Hello,
I want to deploy the following very simple traffic shaping scenario:
port1---WAN---> High priority
port2---WAN---> Low priority
I have set two shared shapers for that:
High: Traffic priority - High, Max BW = 6000, Guaranteed BW = 2000, DSCP = OFF
Low: Traffic priority = Low, all other settings are OFF
With these settings, a client PC that is browsing from port2 (low priority) is taking all the BW and the high priority traffic is not served.
When I set Max BW at the Low priority shaper, both shapers are served.
I was assuming that when the priority is set to Low to a traffic shaper, all traffic should be put a low priority no matter the bandwidth. Therefore it shouldn't matter if you have set a Max BW or not. However I notice that the Max BW really matters at Low priority shaper.
Can somebody explain to me how the traffic shaper is working at low priority in respect of the Max BW setting? How does the low priority shaper is working, when the Max BW setting is set to OFF?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Graham,
Your explanation seems to be reasonable and explains the behavior. The WAN is a satellite link (the deployment is at a ship). I don't know whether the ISP is doing any kind of shaping or not; I can certainly try to find out. Firstly I wanted to ensure that my traffic shaping in the FG works. I confirm that when I set max bw, it worked and I think we can proceed as such. Besides, all the configuration examples I have seen, are setting the max bw.
Cheers
Are you using shaping profile on your WAN interface and putting the two traffic definitions into classes? Or are you using using a shared shaper?
Also consider that low-priority traffic should defer to high-priority traffic shaper policy only when there is traffic on that policy. Are you saying that in your current set up even when there is traffic passing through the high priority shaper it is not getting the guaranteed bandwidth that you set for it?
I'm using shared shaper.
In my test, the high priority traffic was a continuous ping, so yes, there was traffic at the high priority queue and it was completely stopped for the low priority to pass (the low priority traffic at that time, was a file download, so this was a TCP. I'm not sure if that matters or not).
Thanks a lot for the reply :)
OK couple things here.....
If pings were dropping when you were downloading a file that was probably more to do with your WAN link than your shaper. What kind of WAN link are you using? You may need to limit your bandwidth usage overall using policing as it sounds like you're experiencing buffer bloat from the ISPs shaper.
The likely reason things work when you set max bw on the low priority shaper is because you aren't starving/saturating your WAN link.
The Fortigate is very likely trying to service those high priority pings ahead of the low bandwidth traffic but because your WAN link is arleady starved there's nothing the FGT can do.
If you have low priority traffic it would be a good idea to restrict its max bandwidth anyway.
Hello Graham,
Your explanation seems to be reasonable and explains the behavior. The WAN is a satellite link (the deployment is at a ship). I don't know whether the ISP is doing any kind of shaping or not; I can certainly try to find out. Firstly I wanted to ensure that my traffic shaping in the FG works. I confirm that when I set max bw, it worked and I think we can proceed as such. Besides, all the configuration examples I have seen, are setting the max bw.
Cheers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.