Rules Overview


Rules are a core part of traffic shaping and bandwidth allocation. They instruct the server as to which types of traffic streams are processed and the way those streams are limited. By configuring rules for the system you enable it to perform traffic shaping that is customized to your own network architecture.

Rules can be broken down into four main components:

  • Classification - Identifies the different traffic types that are flowing through the network.
  • Queueing - Holds the traffic streams in separate areas for processing.
  • Processing - Checks each traffic stream and allows it to flow at the correct rate from the queue.
  • Statistics - Records the amount of data transferred by each stream and displays the current usage rates.


Before processing a data stream, the server must identify it. This step involves inspecting the properties of the stream to help classify it as a certain type of traffic. The stream type is determined by the guidelines and parameters that are established by the rule. The guidelines can be changed at any time by the administrator and cover aspects such as source and destination address, protocol, traffic direction and TCP port.

The traffic monitor displays a list of all data streams that are running through the server, even ones that aren't covered by any rule. By viewing the monitor it is possible to build classification criteria for the rules that you wish to implement. The properties for each stream are displayed in the traffic monitor list which can be helpful in deciding the exact criteria to use for classification.

Group policies are implemented by classifying a list of addresses rather than a single source or destination for the traffic stream. They allow limiting a group of users through a single rule rather than creating a separate rule for each one. Dynamic rules can be used in conjunction with address groups to create a separate virtual rule for each user within the group while still allowing the administrator to configure it with a single rule.


Each rule has an associated queue that stores the traffic while it is being processed. Once stream data has been identifed and classified it is sent to the appropriate queue where it stays until it is ready to be sent back onto the network. In most cases the data is queued for only a few microseconds but for rules with low speed limits it can be kept for seconds (or even minutes in extreme cases).

Because there is a separate queue for each stream the server can drain the queues in the right way to provide equal allocation for rules, rather than allowing one stream to overpower all others. For example, without Bandwidth Controller installed you will notice that a large download from a one computer will take most of the bandwidth, leaving none for the other computers on the network. Queueing solves this issue by placing the streams into separate compartments and giving each one an equal amount of bandwidth.


Rules determine the processing operations that are to be performed on a stream. These operations are configured by setting the rule properties in the Processing and Advanced Processing windows. Each rule has a separate group of operations that apply to the queued data.

The main type processing is speed limiting which limits the rate at which a queue is allowed to flow. Traffic is only allowed to leave the queue as long as it is not using more bandwidth than specified by the Maximum Rate field. If the queue is exceeding the defined limit then its traffic remains queued to effectively slow the stream down. After a certain amount of time has passed the queue will be ready to send again because its average rate will have decreased.

TCP acknowledgement prioritization is another operation that can be performed on queues. This feature gives high priority to packets that are used for signalling and control of the protocol, rather than application data. Any acknowledgement packets that are found are moved to the front of the queue, allowing them to overtake application data that was sent before them. By sending TCP signalling traffic faster, the system provides much more responsiveness to applications when the stream is being speed limited (or during times of congestion on the internet link).


As traffic passes through the system, statistics are gathered and stored for each rule. This information can be used to see which rules are being used and the rate of data flow through them. Each set of statistics is stored on the server until the corresponding rule is deleted or the statistics are manually cleared by the administrator.

When the queue type for a rule is set to 'local' or 'remote' (i.e. the rule is dynamic) the statistics are stored per-user rather than per-rule. The statistics for the each user can be viewed in real time and are stored along with the non-dynamic statistics. This functionality allows dynamic scheduling to track the amount of data each user has transferred and limit them separately.