Multi-stage DSCP marking and class ID in traffic shapers
Traffic shapers have a multi-stage method so that packets are marked with a different differentiated services code point (DSCP) and class id
at different traffic speeds. Marking packets with a different DSCP code is for the next hop to classify the packets. The FortiGate benefits by marking packets with a different class id
. Combined with the egress interface shaping profile, the FortiGate can handle the traffic differently according to its class id
.
Rule |
DSCP code |
Class ID |
---|---|---|
speed < guarantee bandwidth |
|
|
guarantee bandwidth < speed < exceed bandwidth |
|
|
exceed bandwidth < speed |
|
|
This example sets the following parameters:
-
When the current bandwidth is less than 50 Kbps, mark packets with
diffservcode
100000 and setclass id
to 10. -
When the current bandwidth is between 50 Kbps and 100 Kbps, mark packets with
exceed-dscp
111000 and setexceed-class-id
to 20. -
When the current bandwidth is more than 100 Kbps, mark packets with
maximum-dscp
111111 and setexceed-class-id
to 20.
To set multi-stage DSCP marking and class ID in a traffic shaper:
config firewall shaper traffic-shaper edit "50k-100k-150k" set guaranteed-bandwidth 50 set maximum-bandwidth 150 set diffserv enable set dscp-marking-method multi-stage set exceed-bandwidth 100 set exceed-dscp 111000 set exceed-class-id 20 set maximum-dscp 111111 set diffservcode 100000 next end
config firewall shaping-policy edit 1 set service "ALL" set dstintf PORT2 set srcaddr "all" set dstaddr "all" set class-id 10 next end
Traffic shapers also have an overhead
option that defines the per-packet size overhead used in rate computation.
To set the traffic shaper overhead option:
config firewall shaper traffic-shaper edit "testing" set guaranteed-bandwidth 50 set maximum-bandwidth 150 set overhead 14 <range from 0 to 100> next end
Example
This example shows how to mark QA traffic with a different DSCP according to real-time traffic speed.
To configure the firewall address:
config firewall address edit QA_team set subnet 10.1.100.0/24 next end
To configure the firewall shaper traffic shaper:
config firewall shaper traffic-shaper edit "500k-1000k-1500k" set guaranteed-bandwidth 500 set maximum-bandwidth 1500 set diffserv enable set dscp-marking-method multi-stage set exceed-bandwidth 1000 set exceed-dscp 111000 set maximum-dscp 111111 set diffservcode 100000 next end
config firewall shaping-policy edit QA_team set service "ALL" set dstintf port1 set traffic-shaper "500k-1000k-1500k" set traffic-shaper-reverse "500k-1000k-1500k" set srcaddr "QA_team" set dstaddr "all" next end