Product and Software: This article applies to ArubaOS 3.3 and later, but some concepts are useful for older versions.
Aruba offers multiple ways to control user bandwidth consumption; some are more granular and others are more scalable. Here is a description of the methods, with suggestions of how these might be applied in a typical environment.
Bandwidth contracts at the controller can be applied three ways:
- At the VLAN interface, where only broadcast/multicast traffic is limited. (See separate article "How do I use bandwidth contracts to limit broadcast/multicast traffic?")
- At the role level, where all users in a role (EG guest) share a pool of bandwidth.
- At the user level, where each user's limit is independently enforced.
All bandwidth contracts are managed by software in the network processor (SiByte or XLR), and each instance creates a packet queue. Even though the network processors are very efficient, every role or user that has a contract takes a small toll on the CPU and memory. Furthermore, in ArubaOS 3.3, per-user bandwidth contracts are bidirectional, which creates two queues per user. For these reasons, unlimited use of per-user bandwidth contracts, where hundreds of sessions are being policed, is not recommended.
Traffic-management profiles for ESSIDs can be used to apportion a percentage of channel time (the only fair way to prevent a slow client from monopolizing the channel) to each ESSID.
With this information in mind, the following suggestions will fit many environments:
- Save per-user bandwidth contracts for guests, where a modest allotment per guest is a good way to provide a convenient service without encouraging unauthorized users.
- Apply a reasonable (large) per-role limit for low-priority users and no limit for high priority/secure users. (This is most useful when uplink bandwidth is limited, and the users in this role must not consume more than, say, 30% of the total link bandwidth.)
- Create wireless traffic-management profile(s), such as 10-20% for guests, 30-40% for low-priority users, and 50-60% for high-priority users. (An ESSID can "burst" to a greater percentage of the total channel time when the other ESSIDs are idle, but it cannot use more than its allotted share continuously.)
This flexible combination of bandwidth management methods will:
- Prevent guests from exceeding their allotted bandwidth at any time.
- Provide low-priority corporate users with adequate total bandwidth and the ability to "burst" to the full capability of an AP when high-priority users are idle.
- Provide high-priority users with a large share of the uplink/internet bandwidth and the ability to use most of the AP's bandwidth even in the presence of lower-priority users.