Configuring FortiSwitch QoS
|
FortiSwitch uses “queue-7” for network control and critical management traffic. To avoid affecting critical network control and management traffic, do not oversubscribe queue-7 or avoid using queue-7 for data traffic when configuring QoS. |
This section provides procedures for the following configuration tasks:
- Configure an 802.1p map
- Configure a DSCP map
- Configure the QoS egress policy
- Configure the egress drop mode
- Configure the switch ports
- Configure QoS on trunks
- Configure QoS on VLANs
- Configure CoS and DSCP markings
Configure an 802.1p map
Using the GUI:
- Go to Switch > QoS > 802.1p.
- Select Add Map.
- Enter the name of your 802.1p map.
- Enter a description of your 802.1p map.
- Select the queue number for each priority.
- Select Add Map.
Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.
Using the CLI:
You can configure an 802.1p map, which defines a mapping between IEEE 802.1p CoS values (from incoming packets on a trusted interface) and the egress queue values.
If you want to enable priority tagging on outgoing frames, enable the egress-pri-tagging option. This option is disabled by default.
NOTE: “Priority tagging” refers to adding a VLAN tag to untagged traffic with with VLAN 0 and a valid priority value. If the port is configured to transmit packets with a valid VLAN, priority tagging is not applicable.
config switch qos dot1p-map
edit <dot1p map name>
set description <text>
set [priority-0|priority-1|priority-2|....priority-7] <queue number>
set egress-pri-tagging {disable | enable}
next
end
For example:
config switch qos dot1p-map
edit "test1"
set priority-0 queue-2
set priority-1 queue-0
set priority-2 queue-1
set priority-3 queue-3
set priority-4 queue-4
set priority-5 queue-5
set priority-6 queue-6
set priority-7 queue-7
set egress-pri-tagging enable
next
end
Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.
Use the set default-cos command to set a different default CoS value, ranging from 0 to 7:
config switch interface
edit port1
set default-cos <0-7>
NOTE: The set default-cos command is not available on the following FortiSwitch models: 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448D-POE, 448D-FPOE, 224E, 224E-POE, 248E-POE, and 248E-FPOE.
Configure a DSCP map
A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values.
Using the GUI:
- Go to Switch > QoS > IP/DSCP.
- Select Add Map.
- Enter the name of your DCSP map.
- Enter a description of your DCSP map.
- Select which queue to configure.
- Select the differentiated services to use.
- Select the IP precedence to use.
- Enter the raw values to use.
- Select Add Map.
Using the CLI:
config switch qos ip-dscp-map
edit <ip-dscp map name>
set description <text>
config map
edit <entry-name1>
set diffserv [ [ AF11 | AF12 | AF13 | AF21 | AF22 | AF23 | AF31 | AF32 | AF33 | AF41 | AF42 | AF43 | CS0 | CS1 | CS2 | CS3 | CS4 | CS5 | CS6 | CS7 | EF ]
set ip-precedence [ Network Control | Internetwork Control | Critic/ECP | Flash Override | Flash, Immediate | Priority | Routine ]
set value <dscp raw value>
set cos-queue <queue number>
next
end
end
The following example defines a mapping for two of the DSCP values:
config switch qos ip-dscp-map
edit "m1"
config map
edit "e1"
set cos-queue 0
set ip-precedence Immediate
next
edit "e2"
set cos-queue 3
set value 13
next
end
next
end
Configure the QoS egress policy
In a QoS egress policy, you set the scheduling mode (Strict, Round Robin, or Weighted Round Robin) for the policy, and configure one or more CoS queues.
The QoS egress policy includes the following settings:
- min-rate (minimum rate in kbps) or min-rate-percent (minimum percentage)
- max-rate (maximum rate in kbps) or max-rate-percent (maximum percentage)
- drop policy: tail drop, RED, or WRED
- weight value (applicable if the policy schedule is weighted)
Using the GUI:
- Go to Switch > QoS > Egress Policy.
- Select Add Policy.
- Enter the name of your QoS egress policy.
- Select the scheduling mode to use.
- For each queue, enter a description, select the drop policy to use, and enter the minimum rate in kbps, maximum rate in kbps, weight value, and WRED slope. If you select Weighted Random Early Detection Drop Policy, you can use ECN marking by selecting the ECN checkbox.
- Select Add.
Using the CLI:
config switch qos qos-policy
edit <policy_name>
set rate-by {kbps | percent}
set schedule {strict | round-robin | weighted}
config cos-queue
edit [queue-0 ... queue-7]
set description <text>
set drop-policy {taildrop | weighted-random-early-detection}
set ecn {enable | disable}
set max-rate <rate kbps>
set min-rate <rate kbps>
set max-rate-percent <percentage>
set min-rate-percent <percentage>
set weight <value>
set wred-slope <value>
next
end
next
end
Configure the egress drop mode
NOTE: To see which models support this feature, refer to the FortiSwitch feature matrix.
When there are too many packets going through the same egress port, you can choose whether packets are dropped on ingress or egress.
Use the following commands to set the drop mode:
config switch physical-port
edit <port>
set egress-drop-mode <disabled | enabled>
end
| Variable | Description |
|---|---|
| disabled | Drop packets on ingress. |
| enabled | Drop packets on egress. |
NOTE: Because too many packets are going through the same egress port, you might want to use the pause frame for flow control on the ingress side. To see the pause frame on ingress, enable the flow control “tx” on the ingress interface and disable egress-drop-mode on the egress interface.
Configure the switch ports
You can configure the following QoS settings on a switch port or a trunk:
- trust dot1p values on ingress traffic and the dot1p map to use
- trust ip-dscp values on ingress traffic and the ip-dscp map to use. (NOTE: Trust the dot1p values or the ip-dscp values but not both.)
- an egress policy for the interface
- a default CoS value (for packets with no CoS value)
If neither of the trust policies is configured on a port, the ingress traffic is mapped to queue 0 on the egress port.
If no egress policy is configured on a port, the FortiSwitch unit applies the default scheduling mode (that is, round-robin).
Using the GUI:
- Go to Switch > Interface > Physical.
- Select the switch port to update and then select Edit.
- Select the QoS egress policy in the QoS Policy drop-down list.
- Select the 802.1p map in the Trust 802.1p drop-down list.
- Select the DSCP map in the Trust IP-DSCP drop-down list.
- Select OK.
Using the CLI:
config switch interface
edit <port>
set trust-dot1p-map <map-name>
set trust-ip-dscp-map <map-name>
set qos-policy < policy-name >
set default-cos <default cos value 0-7>
next
end
NOTE: The set default-cos command is not available on the following FortiSwitch models: 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448D-POE, 448D-FPOE, 224E, 224E-POE, 248E-POE, and 248E-FPOE.
Configure QoS on trunks
Configuring QoS on trunk interface follows the same configuration steps as for a switch port (configure a Dot1p/DSCP map and an egress policy).
When you add a port to a trunk, the port inherits the QoS configuration of the trunk interface. A port member reverts to the default QoS configuration when it is removed from the trunk interface.
Using the GUI:
- Go to Switch > Interface > Trunk.
- Select the trunk to update and then select Edit.
- Select the QoS egress policy in the QoS Policy drop-down list.
- Select the 802.1p map in the Trust 802.1p drop-down list.
- Select the DSCP map in the Trust IP-DSCP drop-down list.
- Select OK.
Using the CLI:
The following example shows QoS configuration on a trunk interface:
config switch interface
edit "tr1"
set snmp-index 56
set trust-dot1p-map "dot1p_map1"
set default-cos 1
set qos-policy "p1"
next
end
When you configure an egress QoS policy with rate control on a trunk interface, that rate control value is applied to each port in the trunk interface. The FortiSwitch unit does not support an aggregate value for the whole trunk interface.
NOTE: The set default-cos command is not available on the following FortiSwitch models: 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448D-POE, 448D-FPOE, 224E, 224E-POE, 248E-POE, and 248E-FPOE.
Configure QoS on VLANs
You can configure a CoS queue value for a VLAN by creating an ACL policy:
config switch acl ingress
edit 1
config action
set cos-queue 7
set count enable
end
config classifier
set vlan-id 200
end
set ingress-interface "port25"
set status active
end
Configure CoS and DSCP markings
You can classify a packet by matching the CoS value, DSCP value, or both CoS and DSCP values. You can also configure the action to set the CoS marking value, DSCP marking value, or both.
config switch acl ingress
edit <policy-id>
config classifier
set cos <802.1Q CoS value to match>
set dscp <DSCP value to match>
end
config action
set remark-cos <0-7>
set remark-dscp <0-63>
end
For example:
config switch acl ingress
edit 1
config classifier
set src-mac 11:22:33:44:55:66
set cos 2
set dscp 10
end
config action
set count enable
set remark-cos 4
set remark-dscp 20
end
set ingress-interface port2
set status active
end