Per-session TCP rate limit

I have a customer that would like to deploy a TCP application and their requirements are to allow only 4 connections per IP (not hard to do in an iRule) and to only allow 1 Mbps per connection.

 

 

Rateclass seems the obvious way to go, based on examples on devcentral and the forums; the complication being picking a rateclass that doesn't (hugely) impact other sessions.

 

 

The first two solutions that sprang to mind were:

 

 

- Create several hundred rate classes named foo1 - foo200; use a global variable to keep track of which ones are in use; select the lowest numbered one that's not in use inside "when CLIENT_ACCEPTED". Obviously this will have a ton of crud filling up my config.

 

 

- Dynamically create, assign, then delete a rate class named with some sort of hash, foo-temp-192.168.47.184-zJ7f. I'm wary about the scalability of this if the number of connections were to suddenly jump. Plus, I haven't even looked at iControl yet, which seems necessary for this.

 

 

Obviously neither seems very great. The next way that I considered it, albeit a bit of a kludge, would be to "fake" the requirements by allocating, say, 4 Mbps per /8 covering 1.0.0.0 to about 220.0.0.0. The obvious drawback of this would be having 220 rate classes sitting around, plus the fact that users won't be evenly distributed across the whole IP space.

 

 

Hopefully I'm missing something simple.