FortiOS流量整形（traffic shaping）功能的介绍

jsnak

设备型号：Fortigate 100A
系统版本：3.0 MR7 U2

中文总结：本文主要说明飞塔的OS默认设置是所有通讯均为高优先级（既0模式），此时你手工对各种通讯设置高中低优先级模式是无效的，只有通过CLI手工设置默认通讯为低优先级（既2模式），才能达到划分高中低优先级的通讯的意向。
FortiOS Traffic Shaping and How it Work
Every FortiGate physical interface has its own queues, FortiOS uses three different ones: high, medium, and low priority. The priority value indicates which queue the packet is added to and in what order the packets exit that interface.
Virtual interfaces (for example, VLANs) share the physical interface queues. Virtual interfaces do not have their own queues. All virtual interfaces bound to a particular physical interface will share the same queues of the physical interface.
Inter-VDOM links have a single FIFO (First in, first out) queue (No QoS or traffic shaping).
When the packet is queued it chooses a queue and checks the queue length against the aggregate queue size for the interface, not the length of that particular queue.
There is a single maximum length on the device, but each queue can have up to that many packets.
So, if the queue length is X there can be 3X packets queued, X packets at each of the 3 priorities.
Thus the low priority traffic does not affect the high priority traffic except indirectly on low end units because memory is tight and the more packets that are allocated the more time it takes to find free memory.
How priority is assigned :

All traffic received from a device defaults to the system default. The default is "high" (see tos-based-priority in config system global).

During input processing the priority is re-calculated based on the TOS (Type of Service) bits and the current TOS setting. The default maps all traffic to the high priority. This can be changed using config system tos-based-priority. You can check the default setting using a diagnose command :-
# diag sys tos-based-priority list
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Where 0 means high, 1 means medium and 2 means low. For example, if I change the global default :
# config system global
(global)# set tos-based-priority low
(global)# end
# diag sys tos-based-priority list
2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

If traffic shaping is enabled then the packet priority is set to whatever value is in the shaper configuration. However, if the packet does not push the bandwidth over the guaranteed bandwidth for that shaper then the priority is unconditionally set to high (0).
So, even if you give VoIP traffic a high priority, unless you change the global default then all the FTP traffic will also be high and be on the same queue. As a result the high priority VoIP traffic can get interrupted by the FTP traffic.
You can change the global priority as described above to fix this problem. You can also adjust the TOS based priority if the traffic has different TOS bits assigned for different traffic types. FortiOS traffic shaping acts more like traffic limiting and the guaranteed bandwidth is a best effort.
By adjusting the priorities as described above, it should be possible to shape traffic to meet your requirements.


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/74227/showart_1924122.html