Description
This article describes issue and fix with slow upload speed on small FortiGate models.
Limited upload speeds are caused by TCP Saw-toothing when burst traffic goes over speed restrictions.
Root cause is that the FortiGate does not queue traffic properly and burst control is to be applied on exit interface.
Scope
For version 6.2.1 and above.
Solution
To simplify the configuration.
Configure a traffic class.
# config firewall traffic-class
edit 10
set class-name "speedup"
next
end
Put all traffic as 'default-class-id 10' and that is used for all traffic.
Apply percentage guaranteed to 80% and maximum to 96% in traffic shaping of the interface bandwidth that is set at 880MB.
# config firewall shaping-profile
edit <profile name>
set type queuing
set default-class-id 10
# config shaping-entries
edit 1
set class-id 10
set guaranteed-bandwidth-percentage 80
set maximum-bandwidth-percentage 96
set burst-in-msec 100 <range from 0 to 2000>
set cburst-in-msec 200 <range from 0 to 2000>
end
end
Adjust the ceiling burst : cburst value so that the cburst value in below command shows higher than the burst traffic value.
As the value in msec 100 is 50% to 200 is 90% of the (outbandwidth) ceiling burst speed that can be achieved.
Introduce other class-IDs, if needed.
These values can be adjusted.
This can be checked through commands:
# diagnose netlink intf-class list wan2
# diagnose netlink intf-qdisc list wan2
Below configuration is to apply the outbandwidth to 880MB overall 900MB.
# config system interface
edit wan2
set outbandwidth 880000
set egress-shaping-profile <name of shaping-profile>
end
end
