Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Can I use rate limit?

If you're referring to the interface command, I believe it only works for egress and might not be supported on newer IOS versions.  There is, however, a police command often found in MQC that can be used for ingress or egress.

Where should I put it? At LAN interface, or at ISP side interface?

Normally you want to manage traffic ASAP, so in ISP side interface, ingress.  But much depends on your equipment features and what exactly you're trying to accomplish.

And, what direction should it be (in our out)

Depends where placed.  For example, on ISP interface, ingress, for LAN, egress (this for inbound ISP traffic).

What in my mind, that is from the internet link it self, it already fill with the IN traffic (non ipsec), so if I limit it from my router, it will be useless?

Yes and no.  As you're policing traffic downstream of congestion point, i.e. the ingress link, it usually won't work nearly as well as if you could apply on ISP's egress interface.