Configure Policer and Protocol Policer

• Open F5® Distributed Cloud Console > select Multi Cloud Network Connect box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills > Advanced box > check Work Domain boxes > Save changes.

Figure: Homepage

• Select Manage in left-menu > select Firewall > Policers.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

• Select Add Policer.

Figure: Shared Objects > Policer

• Enter Name in Metadata. The configuration object will be created with Name. It has to be unique within the namespace. The value of name has to follow DNS-1035 format. DNS-1035 label must be lowercase alphanumeric characters - start with letters - and end in letters or numbers corresponding with domains and clusters e.g. abc-123.

• Select Labels as needed.

Note: Labels, Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

• Enter Description as needed.

Note: Human readable Description for the object.

Figure: Add Policer Metadata

• Select Policer Mode from drop-down menu:

  • Not Shared: A separate policer instance is created for each reference to the policer.

  • Shared: A common policer instance is used for all references to the policer.

Note: Policer mode specifies if policer needs to share the traffic limits across term references or a separate instance has to be created for each reference. For example if Rule 1 and Rule 2 refer to policer and each rule should get bandwidth of 10 Kb, then policer mode to be used is “Not Shared” If both Rule 1 and Rule 2 cumulatively need 10 kbs then a policer should be created with node as “Shared”.

• Enter Committed information Rate (pps) value. The committed information is the guaranteed packets rate for traffic arriving or departing under normal conditions. For example, 10000 packets per second (pps). Minimum value is 1.

• Enter Burst Size (pps) value.

Note: The maximum size permitted for bursts of data e.g. 10000 pps burst (Min value is 1).

• Select Policer Type, Single-Rate Two-Color Policer Basic Single-Rate Two-Color Policer option if needed.

Figure: Add Policer Metadata

• Select Add Policer.

• To apply the Policer in Fast ACLs, see the Create Fast ACLs guide.

• Open F5® Distributed Cloud Console > select Multi Cloud Network Connect box.

Note: Protocol and Policers is also available in Shared Configuration and Web App & API Protection.

Figure: Homepage

• Select Manage in left-menu > select Firewall > Protocol Policers.

• Select Add Protocol Policer.

Figure: Protocol Policer

Note: The Add Protocol Policer option is only visible when no protocol policer is present. In case policers are present, use the Add Protocol Policer option at the top left of the page.

• Enter Name in Metadata.

• Select Namespace option from drop-down menu.

• Enter Labels and Description as needed.

Figure: Add Protocol Policer Metadata

• Select + Add item in Protocol Policer section.

Note: Two drop-down options will appear.

• Select Packet Type (TCP, ICMP, UDP, DNS) in drop-down menu.

Note: Provide various protocol specific match conditions. Another drop-down option will appear for TCP and ICMP Packet type options.

• Select Policer in drop-down menu.

Note: Reference to policer object to apply traffic rate limits.

Figure: Add Protocol Policer Metadata

• Select Add Protocol Policer.

• To apply the Protocol Policer in Fast ACLs, see the Create Fast ACLs guide.