How I can do shaping based on client IP?

Question

Hi,&nbsp;
I need to do shaping to subscribers that browsing through my F5 LTM, for .&nbsp;
The task is to shape each client to 512 Kbps, for all my researching here I found only way to do shape for all the subscribers together.&nbsp;
The best idea that I have for now is to create 254 rate classes and implement the irule below:&nbsp;
 &nbsp;
when CLIENT_ACCEPTED {&nbsp;
    set octets [split [IP::client_addr] "."]&nbsp;
    set rclass [concat class[lindex $octets end]]&nbsp;
    log local0. "[IP::client_addr] being sent to rateclass $rclass  ----  $octets   ----  [lindex $octets end]" &nbsp;
    rateclass $rclass&nbsp;
}&nbsp;
 &nbsp;
But still this is not a solution since I relay here on the last octet of IP address and I need to do shaping each client/connection separately.&nbsp;
 &nbsp;
Do you guys have any idea how to implement the above?&nbsp;
 &nbsp;
Many Thanks.&nbsp;

michael_yates · Answer

Hi schmal,&nbsp;
&nbsp;
There are several discussions requesting this same type of functionality (I would suggest opening up a case with F5 for a feature request addition to the RateClass ability to give you the option to make it per client or per Virtual Server since having the option would be a nice feature and several people seem to want it).&nbsp;
&nbsp;
One discussion you may find interesting is here: Limit traffic per client ip?.&nbsp;
&nbsp;
Perhaps you could create a RateClass for the subnets that you want to restrict at the maximum amount of bandwith that you want that block of IP Addresses to have and assign it dynamically with a combination of the example on the  RateClass and a Data Group (Class) that contains a list of all of the Subnets that you want restricted.&nbsp;
&nbsp;
If you are wanting to take a more granular approach to police the individual clients that are assigned to this RateClass you could do that using another iRule that you could also incorporate.&nbsp;
&nbsp;
Simple traffic shaping&nbsp;
&nbsp;
Hope this helps.&nbsp;

schmal_111133 · Answer

Hi Michael, 
&nbsp; Thanks for the reply. 
&nbsp; the case is the following, I have thousands of users that browsing through my system, I have a server that receive all the traffic and based on if this user finished his quota my server redirect it to the F5, and based on that I need to shape this user traffic to be 512 Kbps. 
&nbsp;  
&nbsp; the thing here is that I have no idea what is the user subnet (I have thousands of users) and the maximum that I can do is create predefined 254 rate class and based on the last ocetet assign the user to the rate class, bus still this solution not provide me a security that each user that finished the quota  will receive 512 Kbps. 
&nbsp;  
&nbsp; There is any way to configure rate class dynamically and automatically on real time (based on the user IP)? I think for now that this is the only way to accomplish what I need.  
&nbsp;  
&nbsp; Thanks.

Forum Discussion

How I can do shaping based on client IP?

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Enhance your Application Security using Client-side signals

Traffic Shaping and Atlassian Jira

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

Pass client cert based on POST data