The default values for OpenSSH QoS markings are wrong.
They use 'lowdelay' and 'throughput' for interactive and bulk traffic, respectively. Unfortunately, these values were retired in 1998 when the low-order 2 bits of ToS field were repurposed for DSCP: originally RFC-2474 marked the lower 2 bits as 'CU' (currently unused), but they were eventually designated as ECT and CE in RFC-2481 and then as ECT0 and ECT1 in Explicit Congestion Notification (RFC-3168). The upshot of all this is that marking traffic with these obsolete markings could mean that not only is the traffic not handled as desired, but it's handled in a highly detrimental fashion (for instance, the RFC-791 designation of 'lowcost' collides with the ECT0 and CE values of RFC-3168 as well as that of obsolete RFC-2481). I'm surprised that this wasn't fixed a lot sooner (like a decade ago). For whatever reason, while OpenSSH has accepted my patches for allowing the configuration of QoS, the default values are still the obsolete ToS fields from RFC-791 which is dangerously ancient (that part of the patch was left out). The patch here itself is fortunately trivial. DSCP markings will be ignored in the majority of equipment not implementing it or where it has not been enabled. If you're forced to interoperate with some seriously braindead gear like a 10 year-old bargain Taiwanese firewall or router that discards traffic with these bits set (extremely rare but not unheard of), then your best bet is to turn off QoS marking all together as: IPQoS CS0 CS0 in both /etc/ssh/ssh_config and sshd_config. A fix has been submitted for OpenSSH: https://bugzilla.mindrot.org/show_bug.cgi?id=1856
Index: packages/net/openssh/patches/200-enable_dscp_qos.patch =================================================================== --- packages/net/openssh/patches/200-enable_dscp_qos.patch (revision 0) +++ packages/net/openssh/patches/200-enable_dscp_qos.patch (revision 0) @@ -0,0 +1,21 @@ +--- a/ssh_config 2010-01-12 01:40:27.000000000 -0700 ++++ b/ssh_config 2011-02-09 14:35:30.000000000 -0700 +@@ -45,3 +45,6 @@ + # PermitLocalCommand no + # VisualHostKey no + # ProxyCommand ssh -q -W %h:%p gateway.example.com ++ ++# enable DSCP QoS values (per RFC-4594) ++IPQoS AF21 AF11 +--- a/sshd_config 2010-09-09 19:20:12.000000000 -0600 ++++ b/sshd_config 2011-02-09 14:32:25.000000000 -0700 +@@ -108,6 +108,9 @@ + # no default banner path + #Banner none + ++# enable DSCP QoS values (per RFC-4594) ++IPQoS AF21 AF11 ++ + # override default of no subsystems + Subsystem sftp /usr/libexec/sftp-server +
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
