Global traffic prioritization
Global traffic prioritization allows your traffic to be prioritized as high (2), medium (3), or low (4) based on ToS (type of service) or DSCP. When using ToS-based priority, integers 0 to 15 can be used, which correspond to the definitions of the ToS field values in RFC 1349. When using DSCP, values 0 to 63 can be used, which correspond to the six bits in the DSCP value.
The outbandwidth must be defined in order for global prioritization to take effect. When the outbandwidth is defined on an interface without an applied egress-shaping-profile
, the interface has a total of five priority levels:
Priority level |
Description |
---|---|
0 |
Top |
1 |
Critical |
2 |
High |
3 |
Medium |
4 |
Low |
Priority level 0 is reserved for administrative and local out traffic. Priority level 1 is used for traffic that is below guaranteed bandwidth when using a traffic shaper.
Traffic shaper and traffic shaping profile configurations take precedence over global traffic prioritization. |
CLI commands
The following commands are used to configure the prioritization either by ToS or DSCP.
To configure the traffic prioritization type and level:
config system global set traffic-priority {tos | dscp} set traffic-priority-level {high | medium | low} end
To configure the ToS-based priority table:
config system tos-based-priority edit <id> set tos <0-15> set priority (high | medium | low) next end
To configure the DSCP-based priority table:
config system dscp-based-priority edit <id> set ds <0-63> set priority (high | medium | low) next end
To configure the interface outbandwidth:
config system interface edit <name> set outbandwidth <bandwidth in kbps> next end
Example
In the following configuration, packets with DSCP markings of 1 are prioritized as high, and packets with DSCP markings of 2 are prioritized as medium. All the other traffic is prioritized as low. The outbandwidth on interface port3 is set to 1000 kbps.
To configure DSCP-based traffic prioritization:
-
Configure DSCP-based prioritization in the global settings:
config system global set traffic-priority dscp set traffic-priority-level low end
-
Configure the DSCP-based priority table:
config system dscp-based-priority edit 1 set ds 1 set priority high next edit 2 set ds 2 set priority medium next end
-
Configure the outbandwidth on port3:
config system interface edit "port3" set outbandwidth 1000 next end
Verifying the traffic prioritization
When traffic exceeds the outbandwidth of 1000 kbps, traffic prioritization will take effect. Since the form of traffic shaping applied here is policing, excess packets above the outbandwidth are dropped.
In scenario 1, approximately 300 kbps of high priority traffic and 300 kbps of medium priority traffic passes through the FortiGate on port3.
To debug the bandwidth allocation:
# diagnose netlink interface list port3 if=port3 family=00 type=1 index=5 mtu=1500 link=0 master=0 ref=35 state=start present fw_flags=3800 flags=up broadcast run allmulti multicast Qdisc=pfifo_fast hw_addr=52:54:00:fb:81:0c broadcast_addr=ff:ff:ff:ff:ff:ff outbandwidth=1000(kbps) priority=0 allocated-bandwidth=0(kbps) total_bytes=9311K drop_bytes=197K priority=1 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=2 allocated-bandwidth=354(kbps) total_bytes=20407K drop_bytes=48K priority=3 allocated-bandwidth=354(kbps) total_bytes=7093K drop_bytes=1262K priority=4 allocated-bandwidth=290(kbps) total_bytes=266018K drop_bytes=7743K stat: rxp=15450901 txp=25933756 rxb=5456860515 txb=17257309292 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1629439926 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=35
High priority (2) traffic is allocated 354 kbps of bandwidth. Medium priority (3) traffic is also allocated 354 kbps of bandwidth. The remaining bandwidth is allocated to low priority (4) traffic.
In scenario 2, approximately 400 kbps of high priority traffic and 800 kbps of medium priority traffic passes through the FortiGate on port3.
To debug the bandwidth allocation:
# diagnose netlink interface list port3 if=port3 family=00 type=1 index=5 mtu=1500 link=0 master=0 ref=36 state=start present fw_flags=3800 flags=up broadcast run allmulti multicast Qdisc=pfifo_fast hw_addr=52:54:00:fb:81:0c broadcast_addr=ff:ff:ff:ff:ff:ff outbandwidth=1000(kbps) priority=0 allocated-bandwidth=7(kbps) total_bytes=9981K drop_bytes=240K priority=1 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=2 allocated-bandwidth=425(kbps) total_bytes=31478K drop_bytes=101K priority=3 allocated-bandwidth=567(kbps) total_bytes=12056K drop_bytes=1984K priority=4 allocated-bandwidth=0(kbps) total_bytes=266795K drop_bytes=7771K stat: rxp=15461740 txp=25950805 rxb=5459688950 txb=17273940560 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1629440553 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=36
High priority (2) traffic is allocated 425 kbps of bandwidth. Medium priority (3) traffic is allocated 567 kbps of bandwidth. Since the total bandwidth required exceeds 1000 kbps, the remaining medium priority (3) traffic is dropped. In comparing the successive debug outputs, the drop_bytes
counter for medium priority (3) traffic gets bigger.