Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

iRule for bandwidth throttling per client IP

Hello

We would like to create an iRule that limits the bandwidth from each client IP address to a specific Virtual Server to 10mbps. I've seen some other similar articles but I'm not familiar with iRules so don't really understand whether they are doing exactly what we need. Any help writing the iRule would be greatly appreciated.

Thanks LB

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Are you sure you'll need an iRule? If the same bandwidth limits apply to all clients going to a specific Virtual Server, you could configure one rate class profile and add this to the virtual server.

If you want to define groups and multiple rate class profiles, you could use this iRule below (found here: https://devcentral.f5.com/questions/iRules-for-rate-shaping).

# Paying users get the bandwidth
# User's IPs defined in the iRules/DataGroups

when CLIENT_ACCEPTED {
    if { [[IP::client_addr] eq matchclass gold_users] } {
        rateclass rateshape_10mb
    }
    elseif { [[IP::client_addr] eq matchclass silver_users] } {
        rateclass rateshape_512k
    }
    elseif { [[IP::client_addr] eq matchclass lump_o_coal_users] } {
        rateclass rateshape_128k
    }
    else {
        discard
    }
} 
0
Comments on this Answer
Comment made 1 month ago by littlebunny 54

Hi Niels

We would like each unique IP to be allocated 10mbps. The scenario is that we are expecting thousands of machines from different customers to call in and download a file. Since each customer's public IP is unique we are hoping to use that to limit the total bandwidth allocated to each customer, regardless of how many machines they have internally. We don't know the public IPs of our customers so I'm assuming we would need to do something like dynamically build a table of IPs. Also, we only need to limit bandwidth on HTTP GET requests, not all traffic. Does this make sense?

Thanks LB

0
Comment made 1 month ago by littlebunny 54

Alternatively, could we use a dynamic bandwidth controller policy in the Acceleration module and set up an iRule to trigger the policy for any new unique IPs? If so, some help with the iRule syntax would be much appreciated.

Thanks LB

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Potentially have a solution but we haven't tested yet. Planning on creating a dynamic bandwidth controller, setting the max mbps per user to 10mbps, then using the following iRule to assign cookies to source IPs and trigger the bandwidth controller:

when CLIENT_ACCEPTED { set mycookie [IP::remote_addr] BWC::policy attach dynamic_bwc_policy400 $mycookie }

In order for this to work properly, we also have to force a particular source IP to always go through the same underlying traffic pipe (TMM process) by modifying an Advanced setting on the VLAN where the new virtual server resides. We’ll need to change the CMP Hash method from “Default” to “Source Address”, which is a global change affecting all traffic.

This link is useful: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-12-0-0/8.html

Thanks LB

0