net bwc policy
net bwc policy(1) BIG-IP TMSH Manual net bwc policy(1)
NAME
policy - Configures a bandwidth control policy for traffic flow.
MODULE
net bwc
SYNTAX
Configure the policy component within the net bwc module using the
syntax in the following sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [[string] | none]
description [string]
dynamic [ enabled ]
max-rate [integer]
max-user-rate [integer]
max-user-rate-pps [integer]
ip-tos [ integer | pass-through]
link-qos [integer | pass-through]
measure [ disabled ]
log-publisher [[string] | none]
log-period [integer]
categories [none] {
max-cat-rate [integer]
max-cat-rate-percentage [integer]
ip-tos [ integer | pass-through]
link-qos [integer | pass-through]
traffic-priority-map [string]
}
traffic-priority-map [string]
edit policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list policy
list policy [ [ [name] | [glob] | [regex] ] ... ]
show running-config net policy
show running-config net policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DELETE
delete net policy [all | [name] ]
DESCRIPTION
You can use the net bwc policy to create a bandwidth control policy to
handle traffic flow, and then associate it with other components such
as packet filter, iRule and virtual server. For details on packet
filter, virtual server, please refer to the respective documentation.
EXAMPLES
create net bwc policy
Creates a bwc policy (see below).
list net bwc policy all-properties
Displays all of the properties of all of the bwc policies.
delete net bwc policy
Deletes a policy (see below).
Example for static policy:
net bwc policy silver_static_policy {
max-rate 120mbps
}
Example for dynamic policy:
net bwc policy gold-dynamic-policy {
categories {
web {
description "This is a web test category."
max-cat-rate 600kbps
ip-tos 7
link-qos 5
}
}
description "This is a test."
dynamic enabled
max-rate 40gbps
max-user-rate 1gbps
}
Example for dynamic policy with measure enabled:
net bwc policy gold-dynamic-policy {
categories {
web {
description "This is a web test category."
max-cat-rate 600kbps
ip-tos 7
link-qos 5
}
}
description "This is a test."
dynamic enabled
measure enabled
log_publisher /Common/my_log_publisher
log-period 2048
max-rate 40gbps
max-user-rate 1gbps
}
Example for BWC using packet filter:
net bwc policy bwc {
max-rate 1mbps
}
Define packet filter with bwc on it:
net packet-filter pfilter {
action continue
bwc policy bwc
logging enabled
order 2
rule ip
}
Example for BWC association with virtual server:
ltm virtual l2-for-virtual {
destination 0.0.0.0:any
l2-forward
mask any
profiles {
fastL4 { }
}
rules {
bwc_test
}
translate-address disabled
translate-port disabled
vlans {
lan
wan
}
vlans-enabled
}
ltm virtual tcp-passthrough {
destination 0.0.0.0:http
ip-protocol tcp
mask any
profiles {
tcp { }
}
rules {
bwc_test
}
translate-address disabled
vlans-disabled
}
Example for Delete bwc policy:
net bwc policy silver_static_policy
Example for bwc policy traffic map:
net bwc policy bwc-policy-105 {
categories {
cat1 {
max-cat-rate 10mbps
traffic-priority-map tc1->cat1
}
cat2 {
max-cat-rate 10mbps
traffic-priority-map tc1->cat2
}
}
dynamic enabled
max-rate 100mbps
max-user-rate 10mbps
}
Notes: Only static policies are supported for association with packet
filter or virtual server components.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
name Specifies a unique name for the policy. This option is required
for the commands create, delete, and modify.
description
User defined description.
max-rate
Specifies the maximum bandwidth that traffic is allowed using the
policy associated. The range is from 1Mbps to 320Gbps.
Valid units: bps(default), gbps, kbps, mbps.
max-user-rate
Specifies the maximum bandwidth that traffic is allowed using the
policy associated. The range is from 5kbps to 2Gbps.
Valid units: bps(default), gbps, kbps, mbps.
max-user-rate-pps
Specifies the limiter in packets per second that traffic is
allowed using the associated policy. This does not allocate any
fairshare bandwidth. When configured this acts purely as a simple
packet limiter. It is packet size and protocol agnostic. It can be
configured only on a dynamic policy. When configured along with
mbps values, whichever lower limit pps vs mbps is applied. When
configured, both need to pass for packets to go through. The
default value is 0 (not configured).
traffic-priority-map
Specifies the bwc priority-group to use during congestion. This is
optional and to be configured only as needed. A bwc priority-
group can be shared and amongst categories of the same bwc policy
but not across bwc policies. When configured on policy or
category, the max-user-rate or max-cat-rate as configured would be
additionally applied. Thus the lower of all values for max. rates
would take effect.
max-cat-rate
Specifies the maximum bandwidth that traffic is allowed using this
category with associated policy. The range is from 5Kbps to max-
user-rate.
Valid units: bps(default), gbps, kbps, mbps.
max-cat-rate-percentage
Specifies the percentage of the value of the max-cat-rate option
of the category, which is associated with the net bwc policy
component to which this shaping policy is associated, that is
available for this traffic flow. It is the maximum bandwidth as
percentage of that traffic is allowed using this
category with associated policy. The range is from 1 to 100.
dynamic
Specifies the type for policy to be dynamic type. This option is
optional for the commands create, delete, and modify. The default
valid is disabled. When dynamic is disabled, the policy type is
said to be static, where the maximum rate is enforced for combined
traffic using the policy and no fairness bandwidth guarantee for
each of the traffic respectively. The default value is: disabled.
Note: policy type change modification is a disallowed
configuration.
By enabling this option, the policy is dynamic type and requires
you to configure max-user-rate-range. This type of policy enforces
fairness for all the traffic associated with the policy and also
for each traffic within the policy.
ip-tos
Specifies an IP ToS number for the traffic using the net bwc
policy. This option specifies the ToS level that the traffic
management system assigns to UDP packets when sending them. The
default value is pass-through, which indicates, do not modify UDP
packets. The valid range for IP ToS value that can be specified is
0 to 63.
Note: If this is specified, bandwidth policy is not enforced. The
packets are just marked for a downstream system to process.
link-qos
Specifies a Link QoS (VLAN priority) for the traffic using the net
bwc policy. This option specifies the QoS level that the system
assigns to UDP packets when sending. The default value is pass-
through, which indicates, do not modify UDP packets. The valid
range for QoS value is 0 to 7.
Note: If this is specified, bandwidth policy is not enforced. The
packets are just marked for a downstream system to process.
measure
Enables or disables bandwidth measurement on all the future
instances of bwc policy. Users can override this setting using
iRules. If enabling measurement on all instances is not desired
then users can keep this setting disabled and use iRules to enable
measurement on specific instances of bwc policy.
log_publisher
Specifies the name of the log publisher configured in the system.
Bandwidth measurement results will be sent to this log publisher.
log_period
Time interval in milliseconds representing the frequency of
generation of bandwidth measurement logs.
categories
This specifies the categories under policy. Note: policy need to
be enabled as dynamic to configure categories. Up to a maximum of
32 categories can be configured. All the categories under the
dynamic policy share the bandwidth as specified for the category,
up to a maximum of max-user-rate. Specify the maximum bandwidth
for the category of traffic using max-cat-rate or by max-cat-rate-
percentage as a percentage of the maximum user rate. Either only
the range or absolute value is required.
Example to configure a dynamic bandwidth policy category using
tmsh:
root@(localhost)(cfg-sync
Standalone)(Active)(/Common)(tmos.net.bwc policy.gold-dynamic-policy)# categories add { web { max-cat-rate 600kbps } }
net bwc policy gold-dynamic-policy {
categories {
web {
max-cat-rate 600kbps
}
}
dynamic enabled
max-rate 40gbps
max-user-rate 1gbps
}
The parameters for dynamic policy and categories:
net bwc policy test-policy {
app-service none
categories {
web {
app-service none
description "This is a web test cat"
max-cat-rate 600kbps
max-cat-rate-percentage 0
ip-tos 6
}
}
description "This is a test"
dynamic enabled
ip-tos pass-through
link-qos pass-through
max-rate 40gbps
max-user-rate 1gbps
measure enabled
log-publisher /Common/my_log_publisher
log-period 2048
partition Common
}
Few Examples using iRule:
Please refer to iRule documentation for complete list of bwc commands.
Below are few examples and do not cover all cases.
Example to associate static bwc policy using iRule:
when CLIENT_ACCEPTED {
BWC::policy attach silver_static_policy
}
Example to associate dynamic bwc policy using iRule:
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]
BWC::policy attach gold-dynamic-policy $mycookie
}
Example for bwc policy to mark traffic flows using iRule:
BWC::mark > >
So to assign a policy, color, and mark here is an example rule
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::color set gold_user p2p
BWC::mark set gold_user tos 8 qos 4
}
Example for using bwc policy category to color a flow using iRule:
After a flow has been assigned a policy, at some later time when the
traffic is classified the user can assign an application to this flow.
This uses the bwc config to create a bwc policy with the categories
keyword: for example, p2p category below:
tmsh create net bwc policy gold_user categories add { p2p { max-cat-
rate 8mbps } } max-rate 10mbps max-user-rate 10mbps dynamic enabled
The rule args
BWC::color
So to assign a policy and color here is an example rule
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::color set gold_user p2p
}
Example for bwc policy rate change using iRule:
After a policy is created, irule can modify the rate for a session or
category
The rule args
BWC::rate
BWC::rate
So to modify the rate
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::color set gold_user p2p
BWC::mark set gold_user tos 8 qos 4
BWC::rate $mycookie p2p 1000000bps
}
Example for bwc policy to measure the bandwidth using iRule:
BWC::measure << | | >
[session_str]>
To start the bandwidth measurement for BWC policy
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::measure start session
}
The above iRule will start the measurement of bandwidth on the
gold_user policy instance. The results will be published to the
destination specified in the log_publisher setting for the gold_user
bwc policy. The measurement results will be logged every 'log_period'
amount of time, which is also specified in the policy settings for
gold_user.
Note: Attaching a BWC policy is a pre-requisite for all 'BWC::measure.'
iRules. Failing to do so will result in the iRule execution failure
which in turn will abort the connection.
To start the bandwidth measurement for a flow inside a BWC policy and
tag the results.
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::measure identifier MYFLOW flow
BWC::measure start flow
}
The above iRule will start the measurement of bandwidth on the current
flow or the flow over which the current iRule is running. The results
will be published to the destination specified in the log_publisher
setting for the gold_user bwc policy. The measurement results will be
logged every 'log_period' amount of time, which is also specified in
the policy settings for gold_user. Every log message containing the
bandwidth result will carry the tag 'MYFLOW'. This helps identify
different types of bandwidth results when analyzing the bandwidth
measurement results.
To start the bandwidth measurement for a BWC session and get the
periodic results.
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
set measureID "MYSESSION"
BWC::policy attach gold_user $mycookie
BWC::measure identifier $measureID session
BWC::measure start session
}
when SERVER_CONNECTED {
TCP::collect
set count 0
}
when SERVER_DATA {
if {$count >= 1000 } {
set rate [BWC::measure get rate session]
set bytes [BWC::measure get bytes session]
log local0. "Rate $rate/sec : Bytes $bytes : for address $mycookie"
set count 0
}
TCP::release
TCP::collect
incr count
}
The above example creates an instance of BWC policy gold_user and
enables measurement on it upon the iRule event CLIENT_ACCEPTED. It also
starts collecting so that it keeps getting notified upon the data
arrival. For every 1000 packets a measurement of bandwidth is logged.
This is an example that illustrates how to measure bandwidth
periodically using iRules. Note that the bandwidth measurement results
are still sent to configured log_publisher at every log_period
interval.
An example log message that is sent to a log publisher.
Apr 2 16:29:04 MYSESSION BWC Measurement: Moving average - 539277
bytes/sec. Total bytes - 7305051
Example for bwc policy using pps:
BWC::pps
when CLIENT_ACCEPTED {
set mycookie [IP::remote_addr]:[TCP::remote_port]
BWC::policy attach gold_user $mycookie
BWC::pps 100
}
SEE ALSO
create, delete, edit, glob, list, modify, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2016. All rights reserved.
BIG-IP 2017-05-18 net bwc policy(1)