• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Rate limiting inbound and outbound WAN traffic

Hello all,

I have a new metro ethernet connection, line speed 1Gbit, providing VPN and IP transit.  I am paying for substantially less than line speed, however, and my ISP has said the onus is on me to limit my inbound and outbound traffic in order to stay within my commit.  Currently the setup is this:
                                                                 
ISP ----- Media Converter ----- Managed Switch ----- Firewall ----- LAN
                                                                 \---------------- Firewall

Where my firewall has two external interfaces, one for the VPN on one VLAN, the other for internet on a second VLAN.  The managed switch is pretty basic and provides no rate limiting whatsoever.  I have set up outbound traffic shaping on my firewall, but I am stumped about inbound.  My firewall offers no ingress policing, though I can set up outbound shaping on my LAN interface.  

My questions are these.  Would outbound traffic shaping on my LAN interface be sufficient to keep us within limits?  If not, and I switched firewalls for something with inbound policing, would that be sufficient?  It seems to me that if a packet has left my ISP, then it doesn't matter whether I drop it or not, it is still counted.

Thanks in advance.
0
transceiver
Asked:
transceiver
1 Solution
 
Matt VCommented:
I would tend to agree with you that once the packet gets routed to your firewall you are comitted to it regardless of wether you accept it or drop it.

Normally you would do outbound QoS on the LAN interface in your situation.  

I would suggest you setup some kind of monitoring software so you can be alerted if the usage gets too high, and then determine the source of the extra traffic and deal with it.

I assume you are allowed some amount of burst traffic over the paid for limit before you start getting charged extra?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now