Forum Discussion
dazor
Nimbostratus
NimbostratusBWC iRule
Hi @all, need iRule for bandwidth limitation on client IP addresses, so that the usable bandwidth per client IP is limited to 2 Mbit/s. Thanks
Lucas_Thompson
Employee
EmployeeAs long as you don't need the system to treat the client IPs differently, you don't need to keep track of them.
To use an irule like this on the inner-tunnel, you'll need to create a "layered virtual server" for your VPN users, it must be more specific than the default one that APM sets up, so you'd set the source net IP to be your leasepool, and the VLAN to be the connectivity profile's name (APM treats the VPN traffic as coming in on a pseudo-VLAN). Set this as Fast-L4 -- no SSL or HTTP profiles. And apply the CMP change mentioned in that article.
Once this virtual is set up, confirm that the stats increment (TMM is selecting it for new flows from your VPN users), and then attach a simplified irule like Paulius mentioned:
when CLIENT_ACCEPTED { rateclass rateshape_1mb }
I think you'll see better performance by ratelimiting on the inner-tunnel (the traffic-handler vip) rather than ratelimiting on the outer-tunnel (the vip that outside VPN users auth to).
Another more complex approach might be this one:
APM VPN Bandwidth Controller iApp | DevCentral