Forum Discussion

dazor's avatar
Icon for Nimbostratus rankNimbostratus
May 01, 2024

BWC iRule

Hi @all,  

need iRule for bandwidth limitation on client IP addresses, so that the usable bandwidth per client IP is limited to 2 Mbit/s. 


6 Replies

  • This might be what you're looking for.

  • dazor's avatar
    Icon for Nimbostratus rankNimbostratus

    Thanks. I do not want to be managing a IP client addresses using datagroups or what so ever. 
    The BWC iRule must apply to any upcoming client IP address

    • zamroni777's avatar
      Icon for Cumulonimbus rankCumulonimbus

      you can remove the "if ....." from the example irule if you dont need the condition.

  • As long as you don't need the system to treat the client IPs differently, you don't need to keep track of them.

    To use an irule like this on the inner-tunnel, you'll need to create a "layered virtual server" for your VPN users, it must be more specific than the default one that APM sets up, so you'd set the source net IP to be your leasepool, and the VLAN to be the connectivity profile's name (APM treats the VPN traffic as coming in on a pseudo-VLAN). Set this as Fast-L4 -- no SSL or HTTP profiles. And apply the CMP change mentioned in that article.

    Once this virtual is set up, confirm that the stats increment (TMM is selecting it for new flows from your VPN users), and then attach a simplified irule like Paulius mentioned:

    when CLIENT_ACCEPTED { rateclass rateshape_1mb }

    I think you'll see better performance by ratelimiting on the inner-tunnel (the traffic-handler vip) rather than ratelimiting on the outer-tunnel (the vip that outside VPN users auth to).


    Another more complex approach might be this one:

    APM VPN Bandwidth Controller iApp | DevCentral


  • dazor's avatar
    Icon for Nimbostratus rankNimbostratus

    Thanks Lucas_Thompson

    I wish to keep it simple and stupid. I deployed an Exchange Server using the iApp. So a virtual server Exchange2006iapp_combined_https was automaticaly created and has pool members offering services like AS (ActiveSync), ews, mapi and owa. What I need is a BWC policy to to handle the bandwidth when any of the aboved mentionned services is triggered by a client.....


    • Ah ok, sorry I misunderstood the question to be related to VPN throughput. The solution suggested by Paulius is appropriate for a non-VPN resource like an Exchange deployment.