Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Blogs
- Fortinet Community
- Blogs
- Understanding Quality of Service (QoS) in Networks...
sachitdas_FTNT
Staff
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
06-02-2025
04:57 AM
What Is QoS?
QoS (Quality of Service) refers to the ability of a network to provide different priority levels to different applications, users, or data flows, or to guarantee a certain level of performance.
QoS helps ensure:
- Low latency for real-time traffic (VoIP, video)
- High throughput for bulk data transfers
- Fair bandwidth allocation between users
QoS at Different Layers
1. Layer 2: Ethernet – Class of Service (CoS)
QoS at Layer 2 is applied using the 802.1p standard, which embeds priority information in the Ethernet frame.
Ethernet Frame (with 802.1Q VLAN Tag)
+-------------+-------------+-------------+-------------+-------------+-------------+
| Dest. MAC | Src. MAC | Tag (TPID) | 802.1p/VID | Ethertype | Payload |
| 6 bytes | 6 bytes | 2 bytes | 2 bytes | 2 bytes | ... |
+-------------+-------------+-------------+-------------+-------------+-------------+
802.1p is a 3-bit field inside the VLAN tag (part of 802.1Q).
Values range from 0 to 7, indicating priority levels (0 = lowest, 7 = highest).
2. Layer 3: IP – DSCP (Differentiated Services Code Point)
QoS at the IP layer uses DSCP (within the ToS byte of the IP header) to mark packets.
IPv4 Header (showing DSCP)
+--------+--------+--------+--------+--------+--------+--------+--------+
| Ver | IHL | DSCP (6b) | ECN (2b) | Total Length |
+--------+--------+--------+--------+--------+--------+--------+--------+
- DSCP: 6 bits for packet classification (supports 64 values).
- ECN: 2 bits for Explicit Congestion Notification.
Common DSCP Values:
|
DSCP Name |
Binary |
Decimal |
Purpose |
|
EF |
101110 |
46 |
Expedited Forwarding (VoIP) |
|
AF31 |
011010 |
26 |
Assured Forwarding |
|
CS0 |
000000 |
0 |
Best Effort (default) |
QoS Workflow: End-to-End Flow
- Classification: Packet is tagged based on source, app, or interface.
- Marking: Set CoS (802.1p) or DSCP in the packet header.
- Queuing: Packets are placed into different queues.
- Scheduling: Algorithms (e.g., Weighted Round Robin or Strict Priority) determine send order.
- Policing/Shaping: Limit rate and control burst traffic.
Queue Scheduling Algorithms
- Strict Priority (SP): Higher-priority queues always win.
- Weighted Round Robin (WRR): Fairness by rotating queues based on weight.
- WRED/RED: Drops packets before queues overflow (for congestion control).
QoS on FortiSwitch: Implementation in Practice
FortiSwitch provides a robust implementation of QoS using both Layer 2 and Layer 3 mechanisms.
Key Components:
- 802.1p Map (CoS): Maps priorities 0–7 to specific egress queues.
- DSCP Map: Maps DSCP values (e.g., EF, AF21) to egress queues.
- QoS Policies: Configure min/max rates, queue scheduling, drop policies.
FortiSwitch QoS Best Practices:
- Reserve Queue 7 for control traffic (STP, LLDP).
- Avoid enabling trust for both CoS and DSCP on the same port.
- Use strict priority for VoIP, WRR for general traffic.
Diagram: QoS Marking and Queuing Flow
+-----------+ +-------------+ +-------------+ +------------+
| End Device|------->| Access Switch|------->| Aggregation |------->| Internet |
| DSCP = EF| | CoS = 7 | | Queuing | | Gateway |
+-----------+ +-------------+ +-------------+ +------------+
| DSCP Marking | CoS Mapping | WRR Queue |
Summary
QoS ensures that critical traffic gets the bandwidth and latency guarantees it needs. By combining Ethernet Layer 2 CoS and IP Layer 3 DSCP marking, and applying policies on devices like FortiSwitch, network administrators can ensure optimal performance for real-time and business-critical applications.
GUI Configuration Steps:-
- Configure an 802.1p Map (Layer 2 CoS):
- Navigate to Switch > QoS > 802.1p.
- Click Add Map.
- Enter a name and description for the map.
- Assign each priority level (0–7) to a desired egress queue (0–7).
- Click Add Map to save.
- Configure a DSCP Map (Layer 3 QoS):
- Go to Switch > QoS > IP/DSCP.
- Click Add Map.
- Provide a name and description.
- Select the queue number for each DSCP or IP precedence value.
- Click Add Map to save.
- Set Up a QoS Egress Policy:
- Navigate to Switch > QoS > Egress Policy.
- Click Add Policy.
- Enter a policy name.
- Choose a scheduling mode: Strict, Round Robin, or Weighted Round Robin.
- For each queue, set parameters like min/max rate, drop policy (Tail Drop, RED, or WRED), weight, and ECN marking if applicable.
- Click Add to save the policy.
- Apply the QoS Policy to Ports:
- Go to Switch > Ports.
- Select the desired port(s).
- Assign the created QoS policy to the selected port(s).
CLI Configuration Steps
1. Create an 802.1p Map:
config switch qos dot1p-map
edit "dot1p_map_name"
set description "Description"
set priority-0 0
set priority-1 1
...
set priority-7 7
next
end
2. Create a DSCP Map:
config switch qos ip-dscp-map
edit "dscp_map_name"
set description "Description"
config map
edit "entry1"
set diffserv EF
set cos-queue 3
next
edit "entry2"
set value 13
set cos-queue 2
next
end
next
end
3. Define a QoS Egress Policy:
config switch qos qos-policy
edit "policy_name"
set rate-by kbps
set schedule weighted
config cos-queue
edit queue-0
set description "Low Priority"
set min-rate 1000
set max-rate 5000
set drop-policy taildrop
next
edit queue-7
set description "High Priority"
set min-rate 5000
set max-rate 10000
set drop-policy wred
set ecn enable
next
end
next
end
4. Assign the QoS Policy to Ports:
config switch interface
edit port1
set qos-policy "policy_name"
next
end
Important Notes
Trust Settings: Avoid enabling trust for both Dot1p and DSCP on the same interface. If both are enabled, DSCP takes precedence.
Control Traffic Queue: FortiSwitch reserves queue 7 for control traffic (e.g., STP, LLDP, DHCP). Ensure this queue is not overridden by other configurations.
Model-Specific Limitations: Certain models (e.g., FS-108E, FS-124E) have restrictions, such as supporting only one dot1p-map and one ip-dscp-map per switch, and limitations on configuring min-rate or drop-policy settings
Doc Links:
https://docs.fortinet.com/document/fortiswitch/7.6.2/fortiswitchos-administration-guide/609008/qos
https://docs.fortinet.com/document/fortiswitch/7.6.2/fortiswitchos-feature-matrix
Labels:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.