Traffic Shaping - Egress bandwidth

bgp179 · ‎08-09-2019

Hello,

So after reading through the traffic shaping documents, I believe I understand the behavior of traffic shaping/prioritization as follows:

So there's two ways to control packets:

Queuing

[ul]

There are 6 software queues (labeled 0-5) with 0 being the highest priority and 5 being the lowest.

This queue only matters when the physical interface is overloaded

When physical interface is overloaded, it stores packets in these software queues. Packets are discharged FIFO from queue 0 first, then queue 1, and so on.

Queues map to priority values:[ul]

Default priority (actually based on packet ToS but for simplicity, all packets are treated same) High = 0, Medium = 1, Low = 2

Shaper priority - High = 1, Medium = 2, Low = 3[/ul]

Packets get assigned priority values in this way:[ul]

If traffic doesn't hit a traffic shaper, then it uses Default (ToS) priority under config system global -> "set traffic-priority-level low/medium/high" which would be 0, 1, 2

If traffic does hit a traffic shaper:[ul]

Under guaranteed bandwidth = Priority is 0

Higher than guaranteed, lower than maximum bandwidth = Default priority + Shaper priority (Priority could be 1,2,3,4,5)

Higher than guaranteed, but maximum bandwidth isn't configured = Shaper priority only (Documentation wasn't clear on this, so ASSUMING this) (Priority could be 1,2,3)

Higher than maximum bandwidth = Packets dropped[/ul][/ul][/ul]

Limiting

[ul]

Packets are assigned to token buckets. Either per flow (per-ip-shaper) or if shaper is shared, then all flows matching that shaper are grouped together.

If you have Maximum bandwidth set, it doesn't worry about if the actual interface is overloaded or prioritization is happening. The FortiGate WILL drop traffic if packets go above the configured Maximum bandwidth threshold.

So if you have a 1G interface and set Web Surfing to 10Mbps max bandwidth. If there is NO other traffic besides Web Surfing, you could be dropping all packets over 10Mbps for web surfing but 990 Mbps of the interface could be unused.[/ul]

Now, if you aren't totally confused yet, my question is, say your egress interface is 1Gbps but your ISP connection is only 100 Mbps. I want to prioritize/queue traffic based on that 100 Mbps, not the physical interface 1Gbps. If I configured under the interface "set outbandwidth 100000", will it use this value for software queuing OR will it just drop all packets exceeding this rate.

Seems that the Fortigate won't show any info on priority queues. The only time you see anything is running a "dia sys session list" and if that session hits a shaper, it will show a priority value. However, this priority value seems to be ONLY the shaper priority + 1. (If you have Shaper priority as High, which should be value 1. It will show priority = 2. And changing the global ToS priority does nothing to alter this).

Also, if I have anything wrong in my understanding, please advise. Thanks

bgp179 · ‎08-09-2019

For reference, all information pulled from these two sources of documentation:

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-traffic-shaping/TS_About.htm#Importa...

https://docs.fortinet.com/document/fortigate/6.0.6/handbook/822191/traffic-shaping-priority-queueing...