Managing bandwidth throttling
You can configure throttles to limit the bandwidth and the number of concurrent connections that the Tanium Server or Tanium™ Zone Server uses to send data to Tanium Clients. In deployments where numerous Tanium Clients connect with the server at the same time to download sensors and packages, spikes in bandwidth usage might occur. Throttles prevent the spikes from degrading network performance by ensuring that the Tanium Server or Zone Server never exceeds a specific bandwidth across your entire network or in specific subnets when sending Tanium data. To enforce the limits, the server delays sending data that would exceed the maximum bandwidth and rejects connections beyond the allowed maximum number.
Bandwidth throttles control only the rate at which the Tanium Server or Zone Server sends data to Tanium Clients, not the rate at which the Tanium Clients send data to the server. The throttles do not affect data exchanges between any other Tanium components.
Only users assigned the Administrator reserved role can see and use the Configuration pages, including the Bandwidth Throttling page.
When you configure throttles, strike a balance between providing the Tanium Server enough resources (bandwidth and concurrent connections) to complete tasks in a reasonable timeframe and mitigating the impact of those tasks on your network. Setting limits too low might prevent the Tanium Server from sending all the sensors and packages that endpoint computers need to respond to questions and perform actions. Setting limits too high might allow spikes in Tanium traffic to hinder other tasks the endpoints must perform. Therefore, work with your network administrator and Tanium technical account manager (TAM) to:
Evaluate bandwidth trends for data that the Tanium Server sends to endpoints. The trends will enable you to gauge how much the traffic affects your network and determine the maximum resources that the Tanium Server requires for sending the data. Note that throttles are cumulative: you can configure a throttle for all data that the Tanium Server sends and configure additional throttles that are specific to sensors or packages. Therefore, evaluate bandwidth trends for each of those data types.
Determine whether you need site throttles: subnet-specific throttles that are more restrictive than the throttles for the rest of your network. For example, you might want to set a lower bandwidth limit for Tanium traffic in sites that are dedicated to high priority tasks or that experience more non-Tanium traffic. Note that more restrictive throttles override less restrictive ones when multiple throttles apply to the same Tanium Server-to-endpoint connections. For example, if you set a site-specific throttle to 1 Megabit per second (Mbps) and the global (network-wide) throttle to 5 Mbps, the Tanium Server applies the 1 Mbps throttle to the site.
Determine whether the sites that require separate throttles have overlapping IP address ranges. Only the throttle for the site with the smallest IP address range applies to an endpoint that has an address within the ranges of multiple sites. For example, the throttle for a site that has subnet 192.168.2.0/24 would override the throttle for a site that has subnet 192.168.2.0/8 when applied to an endpoint with the IP address 192.168.2.1. If multiple sites of the same size contain the same IP address, only the last site throttle that you configured applies to endpoints in the overlapping subnet ranges.
Configure throttles for the data that the Tanium Server sends to all the endpoints in your network. Repeat these steps for each data type that requires a distinct throttle: packages and sensors combined (all data), just package files, or just sensors.
- Go to Configuration > Tanium Server > Bandwidth Throttling.
- In the Global Throttles section, click Add beside the data type you want to throttle.
- Enter the maximum bandwidth in Megabits per second (Mbps). The default is 0, which specifies no limit.
- Enter the maximum number of concurrent Tanium Server-to-endpoint connections. The default is 0, which specifies no limit.
- Save your changes.
Configure bandwidth limits for the data that the Tanium Server sends to specific Tanium Client subnets.
Base throttles on local or NAT-translated IP addresses
When defining sites for bandwidth throttling, you can specify local or NAT-translated IP addresses, but not both. By default, the Tanium Server treats the IP addresses as NAT-translated.
- Go to Administration > Global Settings.
- Select site_throttles_use_local_ip and click Edit.
- Set the value to 0 (NAT IP addresses) or 1 (local IP addresses).
- Ensure the setting Affects the Server (Tanium Server or Zone Server) and save your changes.
Add a site for each group of Tanium Client subnets that require the same bandwidth limits.
- Go to Configuration > Tanium Server > Bandwidth Throttling.
In the Site Throttles section, click Add Site.
Enter a Site Name to identify the site.
Enter one or more Subnets in CIDR format (such as 192.168.2.0/24). Enter one subnet per line. You must enter IPv6 subnets within square brackets followed by the prefix (such as [2001:db8::]/32).
Select whether to apply throttles for the site to the Total bandwidth shared across all subnets in bundle or to the Individual bandwidth of each subnet in bundle.
Save your changes. The Tanium Console then displays each subnet you added to the site, along with an icon indicating the severity of the current delay associated with the throttle for that subnet (see Verify throttle delays).
Add site throttles
Perform the following steps to configure site-specific throttles that apply to both packages and sensors (all data), just package files, or just sensors.
Go to Configuration > Tanium Server > Bandwidth Throttling, and then scroll down to the Site Throttles section, which has a <site_name> subsection for each site you added.
- For each data type you want to limit, click Add in the <site_name> subsection, enter the maximum bandwidth in Mbps (default is 0, which specifies no limit), and save your changes.
After you configure bandwidth throttles, the Configuration > Tanium Server > Bandwidth Throttling page displays the current delays (Queue delay values) that the Tanium Server applies to enforce the throttles on the data it sends to endpoints. For example, if you set the bandwidth limit for the Global Throttle for All Data to 1 Mbps and the Tanium Server starts sending 1 megabit of data, the Global Throttle for All Data section displays a Queue delay of 1,000 milliseconds (ms). After the download completes, the Queue delay drops to 0 ms until the Tanium Server sends more data. The Queue delay uses icons to indicate the severity level of the delay:
: 0 to 9,999 ms
: 10,000 to 44,999 ms
: 45,000 ms or more
To see the delays associated with specific subnets within a site, hover over a subnet in the corresponding <site_name> subsection.
Last updated: 12/17/2018 2:33 PM | Feedback