Applies To:Show Versions
- 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Configuring Global Application Policies with Bandwidth Control
Overview: Global Application Policies with Bandwidth Control
- On the Main tab, click.The VLAN List screen opens.
- ClickCreate.The New VLAN screen opens.
- In theNamefield, type a unique name for the VLAN.
- In theTagfield, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.The VLAN tag identifies the traffic from hosts in the associated VLAN.
- For theInterfacessetting:
- From theInterfacelist, select an interface number or trunk name.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- If you specified a numeric value for theCustomer Tagsetting and from theTagginglist you selectedTagged, then from theTag Modelist, select a value.
- Repeat these steps for each interface or trunk that you want to assign to the VLAN.
- From theConfigurationlist, selectAdvanced.
- If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select theSource Checkcheck box.
- In theMTUfield, retain the default number of bytes (1500).
- If you want to base redundant-system failover on VLAN-related events, select theFail-safebox.
- From theCMP Hashlist, select the appropriate value depending on the location of the VLAN in the system:
- On the VLAN coming in to the BIG-IP system (often calledinternal), selectSource Address.
- On VLANs going out (often calledexternal), leave the value set toDefault.
- For traffic returning to the BIG-IP from the Internet, selectDestination Address.
- If using w-steering for value-added services, on the VLAN coming back to the BIG-IP system, selectSource Address.
- ClickFinished.The screen refreshes, and it displays the new VLAN in the list.
Creating a static bandwidth control policy
- On the Main tab, click.
- In theNamefield, type a name for the bandwidth control policy.
- In theMaximum Ratefield, type a number and select the unit of measure to indicate the total throughput allowed for the resource you are managing.The number must be in the range from1 Mbpsto1000 Gbps. This value is the amount of bandwidth available to all the connections going through this static policy.
Creating an enforcement policy
- On the Main tab, click.The Policies screen opens.
- ClickCreate.The New Policy screen opens.
- In theNamefield, type a name for the policy.When creating policies you plan to apply globally or to unknown subscribers, it is a good idea to include the wordglobalorunknownin the policy name to distinguish these from other subscriber policies.
- From the Transactional list, selectEnabledif you want the BIG-IP system to allow policy enforcement on each HTTP transaction.
- ClickFinished.The system performance is significantly affected, depending on complexity of the classification and the type of policy action.The new enforcement policy is added to the policy list.
Creating a rule for bandwidth control
- On the Main tab, click.The Policies screen opens.
- Click the name of the enforcement policy you want to add rules to.The properties screen for the policy opens.
- In the Policy Rules area, clickAdd.The New Rule screen opens.
- In theNamefield, type a name for the rule.
- In thePrecedencefield, type an integer that indicates the precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.All rules in a policy are run concurrently. Precedence takes effect when there are conflicting rules. The conflict occurs when the traffic matches two rules and the policy actions from these rules differ. For example, if you have rule 1 with precedence 10 andGate Statusdisabled for a search engine, and you have rule 2 with precedence 11 andGate Statusenabled, then rule 1 is processed first because it has higher precedence. Rules conflict if they have identical or overlapping classification criteria (for the traffic that matches more than one rule). In some cases, different policy actions are not conflicting, and hence, applied in parallel.
- In theClassificationsetting, filter the application traffic to which you want to apply bandwidth control.
- ForMatch Criteria, selectMatch.
- ForCategory, selectP2P(or other application traffic you want to limit on the network).
- In the Forwarding area, ensure thatGate Statusis set toEnabled.
- In theRate Controlsetting, forBandwidth Controller, select the name of the bandwidth controller that you created to limit P2P (or other application) traffic.
Creating a listener: example
- On the Main tab, click.The Date Plane Listeners screen opens.
- ClickAdd.The New Virtual Group screen opens.
- In theNamefield, type a unique name for the listener.
- For theSourcesetting, type the IP address or network from which the virtual server will accept traffic.
- In theDestination Addressfield, type the IP address of the virtual server. For example,10.0.0.1or10.0.0.0/24.When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.You can use a catch-all virtual server (0.0.0.0) to specify all traffic that is delivered to the BIG-IP system. Configure the source and destination setting, during forwarding mode only. In the relay mode, the client does not have an IP address and the DHCP provides the client with an IP address.The system will create a virtual server using the address or network you specify.
- For theService Portsetting, type or select the service port for the virtual server.
- Subscriber provisioning using RADIUS is enabled by default. If your system is using RADIUS for snooping subscriber identity, you need to specify VLANs and tunnels. If you are not using RADIUS, you need to disable it.
- For theVLANs and Tunnelssetting, move the VLANs and tunnels that you want to monitor for RADIUS traffic from theAvailablelist to theSelectedlist.
- If you do not want to use RADIUS, from theSubscriber Identity Collectionlist, selectDisabled.
- In the Policy Provisioning area, forGlobal Policy, move the enforcement policy you created for bandwidth control toHigh Precedence.The system applies the policy with bandwidth control to all traffic.
- ClickFinished.The Policy Enforcement Manager creates a listener.