Fortinet black logo

Devices Managed by FortiOS

Configuring QoS with managed FortiSwitch units

Copy Link
Copy Doc ID b66bd869-148d-11eb-96b9-00505692583a:173281
Download PDF

Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.

NOTE: The FortiGate unit does not support QoS for hard or soft switch ports.

The FortiSwitch unit supports the following QoS configuration capabilities:

  • Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
  • Providing eight egress queues on each port.
  • Policing the maximum data rate of egress traffic on the interface.
  • If you select weighted-random-early-detection for the drop-policy, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
To configure the QoS for managed FortiSwitch units:
  1. Configure a Dot1p map.

    A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.

    NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.

    config switch-controller qos dot1p-map

    edit <Dot1p map name>

    set description <text>

    set priority-0 <queue number>

    set priority-1 <queue number>

    set priority-2 <queue number>

    set priority-3 <queue number>

    set priority-4 <queue number>

    set priority-5 <queue number>

    set priority-6 <queue number>

    set priority-7 <queue number>

    next

    end

  2. Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
    • network-control—Network control
    • internetwork-control—Internetwork control
    • critic-ecp—Critic and emergency call processing (ECP)
    • flashoverride—Flash override
    • flash—Flash
    • immediate—Immediate
    • priority—Priority
    • routine—Routine

    config switch-controller qos ip-dscp-map

    edit <DSCP map name>

    set description <text>

    configure map <map_name>

    edit <entry name>

    set cos-queue <COS queue number>

    set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}

    set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}

    set value <DSCP raw value>

    next

    end

    end

  3. Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
    • With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
    • In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
    • In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.

    config switch-controller qos queue-policy

    edit <QoS egress policy name>

    set schedule {strict | round-robin | weighted}

    config cos-queue

    edit queue-<number>

    set description <text>

    set min-rate <rate in kbps>

    set max-rate <rate in kbps>

    set drop-policy {taildrop | weighted-random-early-detection}

    set ecn {enable | disable}

    set weight <weight value>

    next

    end

    next

    end

  4. Configure the overall policy that will be applied to the switch ports.

    config switch-controller qos qos-policy

    edit <QoS egress policy name>

    set default-cos <default CoS value 0-7>

    set trust-dot1p-map <Dot1p map name>

    set trust-ip-dscp-map <DSCP map name>

    set queue-policy <queue policy name>

    next

    end

  5. Configure each switch port.

    config switch-controller managed-switch

    edit <switch-id>

    config ports

    edit <port>

    set qos-policy <CoS policy>

    next

    end

    next

    end

  6. Check the QoS statistics on each switch port.

    diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>

Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.

NOTE: The FortiGate unit does not support QoS for hard or soft switch ports.

The FortiSwitch unit supports the following QoS configuration capabilities:

  • Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
  • Providing eight egress queues on each port.
  • Policing the maximum data rate of egress traffic on the interface.
  • If you select weighted-random-early-detection for the drop-policy, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
To configure the QoS for managed FortiSwitch units:
  1. Configure a Dot1p map.

    A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.

    NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.

    config switch-controller qos dot1p-map

    edit <Dot1p map name>

    set description <text>

    set priority-0 <queue number>

    set priority-1 <queue number>

    set priority-2 <queue number>

    set priority-3 <queue number>

    set priority-4 <queue number>

    set priority-5 <queue number>

    set priority-6 <queue number>

    set priority-7 <queue number>

    next

    end

  2. Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
    • network-control—Network control
    • internetwork-control—Internetwork control
    • critic-ecp—Critic and emergency call processing (ECP)
    • flashoverride—Flash override
    • flash—Flash
    • immediate—Immediate
    • priority—Priority
    • routine—Routine

    config switch-controller qos ip-dscp-map

    edit <DSCP map name>

    set description <text>

    configure map <map_name>

    edit <entry name>

    set cos-queue <COS queue number>

    set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}

    set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}

    set value <DSCP raw value>

    next

    end

    end

  3. Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
    • With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
    • In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
    • In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.

    config switch-controller qos queue-policy

    edit <QoS egress policy name>

    set schedule {strict | round-robin | weighted}

    config cos-queue

    edit queue-<number>

    set description <text>

    set min-rate <rate in kbps>

    set max-rate <rate in kbps>

    set drop-policy {taildrop | weighted-random-early-detection}

    set ecn {enable | disable}

    set weight <weight value>

    next

    end

    next

    end

  4. Configure the overall policy that will be applied to the switch ports.

    config switch-controller qos qos-policy

    edit <QoS egress policy name>

    set default-cos <default CoS value 0-7>

    set trust-dot1p-map <Dot1p map name>

    set trust-ip-dscp-map <DSCP map name>

    set queue-policy <queue policy name>

    next

    end

  5. Configure each switch port.

    config switch-controller managed-switch

    edit <switch-id>

    config ports

    edit <port>

    set qos-policy <CoS policy>

    next

    end

    next

    end

  6. Check the QoS statistics on each switch port.

    diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>