Fortinet black logo

New Features

Adding traffic shapers to multicast policies

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:582112
Download PDF

Adding traffic shapers to multicast policies

When multicast routing is enabled, a traffic shaper can be added to a multicast policy.

Only a shared traffic shaper with the per-policy option disabled can be used. This is the default state of the per-policy option. The auto-asic-offload option must also be disabled on the multicast policy.

Note

This feature is currently not supported on IPv6 multicast policies or on transparent mode VDOMs.

Example

In this example, a traffic shaper is applied to the multicast policy. A multicast flow sender sends the multicast data stream. The shaper attached to the multicast session is checked, and the shaping of the data stream is confirmed in the multicast session.

To apply traffic shaping to a multicast policy:
  1. Enable multicast routing on the VDOM:

    config router multicast
        set multicast-routing enable
        config pim-sm-global
            config rp-address
                edit 1
                    set ip-address 10.1.100.10
                next
            end
        end
        config interface
            edit "wan2"
                set pim-mode sparse-mode
            next
            edit "wan1"
                set pim-mode sparse-mode
            next
        end
    end
  2. Create a traffic shaper:

    config firewall shaper traffic-shaper
        edit "shaper128kbps-high"
            set guaranteed-bandwidth 128
            set maximum-bandwidth 128
            set per-policy disable
            set diffserv enable
            set diffservcode 010101
        next
    end
  3. Apply the traffic shaper to the multicast policy and disable NPU offloading:

    config firewall multicast-policy
        edit 1
            set name "test_multicast-policy"
            set logtraffic enable
            set srcintf "wan2"
            set dstintf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set snat enable
            set auto-asic-offload disable
            set traffic-shaper "shaper128kbps-high"
        next
    end
  4. Check the shaper and DSCP in the multicast session:

    # diagnose sys mcast-session list
        session info: id=26 vf=0 proto=17 10.1.100.41.35537->230.0.0.1.7878
        used=2 path=1 duration=118 expire=179 indev=18 pkts=119 bytes=64260
        state=00000000:
        session-npu-info: ipid/vlifid=0/0 vlanid/vtag_in=0/0 in_npuid=0 tae_index=0 qid=0 fwd_map=0x00000000
        path: log snat npu-deny nsaddr=172.16.200.10 policy=1, outdev=17, tos=0x15
                origin-shaper=shaper128kbps-high prio=2 tos=0x15 guarantee 16000Bps max 16000Bps traffic 620Bps drops 0pkt/0B
        Total 1 sessions

Adding traffic shapers to multicast policies

When multicast routing is enabled, a traffic shaper can be added to a multicast policy.

Only a shared traffic shaper with the per-policy option disabled can be used. This is the default state of the per-policy option. The auto-asic-offload option must also be disabled on the multicast policy.

Note

This feature is currently not supported on IPv6 multicast policies or on transparent mode VDOMs.

Example

In this example, a traffic shaper is applied to the multicast policy. A multicast flow sender sends the multicast data stream. The shaper attached to the multicast session is checked, and the shaping of the data stream is confirmed in the multicast session.

To apply traffic shaping to a multicast policy:
  1. Enable multicast routing on the VDOM:

    config router multicast
        set multicast-routing enable
        config pim-sm-global
            config rp-address
                edit 1
                    set ip-address 10.1.100.10
                next
            end
        end
        config interface
            edit "wan2"
                set pim-mode sparse-mode
            next
            edit "wan1"
                set pim-mode sparse-mode
            next
        end
    end
  2. Create a traffic shaper:

    config firewall shaper traffic-shaper
        edit "shaper128kbps-high"
            set guaranteed-bandwidth 128
            set maximum-bandwidth 128
            set per-policy disable
            set diffserv enable
            set diffservcode 010101
        next
    end
  3. Apply the traffic shaper to the multicast policy and disable NPU offloading:

    config firewall multicast-policy
        edit 1
            set name "test_multicast-policy"
            set logtraffic enable
            set srcintf "wan2"
            set dstintf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set snat enable
            set auto-asic-offload disable
            set traffic-shaper "shaper128kbps-high"
        next
    end
  4. Check the shaper and DSCP in the multicast session:

    # diagnose sys mcast-session list
        session info: id=26 vf=0 proto=17 10.1.100.41.35537->230.0.0.1.7878
        used=2 path=1 duration=118 expire=179 indev=18 pkts=119 bytes=64260
        state=00000000:
        session-npu-info: ipid/vlifid=0/0 vlanid/vtag_in=0/0 in_npuid=0 tae_index=0 qid=0 fwd_map=0x00000000
        path: log snat npu-deny nsaddr=172.16.200.10 policy=1, outdev=17, tos=0x15
                origin-shaper=shaper128kbps-high prio=2 tos=0x15 guarantee 16000Bps max 16000Bps traffic 620Bps drops 0pkt/0B
        Total 1 sessions