Forum Discussion

littlebunny's avatar
littlebunny
Icon for Nimbostratus rankNimbostratus
Mar 02, 2019

iRule for bandwidth throttling per client IP

Hello

 

We would like to create an iRule that limits the bandwidth from each client IP address to a specific Virtual Server to 10mbps. I've seen some other similar articles but I'm not familiar with iRules so don't really understand whether they are doing exactly what we need. Any help writing the iRule would be greatly appreciated.

 

Thanks LB

 

2 Replies

  • Are you sure you'll need an iRule? If the same bandwidth limits apply to all clients going to a specific Virtual Server, you could configure one rate class profile and add this to the virtual server.

    If you want to define groups and multiple rate class profiles, you could use this iRule below (found here: https://devcentral.f5.com/questions/iRules-for-rate-shaping).

     Paying users get the bandwidth
     User's IPs defined in the iRules/DataGroups
    
    when CLIENT_ACCEPTED {
        if { [[IP::client_addr] eq matchclass gold_users] } {
            rateclass rateshape_10mb
        }
        elseif { [[IP::client_addr] eq matchclass silver_users] } {
            rateclass rateshape_512k
        }
        elseif { [[IP::client_addr] eq matchclass lump_o_coal_users] } {
            rateclass rateshape_128k
        }
        else {
            discard
        }
    } 
    
  • Potentially have a solution but we haven't tested yet. Planning on creating a dynamic bandwidth controller, setting the max mbps per user to 10mbps, then using the following iRule to assign cookies to source IPs and trigger the bandwidth controller:

     

    when CLIENT_ACCEPTED { set mycookie [IP::remote_addr] BWC::policy attach dynamic_bwc_policy400 $mycookie }

     

    In order for this to work properly, we also have to force a particular source IP to always go through the same underlying traffic pipe (TMM process) by modifying an Advanced setting on the VLAN where the new virtual server resides. We’ll need to change the CMP Hash method from “Default” to “Source Address”, which is a global change affecting all traffic.

     

    This link is useful: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-12-0-0/8.html

     

    Thanks LB