Control inbound bandwidth

Posted on 2012-08-21
Last Modified: 2012-08-22
I have a WatchGuard XTM 510 connected to a NetGear GS108t switch that has VLANs defined on it.  The GS108t switch is going to the Outside port of a PacketShaper 1700 and then spits out to another GS108t switch that splits into two VLAN subnets.

I want to put some type of QoS policy on thWatchGuardrd that will allow me to control the amount of bandwidth that any one device can consume on an inbound request.  Whats the best way to go about this?

I can provide more details if needed.

Question by:Collins26050
    LVL 16

    Accepted Solution

    it is very hard to control inbound traffic  unless the provider upstream supports a form of QOS.

    The reason for this is you have no control over the sending station, and the traffic has to pass over the link before your devices see it.

    you can restrict the inbound traffic to a set about, but this will not stop malicious traffic or devices that chose to ignore it.

    Bandwith policies work best when you have control of both ends of the link. If you do not the best you can achieve is to manage the out going requests in such away as they help control what is coming back in. For example you could set a very low TCP window size so that the sending station will send only small amount of data before waiting for an ACK. you can then hold back on sending the ack to insure the bandwidth used never goes above a set level. but this is messy and introduces a lot of bandwidth over head.

    Another way is to use inbound ques, that drop packets above a defined rate, this causes the end station to back of and resend as it will detect the lost packets and slow down its trandsmite rate. However it still only deals with well behaved remote devices. and will not help in the case of a DOS attack.
    LVL 28

    Assisted Solution

    Agreed. Unless you have control of the sending side of the link, you have no way to control what's sent over that link. As already stated, inbound QOS on your side will only drop what's already been sent.

    In fact, drops on your side may actually increase bandwidth utilization since the other side will then have to retransmit. And the only way to control TCP window size is to configure each workstation on your side to request a small window size of the sending party- and that will apply to internal traffic also, not just internet.

    Author Comment

    Thanks for both of your comments and imputs.  This helps me out a great deal and I may consider modifying the TCP window size in the future but I agree that tampering too much could introduce a lot of overhead.

    I will watch this and see if I really need to pursue any action as the spikes that caused my concern have only happened a couple of times.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
    Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now