Solved

Rate limiting inbound and outbound WAN traffic

Posted on 2013-06-12
1
295 Views
Last Modified: 2014-06-01
Hello all,

I have a new metro ethernet connection, line speed 1Gbit, providing VPN and IP transit.  I am paying for substantially less than line speed, however, and my ISP has said the onus is on me to limit my inbound and outbound traffic in order to stay within my commit.  Currently the setup is this:
                                                                 
ISP ----- Media Converter ----- Managed Switch ----- Firewall ----- LAN
                                                                 \---------------- Firewall

Where my firewall has two external interfaces, one for the VPN on one VLAN, the other for internet on a second VLAN.  The managed switch is pretty basic and provides no rate limiting whatsoever.  I have set up outbound traffic shaping on my firewall, but I am stumped about inbound.  My firewall offers no ingress policing, though I can set up outbound shaping on my LAN interface.  

My questions are these.  Would outbound traffic shaping on my LAN interface be sufficient to keep us within limits?  If not, and I switched firewalls for something with inbound policing, would that be sufficient?  It seems to me that if a packet has left my ISP, then it doesn't matter whether I drop it or not, it is still counted.

Thanks in advance.
0
Comment
Question by:transceiver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 22

Accepted Solution

by:
Matt V earned 500 total points
ID: 39240991
I would tend to agree with you that once the packet gets routed to your firewall you are comitted to it regardless of wether you accept it or drop it.

Normally you would do outbound QoS on the LAN interface in your situation.  

I would suggest you setup some kind of monitoring software so you can be alerted if the usage gets too high, and then determine the source of the extra traffic and deal with it.

I assume you are allowed some amount of burst traffic over the paid for limit before you start getting charged extra?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question