Fine-grained bandwidth control is essential to service providers, large enterprises, and remote access services (RAS) solutions. Bandwidth controllers on the BIG-IP system can scale easily, work well in a distributed environment, and are easy to configure for various networks. Depending on the type of policy you configure, you can use bandwidth controllers to apply specified rate enforcement to traffic flows or mark traffic that exceeds limits.
Bandwidth control policies can be static or dynamic. Through the user interface (browser or tmsh command-line utility), when you apply a bandwidth control policy to a virtual server, packet filter, or route domain, you can apply only one policy at a time, and that is a static policy. Using iRules, you can combine static and dynamic bandwidth control policies up to eight policies on a connection, but only one of the eight policies can be a dynamic policy. A packet is transmitted only when all the attached policies allow it. The system as a whole supports a maximum of 1024 policies.
Bandwidth controller is the updated version of rate shaping on the BIG-IP system. These features are mutually exclusive. You can configure and use either rate shaping or bandwidth controllers, but not both. Bandwidth controllers include distributed control, subscriber fairness, and support for a maximum rate of 320 Gbps. Rate shaping is hierarchical and supports minimum bandwidth (committed information rate), priority, and flow fairness.
A static bandwidth control policy controls the aggregate rate for a group of applications or a network path. It enforces the total amount of bandwidth that can be used, specified as the maximum rate of the resource you are managing. The rate can be the total bandwidth of the BIG-IP device, or it might be a group of traffic flows.
This procedure includes the steps for assigning a static bandwidth control policy to traffic, using a virtual server. Alternatively, you can assign a static bandwidth control policy to a packet filter or a route domain.
You can create dynamic bandwidth control policies to restrict bandwidth usage per subscriber or group of subscribers, per application, per network egress link, or any combination of these. A dynamic bandwidth control policy provides fairness on traffic flows, according to configurable parameters, within an upper bandwidth limit. The BIG-IP system activates the dynamic bandwidth control policy for each user only when the user participates. When you create a dynamic bandwidth control policy, it acts as a policy in waiting, until the system detects egress traffic that matches the traffic you want to control and creates an instance of the policy. At that moment, the system applies the bandwidth control policy limits, as specified. No bandwidth control occurs until the system detects traffic and creates an instance of the policy. With this feature, an Internet service provider (ISP) can create and revise a single policy that can apply to millions of users.
The BIG-IP system can enforce multiple levels of bandwidth limits through the dynamic policy. For example, a user could be limited by the maximum rate, a per user rate, and a per category rate (such as for an application), all from the same dynamic policy. When the total of the maximum user rate for all the instances exceeds the maximum rate specified in the dynamic policy, the BIG-IP system maintains fairness among all users and spreads the limitation equally among users belonging to a dynamic policy.
You can also configure a dynamic bandwidth control policy to mark packets that exceed the maximum per-user rate for a specified session. The WAN router should handle the marked packets. The BIG-IP system passes packets that conform to the maximum per-user rate without marking them. You configure marking by using the IP Type of Service or Link Quality of Service setting. For example, a common use of QoS marking is for Voice over IP (VoIP) traffic. VoIP is usually assigned to the Expedited Forwarding (EF) class by using the DSCP value of 46, thus prioritized according to importance and sensitivity to loss/latency.
Alternatives for identifying users and applying dynamic bandwidth control policies to traffic are using iRules, Policy Enforcement Manager, or Access Policy Manager.
Before you create a dynamic bandwidth control policy, F5 recommends that you select the Source Address for the CMP Hash setting on the VLAN properties screen for the VLAN that carries the traffic you want to manage. The BIG-IP system uses source and destination hashes to control the way incoming traffic is distributed among the instances of the Traffic Management Microkernel (TMM) service. Subscriber-based bandwidth control depends on having a unique one-to-one relationship between bandwidth control policy and subscriber. Subscribers are commonly identified using a unique IP address, and, therefore, load distribution among the instances of TMM service must use the source IP address as the key.
This screen snippet highlights the proper setting.
This procedure describes the steps for attaching a dynamic bandwidth control policy to a traffic flow, and then applying the policy to traffic, using a virtual server. For information about using Policy Enforcement Manager to implement the policy, refer to the F5 documentation for Policy Enforcement Manager.
This screen is an example of a dynamic bandwidth control policy that might be created by an Internet service provider (ISP) to manage individual mobile subscribers.
In the example, the ISP sets the maximum bandwidth at 200 Mbps. Of that bandwidth, a maximum of 20 Mbps is allocated to each user. Of that allocation, application traffic is apportioned, as follows.
To activate this policy, the ISP needs to create an iRule to attach the policy to a user session, and then apply the policy to a virtual server.
The bandwidth controller is only an enforcer. For a dynamic bandwidth control policy, you also need iRules, Policy Enforcement Manager, or Access Policy Manager to identify a flow and map it to a category.