net bwc policy
net bwc policy(1) BIG-IP TMSH Manual net bwc policy(1)
NAME
policy - Configures a bandwidth control policy for traffic flow.
MODULE
net bwc
SYNTAX
Configure the policy component within the net bwc module using the syntax in the following sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [[string] | none]
description [string]
dynamic [ enabled ]
max-rate [integer]
max-user-rate [integer]
max-user-rate-pps [integer]
ip-tos [ integer | pass-through]
link-qos [integer | pass-through]
measure [ disabled ]
log-publisher [[string] | none]
log-period [integer]
categories [none] {
max-cat-rate [integer]
max-cat-rate-percentage [integer]
ip-tos [ integer | pass-through]
link-qos [integer | pass-through]
traffic-priority-map [string]
}
traffic-priority-map [string]
edit policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list policy
list policy [ [ [name] | [glob] | [regex] ] ... ]
show running-config net policy
show running-config net policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DELETE
delete net policy [all | [name] ]
DESCRIPTION
You can use the net bwc policy to create a bandwidth control policy to handle traffic flow, and then associate it with
other components such as packet filter, iRule and virtual server. For details on packet filter, virtual server, please
refer to the respective documentation.
EXAMPLES
create net bwc policy
Creates a bwc policy (see below).
list net bwc policy all-properties
Displays all of the properties of all of the bwc policies.
delete net bwc policy
Deletes a policy (see below).
Example for static policy:
net bwc policy silver_static_policy {
max-rate 120mbps
}
Example for dynamic policy:
net bwc policy gold-dynamic-policy {
categories {
web {
description "This is a web test category."
max-cat-rate 600kbps
ip-tos 7
link-qos 5
}
}
description "This is a test."
dynamic enabled
max-rate 40gbps
max-user-rate 1gbps
}
Example for dynamic policy with measure enabled:
net bwc policy gold-dynamic-policy {
categories {
web {
description "This is a web test category."
max-cat-rate 600kbps
ip-tos 7
link-qos 5
}
}
description "This is a test."
dynamic enabled
measure enabled
log_publisher /Common/my_log_publisher
log-period 2048
max-rate 40gbps
max-user-rate 1gbps
}
Example for BWC using packet filter:
net bwc policy bwc {
max-rate 1mbps
}
Define packet filter with bwc on it:
net packet-filter pfilter {
action continue
bwc policy bwc
logging enabled
order 2
rule ip
}
Example for BWC association with virtual server:
ltm virtual l2-for-virtual {
destination 0.0.0.0:any
l2-forward
mask any
profiles {
fastL4 { }
}
rules {
bwc_test
}
translate-address disabled
translate-port disabled
vlans {
lan
wan
}
vlans-enabled
}
ltm virtual tcp-passthrough {
destination 0.0.0.0:http
ip-protocol tcp
mask any
profiles {
tcp { }
}
rules {
bwc_test
}
translate-address disabled
vlans-disabled
}
Example for Delete bwc policy:
net bwc policy silver_static_policy
Example for bwc policy traffic map:
net bwc policy bwc-policy-105 {
categories {
cat1 {
max-cat-rate 10mbps
traffic-priority-map tc1->cat1
}
cat2 {
max-cat-rate 10mbps
traffic-priority-map tc1->cat2
}
}
dynamic enabled
max-rate 100mbps
max-user-rate 10mbps
}
Notes: Only static policies are supported for association with packet filter or virtual server components.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
name Specifies a unique name for the policy. This option is required for the commands create, delete, and modify.
description
User defined description.
max-rate
Specifies the maximum bandwidth that traffic is allowed using the policy associated. The range is from 1Mbps to
320Gbps.
Valid units: bps(default), gbps, kbps, mbps.
max-user-rate
Specifies the maximum bandwidth that traffic is allowed using the policy associated. The range is from 5kbps to 2Gbps.
Valid units: bps(default), gbps, kbps, mbps.
max-user-rate-pps
Specifies the limiter in packets per second that traffic is allowed using the associated policy. This does not
allocate any fairshare bandwidth. When configured this acts purely as a simple packet limiter. It is packet size and
protocol agnostic. It can be configured only on a dynamic policy. When configured along with mbps values, whichever
lower limit pps vs mbps is applied. When configured, both need to pass for packets to go through. The default value is
0 (not configured).
traffic-priority-map
Specifies the bwc priority-group to use during congestion. This is optional and to be configured only as needed. A
bwc priority-group can be shared and amongst categories of the same bwc policy but not across bwc policies. When
configured on policy or category, the max-user-rate or max-cat-rate as configured would be additionally applied. Thus
the lower of all values for max. rates would take effect.
max-cat-rate
Specifies the maximum bandwidth that traffic is allowed using this category with associated policy. The range is from
5Kbps to max-user-rate.
Valid units: bps(default), gbps, kbps, mbps.
max-cat-rate-percentage
Specifies the percentage of the value of the max-cat-rate option of the category, which is associated with the net bwc
policy component to which this shaping policy is associated, that is available for this traffic flow. It is the
maximum bandwidth as percentage of that traffic is allowed using this category with associated policy.
The range is from 1 to 100.
dynamic
Specifies the type for policy to be dynamic type. This option is optional for the commands create, delete, and modify.
The default valid is disabled. When dynamic is disabled, the policy type is said to be static, where the maximum rate
is enforced for combined traffic using the policy and no fairness bandwidth guarantee for each of the traffic
respectively. The default value is: disabled. Note: policy type change modification is a disallowed configuration.
By enabling this option, the policy is dynamic type and requires you to configure max-user-rate-range. This type of
policy enforces fairness for all the traffic associated with the policy and also for each traffic within the policy.
ip-tos
Specifies an IP ToS number for the traffic using the net bwc policy. This option specifies the ToS level that the
traffic management system assigns to UDP packets when sending them. The default value is pass-through, which
indicates, do not modify UDP packets. The valid range for IP ToS value that can be specified is 0 to 63.
Note: If this is specified, bandwidth policy is not enforced. The packets are just marked for a downstream system to
process.
link-qos
Specifies a Link QoS (VLAN priority) for the traffic using the net bwc policy. This option specifies the QoS level
that the system assigns to UDP packets when sending. The default value is pass-through, which indicates, do not modify
UDP packets. The valid range for QoS value is 0 to 7.
Note: If this is specified, bandwidth policy is not enforced. The packets are just marked for a downstream system to
process.
measure
Enables or disables bandwidth measurement on all the future instances of bwc policy. Users can override this setting
using iRules. If enabling measurement on all instances is not desired then users can keep this setting disabled and
use iRules to enable measurement on specific instances of bwc policy.
log_publisher
Specifies the name of the log publisher configured in the system. Bandwidth measurement results will be sent to this
log publisher.
log_period
Time interval in milliseconds representing the frequency of generation of bandwidth measurement logs.
categories
This specifies the categories under policy. Note: policy need to be enabled as dynamic to configure categories. Up to
a maximum of 32 categories can be configured. All the categories under the dynamic policy share the bandwidth as
specified for the category, up to a maximum of max-user-rate. Specify the maximum bandwidth for the category of
traffic using max-cat-rate or by max-cat-rate-percentage as a percentage of the maximum user rate. Either only the
range or absolute value is required.
Example to configure a dynamic bandwidth policy category using tmsh:
root@(localhost)(cfg-sync
Standalone)(Active)(/Common)(tmos.net.bwc policy.gold-dynamic-policy)# categories add { web { max-cat-rate 600kbps } }
net bwc policy gold-dynamic-policy {
categories {
web {
max-cat-rate 600kbps
}
}
dynamic enabled
max-rate 40gbps
max-user-rate 1gbps
}
The parameters for dynamic policy and categories:
net bwc policy test-policy {
app-service none
categories {
web {
app-service none
description "This is a web test cat"
max-cat-rate 600kbps
max-cat-rate-percentage 0
ip-tos 6
}
}
description "This is a test"
dynamic enabled
ip-tos pass-through
link-qos pass-through
max-rate 40gbps
max-user-rate 1gbps
measure enabled
log-publisher /Common/my_log_publisher
log-period 2048
partition Common
}
Few Examples using iRule:
Please refer to iRule documentation for complete list of bwc commands. Below are few examples and do not cover all cases.
Example to associate static bwc policy using iRule:
when CLIENT_ACCEPTED {
BWC::policy attach silver_static_policy
}
Example to associate dynamic bwc policy using iRule:
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]
BWC::policy attach gold-dynamic-policy $mycookie
}
Example for bwc policy to mark traffic flows using iRule:
BWC::mark > >
So to assign a policy, color, and mark here is an example rule
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::color set gold_user p2p
BWC::mark set gold_user tos 8 qos 4
}
Example for using bwc policy category to color a flow using iRule:
After a flow has been assigned a policy, at some later time when the traffic is classified the user can assign an
application to this flow. This uses the bwc config to create a bwc policy with the categories keyword: for example, p2p
category below:
tmsh create net bwc policy gold_user categories add { p2p { max-cat-rate 8mbps } } max-rate 10mbps max-user-rate 10mbps
dynamic enabled
The rule args
BWC::color
So to assign a policy and color here is an example rule
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::color set gold_user p2p
}
Example for bwc policy rate change using iRule:
After a policy is created, irule can modify the rate for a session or category
The rule args
BWC::rate
BWC::rate
So to modify the rate
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::color set gold_user p2p
BWC::mark set gold_user tos 8 qos 4
BWC::rate $mycookie p2p 1000000bps
}
Example for bwc policy to measure the bandwidth using iRule:
BWC::measure << | | >
[session_str]>
To start the bandwidth measurement for BWC policy
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::measure start session
}
The above iRule will start the measurement of bandwidth on the gold_user policy instance. The results will be published to
the destination specified in the log_publisher setting for the gold_user bwc policy. The measurement results will be logged
every 'log_period' amount of time, which is also specified in the policy settings for gold_user.
Note: Attaching a BWC policy is a pre-requisite for all 'BWC::measure.' iRules. Failing to do so will result in the iRule
execution failure which in turn will abort the connection.
To start the bandwidth measurement for a flow inside a BWC policy and tag the results.
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::measure identifier MYFLOW flow
BWC::measure start flow
}
The above iRule will start the measurement of bandwidth on the current flow or the flow over which the current iRule is
running. The results will be published to the destination specified in the log_publisher setting for the gold_user bwc
policy. The measurement results will be logged every 'log_period' amount of time, which is also specified in the policy
settings for gold_user. Every log message containing the bandwidth result will carry the tag 'MYFLOW'. This helps identify
different types of bandwidth results when analyzing the bandwidth measurement results.
To start the bandwidth measurement for a BWC session and get the periodic results.
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
set measureID "MYSESSION"
BWC::policy attach gold_user $mycookie
BWC::measure identifier $measureID session
BWC::measure start session
}
when SERVER_CONNECTED {
TCP::collect
set count 0
}
when SERVER_DATA {
if {$count >= 1000 } {
set rate [BWC::measure get rate session]
set bytes [BWC::measure get bytes session]
log local0. "Rate $rate/sec : Bytes $bytes : for address $mycookie"
set count 0
}
TCP::release
TCP::collect
incr count
}
The above example creates an instance of BWC policy gold_user and enables measurement on it upon the iRule event
CLIENT_ACCEPTED. It also starts collecting so that it keeps getting notified upon the data arrival. For every 1000 packets
a measurement of bandwidth is logged. This is an example that illustrates how to measure bandwidth periodically using
iRules. Note that the bandwidth measurement results are still sent to configured log_publisher at every log_period
interval.
An example log message that is sent to a log publisher.
Apr 2 16:29:04 MYSESSION BWC Measurement: Moving average - 539277 bytes/sec. Total bytes - 7305051
Example for bwc policy using pps:
BWC::pps
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::pps 100
}
SEE ALSO
create, delete, edit, glob, list, modify, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2016. All rights reserved.
BIG-IP 2017-05-18 net bwc policy(1)