Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Bandwidth controller on APM PPP interface


We would like to limit the bandwidth utilization for a specific traffic stream from APM Big IP Edge client VPN users connected to the F5 Big IP APM. This traffic is tunneled on the PPP interface and I am wondering if we can someway apply a bandwidth Controller policy to a PPP tunnel (perhaps via Irule) and restrict traffic to a specific IP address (f.e. But I guess this is going to be a difficult one and question if this is feasible.

I was thinking perhaps to create an IP forwarding VS with IP address that "listens" on internal PPP interfaces only and apply the bandwidth controller there. Would the APM tunneled traffic still be matched and handled by this VS?

Any other ideas?


Interesting! Haven't done this.


Maybe try layered virtual server to do this as seen in the article below as F5 by default uses internal VS for the VPN:

K03113285: Overview of BIG-IP APM layered virtual

K16833554: BIG-IP APM Network Access listeners


The other option you can try is to see the per request policy that is generated for API rate limit as limiting the client requests.




For per-request policy you will need a VS that captures the traffic after the VPN VS and decrypts and has http profile, so this will work only for web traffic but 80% of the traffic probably is web in the VPN, so wildcard SSL cert will do the job. Also maybe enable split tunnel as not all traffic to go to the F5 device.