Manual Chapter :
Managing Traffic with Bandwidth Controllers
Applies To:
Show VersionsBIG-IP LTM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1
BIG-IP PEM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Managing Traffic with Bandwidth Controllers
Overview: Bandwidth control management
Fine-grained bandwidth control is essential to service providers, large enterprises, and remote
access services (RAS) solutions. Bandwidth controllers on the BIG-IP system
can scale easily, work well in a distributed environment, and are easy to configure for various
networks. Depending on the type of policy you configure, you can use bandwidth controllers to
apply specified rate enforcement to traffic flows or mark traffic that exceeds limits.
Bandwidth control policies can be static or dynamic. Through the user interface (browser or
tmsh
command-line utility), when you apply a bandwidth control policy to a
virtual server, packet filter, or route domain, you can apply only one policy at a time, and that
is a static policy. Using iRules, you can combine static and dynamic
bandwidth control policies up to eight policies on a connection, but only one of the eight
policies can be a dynamic policy. A packet is transmitted only when all the attached policies
allow it. The system as a whole supports a maximum of 1024 policies.Applying a bandwidth controller policy to a route domain affects all
traffic transmitted by the BIG-IP system to VLANs in the route domain, including health monitors
and DNS queries.
Only static bandwidth control policies support SNMP queries.
Bandwidth controllers vs. rate shaping
Bandwidth controller is the updated version of rate shaping on the BIG-IP
system. These features are mutually exclusive. You can configure and use either rate shaping or
bandwidth controllers, but not both. Bandwidth controllers include distributed control,
subscriber fairness, and support for a maximum rate of 320 Gbps. Rate shaping is hierarchical and
supports minimum bandwidth (committed information rate), priority, and flow fairness.
About static bandwidth control policies
A
static
bandwidth control policy controls the aggregate rate for a group of
applications or a network path. It enforces the total amount of bandwidth that can be used,
specified as the maximum rate of the resource you are managing. The rate can be the total
bandwidth of the BIG-IP device, or it might be a group of traffic flows.Task summary for creating a static bandwidth control policy
This procedure includes the steps for assigning a static bandwidth control policy to traffic,
using a virtual server. Alternatively, you can assign a static bandwidth control policy to a
packet filter or a route domain.
Creating a static bandwidth control policy
You can create a static bandwidth control policy to limit the bandwidth that
traffic uses on the BIG-IP system.
- On the Main tab, click.
- ClickCreate.
- In theNamefield, type a name for the bandwidth control policy.
- In theMaximum Ratefield, type a number and select the unit of measure to indicate the total throughput allowed for the resource you are managing.The number must be in the range from1 Mbpsto1000 Gbps. This value is the amount of bandwidth available to all the connections going through this static policy.
- ClickFinished.
For the bandwidth control policy to take effect, you must apply the policy to
traffic, using a virtual server, packet filter, or route domain.
Adding a static
bandwidth control policy to a virtual server
Adding a static bandwidth control policy to a
virtual server is one way to apply the policy to traffic. Alternatively, you can add the
bandwidth control policy to a packet filter or a route domain.
- On the Main tab, click.The Virtual Server List screen opens.
- Click the name of the virtual server you want to modify.
- From theConfigurationlist, selectAdvanced.
- From theBandwidth Controllerlist, select a bandwidth control policy.Only static bandwidth control policies are available in this list.
- ClickUpdateto save the changes.
The BIG-IP system now applies rate enforcement to the traffic intercepted by this
virtual server, according to the static bandwidth policy you selected. A static
bandwidth policy associated with a virtual server applies only to client-initiated
flows, and not to bandwidth for traffic flowing toward the client.
About dynamic
bandwidth control policies
You can create dynamic bandwidth control policies to restrict bandwidth
usage per subscriber or group of subscribers, per application, per network egress link, or any
combination of these. A
dynamic
bandwidth control policy
provides fairness on traffic flows, according to configurable parameters, within an upper
bandwidth limit. The BIG-IP system activates the
dynamic bandwidth control policy for each user only when the user participates. When you create a
dynamic bandwidth control policy, it acts as a policy in waiting, until the system detects egress
traffic that matches the traffic you want to control and creates an instance of the policy. At
that moment, the system applies the bandwidth control policy limits, as specified. No bandwidth
control occurs until the system detects traffic and creates an instance of the policy. With this
feature, an Internet service provider (ISP) can create and revise a single policy that can apply
to millions of users.The BIG-IP system can enforce multiple levels of bandwidth limits through
the dynamic policy. For example, a user could be limited by the maximum rate, a per user rate,
and a per category rate (such as for an application), all from the same dynamic policy. When the
total of the maximum user rate for all the instances exceeds the maximum rate specified in the
dynamic policy, the BIG-IP system maintains fairness among all users and spreads the limitation
equally among users belonging to a dynamic policy. In addition, you can specify per instance the
maximum number of packets per second, which functions as a DoS (Denial of Service) limiter
without fair share allocation.
You can also configure a dynamic bandwidth control policy to mark packets
that exceed the maximum per-user rate for a specified session. The WAN router typically handles
the marked packets. When marking is enabled, enforcement is implicitly disabled. You configure
marking by using the
IP Marking
(TOS/DSCP)
or L2 Marking
(802.1p)
setting. For example, a common use of QoS marking is for Voice over IP
(VoIP) traffic. VoIP is usually assigned to the Expedited Forwarding (EF) class by using the DSCP
value of 46, thus prioritized according to importance and sensitivity to loss/latency. You can
mark packets per policy or per category (within a policy). Category marking supersedes policy
marking.The bandwidth controller is only an enforcer. For a dynamic bandwidth
control policy, you also can use a virtual server (through iRules), Policy Enforcement Manager, or Access Policy Manager to identify users and apply dynamic
bandwidth control policies to traffic.
About the Maximum User Rate PPS setting
When you specify the value for the
Maximum User Rate PPS
setting for a
dynamic bandwidth control policy, you are specifying the packets per second. Unlike the
Maximum Rate Per User
, this setting is not applied across a BIG-IP system. This value depends on the packet sizes (MTU) configured in your
network, and you need to tune the value accordingly. Although you can specify a lower value, the
lowest recommended value is 256 KBPS. For a maximum user rate lower than 256 KPBS, the packet
sizes in the network would need to be smaller than 1514 bytes. The issue is that for large packet
sizes and a low maximum user rate, not enough bytes would be recharged for the bucket, and most
packets would be dropped. If you are configuring categories, keep in mind that the maximum user
rate is shared among the categories associated with a policy.Task summary for creating a dynamic bandwidth control policy
Before you create a dynamic bandwidth control policy, F5 recommends that you select the
Source Address
for the CMP Hash
setting on the
VLAN properties screen for the VLAN that carries the traffic you want to manage. The BIG-IP® system uses source and destination hashes to control the way incoming
traffic is distributed among the instances of the Traffic Management Microkernel (TMM) service.
Subscriber-based bandwidth control depends on having a unique one-to-one relationship between
bandwidth control policy and subscriber. Subscribers are commonly identified using a unique IP
address, and, therefore, load distribution among the instances of TMM service must use the source
IP address as the key.This screen snippet highlights the proper setting.
This procedure describes the steps for attaching a dynamic bandwidth control policy to a traffic
flow, and then applying the policy to traffic, using a virtual server. For information about
using Policy Enforcement Manager™ to implement the policy, refer to the F5
documentation for Policy Enforcement Manager.
Creating a dynamic bandwidth control policy
You can create a dynamic bandwidth control policy to shape the traffic to which you
apply the policy. You can configure the policy to mark packets per policy or per
category. You can also specify the maximum number of packets per second per instance.
Adding categories to a bandwidth control policy is a separate task, which you perform
after you have created and saved the policy.
- On the Main tab, click.
- ClickCreate.
- In theNamefield, type a name for the bandwidth control policy.
- In theMaximum Ratefield, type a number and select the unit of measure to indicate the total throughput allowed for all the instances created for this dynamic policy.The number must be in the range from1 Mbpsto1000 Gbps.
- From theDynamiclist, selectEnabled.The screen displays additional settings.
- In theMaximum Rate Per Userfield, type a number and select the unit of measure to indicate the most bandwidth that each user or session associated with the bandwidth control policy can use.The number must be in the range from1 Mbpsto2 Gbps.
- In theMaximum User Rate PPSfield, type a number and select the unit of measure to specify the limit in packets per second that traffic is allowed per instance.This is an optional setting, which functions as a DoS (Denial of Service) limiter without fair share allocation. You must also specify theMaximum Rate Per User. The system applies whichever value is lower to the traffic flow rate. When both values are specified, both must pass for packets to go through.
- Enable theMeasuresetting, if you want to measure bandwidth on all future instances of this bandwidth control policy.The system measures bandwidth with the frequency you specify in theLog Periodsetting, and sends it to the log publisher you specify using theLog Publishersetting.
- From theIP Marking (TOS/DSCP)list, selectSpecifyand type a number between0and63to assign a Type of Service (ToS) level to packets that exceed the maximum per-user rate.If you do not want to set a ToS level, maintain the default setting,Pass Through.
- From theL2 Marking (802.1p)list, selectSpecifyand type a number between0and7to assign a Quality of Service (QoS) level to packets that exceed the maximum per-user rate.If you do not want to set a QoS level, maintain the default setting,Pass Through.
- ClickFinished.
For the dynamic bandwidth control policy to take effect, you must attach the policy
to a traffic flow, and then apply the policy to traffic, using a virtual server (through
iRules), Policy Enforcement Manager, or
Access Policy Manager.
Adding categories
to a dynamic bandwidth control policy
Before you can add categories, you must create a bandwidth control policy.
After you create a bandwidth control policy, you
can add up to 32 categories of traffic for the policy to control. All the categories
share the bandwidth specified for the bandwidth control policy, in accordance with the
rate specified for each category.
- On the Main tab, click.
- Click the name of the bandwidth control policy to which you want to add categories.
- In the Categories area, clickAdd.
- In theCategory Namefield, type a descriptive name for the category.
- In theMax Category Ratefield, type a value to indicate the most bandwidth that this category of traffic can use, and select the unit of measure from the list, or select%and type a percentage from1to100.If you specify a rate, the number must be in the range from500 Kbpsto the rate specified for theMaximum Rate Per Usersetting. A percentage indicates that this category can use up to the specified percentage of the maximum per-user rate. These values are upper limits (not minimum or guaranteed), so the sum can exceed the value you specified for theMaximum Rate Per Usersetting.
- From theIP Marking (TOS/DSCP)list, selectSpecifyand type a number between0and63to assign a Type of Service (ToS) level to packets that exceed theMax Category Rate.If you do not want to set a ToS level, maintain the default setting,Pass Through.
- From theL2 Marking (802.1p)list, selectSpecifyand type a number between0and7to assign a Quality of Service (QoS) level to packets that exceed theMax Category Rate.If you do not want to set a QoS level, maintain the default setting,Pass Through.
- ClickFinished.
Creating an iRule for a dynamic bandwidth control policy
To implement a dynamic bandwidth control policy, you can use iRules to attach the policy to a user.
For complete and
detailed information iRules syntax, see the F5 Networks DevCentral web site
(
http://devcentral.f5.com
).- On the Main tab, click.The iRule List screen opens, displaying any existing iRules.
- ClickCreate.The New iRule screen opens.
- In theNamefield, type a unique name for the iRule.The full path name of the iRule cannot exceed 255 characters.
- In theDefinitionfield, type the syntax for the iRule using Tool Command Language (Tcl) syntax.For example, to apply the dynamic bandwidth policydynamic_bwc_policy200to a user session, type the following iRule, whereset mycookiedefines a user session. Asessionis a combination of client IP address and port.when CLIENT_ACCEPTED { set mycookie [IP::remote_addr]:[TCP::remote_port] BWC::policy attach dynamic_bwc_policy200 $mycookie }
- ClickFinished.The new iRule appears in the list of iRules on the system.
You have now identified the user for a dynamic bandwidth control policy.
You must then apply the iRule to the virtual server that intercepts the traffic you
want to manage.
Adding a dynamic bandwidth control policy to a virtual
server
After you create a dynamic bandwidth control
policy and attach it to a flow or flows using iRules, you must apply the policy to
traffic by adding the iRule to a virtual server.
- On the Main tab, click.The Virtual Server List screen opens.
- Click the name of the virtual server you want to modify.
- On the menu bar, clickResources.
- In the iRules area, clickManage.
- From theAvailablelist, select the name of the iRule that you want to assign, and using the Move button, move the name to theEnabledlist.
- ClickFinished.
The BIG-IP system now manages bandwidth for the traffic intercepted by this virtual
server, according to the dynamic bandwidth policy specified in the assigned
iRule.