ASM limiting throughput and connections/s

You can do that using the DDoS profiles (just learned that myself). You can also do it in an iRule, but I think the DDoS configuration would be more predictable, efficient and supportable.

It's pretty flexible. They went over this at the F5 Agility break out (I saw it at a Users Group), and I think that presentation is available online.

Hi,

Thanks for info. Are you sure you can use it for throughput and/or connections/s per specified source net like 192.168.1.0/24? Can't see options to specify it like that, so for 192.168.1.0/24 limit to 3Mbps and 100 CPS and for 192.168..2.0/24 to 1Mbps and 50 CPS?

Any hint how this presentation could be named to start searching for?

Piotr

I guess I found all 2015 Agility presentations and labs but can't find anything directly related to ASM and per subnet throughput or CPS limits :-(

Piotr

So just took a look and I don't see a way to do that natively. Perhaps it's in v12 (the presentation was using v12, but I don't remember if it was there or not).

One thing I think you could do, however, is create a DDoS profile and apply that profile via an iRule (sort of a combination). I would keep the IPs you wanna rate limit in a Data Group and do a class match in CLIENT_CONNECT to apply the DDoS profile (https://devcentral.f5.com/wiki/iRules.DOSL7__enable.ashx). That way you are using the efficiency of the DDoS profile with the added functionality I think you are looking for to apply it to particular CIDR's.