headers
Woundy, Richard | 12 Mar 2003 23:59
Picon

RE: FW: FW: [Diffserv] Dscp and DscpOrAny TCs

Brian (and many diffserv folks),

Thanks for your input and of the diffserv WG. I will assume that our IPCDN
MIBs need to use explicit DSCP values and not use DSCP masks.

Please forgive this question for my DiffServ education. I have heard several
times that "network operators are free to ignore the recommended code
points", and that this is a major reason why we should not use DSCP masks.

What benefits does a network operator achieve with an unstructured set of
DSCPs?

In fact, I *am* a network operator -- I work for Comcast Cable, which has
lots of regional networks and millions of residential cable modem
subscribers. I see the pain associated with network management of my
boundary nodes with unstructured DSCP assignments. Where's the benefit to
me?

I don't mind if folks take this question off-list, or if folks refer me to
specific diffserv mail archives (e.g. a specific "thread" name) where this
was already discussed. Just as long as I am not mistaken as a spammer. ;^)

-- Rich

-----Original Message-----
From: Brian E Carpenter [mailto:brian <at> hursley.ibm.com]
Sent: Saturday, March 08, 2003 6:59 AM
To: John Schnizlein
Cc: Woundy, Richard; 'diffserv <at> ietf.org'
Subject: Re: FW: [ipcdn] FW: [Diffserv] Dscp and DscpOrAny TCs
(Continue reading)

Permalink | Reply |
headers
Woundy, Richard | 7 Mar 2003 22:10
Picon

RE: FW: FW: [Diffserv] Dscp and DscpOrAny TCs

John,

Thanks for the pointing out that the DiffServ field code points in the
registry are just recommended values, not required values.

Let me react to this statement, which I believe is key to the discussion
about Dscp "filtering" in the DOCSIS Cable Device and Subscriber Management
MIBs:

>I don't appreciate the distinction. What was intended by PHB selector
>was that traffic could be selected from the aggregate by the DSCP.
>How is this different from filtering traffic based on DSCP matches?

The key difference between "PHB selection" and "filtering" is with regards
to the purpose for the matching.

I understand "PHB selection" to mean packet classifiers that map traffic
--based on a specific DSCP -- to a particular per hop behavior aggregate.

I understand "filtering" to mean packet classifiers that condition traffic
-- based on a specific DSCP value or group of values -- at the DS
boundaries, by re-marking DSCP values or similar actions. This function is
mentioned again in RFC 2474 section 7.1 (page 16):

   The defense against this class of theft- and denial-of-service
   attacks consists of the combination of traffic conditioning at DS
   domain boundaries with security and integrity of the network
   infrastructure within a DS domain.  DS domain boundary nodes MUST
   ensure that all traffic entering the domain is marked with codepoint
   values appropriate to the traffic and the domain, remarking the
(Continue reading)

Permalink | Reply |
headers
Andrew Smith | 9 Mar 2003 23:29
Picon
Favicon

RE: FW: [ipcdn] FW: Dscp and DscpOrAny TCs

Rich,

I, and others in the Diffserv work including John, I believe, have
always held a belief in a "null" or "no quality of service" PHB, aka the
bit-bucket. Some of us even thought about writing a draft to describe
this behaviour, recommending that its default DSCP value should be
"everything else". Such a PHB implements part of the "defense against
... class of theft- and denial-of-service attacks" described by RFC
2474. With such a concept in place, there is no need for any additional
filtering configuration: filtering becomes just a special case of the
general Diffserv behaviour of a node.

<slight detour>
I have also argued, mostly during development of RFC 3290 in the
Diffserv WG, that the QoS treatment that a packet receives is likely to
be layer-independent (the differences between a L2 bridge, a L3 router,
a L4-L7 load balancing switch etc. are mostly to do with the addresses
on which a node makes switching/routing decisions, not the queueing
treatment that packets receive). This implies that you may well need two
classifiers on a packet, one to decide what QoS treatment, one to decide
where to route it - the packet only goes through if both the routing and
the QoS decide not to bit-bucket it. I think that "administrative
bit-bucketing based on packet contents" is much more of a "QoS" thing
than a "routing" thing: administrative controls on routing (e.g. BGP
filters) are typically placed on the distribution of reachability of
address information, not on data packet contents (other than the
relevant address field(s)) themselves.
<end detour>

Having said that, at least for nodes defending the edge of a Diffserv
(Continue reading)

Permalink | Reply |
headers
Woundy, Richard | 7 Mar 2003 15:40
Picon

FW: [ipcdn] FW: Dscp and DscpOrAny TCs

Diffserv folks,

I'm looking for further reaction to my email below about DOCSIS/Dscp
interaction. Note that I am not subscribed to your mailing list, so please
include my email address on replies.

-- Rich

-----Original Message-----
From: Woundy, Richard 
Sent: Friday, March 07, 2003 9:28 AM
To: 'Wilson.Sawyer <at> arrisi.com'; Wijnen, Bert (Bert)
Cc: bwijnen <at> lucent.com; Ipcdn (E-mail); Thomas Narten (E-mail)
Subject: RE: [ipcdn] FW: [Diffserv] Dscp and DscpOrAny TCs

Folks,

I think there are two issues here: are Dscp mask objects legal, and are they
worthwhile?

Note: in my latest DOCSIS Cable Device MIB submission (e.g.
<http://www.ipcdn.org/drafts/draft-ietf-ipcdn-device-mibv2-05.txt>), the new
object docsDevFilterInetDscp is defined with SYNTAX DscpOrAny, with no mask
object. I can't really say whether Wilson or I are correct on this topic.

I agree with Wilson when he emphasizes that these Dscp objects in the
various DOCSIS MIB are access filters, not PHB selectors. In fact, such
objects enable the DOCSIS equipment to act precisely as "re-marking boundary
nodes", which are also described in RFC 2474 Section 3, pages 8-9:
(Continue reading)

Permalink | Reply |
headers
Andrew Smith | 7 Mar 2003 22:05
Picon
Favicon

RE: [ipcdn] FW: Dscp and DscpOrAny TCs

Rich,

You wrote:
...
> I agree with Wilson when he emphasizes that these Dscp objects in the
> various DOCSIS MIB are access filters, not PHB selectors. In fact,
such
> objects enable the DOCSIS equipment to act precisely as "re-marking
boundary
> nodes", which are also described in RFC 2474 Section 3, pages 8-9:
...

If the pieces of DOCSIS equipment are acting as "re-marking boundary
nodes, which are also described in RFC 2474 Section 3, pages 8-9" then
shouldn't they, by definition, be implementing the IETF's existing
Diffserv MIB RFC 3289 in order to control this functionality? I would
hope that your WG would provide a strong argument why IETF should
sanction another MIB for this same purpose when this work comes before
the IESG for consideration.

Andrew Smith

_______________________________________________
diffserv mailing list
diffserv <at> ietf.org
https://www1.ietf.org/mailman/listinfo/diffserv
Archive: http://www.ietf.org/mail-archive/working-groups/diffserv/current/maillist.html
Permalink | Reply |
headers
Woundy, Richard | 7 Mar 2003 19:32
Picon

FW: FW: [Diffserv] Dscp and DscpOrAny TCs

Diffserv folks,

I'm looking for further reaction to my email below about DOCSIS/Dscp
interaction. Note that I am not subscribed to your mailing list, so please
include my email address on replies.

Since I sent my email below, Wilson Sawyer has sent the following reply
which you might find useful:

>Subscriber management acts as an auxiliary to the re-marking boundary:
>It does no re-marking itself but polices any filtering/re-marking that
>should have already taken place by (possibly compromised) modems.
>Given the nature of (primarily) residential access, I'd think that the
>need to carve out nuanced exceptions (your CS1 example) would be rare.
>
>- Wilson

-- Rich

-----Original Message-----
From: Woundy, Richard 
Sent: Friday, March 07, 2003 9:28 AM
To: 'Wilson.Sawyer <at> arrisi.com'; Wijnen, Bert (Bert)
Cc: bwijnen <at> lucent.com; Ipcdn (E-mail); Thomas Narten (E-mail)
Subject: RE: [ipcdn] FW: [Diffserv] Dscp and DscpOrAny TCs

Folks,

I think there are two issues here: are Dscp mask objects legal, and are they
worthwhile?
(Continue reading)

Permalink | Reply |
headers
Brian E Carpenter | 13 Mar 2003 14:12
Picon
Favicon

Re: FW: FW: [Diffserv] Dscp and DscpOrAny TCs

"Woundy, Richard" wrote:
> 
> Brian (and many diffserv folks),
> 
> Thanks for your input and of the diffserv WG. I will assume that our IPCDN
> MIBs need to use explicit DSCP values and not use DSCP masks.
> 
> Please forgive this question for my DiffServ education. I have heard several
> times that "network operators are free to ignore the recommended code
> points", and that this is a major reason why we should not use DSCP masks.
> 
> What benefits does a network operator achieve with an unstructured set of
> DSCPs?

The reason we did this, after very explicit pressure from ISPs at the
beginning of diffserv, was because they didn't want to be constrained
by (say) having at most 4 AF classes, or only one EF class, etc. In fact
it seemed pretty clear that there was no one-size-fits-all set of PHBs,
since different operators had different QOS business models in mind.
So all the code points became RECOMMENDED.

I would expect an operator to define a structured set of PHBs and DSCPs.
I would even expect many of them to use the recommended ones from
the various RFCs.

> 
> In fact, I *am* a network operator -- I work for Comcast Cable, which has
> lots of regional networks and millions of residential cable modem
> subscribers. I see the pain associated with network management of my
> boundary nodes with unstructured DSCP assignments. Where's the benefit to
(Continue reading)

Permalink | Reply |
headers
Woundy, Richard | 12 Mar 2003 23:59
Picon

RE: FW: FW: [Diffserv] Dscp and DscpOrAny TCs

Brian (and many diffserv folks),

Thanks for your input and of the diffserv WG. I will assume that our IPCDN
MIBs need to use explicit DSCP values and not use DSCP masks.

Please forgive this question for my DiffServ education. I have heard several
times that "network operators are free to ignore the recommended code
points", and that this is a major reason why we should not use DSCP masks.

What benefits does a network operator achieve with an unstructured set of
DSCPs?

In fact, I *am* a network operator -- I work for Comcast Cable, which has
lots of regional networks and millions of residential cable modem
subscribers. I see the pain associated with network management of my
boundary nodes with unstructured DSCP assignments. Where's the benefit to
me?

I don't mind if folks take this question off-list, or if folks refer me to
specific diffserv mail archives (e.g. a specific "thread" name) where this
was already discussed. Just as long as I am not mistaken as a spammer. ;^)

-- Rich

-----Original Message-----
From: Brian E Carpenter [mailto:brian <at> hursley.ibm.com]
Sent: Saturday, March 08, 2003 6:59 AM
To: John Schnizlein
Cc: Woundy, Richard; 'diffserv <at> ietf.org'
Subject: Re: FW: [ipcdn] FW: [Diffserv] Dscp and DscpOrAny TCs
(Continue reading)

Permalink | Reply |

Gmane