Forum Discussion
Marvin
Cirrocumulus
CirrocumulusBandwidth controller on APM PPP interface
We would like to limit the bandwidth utilization for a specific traffic stream from APM Big IP Edge client VPN users connected to the F5 Big IP APM. This traffic is tunneled on the PPP interface and I am wondering if we can someway apply a bandwidth Controller policy to a PPP tunnel (perhaps via Irule) and restrict traffic to a specific IP address (f.e. 1.1.1.1). But I guess this is going to be a difficult one and question if this is feasible.
I was thinking perhaps to create an IP forwarding VS with IP address 1.1.1.1 that "listens" on internal PPP interfaces only and apply the bandwidth controller there. Would the APM tunneled traffic still be matched and handled by this VS?
Any other ideas?
- Nikoolayy1
MVP
Interesting! Haven't done this.
Maybe try layered virtual server to do this as seen in the article below as F5 by default uses internal VS for the VPN:
K03113285: Overview of BIG-IP APM layered virtual
https://my.f5.com/manage/s/article/K03113285
K16833554: BIG-IP APM Network Access listeners
https://my.f5.com/manage/s/article/K16833554
The other option you can try is to see the per request policy that is generated for API rate limit as limiting the client requests.
Edit:
For per-request policy you will need a VS that captures the traffic after the VPN VS and decrypts and has http profile, so this will work only for web traffic but 80% of the traffic probably is web in the VPN, so wildcard SSL cert will do the job. Also maybe enable split tunnel as not all traffic to go to the F5 device.
