Solved

Rate limiting inbound and outbound WAN traffic

Posted on 2013-06-12
1
289 Views
Last Modified: 2014-06-01
Hello all,

I have a new metro ethernet connection, line speed 1Gbit, providing VPN and IP transit.  I am paying for substantially less than line speed, however, and my ISP has said the onus is on me to limit my inbound and outbound traffic in order to stay within my commit.  Currently the setup is this:
                                                                 
ISP ----- Media Converter ----- Managed Switch ----- Firewall ----- LAN
                                                                 \---------------- Firewall

Where my firewall has two external interfaces, one for the VPN on one VLAN, the other for internet on a second VLAN.  The managed switch is pretty basic and provides no rate limiting whatsoever.  I have set up outbound traffic shaping on my firewall, but I am stumped about inbound.  My firewall offers no ingress policing, though I can set up outbound shaping on my LAN interface.  

My questions are these.  Would outbound traffic shaping on my LAN interface be sufficient to keep us within limits?  If not, and I switched firewalls for something with inbound policing, would that be sufficient?  It seems to me that if a packet has left my ISP, then it doesn't matter whether I drop it or not, it is still counted.

Thanks in advance.
0
Comment
Question by:transceiver
1 Comment
 
LVL 22

Accepted Solution

by:
Matt V earned 500 total points
ID: 39240991
I would tend to agree with you that once the packet gets routed to your firewall you are comitted to it regardless of wether you accept it or drop it.

Normally you would do outbound QoS on the LAN interface in your situation.  

I would suggest you setup some kind of monitoring software so you can be alerted if the usage gets too high, and then determine the source of the extra traffic and deal with it.

I assume you are allowed some amount of burst traffic over the paid for limit before you start getting charged extra?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now