Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Devices Managed by FortiOS

Configuring QoS with managed FortiSwitch units

Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.

NOTE: The FortiGate unit does not support QoS for hard or soft switch ports.

The FortiSwitch unit supports the following QoS configuration capabilities:

  • Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
  • Providing eight egress queues on each port.
  • Policing the maximum data rate of egress traffic on the interface.
  • If you select weighted-random-early-detection for the drop-policy, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
To configure the QoS for managed FortiSwitch units:
  1. Configure a Dot1p map.

    A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.

    NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.

    config switch-controller qos dot1p-map

    edit <Dot1p map name>

    set description <text>

    set priority-0 <queue number>

    set priority-1 <queue number>

    set priority-2 <queue number>

    set priority-3 <queue number>

    set priority-4 <queue number>

    set priority-5 <queue number>

    set priority-6 <queue number>

    set priority-7 <queue number>

    next

    end

     

  2. Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
    • network-control—Network control
    • internetwork-control—Internetwork control
    • critic-ecp—Critic and emergency call processing (ECP)
    • flashoverride—Flash override
    • flash—Flash
    • immediate—Immediate
    • priority—Priority
    • routine—Routine

     

    config switch-controller qos ip-dscp-map

    edit <DSCP map name>

    set description <text>

    configure map <map_name>

    edit <entry name>

    set cos-queue <COS queue number>

    set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}

    set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}

    set value <DSCP raw value>

    next

    end

    end

     

  3. Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
    • With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
    • In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
    • In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.

     

    config switch-controller qos queue-policy

    edit <QoS egress policy name>

    set schedule {strict | round-robin | weighted}

    config cos-queue

    edit queue-<number>

    set description <text>

    set min-rate <rate in kbps>

    set max-rate <rate in kbps>

    set drop-policy {taildrop | weighted-random-early-detection}

    set ecn {enable | disable}

    set weight <weight value>

    next

    end

    next

    end

     

  4. Configure the overall policy that will be applied to the switch ports.

     

    config switch-controller qos qos-policy

    edit <QoS egress policy name>

    set default-cos <default CoS value 0-7>

    set trust-dot1p-map <Dot1p map name>

    set trust-ip-dscp-map <DSCP map name>

    set queue-policy <queue policy name>

    next

    end

     

  5. Configure each switch port.

     

    config switch-controller managed-switch

    edit <switch-id>

    config ports

    edit <port>

    set qos-policy <CoS policy>

    next

    end

    next

    end

     

  6. Check the QoS statistics on each switch port.

     

    diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>

Configuring QoS with managed FortiSwitch units

Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.

NOTE: The FortiGate unit does not support QoS for hard or soft switch ports.

The FortiSwitch unit supports the following QoS configuration capabilities:

  • Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
  • Providing eight egress queues on each port.
  • Policing the maximum data rate of egress traffic on the interface.
  • If you select weighted-random-early-detection for the drop-policy, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
To configure the QoS for managed FortiSwitch units:
  1. Configure a Dot1p map.

    A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.

    NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.

    config switch-controller qos dot1p-map

    edit <Dot1p map name>

    set description <text>

    set priority-0 <queue number>

    set priority-1 <queue number>

    set priority-2 <queue number>

    set priority-3 <queue number>

    set priority-4 <queue number>

    set priority-5 <queue number>

    set priority-6 <queue number>

    set priority-7 <queue number>

    next

    end

     

  2. Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
    • network-control—Network control
    • internetwork-control—Internetwork control
    • critic-ecp—Critic and emergency call processing (ECP)
    • flashoverride—Flash override
    • flash—Flash
    • immediate—Immediate
    • priority—Priority
    • routine—Routine

     

    config switch-controller qos ip-dscp-map

    edit <DSCP map name>

    set description <text>

    configure map <map_name>

    edit <entry name>

    set cos-queue <COS queue number>

    set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}

    set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}

    set value <DSCP raw value>

    next

    end

    end

     

  3. Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
    • With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
    • In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
    • In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.

     

    config switch-controller qos queue-policy

    edit <QoS egress policy name>

    set schedule {strict | round-robin | weighted}

    config cos-queue

    edit queue-<number>

    set description <text>

    set min-rate <rate in kbps>

    set max-rate <rate in kbps>

    set drop-policy {taildrop | weighted-random-early-detection}

    set ecn {enable | disable}

    set weight <weight value>

    next

    end

    next

    end

     

  4. Configure the overall policy that will be applied to the switch ports.

     

    config switch-controller qos qos-policy

    edit <QoS egress policy name>

    set default-cos <default CoS value 0-7>

    set trust-dot1p-map <Dot1p map name>

    set trust-ip-dscp-map <DSCP map name>

    set queue-policy <queue policy name>

    next

    end

     

  5. Configure each switch port.

     

    config switch-controller managed-switch

    edit <switch-id>

    config ports

    edit <port>

    set qos-policy <CoS policy>

    next

    end

    next

    end

     

  6. Check the QoS statistics on each switch port.

     

    diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>