About Bandwidth Control

Click to:

Bandwidth Control at Two Levels

Zscaler provides bandwidth control at two levels.

  • At the first level, the Zscaler service provides bandwidth control by location. You configure maximum upload and download bandwidth limits for each location in your organization. These limits apply to the entire bandwidth of the location, irrespective of the web application traffic flowing through the network.

NOTE: The service applies bandwidth controls to traffic from known locations only; that is, locations that are configured on the Zscaler admin portal. The Bandwidth Control policy does not apply to road warriors because their traffic does not come from a configured location and their source IP address has unknown upload and download bandwidth values.

  • At the second level, for each location, you can configure bandwidth shaping rules based on bandwidth classes, such as VoIP or Web Conferencing, URL categories, or custom application classes that you define. The Zscaler bandwidth algorithm allows an application class full bandwidth utilization until there is contention for the bandwidth by a traffic class with a higher priority. When application classes compete for bandwidth, the service takes action based on the multiple QoS controls that you configured in the bandwidth control policy, as shown below:

Diagram of how Zscaler service acts based on QoS controls configured in Bandwidth Control policy

The Zscaler service rebalances the bandwidth in real time and buffers packets for application classes that hit the bandwidth quota limit during 1 second intervals. This behavior ensures that business critical applications run at full speed, with no deterioration in quality. Note that the Zscaler service applies the policy to all HTTP and HTTPS traffic from the location. You do not need to enable SSL interception because it works at the TCP level.

How Bandwidth Control Works

First, you specify the maximum upload and download bandwidth limits for each location in your organization. Note that about 5% of TCP traffic is overhead, such as packet headers. The Zscaler service does not include these in its bandwidth calculations. It only includes the application traffic.

Next you define your bandwidth classes, specifying what URL categories and applications belong to a given bandwidth class. You can then reference those bandwidth classes in your bandwidth control policy − a set of prioritized rules that tell the service how to allocate the bandwidth when contention occurs. Each rule defines a maximum and minimum bandwidth for the bandwidth classes in the rule along with other parameters, like maximum concurrent connections, location, and time of day. The maximum bandwidth specifies the maximum percentage of the total bandwidth that the configured bandwidth class can use at a given point in time, and the minimum bandwidth specifies the guaranteed minimum bandwidth percentage that is available for the bandwidth class.

The service allows a bandwidth class full bandwidth utilization until there is contention for the bandwidth by a traffic class with a higher priority. When bandwidth classes compete for bandwidth, the service allocates the guaranteed minimum bandwidth percentages to the bandwidth classes and allocates the remaining bandwidth according to the prioritized rules. Therefore the total minimum bandwidth must be less than 100%.

To see a sample policy for bandwidth management, see Bandwidth Control Policy Example.

You can go to the Bandwidth Control dashboard to view your organization's bandwidth usage in real time. You can also go to Analytics > Interactive Reports to view the standard reports for Bandwidth Control or to create custom reports as well.

To see how this policy fits into the overall order of policy enforcement, see How does the Zscaler service enforce policies?

  1. Click Recommended Policy to view the policy Zscaler recommends. 
  2. Configure a Bandwidth Control policy rule. See How do I configure the Bandwidth Control policy?
  3. View a list of all configured Bandwidth Control policy rules.
  4. Search for a configured Bandwidth Control policy rule.
  5. Edit the Bandwidth Control policy rule. See How do I edit, delete, or duplicate items in the admin portal?
  6. Duplicate the Bandwidth Control policy rule. See How do I edit, delete, or duplicate items in the admin portal?
  7. Modify the table and its columns. See How do I use tables in the admin portal?

 

Screenshot of the Zscaler Bandwidth Control page and tasks