[Bloat] [Ecn-sane] [iccrg] Fwd: [tcpPrague] Implementation and experimentation of TCP Prague/L4S hackaton at IETF104

Roland Bless roland.bless at kit.edu
Sat Mar 23 15:45:27 EDT 2019


Hi Mikael,

On 23.03.19 at 18:16 Mikael Abrahamsson wrote:
> On Sat, 23 Mar 2019, Roland Bless wrote:
> 
>> It's true that DSCPs may be remarked, but RFC 2474
>> already stated
>>
>>   Packets received with an unrecognized codepoint SHOULD be forwarded
>>   as if they were marked for the Default behavior (see Sec. 4), and
>>   their codepoints should not be changed.
> 
> https://mailman.nanog.org/pipermail/nanog/2015-May/075004.html
> 
> https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-05/msg00654.html

This is pretty sad. The correct answer to the first question
"does Internet trust IP DSCP marking?" should have been twofold:
a) don't trust already present markings on ingress
  for your own supported PHBs (except default and LE PHBs :-)
  unless you have agreed with the neighboring
  DS domain.
b) Packets received with an unrecognized DSCP SHOULD be forwarded
   as best effort and their DSCP should NOT be changed.

The BCP to unconditionally bleach (set to 0) is IMHO simply wrong: one
has to distinguish between treating as default PHB and overwriting the
DSCP. For internally supported DSCPs/PHBs one typically needs to bleach
(but e.g., not for LE), but for all unsupported DSCPs simply map them to
the default PHB.
It's true that Diffserv's major line of defense is the domain
boundary that needs to protect the domain's resources against
unauthorized use. So a domain that internally supports EF should not
honor incoming EF marked packets from untrusted/unadmitted sources, and
therefore must bleach them. For unsupported DSCPs though,
one could simply _map_ them to the default PHB while retaining the DSCP.

> Please note the dates, as in 4 and 14 years ago respectively.
> 
> So please read those threads and then tell me that what you quoted above
> has bearing on reality.

It's clear that just setting everything to DSCP 0 is the safe option
(in case one has no full control over all equipment etc.),
but it has the mentioned drawback of limiting the future extensibility.
Since Diffserv requires a configurable mapping of DSCP to PHB
a consistent configuration should be possible, nevertheless.

Regards
 Roland



More information about the Bloat mailing list