Internet DRAFT - draft-blake-explu-dscp-rec
draft-blake-explu-dscp-rec
Internet Engineering Task Force S. Blake
Internet-Draft 25 April 2020
Intended status: Informational
Expires: 27 October 2020
Recommendations for Forwarding Packets Marked with EXP/LU DSCPs in
Diffserv Networks
draft-blake-explu-dscp-rec-00
Abstract
Some network operators implementing Diffserv are purported to remark
some IP packets with non-zero DSCP values to the default DSCP value
'000000' at their ingress network boundaries. This behavior is often
not strictly necessary to protect an operator's network resources,
and it impedes end-to-end experimentation of new differentiated
services. This document recommends that Diffserv network operators
refrain from remarking packets received with an EXP/LU DSCP value
[RFC2474][RFC8436] that is not in use within the operator's network,
and recommends that operators forward these packets at each Diffserv
node (DS-node) using the Default "best-effort" PHB.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 27 October 2020.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Blake Expires 27 October 2020 [Page 1]
�
Internet-Draft Forwarding Packets with EXP/LU DSCPs April 2020
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. EXP/LU DSCPs . . . . . . . . . . . . . . . . . . . . . . . . 3
3. End-to-End Diffserv Experiments Using EXP/LU DSCP Values . . 3
4. Recommendations For Forwarding Packets With EXP/LU DSCP
Values . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Recommendations For Allocating EXP/LU DSCP Values . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
7. Security Considerations . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
The Differentiated Service (Diffserv) architecture defines the
differentiated services field codepoint (DSCP) in IP packets to
select among a set of per-hop forwarding behaviors (PHBs) in Diffserv
nodes (DS-nodes) [RFC2474][RFC2475]. Network operators enforce
traffic conditioning specifications (TCSs) [RFC3260] at network
ingress boundaries to regulate the traffic parameters of ingressing
Diffserv behavior aggregates (BAs) marked with specific DSCP values
to deliver differentiated services to these BAs according to the
traffic provisioning and PHB configuration policies the operator has
enacted.
One aspect of a TCS is regulating which packet flows are admitted to
the operator's network while using a non-default (i.e., non-zero)
DSCP value. If such a BA is in violation of a TCS, or if no TCS is
in effect for this BA, then the network operator may need to discard
or remark the associated packets of the BA to preserve network
resources. Some network operators are purported to remark packets in
such a BA to the default DSCP value '000000'. This behavior is
referred to as "DSCP bleaching" [CVF][CSF][BWEDIG].
Packets in a BA that is in violation of an operator's TCS generally
should not be forwarded at DS-nodes using an enhanced PHB, but should
instead be forwarded using the Default "best-effort" PHB
[RFC2474][RFC2475], if they are not discarded according to some
security policy. However, this does not automatically imply that
such packets must be DSCP bleached. If the BA's packets are marked
with a non-zero DSCP value that is not in use by some differentiated
Blake Expires 27 October 2020 [Page 2]
�
Internet-Draft Forwarding Packets with EXP/LU DSCPs April 2020
service within the operator's network, then it is generally safe for
the operator to forward these packets without remarking their DSCP
value, so long as each DS-node in the operator's network is
configured to forward packets with unused DSCP values using the
Default PHB. In Diffserv vernacular, these unused DSCP values are
mapped to the Default PHB at each DS-node.
2. EXP/LU DSCPs
[RFC2474] divided the 64 DSCP values into three pools. Pool 2
('xxxx11') and Pool 3 ('xxxx01') were set aside for experimental or
local use, and were denoted as EXP/LU DSCPs. [RFC8436] later
instructed IANA that Pool 3 should be available for standards-action
DSCP allocation for standardized PHBs. This leaves the 16 DSCP
values in Pool 2 for use in IETF-sanctioned experiments or for local
use by network operators.
3. End-to-End Diffserv Experiments Using EXP/LU DSCP Values
DSCP bleaching impedes experimentation of new differentiated services
that might extend beyond a single Diffserv domain network. For
example, some differentiated services may yield particular benefits
if deployed in ingress and/or egress access networks, but may be
insensitive to deployment within transit networks that are often
over-provisioned. These experiments are impeded if packet DSCP
values are bleached at the ingress to a transit Diffserv network, as
now downstream transit or access networks can no longer distinguish
BAs that are participating in the experiment.
As noted in [RFC3260], [RFC2474] and [RFC2475] make conflicting or
ambiguous recommendations regarding when networks should remark
packets with unrecognized (unused) DSCP values. As a general
principle, it can be argued that, in the exception of some security
policy, packets in a BA with a particular DSCP value should not be
remarked unless they are (a) marked with a DSCP value in use within
an operator's Diffserv network and (b) the BA is not in compliance
with a TCS. If the BA is using a DSCP value not in use by the
network operator, then the packets could be forwarded without
remarking at each DS-node using the Default PHB, which is the
forwarding behavior such packets would otherwise receive if their
DSCP value were bleached.
Despite this general principle, this document restricts itself to
making recommendations for forwarding of packets with EXP/LU DSCP
values, in the following section. It also makes recommendations for
allocating EXP/LU DSCP values to minimize the need for network
reconfiguration.
Blake Expires 27 October 2020 [Page 3]
�
Internet-Draft Forwarding Packets with EXP/LU DSCPs April 2020
4. Recommendations For Forwarding Packets With EXP/LU DSCP Values
Diffserv network operators may participate in one or more IETF-
sanctioned experiments which utilize an IANA-allocated EXP/LU DSCP
value. Such operators may also utilize one or more EXP/LU DSCP
values for network-internal use. Operators may enforce TCSs at the
operator's ingress network boundary for BAs which are marked with one
of these in-use EXP/LU DSCP values. Operators should forward packets
with unused EXP/LU DSCPs without remarking, using the Default PHB at
each DS-node. These packets will transit the operators network
transparently with the same DSCP value they arrived with at the
operator's network ingress.
5. Recommendations For Allocating EXP/LU DSCP Values
DSCP Pool 2 is not structured, hence there is no subset that is
reserved for IANA allocation nor for allocation by individual network
operators. However, to avoid frequent network reconfiguration, it
may be desirable to allocate DSCPs from this pool in such a way as to
minimize collisions between IANA-allocated and locally assigned DSCP
values.
Network operators are recommended to allocate EXP/LU DSCP values for
internal use starting at '111111' and decrementing as follows:
'111111', '111011', '110111', '110011', ... '000011'.
Recommendations to IANA for EXP/LU DSCP value allocation are given in
the next section.
6. IANA Considerations
In the event that IANA allocates EXP/LU DSCP values for experimental
RFCs, it is recommended to allocate the EXP/LU DSCP values using the
following sequence: '000011', '000111', '001011', '001111', ...
'111111'.
Note: the process for IANA allocation of EXP/LU DSCP values is not
described in [RFC2474].
Blake Expires 27 October 2020 [Page 4]
�
Internet-Draft Forwarding Packets with EXP/LU DSCPs April 2020
7. Security Considerations
As described above, Diffserv network operators may remark packets in
a BA arriving at an ingress network boundary which are using DSCP
values in use by the operator, but that are not in compliance with a
TCS. If the BA traffic is deemed to be part of a denial-of-service
attack, the network operator may choose to discard some or all of the
associated packets. A network operator may also DSCP bleach packets
marked internally with a locally assigned EXP/LU DSCP value on egress
from the operators network.
8. References
[BWEDIG] Barik, R., Welzl, M., Elmokashfi, A., Dreibholz, T.,
Islam, S., and S. Gjessing, "On the utility of unregulated
IP DiffServ Code Point (DSCP) usage by end systems",
Performance Evaluation 135, August 2019,
<https://www.simula.no/sites/default/files/publications/
files/peva2019.pdf>.
[CSF] Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP
modification pathologies in the Internet", Computer
Communications 127, June 2018,
<https://reader.elsevier.com/reader/sd/pii/S01403664173128
35?token=B3D362186989AE41D5DCEE042E4865121E7E2254B51E22365
17E76DA5E93BB0A92D494D496B488A54A165049A0F0B211>.
[CVF] Custura, A., Venne, A., and G. Fairhurst, "Exploring DSCP
modification pathologies in mobile edge networks", 2017
Network Traffic Measurement and Analysis Conference
(TMA) , June 2017,
<https://ieeexplore.ieee.org/document/8002923>.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474,
DOI 10.17487/RFC2474, December 1998,
<https://www.rfc-editor.org/info/rfc2474>.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,
<https://www.rfc-editor.org/info/rfc2475>.
[RFC3260] Grossman, D., "New Terminology and Clarifications for
Diffserv", RFC 3260, DOI 10.17487/RFC3260, April 2002,
<https://www.rfc-editor.org/info/rfc3260>.
Blake Expires 27 October 2020 [Page 5]
�
Internet-Draft Forwarding Packets with EXP/LU DSCPs April 2020
[RFC8436] Fairhurst, G., "Update to IANA Registration Procedures for
Pool 3 Values in the Differentiated Services Field
Codepoints (DSCP) Registry", RFC 8436,
DOI 10.17487/RFC8436, August 2018,
<https://www.rfc-editor.org/info/rfc8436>.
Author's Address
Steven Blake
Email: slblake@petri-meat.com
Blake Expires 27 October 2020 [Page 6]
