Performance

Traffic shaping

On this page

Available since

  • HAProxy 2.7
  • HAProxy Enterprise 2.6r1
  • HAProxy ALOHA 14.5

Traffic shaping allows you to control the bandwidth of data flow into and out of your load balancers. These measures are important in avoiding networking congestion issues such as excessive latency.

Traffic shaping involves delaying HTTP requests and responses when bandwidth consumption exceeds specified limits. By contrast, the process of dropping traffic under extreme conditions is called traffic policing.

Traffic shaping is configured separately for uploads vs downloads.

  • For uploads, the filter bwlim-in directive defines the filter, and the http-request set-bandwidth-limit directive enables it.
  • For downloads, the filter bwlim-out directive defines the filter, and the http-response set-bandwidth-limit directive enables it.

Ordering of filter lines

The position of a filter bwlim-in or filter bwlim-out line relative to other filters in the configuration affects how they influence traffic. For example, if a compression filter precedes a bwlim filter, the bwlim filter is applied to compressed traffic and is therefore less likely to delay any traffic. However, if the compression filter follows the bwlim filter, more traffic, being uncompressed, will be delayed.

Set a bandwidth limit for downloads Jump to heading

You can limit the network bandwidth used when sending data to a client. This limit is applied per stream and not at the connection level, meaning that for multiplexed protocols like HTTP/2, where a single connection can simultaneously transfer multiple requests and responses, each of those streams will have its own limit. The limit is expressed in bytes per second.

Use cases for this configuration include:

  • Setting the maximum download speed for a high-definition video file to be 5 Mbps so that users who have faster connections cannot download faster than that, which would not improve the video quality but could consume bandwidth away from other users.
  • Setting a more constricted download speed for bots (including search engine crawlers).

To set a download speed limit:

  1. In the frontend section where you would like to enable the limit, add a filter bwlim-out directive that sets default-limit and default-period. The default-limit argument sets the number of bytes that can be transferred during the interval defined by default-period.

    Below, the value 62500, which represents bytes, equals 5 Mbps (0.625 megabytes per second = 5 megabits per second).

    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-out mylimit default-limit 625000 default-period 1s
    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-out mylimit default-limit 625000 default-period 1s

  2. Add the http-response set-bandwidth-limit directive, which enables the filter.

    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-out mylimit default-limit 625000 default-period 1s
      http-response set-bandwidth-limit mylimit
    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-out mylimit default-limit 625000 default-period 1s
      http-response set-bandwidth-limit mylimit

    You can add an if statement to the end of the http-response set-bandwidth-limit line to set the bandwidth limit value conditionally.

    The filter bwlim-out directive defines the filter, but it doesn’t enable it. The filter isn’t enabled until it is specified using the http-response set-bandwidth-limit directive.

Set a bandwidth limit for uploads Jump to heading

You can limit the network bandwidth used when receiving data from a client. This limit is applied per stream and not at the connection level, meaning that for multiplexed protocols like HTTP/2, where a single connection can simultaneously transfer multiple requests and responses, each of those streams will have its own limit. The limit is expressed in bytes per second.

Use cases for this configuration include limiting the bandwidth used when a client uploads a large file.

To set an upload speed limit:

  1. In the frontend section where you would like to enable the limit, add a filter bwlim-in directive that sets default-limit and default-period. The default-limit argument sets the number of bytes that can be transferred during the interval defined by default-period.

    The value 625000, which represents bytes, equals 5 Mbps (0.625 megabytes per second = 5 megabits per second).

    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-in mylimit default-limit 625000 default-period 1s
    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-in mylimit default-limit 625000 default-period 1s

  2. Add the http-request set-bandwidth-limit directive, which enables the filter.

    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-in mylimit default-limit 625000 default-period 1s
      http-request set-bandwidth-limit mylimit
    haproxy
    frontend myfrontend
      mode http 
      bind :80
      filter bwlim-in mylimit default-limit 625000 default-period 1s
      http-request set-bandwidth-limit mylimit

    You can add an if statement to the end of the http-request set-bandwidth-limit line to set the bandwidth limit value conditionally.

    The filter bwlim-in directive defines the filter, but it doesn’t enable it. The filter isn’t enabled until you use it with the http-request set-bandwidth-limit directive.

Set a bandwidth limit per backend Jump to heading

You can limit the network bandwidth used by a particular application by defining a limit for a given backend (group of servers). This can be for either download or upload speed. The limit is applied across all requests and responses for all clients accessing the application, giving the application a total bandwidth allotment. The limit is expressed in bytes per second.

Use cases for this configuration include prioritizing throughput for important applications, while limiting the maximum throughput of less important applications.

To set a path-based bandwidth limit:

  1. Define a stick table that will store the outbound bytes-per-second rate and another that will store the inbound bytes-per-second rate. The key for each record in the table will be an integer indicating the backend’s identifier, so set type to integer. To have this work in an active-active or active-standby load balancer setup, it’s best to define the tables in a peers section, as shown below:

    haproxy
    peers mypeers
      peer hapee 127.0.0.1:10000
      table downloadrate type integer size 1m expire 3600s store bytes_out_rate(1s)
      table uploadrate type integer size 1m expire 3600s store bytes_in_rate(1s)
    haproxy
    peers mypeers
      peer hapee 127.0.0.1:10000
      table downloadrate type integer size 1m expire 3600s store bytes_out_rate(1s)
      table uploadrate type integer size 1m expire 3600s store bytes_in_rate(1s)

  2. In the backend section where you would like to enable the limit:

    • add a filter bwlim-out directive to limit download speeds
    • add a filter bwlim-in directive to limit upload speeds

    Set the following arguments for each filter:

    • limit <size>: defines the bytes-per-second maximum
    • key <pattern>: adds or updates a record in the stick table using the backend’s identifier as the table key
    • table <table>: references the stick table where the application’s current data transfer information is stored
    haproxy
    backend webservers
      server web1 192.168.56.6:80 check maxconn 30
      server web2 192.168.56.7:80 check maxconn 30         
      filter bwlim-out mydownloadlimit limit 625000 key be_id table mypeers/downloadrate         
      filter bwlim-in myuploadlimit limit 625000 key be_id table mypeers/uploadrate
    haproxy
    backend webservers
      server web1 192.168.56.6:80 check maxconn 30
      server web2 192.168.56.7:80 check maxconn 30         
      filter bwlim-out mydownloadlimit limit 625000 key be_id table mypeers/downloadrate         
      filter bwlim-in myuploadlimit limit 625000 key be_id table mypeers/uploadrate

  3. Add the http-response set-bandwidth-limit and http-request set-bandwidth-limit directives to the backend, which enable the filters.

    haproxy
    backend webservers
      server web1 192.168.56.6:80 check maxconn 30
      server web2 192.168.56.7:80 check maxconn 30         
      filter bwlim-out mydownloadlimit limit 625000 key be_id table mypeers/downloadrate         
      filter bwlim-in myuploadlimit limit 625000 key be_id table mypeers/uploadrate
      http-response set-bandwidth-limit mydownloadlimit 
      http-request set-bandwidth-limit myuploadlimit
    haproxy
    backend webservers
      server web1 192.168.56.6:80 check maxconn 30
      server web2 192.168.56.7:80 check maxconn 30         
      filter bwlim-out mydownloadlimit limit 625000 key be_id table mypeers/downloadrate         
      filter bwlim-in myuploadlimit limit 625000 key be_id table mypeers/uploadrate
      http-response set-bandwidth-limit mydownloadlimit 
      http-request set-bandwidth-limit myuploadlimit

    The filter bwlim-in and filter bwlim-out directives define filters, but they don’t enable them. Enable the bwlim-in filter by using it with the http-request set-bandwidth-limit directive. Likewise, enable the bwlim-out filter by using it with the http-response set-bandwidth-limit directive.

    When using the table argument, you cannot override the initial limit set by the filter directive via the http-response set-bandwidth-limit and http-request set-bandwidth-limit directives.

Set a bandwidth limit per client IP Jump to heading

You can limit the network bandwidth used by a single client, based on their IP address. This can be for either download or upload speed. The limit is applied across all of the client’s streams, giving them a total bandwidth allotment. The limit is expressed in bytes per second.

Use cases for this configuration include ensuring that clients cannot consume an unfair portion of your bandwidth, applied across all of their requests.

To set a per-client bandwidth limit:

  1. Define a stick table that will store the outbound bytes-per-second rate and another that will store the inbound bytes-per-second rate. The key for each record in the table will be an IP address, so set type to ip. To have this work in an active-active or active-standby load balancer setup, it’s best to define the tables in a peers section, as shown below:

    haproxy
    peers mypeers
      peer hapee 127.0.0.1:10000
      table downloadrate type ip size 1m expire 3600s store bytes_out_rate(1s)
      table uploadrate type ip size 1m expire 3600s store bytes_in_rate(1s)
    haproxy
    peers mypeers
      peer hapee 127.0.0.1:10000
      table downloadrate type ip size 1m expire 3600s store bytes_out_rate(1s)
      table uploadrate type ip size 1m expire 3600s store bytes_in_rate(1s)

  2. In the frontend section where you would like to enable the limit:

    • add a filter bwlim-out directive to limit download speeds
    • add a filter bwlim-in directive to limit upload speeds

    Set the following arguments on each filter:

    • limit <size>: defines the bytes-per-second maximum
    • key <pattern>: adds or updates a record in the stick table using the client’s source IP address as the table key
    • table <table>: references the stick table where the client’s current data transfer information is stored
    haproxy
    frontend  fe_main
      bind :80
      filter bwlim-out mydownloadlimit limit 625000 key src table mypeers/downloadrate
      filter bwlim-in myuploadlimit limit 625000 key src table mypeers/uploadrate
    haproxy
    frontend  fe_main
      bind :80
      filter bwlim-out mydownloadlimit limit 625000 key src table mypeers/downloadrate
      filter bwlim-in myuploadlimit limit 625000 key src table mypeers/uploadrate

  3. Add the http-response set-bandwidth-limit and http-request set-bandwidth-limit directives frontend, which enable the filters.

    haproxy
    frontend  fe_main
      bind :80
      filter bwlim-out mydownloadlimit limit 625000 key src table mypeers/downloadrate
      filter bwlim-in myuploadlimit limit 625000 key src table mypeers/uploadrate
      http-response set-bandwidth-limit mydownloadlimit 
      http-request set-bandwidth-limit myuploadlimit
    haproxy
    frontend  fe_main
      bind :80
      filter bwlim-out mydownloadlimit limit 625000 key src table mypeers/downloadrate
      filter bwlim-in myuploadlimit limit 625000 key src table mypeers/uploadrate
      http-response set-bandwidth-limit mydownloadlimit 
      http-request set-bandwidth-limit myuploadlimit

    The filter bwlim-in and filter bwlim-out directives define filters, but they don’t enable them. Enable the bwlim-in filter by using it with the http-request set-bandwidth-limit directive. Likewise, enable the bwlim-out filter by using it with the http-response set-bandwidth-limit directive.

    When using the table argument, you cannot override the initial limit set by the filter directive via the http-response set-bandwidth-limit and http-request set-bandwidth-limit directives.

See also Jump to heading

  • For complete information on the filters used for bandwidth limitation, see Bandwidth limitation in the HAProxy Configuration Manual.
  • For complete information on peers configurations, see the Peers reference in the HAProxy Configuration Manual.

Do you have any suggestions on how we can improve the content of this page?

Previous page Performance optimization for large systems Next page Next steps
© 2025 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences