Fortinet black logo

Handbook

Traffic shaping

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:587578
Download PDF

Traffic shaping

FortiGate devices provide Quality of Service (QoS) by applying bandwidth limits and prioritization to your network traffic. You can use traffic shaping to manage network traffic by controlling available bandwidth, priorities for the types of traffic that are processed by security policies, traffic volume for specific periods of time (bandwidth throttling), and the rate at which traffic is sent (rate limiting). You can use traffic shaping to improve the performance and stability of latency sensitive and bandwidth intensive network applications by adjusting how a FortiGate allocates resources for different types of traffic.

A basic approach to traffic shaping is to prioritize higher priority traffic over lower priority traffic. This means that you may decrease the performance and stability of lower priority traffic in order to improve the performance and stability of higher priority traffic. The best traffic shaping configuration balances the needs of each traffic flow by considering not only the needs of your organization, but also the resiliency and other characteristics of each particular service. For example, you may find that web browser traffic is less business critical and more resistant to interruptions and latency than UDP and VoIP traffic and you can therefore implement less restrictive QoS measures on UDP and VoIP traffic than on HTTP traffic.

Traffic shaping is effective for typical IP traffic at typical traffic rates and an appropriate QoS configuration takes into account the physical limits of your network devices. There is a physical limitation to the amount of data that can be buffered and the length of time that it can be buffered for. Once these thresholds are surpassed, frames and packets are dropped, and sessions are affected in other ways. Traffic shaping doesn't tend to be effective when traffic exceeds the capacity of the FortiGate because packets must be received by the FortiGate before they're subject to traffic shaping. If the FortiGate can't process all of the traffic it receives, dropped packets, delays, or latency may occur. You may configure QoS differently based on the hardware limits of your network and the FortiGate devices in your network. A FortiGate must have enough resources, such as memory and processing power, to process all of the traffic that it receives and to process it at the required rate. For example, if the total amount of memory available for queuing on a physical interface is frequently exceeded by your network’s typical packet rates, frames and packets must be dropped. In this situation, you may choose to implement QoS using a higher model FortiGate, or configure an incoming bandwidth limit on each interface.

Incorrect traffic shaping configuration can further degrade certain network flows, because excessive discarding of packets or increased latency beyond points that can be gracefully handled by that protocol can create additional overhead at upper layers of the network that may be attempting to recover from these errors. For example, a configuration might be too restrictive on the bandwidth that an interface can accept and therefore may drop too many packets, resulting in the inability to complete or maintain a SIP call.

Traffic shaping

FortiGate devices provide Quality of Service (QoS) by applying bandwidth limits and prioritization to your network traffic. You can use traffic shaping to manage network traffic by controlling available bandwidth, priorities for the types of traffic that are processed by security policies, traffic volume for specific periods of time (bandwidth throttling), and the rate at which traffic is sent (rate limiting). You can use traffic shaping to improve the performance and stability of latency sensitive and bandwidth intensive network applications by adjusting how a FortiGate allocates resources for different types of traffic.

A basic approach to traffic shaping is to prioritize higher priority traffic over lower priority traffic. This means that you may decrease the performance and stability of lower priority traffic in order to improve the performance and stability of higher priority traffic. The best traffic shaping configuration balances the needs of each traffic flow by considering not only the needs of your organization, but also the resiliency and other characteristics of each particular service. For example, you may find that web browser traffic is less business critical and more resistant to interruptions and latency than UDP and VoIP traffic and you can therefore implement less restrictive QoS measures on UDP and VoIP traffic than on HTTP traffic.

Traffic shaping is effective for typical IP traffic at typical traffic rates and an appropriate QoS configuration takes into account the physical limits of your network devices. There is a physical limitation to the amount of data that can be buffered and the length of time that it can be buffered for. Once these thresholds are surpassed, frames and packets are dropped, and sessions are affected in other ways. Traffic shaping doesn't tend to be effective when traffic exceeds the capacity of the FortiGate because packets must be received by the FortiGate before they're subject to traffic shaping. If the FortiGate can't process all of the traffic it receives, dropped packets, delays, or latency may occur. You may configure QoS differently based on the hardware limits of your network and the FortiGate devices in your network. A FortiGate must have enough resources, such as memory and processing power, to process all of the traffic that it receives and to process it at the required rate. For example, if the total amount of memory available for queuing on a physical interface is frequently exceeded by your network’s typical packet rates, frames and packets must be dropped. In this situation, you may choose to implement QoS using a higher model FortiGate, or configure an incoming bandwidth limit on each interface.

Incorrect traffic shaping configuration can further degrade certain network flows, because excessive discarding of packets or increased latency beyond points that can be gracefully handled by that protocol can create additional overhead at upper layers of the network that may be attempting to recover from these errors. For example, a configuration might be too restrictive on the bandwidth that an interface can accept and therefore may drop too many packets, resulting in the inability to complete or maintain a SIP call.