Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

rate limiting


We are an ISP and we are using a proxy for HTTP traffic coming from our customers. We apply inbound rate limiting on customers interfaces before the proxy to limit their traffic and save our bandwidth to the Internet.

Since HTTP is TCP and we are actually limiting the traffic from the proxy to the customers and not saving bandwidth because the HTTP traffic will reach the proxy and then get dropped before it reaches the customers. That will make our customers suffer and not utilize our Internet bandwidth.

Is that true? and if yes how could we do the limitation while the proxy is in the middle. Limiting the traffic from the proxy to the Internet is not possible in our case.


Re: rate limiting

Can you rate-limit on your proxy?

If not, can you specify that Customer A goes through your proxy and appears to be coming from IP address "A", while Customer B goes through and appears to be coming from IP address "B"? Because then you can either implement your own rate-limiting on a device that you install between the proxy and the upstream ISP's customer premises equipment. And have it restrict throughput by using access control lists to match against those IP addresses. Or maybe you can get the upstream ISP to do the rate-limiting at their end.

The only way you're going to conserve Internet bandwidth AND restrict customers to contracted Internet access rates with the equipment you've described is to do it on the proxy or upstream from it.

Is your proxy transparent to the end clients? Or does it do NAT-like address translation?

If your proxy does caching, maybe you should just let it do its best-effort at getting the pages and then rate-limit the customers on the downstream side.

Which is more important: rate-limiting the customers, or conserving Internet bandwidth? If rate-limiting the customers is, then downstream from the proxy is fine. If conserving Internet bandwidth is, and your proxy can't segregate its upstream requests corresponding to each of your cusomters, then you are stuck with generally restricting the whole proxy system's access.

Can you tell us a little more about the equipment in use in front of, and behind the, proxy? Switches, routers, hubs.

EDITED TO ADD: If you can uniquely ID each customer's Internet-bound traffic as it leaves the proxy, then you should probably rate-limit both upstream and downstream from your proxy.

Hope this helps.

New Member

Re: rate limiting

am interseted in this question but dont have answer to it.

but pls how can i know the bandwidth given to me by my ISP using my router?. and can i use my router to monitor the bandwidth?

tnx-- bolaji

New Member

Re: rate limiting

Thanks konigl,

The proxy is in the middle between the customers and the upstream ISP's. NATing is done on the proxy, so the IP address going to the upstream ISPs is always the same. Since we have so many (and dynamic) customers, there is no way to do the limitation on the proxy or on the upstream ISPs (we don't have control on them).

We are implementing rate limit to save the upstream BW and we are selling the Internet connectivity to our customers based on the BW (64K, 128K,..etc).

Any input is greatly appreciated.



Re: rate limiting

(deleted - duplicate posting)