Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Acronym
New Contributor

Created on ‎06-26-2011 09:47 PM

DSCP vs Traffic shaping

We run SIP services through our customers 50b and 80c and always setup a few defaults which I have outlined below, with all this set we still seem to have a bit of degradation with some calls: -Enable traffic shaping polices to and from the PABX - guaranty 84Kb per SIP channel, and set the Priorty to High. -set the Global default tos-based-priority to medium -Disable the SIP session-helper. Our SIP traffic is being tagged with DSCP of 46, and our ISP has confirmed they prioritise traffic with DCSP of 46 and our ISP is also out SIP trunk provider. I have seen two commands that may also need to be switched on? does anyone know what these commands do to traffic that is already tagged with DSCP 46? set diffserv-forward enable set diffserv-reverse enable Does anyone know if we should be using the Traffic shaping priority in the GUI, or the set diffserv commands in the CLI, or even what the difference is? Thanks
4097
0 Kudos
2 REPLIES 2
Acronym
New Contributor

Created on ‎06-27-2011 03:17 PM

I enabled these two CLI commands on my incoming and outgoing firewall rules that control the PABX traffic, these firewall rules also have the traffic shaping guarantee and priority enabled. set diffserv-forward enable set diffserv-reverse enable After enabling these CLI commands the voice quality was even worse. Maybe these commands are only used if you want to tag a DSCP value to traffic that is not already tagged? and these commands should not be used in conjunction with the traffic shaping priority??
748
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎06-28-2011 08:05 AM

set diffserv-forward enable
suggestion: Did you also set the appropiate DSCP codepoint for the traffic for any reverse or forwarded traffic? ie ( under your fwpolicies ) set diffservcode-forward 101110 (aka EF , dec 46 ) That would pass DSCP value 0x46 for any traffic being sent. I would also sniff it out to validate that it' s being set & classified. You ISP/ITSP should also be able to confirm or disconfirm, that' s it' s being set and depending on your switch, you can validate DCSP. If you have cisco, you might want to trust DSCP from the fortigate & ITSP access ports. Either way, get a capture before and after & review the DSCP settings with tcpdump or wireshark. Wireshark, would also be great for voice and telephony analyzer. hope this helps

PCNSE 

NSE 

StrongSwan  

748
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.