Technical Tip: IPv4 interface-based traffic shaping

Description

This article describes IPv4 interface-based traffic shaping.

Scope

FortiGate.

Solution

NP6, NP6Xlite, and NP6lite offloading of IPv4 interface-based in-bandwidth and out-bandwidth traffic shaping are supported by some FortiGate models.

This feature is supported for physical and LAG interfaces and not for VLAN interfaces.
If the FortiGate supports interface-based traffic shaping, use the following command to enable this feature:

config system npu
    set intf-shaping-offload enable
end

If the FortiGate does not have this command, it does not support NP6, NP6Xlite, and NP6lite offloading of sessions with interface-based traffic shaping.
For FortiGates with NP6, NP6Xlite, or NP6lite processors that do not support offloading of sessions with interface-based traffic shaping, configuring in bandwidth traffic shaping has no effect.
Configuring out bandwidth traffic shaping imposes more bandwidth limiting than configured, potentially reducing throughput more than expected.

Once support is enabled for NP6, NP6Xlite, or NP6lite, offloading of interface-based traffic shaping, use commands similar to the following to configure interface-based traffic shaping:

config system interface
    edit port1
        set outbandwidth <value>
        set inbandwidth <value>
        set ingress-shaping-profile <profile>
        set egress-shaping-profile <profile>
end

Note: Enabling NP6, NP6Xlite, or NP6lite offloading for IPv4 interface-based traffic shaping can reduce npu-offload performance. The actual impact depends on the FortiGate’s configuration and real-time network conditions. For the traffic-shaping profile to operate correctly, ASIC offloading must be disabled on the relevant firewall policy or policies; otherwise, shaping may be bypassed and not applied as expected.

Related article:

Technical Tip: Interface-based traffic shaping with NP acceleration