Solved

Rate limiting inbound and outbound WAN traffic

Posted on 2013-06-12
1
292 Views
Last Modified: 2014-06-01
Hello all,

I have a new metro ethernet connection, line speed 1Gbit, providing VPN and IP transit.  I am paying for substantially less than line speed, however, and my ISP has said the onus is on me to limit my inbound and outbound traffic in order to stay within my commit.  Currently the setup is this:
                                                                 
ISP ----- Media Converter ----- Managed Switch ----- Firewall ----- LAN
                                                                 \---------------- Firewall

Where my firewall has two external interfaces, one for the VPN on one VLAN, the other for internet on a second VLAN.  The managed switch is pretty basic and provides no rate limiting whatsoever.  I have set up outbound traffic shaping on my firewall, but I am stumped about inbound.  My firewall offers no ingress policing, though I can set up outbound shaping on my LAN interface.  

My questions are these.  Would outbound traffic shaping on my LAN interface be sufficient to keep us within limits?  If not, and I switched firewalls for something with inbound policing, would that be sufficient?  It seems to me that if a packet has left my ISP, then it doesn't matter whether I drop it or not, it is still counted.

Thanks in advance.
0
Comment
Question by:transceiver
1 Comment
 
LVL 22

Accepted Solution

by:
Matt V earned 500 total points
ID: 39240991
I would tend to agree with you that once the packet gets routed to your firewall you are comitted to it regardless of wether you accept it or drop it.

Normally you would do outbound QoS on the LAN interface in your situation.  

I would suggest you setup some kind of monitoring software so you can be alerted if the usage gets too high, and then determine the source of the extra traffic and deal with it.

I assume you are allowed some amount of burst traffic over the paid for limit before you start getting charged extra?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multiple times a day Computer loses internet connection 17 114
ASA 5505 latency problem 8 64
Bandwidth cap???? 8 62
Failover for DMVPN 3 32
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question