save & Add Rules to create a Traffic Class Rule.
Traffic Class Rules
Traffic Class Rules allow you to assign source and destination match criteria to your traffic classes.
To create a Traffic Class Rule:
- Click New Rule.
- The New Rule window appears:
- Source: Select the users, groups, or organizational units for the rule. Click Add Criteria to add source IP adresses.
- Destination: Select the applications or app categories you want to track with this rule.
- Traffic Class Assignment: Select a traffic class for your rule. You can click +New Traffic Class to add a new traffic class.
- Click Save. You can also click Save & Add Another to create another Traffic Class Rule.
Configuring Bandwidth Control Policies
Bandwidth Control Policies allow you to assign bandwidth limits for the traffic classes you created.
Bandwidth Control Policies are evaluated in a top-bottom order, based on the configured link. This means only the top policy for links included in multiple policies will be processed. Even if a lower priority rule includes different apps for the same link, Netskope won’t limit bandwidth for those apps.
To create a Bandwidth Control Policy:
- Click the Link Bandwidth Policy tab.
- Click New Policy.
- The New Bandwidth Control Policy page appears:
- Links: Select the links you want to add to this policy.
- Bandwidth Limit: Configure the maximum bandwidth available for your traffic classes. You can enter the exact bandwidth or a percentage of total bandwidth.
Select the Traffic Class and enter the maximum bandwidth allowed for the traffic class. Click New Row to add more bandwidth limits to your traffic classes.
Traffic that doesn’t match a traffic class rule is unclassified. If no Bandwidth Control policy exists for the link, then unclassified traffic is not limited. However, if a policy exists for the link, then unclassified traffic is limited to the link’s total bandwidth.
When network congestion occurs, bandwidth limits will be “best effort” and only traffic defined in Bandwidth Control is restricted.
- Policy Name: Enter a name for the policy.
- Status: Select to enable or disable the policy.
- Click Save.