Bandwidth limiting and reporting per client

I am trying to implement bandwidth limiting and reporting on a per client basis, but am not sure it is working they way I intend. I want to limit each client to 150 Mbps using bandwidth control and then be able to report when a client is actually being rate limited. I created my BWC config with the following config:

create net bwc policy BC-BCS-RLPC {max-rate 160gbps max-user-rate 150mbps dynamic enabled}

The original script we used was:

when RULE_INIT {
     Bandwidth in bytes/sec
    set static::maxBandwidth 18750000
    set static::logDelay 300
} 
when CLIENT_ACCEPTED {
    set hsl [HSL::open -publisher /Common/management-port-pub]
    set srcip [IP::client_addr]
    BWC::policy attach BC-BCS-RLPC $srcip
    HSL::send $hsl  "<158> User $srcip attached to BC-BCS-RLPC" 
}
when HTTP_REQUEST {
    if {[ set logLastTime [table lookup -subtable lastBandwithLog $srcip ]] eq "" } then {
        set bw [TCP::bandwidth]
        if { $bw > $static::maxBandwidth } { 
            table add -subtable lastBandwithLog $srcip 1 indef $static::logDelay
            HSL::send $hsl  "<158> User $srcip bandwidth $bw exceeds the BWC limit of $static::maxBandwidth" 
        }
    } 
}

But this seems to display a strange maximum value of 16776960 (possibly a limit on the TCP::bandwidth reporting)

I have rewritten the script as:

when RULE_INIT {
     Bandwidth in bits/sec
    set static::maxBandwidth 150000000
    set static::logDelay 300
} 
when CLIENT_ACCEPTED {
    set hsl [HSL::open -publisher /Common/management-port-pub]
    set srcip [IP::client_addr]
    BWC::policy attach BC-BCS-RLPC $srcip
    HSL::send $hsl  "<158> User $srcip attached to BC-BCS-RLPC" 
}
when HTTP_REQUEST {
    if {[ set logLastTime [table lookup -subtable lastBandwithLog $srcip ]] eq "" } then {
        set totalTime [ expr  { [IP::stats age] / 1000 } ]
        set bpsOut [ expr { ( [IP::stats bytes out] * 8 ) / $totalTime } ]
        set bpsIn  [ expr { ( [IP::stats bytes in] * 8 ) / $totalTime } ]
        if { $static::maxBandwidth < $bpsIn || $static::maxBandwidth < $bpsOut } { 
            table add -subtable lastBandwithLog $srcip 1 indef $static::logDelay
            HSL::send $hsl  "<158> User $srcip bandwidth $bpsIn/$bpsOut (in/out) exceeds the BWC limit of $static::maxBandwidth" 
        }
    } 
}

Does the new script do what I intend it to do (attach a client IP to a specific BW policy and report on a sliding 5 minute window when the client exceeds the limit)
Are there any performance concerns with the new script
Is there a better way to do this?

application delivery

iRules

per client bandwidth limiting and reporting

Forum Discussion

Bandwidth limiting and reporting per client

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Re: BigIP Report

VE LTM Frequently Reporting Bandwidth Exceeding 75% of Licensed 1000 Mbps

How much bandwidth are we using?

BigIP Report Old

How Much Bandwidth is Too Much?