Bandwidth Management and Rate Shaping are two key techniques to prioritize traffic using Traffic Manager.
Traffic Manager's Bandwidth Management is applied by assigning connections to a Bandwidth Class. A bandwidth class limits the bandwidth used by its connections in one of two ways:
The 'per class' bandwidth can be counted on a per-traffic-manager basis (simple) or can be shared across a traffic manager cluster (sophisticated). When it is shared, the traffic managers negotiate between themselves on a per-second basis (approx) to share out parts of the bandwidth allocation in proportion to the demand on each Traffic Manager.
A bandwidth management class may be assigned in one of two different ways:
Rate Shaping is most commonly used to control the rate of particular types of transactions. For example, you could use Rate Shaping to control the rate at which users attempt to log in to a web form, in order to mitigate against dictionary attacks, or you could use Rate Shaping to protect a vulnerable application that is prone to being overloaded.
Rates are defined using Rate Classes, which can specify rates on a per-second or per-minute basis:
Rate Shaping is implemented using a queue. A TrafficScript rule can invoke a rate class, and the execution of that rule is immediately queued.
For example, to rate-limit requests for the /search.cgi resource using the limits defined in the 'DDoS Protect' rate class, you would use the following TrafficScript snippet:
$path = http.getPath(); if( $path == "/search.cgi" ) rate.use( "DDoS Protect" );
You can use the functions rate.getBacklog() and rate.use.noQueue() to query the length of the queue, or to test a connection against the current queue length without suspending it.
Rate limits are applied by each traffic manager. The limit is not shared across the cluster in the way that bandwidth limits can be.
In some cases, you may need to apply a rate limit per-user or per-URL. You can use rate.use() with an additional 'context' argument; the rate limit is applied to each context individually. For example, to limit the number of requests to /search.cgi from each individual IP address, you would use:
$path = http.getPath(); $ip = request.getRemoteIP(); if( $path == "/search.cgi" ) rate.use( "DDoS Protect", $ip );