Description

This article describes how the interface bandwidth and shaping graphs are generated, which helps to understand, why accurate correlation between both graphs is not always possible.

Scope

FortiManager 7.0, 7.2, 7.4 and 7.6.

Solution

Shaping interface graph and outbound traffic bandwidth graph can not be accurately correlated. For example, the peak observed in the picture below reaches 2.4 Mbps in traffic shaping graph while only 1.5 Mbps in the outbound interface bandwidth graph:

Interface Bandwidth:

FortiManager uses an API request /api/v2/monitor/system/traffic-history/interface to query FortiOS.

{"http_method":"GET","results":
{"tx":[
{"utc_ms":1750070938000,"bps":9792},
{"utc_ms":1750070950000,"bps":1872},
{"utc_ms":1750070962000,"bps":176},
..]
"rx":[
{"utc_ms":1750070938000,"bps":117536},
{"utc_ms":1750070950000,"bps":101984},
{"utc_ms":1750070962000,"bps":100536}
..]

Same API information can be displayed via FortiOS CLI command:

diagnose debug traffic history <interface> <period 0 for hour, 1 for day, 2 for week>

• By default, interface bandwidth graph is created with 300 tx and 300 rx values for each period of time:

• Per hour - every 12 seconds.
• Per day - every 288 seconds.
• Per week - every 2016 seconds.

For interface bandwidth, the bits per second (bps) provided by FortiOS, are obtained calculating an average within each period of time, using the following formula:

Traffic Shaping:

FortiManager uses the API request /api/v2/monitor/firewall/shaper/multi-class-shaper to query FortiOS.

"http_method":"GET","results":
[{"interface":"wan1","bandwidth":100000,"default_class":7,"active_classes":

[{"class_id":7,"class_name":"BestEffort","allocated_bandwidth":28000,"guaranteed_bandwidth":28000,"max_bandwidth":95000,

"current_bandwidth":1564,"priority":"low","forwarded_bytes":1917943,"dropped_packets":0,"dropped_bytes":0}

The following CLI command in FortiOS can be used to observe the same API information, including current-bandwidth value, when the interface belongs to SD-WAN:

diagnose netlink interface list <interface>

By default, FortiManager requests FortiOS for the traffic shaping information via API each 30 seconds(default in FortiManager 7.6).

For interface shaping, the bits per second are obtained based on the 'current_bandwidth' value, at the very moment of the API request and with no average within the time frame being calculated. The 'current bandwidth' value is very instantaneous, changing at the millisecond level.

Interface shaping information is stored in FortiManager RTM database and can be exported via FortiManager CLI command:

execute backup rtm (scp|scp|sftp) <device-name> <ip:port> <directory> <username>

Time intervals to request API information for multi-class-shaper can be listed and modified via FortiManager CLI command:

diagnose rtm profile list

diagnose rtm profile update check-interval shaper <secs>

Conclusions:

Due to collecting data in different time periods and more importantly, because of lack of average calculation for current bandwidth value in shaping graphs, both graphs cannot be always accurately compared.

This is not apparent using synthetic traffic with constant bandwidth but should be easily observed when using real traffic.