Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Rate limiting inbound and outbound WAN traffic

Posted on 2013-06-12
1
Medium Priority
?
297 Views
Last Modified: 2014-06-01
Hello all,

I have a new metro ethernet connection, line speed 1Gbit, providing VPN and IP transit.  I am paying for substantially less than line speed, however, and my ISP has said the onus is on me to limit my inbound and outbound traffic in order to stay within my commit.  Currently the setup is this:
                                                                 
ISP ----- Media Converter ----- Managed Switch ----- Firewall ----- LAN
                                                                 \---------------- Firewall

Where my firewall has two external interfaces, one for the VPN on one VLAN, the other for internet on a second VLAN.  The managed switch is pretty basic and provides no rate limiting whatsoever.  I have set up outbound traffic shaping on my firewall, but I am stumped about inbound.  My firewall offers no ingress policing, though I can set up outbound shaping on my LAN interface.  

My questions are these.  Would outbound traffic shaping on my LAN interface be sufficient to keep us within limits?  If not, and I switched firewalls for something with inbound policing, would that be sufficient?  It seems to me that if a packet has left my ISP, then it doesn't matter whether I drop it or not, it is still counted.

Thanks in advance.
0
Comment
Question by:transceiver
1 Comment
 
LVL 22

Accepted Solution

by:
Matt V earned 1500 total points
ID: 39240991
I would tend to agree with you that once the packet gets routed to your firewall you are comitted to it regardless of wether you accept it or drop it.

Normally you would do outbound QoS on the LAN interface in your situation.  

I would suggest you setup some kind of monitoring software so you can be alerted if the usage gets too high, and then determine the source of the extra traffic and deal with it.

I assume you are allowed some amount of burst traffic over the paid for limit before you start getting charged extra?
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question