QOS -Policing inbound on WAN edge

sudheere · ‎12-17-2014

How to limit inbound/download traffic on internet edge. One of my customer is having single 150Mbps internet leased line for proxy and reverse-proxy traffic. Service provider won't do any QOS on internet link. We want to limit download traffic of open Guest/wireless users. All guest private IPs are NAT/PAT to one dedicated public IP address. As I know shaping is not possible in inbound direction. Policing is the only solution. I drop Guest internet traffic (inbound) after crossing 150Mbps link at internet edge router facing ISP. This method is depending on TCP flow control and there is huge number of TCP sessions. What other technology solutions are available to achieve this? My goal is to limit Guest internet download traffic to give space for other traffic in inbound direction.

Joseph W. Doherty · ‎12-18-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Other solutions include shaping outbound ACKs or using a special traffic appliance (e.g.Packeteer) that can also manipulate advertised receive buffer space.

BTW, inbound policing or outbound shaping of ACKs will impact TCP inbound traffic bandwidth usage, but it's not very precise and sender's modification of transmission rate can be slow.