Forum Discussion
madeye_80512
Nimbostratus
NimbostratusLimit traffic per client ip?
Hi,
I'm searching for a way to limit the bandwidth per user.
I found that rateclass gives me an "over all" limit on a VS, but still a single client can grab all bandwidth and let other users starve.
So it would be interesting to limit the rate that a client IP would get, unfortunately I don't see a way...
We're delivering pretty small files and a rate of 100k/s would be more than plenty for a user. And this would allow several thousand users before our pipe is filled.
Yes, I know that there are larg(ish) proxys out there and that this wouodn't be fair for their users. But this isn't a rosegarden...
Any hints on how to archieve this?
Besz regards
hooleylistCirrostratus
Here is some related info (stolen from AdamA):
There is a very common misconception that assigning a rate class in an iRule places that connection in a pool with other connections that are assigned the same rate class. In fact when a rate class is assigned within an iRule it is enforced per-connection (just like if we assigned a snat pool, or a node, etc.).
So this means that you cannot really do a ‘per user’ rate class, but you can do a per connection rate class with only one rate class definition. You could use table commands to keep track of how many concurrent connections you have from a single user and assign multiple rate classes. You could possibly reassign the high throughput rate class to the next connection once the first connection closes (ie 1mbps for first connection, 10kbps each additional).
Aaron
madeye_80512Hi,
I tried to assign the rate class with a simple irule:when CLIENT_ACCEPTED { log local0. "[IP::client_addr] being handled by rateclass class1" rateclass class1 }
class1 limits at 80kbps
The irule hits: 1 download is limited to 10kByte/s and I get an according log entry.
the 2nd download is a new connection (I get a new log entry!) and both downloads settle at each 5kByte/s.
the 3rd download result in each getting 3.3kByte/s.
This is exactly the same as if I'd assigned the rateclass directly to the VS without an irule.
Unfortunately this is not what I'd have hoped for (each connection being traffic shaped "individually" to 10kByte/s).
So what did I wrong?
Best regards
madeye
otihck_106939l- otihck_106939Hi:
It was possible to achieve this?. I'm trying to do the same and in my test the behavior for the rateclass is the same, the first connection get the whole traffic for the class, then the traffic is divided with the next connection and so on, I want to assign it in a dynamic way, based on the ip address or connection fixed traffic for each connection. - madeye_80512Hi Omar,
like I wrote, I wasn't able to get it working as intended.
I had some discussion with a F5 presales person afterwards who told me that it would work if you'd dynamically create a rate class per connection and tear it down afterwards.
Unfortunately he wasn't able to enlighten me about the impact on the loadbalancer (how computationally intensive this would be in real world) and I didn't have the time to do a full test in the lab.
Sorry
Madeye - Luis_55784Hi Madeye,
Do you or anybody in this forum knows what are the command (and sintax) to use inside of an Irule to implement what you mentioned? i.e dinamically create a rate class per conection and tear it down when conection closses. I'm interested in going this route and I plan to do load testing to asses the impact.
Thanks a lot in advance.
Regards
Luis