Hi Mikael, On 23.03.19 at 18:16 Mikael Abrahamsson wrote: > On Sat, 23 Mar 2019, Roland Bless wrote: > >> It's true that DSCPs may be remarked, but RFC 2474 >> already stated >> >> Packets received with an unrecognized codepoint SHOULD be forwarded >> as if they were marked for the Default behavior (see Sec. 4), and >> their codepoints should not be changed. > > https://mailman.nanog.org/pipermail/nanog/2015-May/075004.html > > https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-05/msg00654.html
This is pretty sad. The correct answer to the first question "does Internet trust IP DSCP marking?" should have been twofold: a) don't trust already present markings on ingress for your own supported PHBs (except default and LE PHBs :-) unless you have agreed with the neighboring DS domain. b) Packets received with an unrecognized DSCP SHOULD be forwarded as best effort and their DSCP should NOT be changed. The BCP to unconditionally bleach (set to 0) is IMHO simply wrong: one has to distinguish between treating as default PHB and overwriting the DSCP. For internally supported DSCPs/PHBs one typically needs to bleach (but e.g., not for LE), but for all unsupported DSCPs simply map them to the default PHB. It's true that Diffserv's major line of defense is the domain boundary that needs to protect the domain's resources against unauthorized use. So a domain that internally supports EF should not honor incoming EF marked packets from untrusted/unadmitted sources, and therefore must bleach them. For unsupported DSCPs though, one could simply _map_ them to the default PHB while retaining the DSCP. > Please note the dates, as in 4 and 14 years ago respectively. > > So please read those threads and then tell me that what you quoted above > has bearing on reality. It's clear that just setting everything to DSCP 0 is the safe option (in case one has no full control over all equipment etc.), but it has the mentioned drawback of limiting the future extensibility. Since Diffserv requires a configurable mapping of DSCP to PHB a consistent configuration should be possible, nevertheless. Regards Roland _______________________________________________ Bloat mailing list Bloat@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/bloat