FortiGate VM版本FORTIOS V6.2.1

测试拓扑

每IP带宽最大带宽：

限制Iperf Client传输速度（包括上行和下行速度总和）为:5M

配置：

 

IPerf打流测试：

测试打30M流

客户端端观察：

C:\iperf-3.1.3-win64>iperf3.exe -c 2.2.2.2  -p 5001 -u -b 30M   -l 1K

Connecting to host 2.2.2.2, port 5001

[  4] local 192.168.10.23 port 54998 connected to 2.2.2.2 port 5001

[ ID] Interval           Transfer     Bandwidth       Total Datagrams

[ 4]   0.00-1.00   sec 3.27 MBytes  27.4 Mbits/sec  3350

[ 4]   1.00-2.00   sec 3.53 MBytes  29.6 Mbits/sec  3619

[ 4]   2.00-3.00   sec 3.64 MBytes  30.6 Mbits/sec  3732

[ 4]   3.00-4.00   sec 3.77 MBytes  31.6 Mbits/sec  3860

[ 4]   4.00-5.00   sec 3.42 MBytes  28.7 Mbits/sec  3501

[ 4]   5.00-6.00   sec 3.57 MBytes  30.0 Mbits/sec  3660

[ 4]   6.00-7.00   sec 3.67 MBytes  30.8 Mbits/sec  3763

[  4]   7.00-8.00  sec  3.68 MBytes  30.8 Mbits/sec  3768

[ 4]   8.00-9.00   sec 3.34 MBytes  28.1 Mbits/sec  3421

[ 4]   9.00-10.00  sec 3.56 MBytes  29.8 Mbits/sec  3641

- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval           Transfer     Bandwidth       Jitter   Lost/Total Datagrams

[ 4]   0.00-10.00  sec 35.5 MBytes  29.7 Mbits/sec  0.180 ms 29610/36310 (82%)

[  4] Sent 36310 datagrams

iperf Done.

 

服务器端观察：

C:\iperf-3.1.3-win64>iperf3.exe -s -p 5001

-----------------------------------------------------------

Server listening on 5001

-----------------------------------------------------------

Accepted connection from 2.2.2.1, port 61145

[  5] local 2.2.2.2 port 5001 connected to 2.2.2.1 port 54998

[ ID] Interval           Transfer     Bandwidth       Jitter   Lost/Total Datagrams

[  5]  0.00-1.00   sec  1.07 MBytes 9.00 Mbits/sec  0.159 ms  2162/3262 (66%)

[ 5]   1.00-2.00   sec  616 KBytes  5.05 Mbits/sec  0.186 ms 3071/3687 (83%)

[ 5]   2.00-3.00   sec  635 KBytes  5.21 Mbits/sec  0.153 ms 3072/3707 (83%)

[ 5]   3.00-4.00   sec  654 KBytes  5.36 Mbits/sec  0.138 ms 3127/3781 (83%)

[ 5]   4.00-5.00   sec  597 KBytes  4.89 Mbits/sec  0.160 ms 2989/3586 (83%)

[ 5]   5.00-6.00   sec  621 KBytes  5.09 Mbits/sec  0.117 ms 3049/3670 (83%)

[ 5]   6.00-7.00   sec  642 KBytes  5.25 Mbits/sec  0.141 ms 3148/3790 (83%)

[ 5]   7.00-8.00   sec  632 KBytes  5.18 Mbits/sec  0.107 ms 3074/3706 (83%)

[ 5]   8.00-9.00   sec  587 KBytes  4.80 Mbits/sec  0.160 ms 2851/3438 (83%)

[ 5]   9.00-10.00  sec  615 KBytes  5.04 Mbits/sec  0.187 ms 2961/3576 (83%)

[ 5]  10.00-10.02  sec 1.00 KBytes   409 Kbits/sec  0.180 ms 106/107 (99%)

- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval           Transfer     Bandwidth       Jitter   Lost/Total Datagrams

[ 5]   0.00-10.02  sec 0.00 Bytes  0.00 bits/sec  0.180 ms 29610/36310 (82%)

-----------------------------------------------------------

 

会话状态：

session info: proto=17 proto_state=01 duration=33 expire=160 timeout=0 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4

origin-shaper=

reply-shaper=

per_ip_shaper=5M

class_id=0 shaping_policy_id=3 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255

state=may_dirty per_ip route_preserve

statistic(bytes/packets/allow_err): org=9691056/9213/1 reply=32/1/1 tuples=2

tx speed(Bps/kbps): 291285/2330 rx speed(Bps/kbps): 0/0

orgin->sink: org pre->post, reply pre->post dev=3->4/4->3 gwy=0.0.0.0/0.0.0.0

hook=post dir=org act=snat 192.168.10.23:49631->2.2.2.2:5001(2.2.2.1:49631)

hook=pre dir=reply act=dnat 2.2.2.2:5001->2.2.2.1:49631(192.168.10.23:49631)

misc=0 policy_id=1 auth_info=0 chk_client_info=0 vd=0

serial=00000e61 tos=ff/ff app_list=0 app=0 url_cat=0

rpdb_link_id = 00000000 ngfwid=n/a

dd_type=0 dd_mode=0

 

FGT-1 # diagnose  firewall shaper  per-ip-shaper  list

name 5M

maximum-bandwidth 640 KB/sec

maximum-concurrent-session 0

tos ff/ff

packets dropped 94884

bytes dropped 99717192

         addr=192.168.10.23 status: bps=5250320 ses=3 

With per-IP traffic shaping, you can limit each IP address's behavior to avoid a situation where one user uses all of the available bandwidth. In addition to controlling the maximum bandwidth used per IP address, you can also define the maximum number of concurrent sessions for an IP address. For example, if you apply a per-IP shaper of 1 Mbps to your entire network, FortiOS allocates each user/IP address 1 Mbps of bandwidth. Even if the network consists of a single user, FortiOS allocates them 1 Mbps. If there are ten users, each user gets 1 Mbps of bandwidth, totaling 10 Mbps of outgoing traffic.

For shared shapers, all users share the set guaranteed and maximum bandwidths. For example, if you set a shared shaper for all PCs using an FTP service to 10 Mbps, all users uploading to the FTP server share the 10 Mbps.

Shared shapers affect upload speed. If you want to limit the download speed from the FTP server in the example, you must configure the shared shaper as a reverse shaper. Per-IP shapers apply the speed limit on both upload and download operations.

The following example shows how to apply a per-IP shaper to a traffic shaping policy. This shaper assigns each user a maximum bandwidth of 1 Mbps and allows each user to have a maximum of ten concurrent connections to the FTP server. In the example, FortiOS communicates with users using port10 and the FTP server using port9.

每IP带宽限速对上行和下行同时生效。只需要配置为5M，则上行和下行速度总和限速为5M。