Configuring QoS with managed FortiSwitch units
Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.
NOTE: The FortiGate unit does not support QoS for hard or soft switch ports.
The FortiSwitch unit supports the following QoS configuration capabilities:
- Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
- Providing eight egress queues on each port.
- Policing the maximum data rate of egress traffic on the interface.
- If you select
weighted-random-early-detection
for thedrop-policy
, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
To configure the QoS for managed FortiSwitch units:
- Configure a Dot1p map.
A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.
NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.config switch-controller qos dot1p-map
edit <Dot1p map name>
set description <text>
set priority-0 <queue number>
set priority-1 <queue number>
set priority-2 <queue number>
set priority-3 <queue number>
set priority-4 <queue number>
set priority-5 <queue number>
set priority-6 <queue number>
set priority-7 <queue number>
next
end
- Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
network-control
—Network controlinternetwork-control
—Internetwork controlcritic-ecp
—Critic and emergency call processing (ECP)flashoverride
—Flash overrideflash
—Flashimmediate
—Immediatepriority
—Priorityroutine
—Routine
config switch-controller qos ip-dscp-map
edit <DSCP map name>
set description <text>
configure map <map_name>
edit <entry name>
set cos-queue <COS queue number>
set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}
set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}
set value <DSCP raw value>
next
end
end
- Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
- With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
- In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
- In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.
config switch-controller qos queue-policy
edit <QoS egress policy name>
set schedule {strict | round-robin | weighted}
config cos-queue
edit queue-<number>
set description <text>
set min-rate <rate in kbps>
set max-rate <rate in kbps>
set drop-policy {taildrop | weighted-random-early-detection}
set ecn {enable | disable}
set weight <weight value>
next
end
next
end
- Configure the overall policy that will be applied to the switch ports.
config switch-controller qos qos-policy
edit <QoS egress policy name>
set default-cos <default CoS value 0-7>
set trust-dot1p-map <Dot1p map name>
set trust-ip-dscp-map <DSCP map name>
set queue-policy <queue policy name>
next
end
- Configure each switch port.
config switch-controller managed-switch
edit <switch-id>
config ports
edit <port>
set qos-policy <CoS policy>
next
end
next
end
- Check the QoS statistics on each switch port.
diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>