Configuring QoS with managed FortiSwitch units
Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.
NOTE: FortiGate does not support QoS for hard or soft switch ports.
FortiSwitch supports the following QoS configuration capabilities:
- Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
- Providing eight egress queues on each port. l Policing the maximum data rate of egress traffic on the interface.
To configure the QoS for managed FortiSwitch units:
- Configure a Dot1p map.
A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.
NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.
config switch-controller qos dot1p-map edit <Dot1p map name> set description <text> set priority-0 <queue number> set priority-1 <queue number> set priority-2 <queue number>
FortiGate CLI support for FortiSwitch features (on non-FortiLink ports)
set priority-3 <queue number> set priority-4 <queue number> set priority-5 <queue number> set priority-6 <queue number> set priority-7 <queue number>
next
end
- Configure a DSCP map.
A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices: o network-control—Network control o internetwork-control—Internetwork control o critic-ecp—Critic and emergency call processing (ECP) o flashoverride—Flash override o flash—Flash o immediate—Immediate
o priority—Priority o routine—Routine
config switch-controller qos ip-dscp-map edit <DSCP map name> set description <text> configure map <map_name> edit <entry name> set cos-queue <COS queue number>
set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF |
CS6 | CS7} set ip-precedence {network-control | internetwork-control | critic-ecp
| flashoverride | flash | immediate | priority | routine} set value <DSCP raw value>
next
end
end
- Configure the egress QoS policy.
In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
- With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
- In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
- In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.
config switch-controller qos queue-policy edit <QoS egress policy name> set schedule {strict | round-robin | weighted} config cos-queue
Synchronizing the FortiGate unit with the managed FortiSwitch units
edit [queue-<number>] set description <text> set min-rate <rate in kbps> set max-rate <rate in kbps>
set drop-policy {taildrop | random-early-detection} set weight <weight value>
next
end
next
end
- Configure the overall policy that will be applied to the switch ports.
config switch-controller qos qos-policy edit <QoS egress policy name> set default-cos <default CoS value 0-7> set trust-dot1p-map <Dot1p map name> set trust-ip-dscp-map <DSCP map name> set queue-policy <queue policy name>
next
end
- Configure each switch port.
config switch-controller managed-switch edit <switch-id> config ports edit <port> set qos-policy <CoS policy>
next
end
next
end