BWC iRule

Employee

May 01, 2024

As long as you don't need the system to treat the client IPs differently, you don't need to keep track of them.

To use an irule like this on the inner-tunnel, you'll need to create a "layered virtual server" for your VPN users, it must be more specific than the default one that APM sets up, so you'd set the source net IP to be your leasepool, and the VLAN to be the connectivity profile's name (APM treats the VPN traffic as coming in on a pseudo-VLAN). Set this as Fast-L4 -- no SSL or HTTP profiles. And apply the CMP change mentioned in that article.

Once this virtual is set up, confirm that the stats increment (TMM is selecting it for new flows from your VPN users), and then attach a simplified irule like Paulius mentioned:

when CLIENT_ACCEPTED { rateclass rateshape_1mb }

I think you'll see better performance by ratelimiting on the inner-tunnel (the traffic-handler vip) rather than ratelimiting on the outer-tunnel (the vip that outside VPN users auth to).

Another more complex approach might be this one:

APM VPN Bandwidth Controller iApp | DevCentral

Forum Discussion

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

iRULE regsub error

owa iapp assign irule

Irule Trigger two times

iRule assistance for subfolder redirect

Weird iRules issue