Shaping and Policing
Good morning all.
I have a question about shaping and policing with regard to controlling inbound traffic on a link. The scenario is: you have a router with 50Mbps connection to the ISP with the capability to burst up to 100Mbps. Using more than 50Mbps is not to take place until approved. My thought would be to use shaping and policing to control the traffic. It would obviously be quite simple to control the outbound traffic, simply discard anything that exceeds 50Mbps. My concern is on the inbound. The ISP has no limitation except 100Mbps in this case. Would we be able to control the inbound traffic at all in this scenario using shaping and policing? Thanks in advance.
I have a question about shaping and policing with regard to controlling inbound traffic on a link. The scenario is: you have a router with 50Mbps connection to the ISP with the capability to burst up to 100Mbps. Using more than 50Mbps is not to take place until approved. My thought would be to use shaping and policing to control the traffic. It would obviously be quite simple to control the outbound traffic, simply discard anything that exceeds 50Mbps. My concern is on the inbound. The ISP has no limitation except 100Mbps in this case. Would we be able to control the inbound traffic at all in this scenario using shaping and policing? Thanks in advance.
CCNP Progress
ROUTE [X] :: SWITCH [X] :: TSHOOT [X]
ROUTE [X] :: SWITCH [X] :: TSHOOT [X]
Comments
-
networker050184
Mod Posts: 11,962 Mod
You could police down, but why? What is your reasoning for trying to control the inbound traffic? By the time it ever makes it to your router it's already been metered by the provider and you will be paying for it either way.
What type of circuit is this? If it's p2p you can just regulate egress on each side. If it's an internet circuit you won't have as much control.An expert is a man who has made all the mistakes which can be made. -
iproute
Member Posts: 269
Reason is strictly to keep bursting beyond the 50Mbps (on egress or ingress) to a minimum until it’s legitimately needed. Yes, it would be an internet circuit. My thought was that by discarding on the ingress, TCP sessions would “adjust” to the lower threshold and slow down as a result. I’ve not done any such thing in practice, all theoretical at this point (to me anyway). Any thoughts as to how effective this would be? My guess is that it would be far less than perfect.CCNP Progress
ROUTE [X] :: SWITCH [X] :: TSHOOT [X] -
networker050184
Mod Posts: 11,962 Mod
You could try and mess around with it dropping TCP packets, but then you get into a lot of rentransmits from inside your network which would probably be more trouble than it's worth IMO. I don't think this method would be very effective personally, and would not do anything for UDP based services either.An expert is a man who has made all the mistakes which can be made.
-
iproute
Member Posts: 269
That's basically my thought as well. Thanks for the feedback. It's greatly appreciated.CCNP Progress
ROUTE [X] :: SWITCH [X] :: TSHOOT [X] -
SteveO86
Member Posts: 1,423
How do you control the egress traffic inbound into your network on a router you do not have control of. You don't.
If you drop TCP streams as they are ingress on your outside interface the bandwidth is still being used on your circuit. At that point you are just dropping traffic you are already receiving.
I suppose you could set the tcp window size on router but messing with TCP will cause more problems then you want to deal with as networker said.My Networking blog
Latest blog post: Let's review EIGRP Named Mode
Currently Studying: CCNP: Wireless - IUWMS