Hi guys,
Could anyone explain the difference between Shared and Per-IP traffic shapers? I ask this because the Fortinet documentation is different depending on the origin.
According to the Fortinet cookbook:
A Shared shaper affects upload speeds whereas Per-IP shaper affects both upload and download speeds.
According to the FortiOS Handbook and NSE4:
Shared Shaper: A shared shaper applies a total bandwidth to all traffic using that shaper. The scope can be per-policy or for all policies referencing that shaper.
Per-IP Shaper: A per-IP shaper allows you to apply traffic shaping to all source IP addresses in the security policy, and bandwidth is equally divided among the group.
Do you see the difference? What is correct?
Regards,
Julián
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Those two explanations are not necessarily different.
My understanding is as follows.
Shared Shapers affect upload speed, but all users share the set bandwidth. For example, if you set a shared shaper for Youtube of 100Mbps, then everyone uploading to youtube shares that 100Mbps. (If you want to limit the download speed from Youtube then you need to apply the shared shaper as a Reverse Shaper).
Per-IP Shapers affect the speed of the nominated users (via ip). So, if you set your entire network to a Per-IP shaper of 1Mbps, then every user will be allocated 1Mbps of bandwidth (assuming you have enough bandwidth on your outgoing link). Even if there's only one user on the network, then they will only get that 1Mbps. If there are ten users, then each gets 1Mbps for a total of 10Mbps.
Hope this helps.
Cheers,
Chris.
To say it short:
a shared shaper will share the specified bandwith among all hosts affected by the policy it is applied to (i.e. limits the total traffic).
a per ip shaper will grant the specified bandwith to any single host affected by the policy it is applied to (i.e. limits the traffic per ip).
e.g. shared shaper on 192.168.1.0/24 with 1mbit will mean all 254 Hosts together will get maximally 1mbit.
per-ip-shaper on 192.168.1.0/24 with 1mbit will mean every single one of the 254 Hosts will get maximally 1mbit each.
hth
Sebastian
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
What you mean is forward and reverse. That allows you to specify a shaper for upload and annother for download.
Shared means the specified bandwidth will be shared among all hosts the policy applies to.
Per Ip means the specified bandwith will not be shared among all hosts the policy appliles to. Instad every single host will be limited to that bandwith. If you use a per-ip shaper to even grant bandwith this will sum up per host.
Probably that is the easier way to understand that:
If you grant 1mbit to a group of hosts via shared shaper then this group alltogether get granted 1mbit.
If you do via per-ip-shaper then every single member get granted 1mbit. So the group alltogether in this case gets granted bandwith that is number of its members times 1mbit.
Or if you want the other way round: shared: all affected hosts share that bandwith - per ip: no sharing. Every single affected host gets that bandwith.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
To complete i use a shared shappers and Per-IP Shaper at the same time.
For me i define shared shappers for internet, shared shappers for email and shared shappers for VPN. Afer i define Per-IP shared for each type of the access.
All days people obtain a regular flow for all their work. Before i apply this method often heard 'on morning it's very quick and after is too slow" Today all is fine for me.
I must add set per-policy enable on each shared shappers if not control of bandwith doesn't work well.
Those two explanations are not necessarily different.
My understanding is as follows.
Shared Shapers affect upload speed, but all users share the set bandwidth. For example, if you set a shared shaper for Youtube of 100Mbps, then everyone uploading to youtube shares that 100Mbps. (If you want to limit the download speed from Youtube then you need to apply the shared shaper as a Reverse Shaper).
Per-IP Shapers affect the speed of the nominated users (via ip). So, if you set your entire network to a Per-IP shaper of 1Mbps, then every user will be allocated 1Mbps of bandwidth (assuming you have enough bandwidth on your outgoing link). Even if there's only one user on the network, then they will only get that 1Mbps. If there are ten users, then each gets 1Mbps for a total of 10Mbps.
Hope this helps.
Cheers,
Chris.
Hi Chris,
Very good explanation, more clear.
Thanks,
Julián
To say it short:
a shared shaper will share the specified bandwith among all hosts affected by the policy it is applied to (i.e. limits the total traffic).
a per ip shaper will grant the specified bandwith to any single host affected by the policy it is applied to (i.e. limits the traffic per ip).
e.g. shared shaper on 192.168.1.0/24 with 1mbit will mean all 254 Hosts together will get maximally 1mbit.
per-ip-shaper on 192.168.1.0/24 with 1mbit will mean every single one of the 254 Hosts will get maximally 1mbit each.
hth
Sebastian
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
To complete i use a shared shappers and Per-IP Shaper at the same time.
For me i define shared shappers for internet, shared shappers for email and shared shappers for VPN. Afer i define Per-IP shared for each type of the access.
All days people obtain a regular flow for all their work. Before i apply this method often heard 'on morning it's very quick and after is too slow" Today all is fine for me.
I must add set per-policy enable on each shared shappers if not control of bandwith doesn't work well.
in configuration i see that shared means upload, and reverse means download shared for many ip or user and per-ip only one user/ip
What you mean is forward and reverse. That allows you to specify a shaper for upload and annother for download.
Shared means the specified bandwidth will be shared among all hosts the policy applies to.
Per Ip means the specified bandwith will not be shared among all hosts the policy appliles to. Instad every single host will be limited to that bandwith. If you use a per-ip shaper to even grant bandwith this will sum up per host.
Probably that is the easier way to understand that:
If you grant 1mbit to a group of hosts via shared shaper then this group alltogether get granted 1mbit.
If you do via per-ip-shaper then every single member get granted 1mbit. So the group alltogether in this case gets granted bandwith that is number of its members times 1mbit.
Or if you want the other way round: shared: all affected hosts share that bandwith - per ip: no sharing. Every single affected host gets that bandwith.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi,
I think Fortinet should consider reviewing its documentation since it is ambiguous. According to Fortinet if you grant for example 10 Mbps to a group of 10 host via per-IP shaper, that bandwidth is equally divided among the group and therefore every host will get 10/10 Mbps = 1 Mbps.
The following is a NSE4 excerpt:
Per-IP Shaper: A per-IP shaper allows you to apply traffic shaping to all source IP addresses in the security policy, and bandwidth is equally divided among the group.
Regards,
Julián
What will happen if there are 2 traffic shapers applied to a single IP . Should it take the priority of the shaper applied over the top?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.