12-12-2013 04:45 AM - edited 03-04-2019 09:50 PM
Hi just a question regarding limiting web traffic
I have a Switch, a Firewall, a router, then a 20Meg EFM circuit (fancy multiplexed dsl)
Connected at 1gig between Switch (3750) and FW(ASA) and Router(2901), then at 100MB Link between the Router and the Service provider's Device.
The link is subrate because the 100Mb link to the SP is policed to 20 MB (symmetric)
If I wanted to carve 12 MB for Web traffic, this is fine either shaping or policing applied inbound into the Firewall, or applied on the router. - Traffic flowing to the internet
The problem I have is obviously the nature of Web traffic, being that outbound requests are far smaller in size than the return traffic for users which is the web pages they desire.
Without service provider involvement, is there a way to limit the web traffic in both directions? How do others achieve this goal? A tiny outbound limit on internet requests?
Policing inbound from the internet will not help here as the traffic has already passed trhought he subrate bottlenecks.
Any ideas gents
12-12-2013 05:12 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
The normal solution is to shape your overall outbound traffic to your subscribed rate. If desired, you can prioritize traffic within the shaper's constraints.
For inbound, you're very restricted in what you can effectively do. This because, as you've noted, you're downstream of the bottleneck. However, for rate adaptive traffic (e.g. TCP) you can police some of it, to attempt to "set aside" bandwidth for other (more important?) traffic; or you might shape return ACKs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide