Issue with outbound/upload traffic speed from small models

Products
FortiGate v6.2
FortiGate v6.4

Description

This article describes issue and fix with slow upload speed on small FortiGate models.

Limited upload speeds are caused by TCP Saw-toothing when burst traffic goes over speed
restrictions.
Root cause is that the FortiGate does not queue traffic properly and burst control is to be
applied on exit interface.

Scope

For version 6.2.1 and above.

Solution

To simplify the configuration.

Configure a traffic class.

# config firewall traffic-class

edit 10
set class-name "speedup"
next
end

Put all traffic as 'default-class-id 10' and that is used for all traffic.

Apply percentage guaranteed to 80% and maximum to 96% in traffic shaping of the interface
bandwidth that is set at 880MB.

# config firewall shaping-profile

edit <profile name>
set type queuing
set default-class-id 10
# config shaping-entries
edit 1
set class-id 10
set guaranteed-bandwidth-percentage 80
set maximum-bandwidth-percentage 96
set burst-in-msec 100 <range from 0 to 2000>
set cburst-in-msec 200 <range from 0 to 2000>
end
end

Adjust the ceiling burst : cburst value so that the cburst value in below command shows higher
than the burst traffic value.
As the value in msec 100 is 50% to 200 is 90% of the (outbandwidth) ceiling burst speed that
can be achieved.

Introduce other class-IDs, if needed.

These values can be adjusted.

This can be checked through commands:

# diagnose netlink intf-class list wan2
# diagnose netlink intf-qdisc list wan2

Below configuration is to apply the outbandwidth to 880MB overall 900MB.

# config system interface
edit wan2
set outbandwidth 880000
set egress-shaping-profile <name of shaping-profile>
end
end