Type of Service priority

Type of Service priority

Type of service (ToS) is an 8-bit field in the IP header that enables you to determine how the IP datagram should be delivered, using criteria of Delay, Throughput, Priority, Reliability, and Cost. Each quality helps gateways determine the best way to route datagrams. A router maintains a ToS value for each route in its routing table. The lowest priority ToS is 0; the highest is 7 when bits 3, 4, and 5 are all set to 1. There are other seldom used or reserved bits that are not listed here.

Together these bits are the ToS variable of the tos-based-priority command. The router tries to match the ToS of the datagram to the ToS on one of the possible routes to the destination. If there is no match, the datagram is sent over a zero ToS route. Using increased quality may increase the cost of delivery because better performance may consume limited network resources.

 

Each bit represents the priority as per RFC 1349:

  • 1000 – minimize delay
  • 0100 – maximize throughput
  • 0010 – maximize reliability
  • 0001 – minimize monetary cost

The ToS value is set in the CLI using the commands:

config system tos-based-priority edit <sequence-number>

set tos [0-15]

set priority [high | medium | low]

end

 

Where tos is the value of the type of service bit in the IP datagram header with a value between 0 and 15, and priority is the priority of this type of service priority. These priority levels conform to the firewall traffic shaping priorities, as defined in RFC 1349.

For example, if you want to configure the FortiGate unit so that reliability is the first priority, set the tos value to 4.

config system tos-based-priority edit 1

set tos 4

end

set priority high

 

For a list of ToS values and their DSCP equivalents see Traffic shaping methods on page 2476.

 

Example

config system tos-based-priority edit 1

set tos 1

set priority low next

edit 4

set tos 4

set priority medium next

edit 6

set tos 6

set priority high next

end

 

ToS in FortiOS

Traffic shaping and ToS follow the following sequence:

  • The CLI command tos-based-priority acts as a tos-to-priority mapping. FortiOS maps the ToS to a priority when it receives a packet.
  • Traffic shaping settings adjust the packet’s priority according the traffic.
  • Deliver the packet based on its priority.

 

Traffic Shaping Units of Measurement

Bandwidth speeds are measured in Kilobits per second (Kb/s), and Bytes that are sent/received are measured in megabytes (MB). Occasionally this can cause confusion depending on whether your ISP uses kilobits (kbps), kilobytes (KB), megabits per second (mbps), or gigabits per second (gbps).

 

Download Speeds

  • 1 kilobit per second (kbps) = 8 kilobytes per second (KB/s)
  • 1 megabit per second (mbps) = 1,000,000 bits per second (bps)
  • 1 gigabit per second (gbps) = 1,000 (mbps)

 

File Sizes

  • 1 megabyte (MB) = 1,024 kilobytes (KB)
  • 1 gigabyte (GB) = 1,024 megabytes (MB) or 1,048,576 kilobytes (KB)

 

To change a shaper’s unit of measurement – CLI

config firewall shaper traffic-shaper edit <shaper name>

set bandwidth-unit {kbps | mbps | gbps}

end

This entry was posted in FortiGate, FortiOS, FortiOS 5.4 Handbook and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.