Bandwidth limiting and reporting per client
I am trying to implement bandwidth limiting and reporting on a per client basis, but am not sure it is working they way I intend. I want to limit each client to 150 Mbps using bandwidth control and then be able to report when a client is actually being rate limited. I created my BWC config with the following config: create net bwc policy BC-BCS-RLPC {max-rate 160gbps max-user-rate 150mbps dynamic enabled} The original script we used was: when RULE_INIT { Bandwidth in bytes/sec set static::maxBandwidth 18750000 set static::logDelay 300 } when CLIENT_ACCEPTED { set hsl [HSL::open -publisher /Common/management-port-pub] set srcip [IP::client_addr] BWC::policy attach BC-BCS-RLPC $srcip HSL::send $hsl "<158> User $srcip attached to BC-BCS-RLPC" } when HTTP_REQUEST { if {[ set logLastTime [table lookup -subtable lastBandwithLog $srcip ]] eq "" } then { set bw [TCP::bandwidth] if { $bw > $static::maxBandwidth } { table add -subtable lastBandwithLog $srcip 1 indef $static::logDelay HSL::send $hsl "<158> User $srcip bandwidth $bw exceeds the BWC limit of $static::maxBandwidth" } } } But this seems to display a strange maximum value of 16776960 (possibly a limit on the TCP::bandwidth reporting) I have rewritten the script as: when RULE_INIT { Bandwidth in bits/sec set static::maxBandwidth 150000000 set static::logDelay 300 } when CLIENT_ACCEPTED { set hsl [HSL::open -publisher /Common/management-port-pub] set srcip [IP::client_addr] BWC::policy attach BC-BCS-RLPC $srcip HSL::send $hsl "<158> User $srcip attached to BC-BCS-RLPC" } when HTTP_REQUEST { if {[ set logLastTime [table lookup -subtable lastBandwithLog $srcip ]] eq "" } then { set totalTime [ expr { [IP::stats age] / 1000 } ] set bpsOut [ expr { ( [IP::stats bytes out] * 8 ) / $totalTime } ] set bpsIn [ expr { ( [IP::stats bytes in] * 8 ) / $totalTime } ] if { $static::maxBandwidth < $bpsIn || $static::maxBandwidth < $bpsOut } { table add -subtable lastBandwithLog $srcip 1 indef $static::logDelay HSL::send $hsl "<158> User $srcip bandwidth $bpsIn/$bpsOut (in/out) exceeds the BWC limit of $static::maxBandwidth" } } } Does the new script do what I intend it to do (attach a client IP to a specific BW policy and report on a sliding 5 minute window when the client exceeds the limit) Are there any performance concerns with the new script Is there a better way to do this?