How does the agent's Bandwidth Throttling and speed testing work?
ITMS 8.x
Bandwidth throttling and speed tests, how does it work?
Bandwidth throttling is configured in the SMP Console under 'Settings > Agents/Plugins > Symantec Management Agent > Settings > Targeted Agent Settings'. Each of the targeted Agents Settings, under “Downloads” tab, there is a section for Bandwidth/Throttling.
Note: New UI changes were introduced with SMP 8.5 Release.
Once bandwidth throttling has been configured, and the throttling configurations have been passed to the Altiris Agent machines, the Altiris Agent uses ICMP (ping) packets to perform the network connection speed tests. This is detailed below in the section Speed Testing Parameters. The returned speed test value is cached for a period of 6 hours.
Note: SMP 7.5 up to 8.1 also uses HTTP ping to test the connection. See the section Speed test changes in 7.5 and later below for more details.
When there is a scheduled package download task, the Altiris Agent either retrieves the cached connection speed value or it will initiate a new network speed test, and the results will be cached for 6 hours. Once the 6-hour cache expires, the Altiris Agent will request another speed test profile once an advertisement execution or package download begins (see Speed Testing Triggers and Speed Testing Operations below).
When the Altiris Agent is asked to throttle, there are two throttling rules that can be configured:
When the Altiris Agent is instructed to perform a speed test by its configuration policy there are four triggers that can initiate the speed test:
Speed Tests are Directed Against Servers in the Following Manner:
Note: Speed testing does not mean packets go on the wire every time one of these decision points is reached. Review the speed test details below under Speed Testing Parameters. Whether it is for a package download or an advertisement execution, the speed testing process is the same.
Speed testing begins with the FQDN name for the server being targeted based on the codebase and the speed is discovered and set; the NetBIOS name is not tested but it set to the same speed. If the FQDN test fails then the NetBIOS name is tested, and the speed is discovered and set.
There are several throttle settings and parameters that need to be understood when ICMP traffic is disabled on the network. Activation of throttling by the Altiris Agent is based on the following options:
If ICMP traffic is disabled on the network, the option Throttle regardless of connection speed should be selected. If the option Enable throttling when connection speed is below… is selected when ICMP traffic has been disabled, by default throttling is set to 1 KB/sec because the connection speed cannot be verified.
So, threshold settings that are 1 KB/sec or above are always throttled, and the setting of 500 bytes/sec is never throttled.
The configurable values for the throttling threshold are:
Once the throttling options are selected then the throttling limits come into effect. Again, these limits are:
When ICMP traffic is disabled on the network there is no need to initiate speed testing and Absolute throttling is the better choice. The bandwidth limit is already known and the Altiris Agent will throttle to that limit. If Relative throttling is selected, it will still act as an absolute limit as defaults to the option of 1 KB/sec.
Since network throughput is so critical, different Altiris Agent collections should be created based on network throughput. Altiris Agent machines can then be customized based on customized connectivity configurations.
Speed testing is a result of the Altiris Agent pinging the FQDN name for a server being targeted based on the defined codebase, and the speed is discovered and cached; the NetBIOS name is not tested but it set to the same speed. If the FQDN test fails then the NetBIOS name is tested, and the speed is discovered and set.
If the codebase request is to a server that has not been profiled for a connection speed before then a speed test is initiated.
Packets used: Five 1-byte packets and then thirty 400-byte packets. (Note: Older operating systems will only use five 400-byte packets.)
HKLM\SOFTWARE\Altiris\Communications\MaxServersToCheck (default 6, valid range is 1–100)
Description: Maximum number of servers to check
Values: If over 100 or under 0 then is set to 100; a value of 0 is set to 6
HKLM\SOFTWARE\Altiris\Communications\ IP Expiry (mins) (default 360, valid range is 1–10,080)
Description: Number of minutes before connectivity to a Host is retested
Values: If over 10,080 or under 0 then it is set to10080; a value of 0 is set to 1.
HKLM\SOFTWARE\Altiris\Communications\SPEED Expiry(mins) (default 360)
SMP 7.5 through 8.1:
SMP version 7.5 introduces HTTP Ping to measure network speed between client and server. NOTE: This ping test was deprecated in 8.1.
To calculate network speed client downloads 30KB page from server:
* from SMP: .../Altiris/NS/Agent/ConnectionTest.asp
* from Package Server: .../Altiris/PS/ConnectionTest.html
In case if SMP/Package Server has packages available via UNC, connection is tested using ICMP ping (detailed in the section Speed Testing Parameters).
Connection check information is also available in Symantec Management Agent logs as trace level events.
The default server (NS, PS or TS) ping interval is stored in registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications REG_DWORD, "Server Ping Timeout", 1800 seconds by default
This is 30 minutes, so each server will be pinged at least once each 30 minutes. Each ping is a single HEAD request.
Speed test frequency is specified by another registry entry:
REG_DWORD, "Speed Expiry (mins)", 360 minutes by default
This is 6 hours, so once in 6 hours a single ping is converted into "speed test", which is a GET request that downloads 30KB of data from the server to get rough idea is it better or worse than other servers.
Now there could be more pings when servers become available or not available. For example the server is not available and the last ping failed.
Despite that some plugin may still want to call the server via HTTP, if server call succeeds then the agent will ping the server to check that it is all right. Other case is when the server is available, someone making a web call to that server and the call fails, agent will ping the server to see if it is all right.
More details about network adapters, connections and server profiles are available via Symantec Management Agent Network Diagnostics.
Note: Starting SMA 8.1 RU7, Bandwidth Management has been changed. The legacy approach of throttling each connection separately is abandoned. Now all connections share a single limit of bandwidth per second.
The following is provided as reference, but those changes can’t be accessed via UI in order to modify them.
Starting with SMP 8.5 RU1, the Blockout and Bandwidth Throttling functionality has been improved.
Weekdays and new throttling type addition (range) to the blockout and throttling period policy cause the following changes in functionality:
NOTE: The following information is provided as reference, but it is not intended to be a User Guide in how to use that functionality:
Network Adapter Monitor
The network adapter monitor is part of aexnetmon.dll and is started along with SMA service start. The purpose of the adapter monitor is gathering statistics of every network adapter in the system.
The network adapters are enumerated when the monitor starts and when machine's routing table changes. The monitor queries the adapter's statistics once a second and calculates the number of bytes that got through the adapter during the last second as well as other adapter usage counters. The statistics are queried for each adapter in the system even if SMA does not have a particular adapter currently.
The administrator has access to the information adapter monitor collects via performance counters set named "Symantec Management Agent Network Adapter". There is a menu item "Network Adapter Usage Performance Counters" in the diagnostics menu available that opens the Windows Performance Monitor window.
The network adapter monitor gathers and calculates the following statistics:
All other counters shown above belong to the throttling engine.
New Throttling Algorithm
The main difference between the legacy throttling engine and the new engine is that the new one can regulate SMA traffic relative to the 3rd party application traffic. Using adapter monitor statistics, the new engine can estimate the 3rd party application traffic and use that in the throttling algorithms.
The currently implemented algorithm allows SMA to hold the total adapter traffic within the certain range set by the maximal and the minimal bandwidth limits depending on the 3rd party traffic.
The reason why the lower limit exists is that SMA cannot stop sending bytes over a connection in order to connection to continue to be alive and not to be terminated by intermediate devices like routers and gateways. The operation Principe of the new throttling engine is described in the next paragraph.
New Throttling Engine
The new throttling engine consists of two parts: the engine core and the consumers.
The engine core is triggered every second by the network adapter monitor after it got the current statistics for every network adapter. The job of the core is to calculate how many bytes can every consumer "consume" the very next second. Depending on the adapter statistics gathered by the adapter monitor and the throttling algorithm Bytes consuming occurs when SMA transport that is integrated with the consumer needs to send or receive a number of bytes from the server, the transport cannot send or receive more bytes than allowed by the core.
Bandwidth Channel
There is the single-engine core and the multiple consumers exist on the machine. The consumer is created and used by the transport modules every time when a new network connection is established. The consumer connects to the engine core and allocates a bandwidth channel from the engine. There are a limited number of channels supported by the engine (256 currently), which limits how many connections can be throttled. The performance counters related to the channel statistics are:
Multiple Local IP Addresses Support
The channel is allocated based on the connection's local IP address. Every adapter can have multiple local IP addresses assigned, the adapter monitor collects that information. When consumer needs to allocate a channel, it provides the IP address to the engine core that selects the adapter assigned to that IP address. The throttling is working per adapter, i.e. there are 256 channels per each network adapter, SMA can establish multiple connections to the servers belonging to the different network subsets and the throttling will be performed for each connection separately according to the adapter the connection uses.
Agent Bandwidth
Every second the engine core calculates how many bytes can be consumed by the consumers, this number is represented by the counter "Bandwidth: Agent". It cannot be larger than the adapter's bandwidth. Currently, the engine divides the total agent bandwidth equally between all the active channels.
When the throttling is not applied the engine core continues querying adapters and calculating the agent and channel bandwidth and the consumers still continue to operate within the bandwidth.
Throttling Settings
The performance counters related to the throttling settings are:
"Throttling Settings: Threshold". The legacy engine setting in bytes per second that show when throttling starts, the connection speed should drop below that value for the throttling to start."Throttling Settings: Value %". The legacy engine setting in bytes per second that shows if relative throttling mode is on. The throttled connection speed is regulated relatively to the actual connection speed."Throttling Settings: Value Bytes/sec". The legacy engine setting in bytes per second that shows if absolute throttling mode is on. The throttled connection speed does not exceed the set value.
IMPORTANT LIMITATION: The new throttling engine is not used if the legacy throttling settings are configured. The administrator should turn the new settings on for the new engine to start throttling.
Throttling Operation Algorithm
All the algorithm internals are visible through the performance counters. The input engine receives consist of adapter's current traffic "Bytes/sec: Current: Adapter", adapter bandwidth "Bandwidth: Adapter", the channels information and the throttling settings. The rest of the performance counters calculated as below:
Throttling Engine Consumers
The following connections are integrated with the new throttling engine currently.
A consumer can be used from either SMA service of external process running in the context of any account. That means connections made by 3rd party applications running in the context of a regular user but using SMA transport module will still be throttled.
IMPORTANT LIMITATION: SMA service should be running for throttling to operate. DS's PECTAgent should still load aexnetmon.dll and network monitor or throttling to work for PECTAgent. The network monitor starts network adapter monitor and the throttling engine internally.
Teamed, VPN, Wi-Fi, 4G support.
All types of network adapters are supported by the adapter monitor and the throttling engine. No filtering by adapter type can be applied currently.
Troubleshooting
To enable SMA diagnostics use following command line:
C:\Program Files\Altiris\Altiris Agent\AexAgentUtil.exe /diags
Diagnostics window is available via right click on SMA system tray icon. Right click - Diagnostics - ...
Other items to consider between 7.5 and 8.1 releases: