In today’s high-demand network environments, real-time voice, video, and critical business applications compete for finite bandwidth. Organizations need the ability to intelligently manage traffic, ensuring that mission-critical data always gets priority. This capability is known as Quality of Service (QoS).
Fortinet platforms like FortiGate and FortiSwitch, integrated within the Fortinet Security Fabric, provide advanced QoS mechanisms to control traffic, guarantee performance for latency-sensitive applications, and improve network efficiency.
Table of Contents
- Part 1: What is QoS and Why It Matters
- Part 2: Key Performance Parameters Managed by QoS
- Part 3: Fortinet QoS Techniques and Architecture
- Part 4: Best Practices for Fortinet QoS Implementation
- Part 5: People Also Ask
Part 1: What is QoS and Why It Matters
Quality of Service (QoS) refers to mechanisms that control network traffic to ensure critical applications perform reliably even under network congestion. It provides priority levels to different applications, users, or data flows and guarantees bandwidth, low latency, and minimal packet loss.
QoS is essential for:
- Voice over IP (VoIP) and videoconferencing
- Streaming media and cloud applications
- Business-critical applications requiring guaranteed performance
Before implementing QoS, organizations must identify traffic types that are critical, bandwidth-intensive, or latency-sensitive to design effective QoS policies.
Part 2: Key Performance Parameters Managed by QoS
QoS ensures optimal performance by managing:
- Delay (Latency): Time for a packet to travel from source to destination; reduced via traffic prioritization.
- Jitter: Variation in packet arrival times affecting voice/video quality.
- Packet Loss: Data lost due to congestion or inefficiency; QoS decides which packets to drop if necessary.
- Bandwidth: Ensures critical flows receive guaranteed capacity without starving other traffic.
Part 3: Fortinet QoS Techniques and Architecture
FortiGate and FortiSwitch use a combination of traffic shaping, policing, and queuing to enforce QoS.
- Traffic Policing: Drops packets exceeding defined limits.
- Traffic Shaping: Guarantees minimum bandwidth, limits maximum usage, smooths traffic flow.
- Queuing: Assigns packets to priority queues; higher priority traffic is transmitted first.
Classification and Marking
- Layer 3 (DSCP/ToS): Marks packets at the IP layer for priority; DSCP uses a 6-bit field with 64 values.
- Layer 2 (CoS/802.1p): Marks packets in the Ethernet frame; priority ranges 0–7.
FortiGate QoS Implementation
- Uses ToS-based and security policy priority to distribute traffic across six queues per interface.
- Default queue is 0 if no prioritization is set.
- Bandwidth guarantees ensure critical traffic is prioritized; excess traffic may drop to queue 0 if limits are exceeded.
FortiSwitch QoS Implementation
- Supports 802.1p mapping, DSCP mapping, egress policies, and queue scheduling algorithms (SP, WRR, WRED/RED).
- Queue 7 is reserved for control traffic like STP and LLDP.
- SP (Strict Priority) ensures latency-sensitive traffic (VoIP/video) always wins; WRR ensures fairness.
Part 4: Best Practices for Fortinet QoS Implementation
- Identify and Classify Traffic: Prioritize latency-sensitive (VoIP), high-bandwidth, and revenue-critical applications.
- Avoid Dual Prioritization: Use either ToS-based or security policy priority; avoid mixing both.
- Manage Bandwidth Guarantees Carefully: Only assign guaranteed bandwidth to key services.
- Set Accurate Limits: Prevent excessive packet drops due to overly restrictive policies.
- Use UDP for Testing: Provides more accurate measurement than TCP under congestion.
- Avoid Oversubscription: Ensure sum of guaranteed bandwidth < available outbandwidth.
- FortiSwitch Trust Settings: Do not enable Dot1p and DSCP trust on the same interface/port simultaneously.
A robust QoS policy acts like an airline gate agent, ensuring critical “passengers” (VoIP/video packets) get priority lanes while bulk transfers wait in economy queues.
Part 5: People Also Ask
How to do QoS on FortiGate?
Configuring QoS on FortiGate involves:
1. Determine Priority: Use ToS-based priority or security policy priority to classify traffic.
2. Assign Queues: Traffic is allocated to six possible queues per interface. Default is queue 0 if no priority is set.
3. Manage Bandwidth: Use Traffic Policing to drop excess packets and Traffic Shaping to guarantee minimum rates without exceeding maximum.
Best practice: Configure either ToS-based or security policy priority, but not both, to simplify troubleshooting.
Is QoS layer 2 or 3?
QoS operates at both Layer 2 and Layer 3:
- Layer 2 (Data Link): Uses Class of Service (CoS) via 802.1p to mark Ethernet frames.
- Layer 3 (Network): Uses DSCP (Differentiated Services Code Point) in the IP header.
Is it better to have QoS on or off?
Depends on network requirements:
- Recommended ON: For latency-sensitive or high-bandwidth traffic (VoIP, video conferencing, streaming), QoS ensures performance and reliability.
- Use with Caution: Misconfigured QoS can increase complexity and introduce overhead; always identify critical traffic first.
What is 0-7 priority level in QoS?
The 0-7 range represents 802.1p CoS priority:
- 0: Lowest priority (Best Effort)
- 7: Highest priority
- On FortiSwitch, queue 7 is usually reserved for control traffic such as STP and LLDP.
Expertise Builds Trust
20+ Years • 200+ Countries • 21500+ Customers/Projects
CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert