Bad bufferbloat on WAN link. How to shape with Fortigate

Forum|Forum|7 years ago
July 16, 2018
3 replies
27259 views

Hi all,

Have recently started a new contracting gig. part of the role is implementing a voip telephone system , and I've been investigating the network a little as there are some problems with jitter and large latency spikes to handsets. Anecdotally users are also reporting "slow" internet , often when we are no where near peak capacity.

a (not managed by us) telco router/media convertor is onsite (either one or both , I see a cisco MAC from the fortigate WAN interface, its near the MDF in the building, which we don't have access to) . with a 50/50 fibre link.

RRUL testing shows pretty bad bufferbloat

I'm not very familiar with fortigate products, I don't see any option for fq_codel , HTB etc as such , which I have had some success implementing on linux based routers etc before.

Im thinking much of this problem is either because of how the ISP internet gear is buffering traffic (if its a router I can see in ARP), or its just discarding everything above 50m. I see spikes over 50mbit when the link is saturated that drop off quickly, I dont think they are letting us burst traffic though, I think its just being dropped so I need to setup some shaping outbound.

There is pretty much zero setup on the fortigate right now from the outfit that installed it. No QoS. There are Vlans but they do nothing except have slightly different subnets (all route to each other, no tagging or QoS). There are stacked DELL switches attached to the LAN, everything in the office goes through these.

Anyone have some experience trying to solve this on fortigate gear , or some tips on config?

in the past ive worked with mid band ethernet type services where its fairly essential to shape traffic before handing it off to the NTU ( a dumb layer 2 device thats just mirroring the mac from the switch in the exchance). I'm thinking if I can just shape everything at the LAN interface to slightly less than 50 this will improve, then I can work on QoS for the voice vlan etc.

Any ideas or tips? I think we can get much better performance from this service.

pireality

New Member

This is an excellent question, I wonder why nobody has responded in over 3 weeks. I would like the same assistance.

rwpatterson

New Member

Welcome to the forums guys.

There are CLI options to tell the Fortigate the bandwidth that you are subscribed to. (Both inbound and outbound. On the interface in the cli, type 'set?' and see the list of available options.) That along with proper policy shaping should quell those traffic drops and hopefully help get all you traffic through during periods of high traffic.

pireality

New Member

I have tried setting the bandwidth on the interfaces and it doesn't change the speed in my testing at all. I just used the gui, under interfaces. I continually get 120mbps down and about 12mbps up, even if I set the interface bandwidth to 50mbps and 5mpbs I still get 120/12? It is like it isn't working.

Additionally, do you have a good link on the traffic shaping piece that I could read in order to get it setup correctly?

Thanks for your speedy response BTW!

pireality

New Member

I did some testing with the DF bit set and found that packets > 1472 fail, so I set the WAN interface max mtu to 1472, however, this hasn't had any effect, like the other changes to the traffic rate on the interface.

Thanks for the answers, keep em coming!

pireality

New Member

Oh yeah, one more thing, http://evenroute.com/iqrouter/ seems to have a dynamic adjustment for line speed and apparently removes bufferbloat "automagically".

I would assume if I get the configuration you are suggesting working, I won't need that device, but I am so tired of laggy/slow connections, I'd really like to fixor one way or the other.

Thanks!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded