idnits 2.17.1 draft-blake-explu-dscp-rec-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC8436], [RFC2474]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (25 April 2020) is 1433 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force S. Blake 3 Internet-Draft 25 April 2020 4 Intended status: Informational 5 Expires: 27 October 2020 7 Recommendations for Forwarding Packets Marked with EXP/LU DSCPs in 8 Diffserv Networks 9 draft-blake-explu-dscp-rec-00 11 Abstract 13 Some network operators implementing Diffserv are purported to remark 14 some IP packets with non-zero DSCP values to the default DSCP value 15 '000000' at their ingress network boundaries. This behavior is often 16 not strictly necessary to protect an operator's network resources, 17 and it impedes end-to-end experimentation of new differentiated 18 services. This document recommends that Diffserv network operators 19 refrain from remarking packets received with an EXP/LU DSCP value 20 [RFC2474][RFC8436] that is not in use within the operator's network, 21 and recommends that operators forward these packets at each Diffserv 22 node (DS-node) using the Default "best-effort" PHB. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on 27 October 2020. 41 Copyright Notice 43 Copyright (c) 2020 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 48 license-info) in effect on the date of publication of this document. 49 Please review these documents carefully, as they describe your rights 50 and restrictions with respect to this document. Code Components 51 extracted from this document must include Simplified BSD License text 52 as described in Section 4.e of the Trust Legal Provisions and are 53 provided without warranty as described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. EXP/LU DSCPs . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. End-to-End Diffserv Experiments Using EXP/LU DSCP Values . . 3 60 4. Recommendations For Forwarding Packets With EXP/LU DSCP 61 Values . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 5. Recommendations For Allocating EXP/LU DSCP Values . . . . . . 4 63 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 64 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 65 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 68 1. Introduction 70 The Differentiated Service (Diffserv) architecture defines the 71 differentiated services field codepoint (DSCP) in IP packets to 72 select among a set of per-hop forwarding behaviors (PHBs) in Diffserv 73 nodes (DS-nodes) [RFC2474][RFC2475]. Network operators enforce 74 traffic conditioning specifications (TCSs) [RFC3260] at network 75 ingress boundaries to regulate the traffic parameters of ingressing 76 Diffserv behavior aggregates (BAs) marked with specific DSCP values 77 to deliver differentiated services to these BAs according to the 78 traffic provisioning and PHB configuration policies the operator has 79 enacted. 81 One aspect of a TCS is regulating which packet flows are admitted to 82 the operator's network while using a non-default (i.e., non-zero) 83 DSCP value. If such a BA is in violation of a TCS, or if no TCS is 84 in effect for this BA, then the network operator may need to discard 85 or remark the associated packets of the BA to preserve network 86 resources. Some network operators are purported to remark packets in 87 such a BA to the default DSCP value '000000'. This behavior is 88 referred to as "DSCP bleaching" [CVF][CSF][BWEDIG]. 90 Packets in a BA that is in violation of an operator's TCS generally 91 should not be forwarded at DS-nodes using an enhanced PHB, but should 92 instead be forwarded using the Default "best-effort" PHB 93 [RFC2474][RFC2475], if they are not discarded according to some 94 security policy. However, this does not automatically imply that 95 such packets must be DSCP bleached. If the BA's packets are marked 96 with a non-zero DSCP value that is not in use by some differentiated 97 service within the operator's network, then it is generally safe for 98 the operator to forward these packets without remarking their DSCP 99 value, so long as each DS-node in the operator's network is 100 configured to forward packets with unused DSCP values using the 101 Default PHB. In Diffserv vernacular, these unused DSCP values are 102 mapped to the Default PHB at each DS-node. 104 2. EXP/LU DSCPs 106 [RFC2474] divided the 64 DSCP values into three pools. Pool 2 107 ('xxxx11') and Pool 3 ('xxxx01') were set aside for experimental or 108 local use, and were denoted as EXP/LU DSCPs. [RFC8436] later 109 instructed IANA that Pool 3 should be available for standards-action 110 DSCP allocation for standardized PHBs. This leaves the 16 DSCP 111 values in Pool 2 for use in IETF-sanctioned experiments or for local 112 use by network operators. 114 3. End-to-End Diffserv Experiments Using EXP/LU DSCP Values 116 DSCP bleaching impedes experimentation of new differentiated services 117 that might extend beyond a single Diffserv domain network. For 118 example, some differentiated services may yield particular benefits 119 if deployed in ingress and/or egress access networks, but may be 120 insensitive to deployment within transit networks that are often 121 over-provisioned. These experiments are impeded if packet DSCP 122 values are bleached at the ingress to a transit Diffserv network, as 123 now downstream transit or access networks can no longer distinguish 124 BAs that are participating in the experiment. 126 As noted in [RFC3260], [RFC2474] and [RFC2475] make conflicting or 127 ambiguous recommendations regarding when networks should remark 128 packets with unrecognized (unused) DSCP values. As a general 129 principle, it can be argued that, in the exception of some security 130 policy, packets in a BA with a particular DSCP value should not be 131 remarked unless they are (a) marked with a DSCP value in use within 132 an operator's Diffserv network and (b) the BA is not in compliance 133 with a TCS. If the BA is using a DSCP value not in use by the 134 network operator, then the packets could be forwarded without 135 remarking at each DS-node using the Default PHB, which is the 136 forwarding behavior such packets would otherwise receive if their 137 DSCP value were bleached. 139 Despite this general principle, this document restricts itself to 140 making recommendations for forwarding of packets with EXP/LU DSCP 141 values, in the following section. It also makes recommendations for 142 allocating EXP/LU DSCP values to minimize the need for network 143 reconfiguration. 145 4. Recommendations For Forwarding Packets With EXP/LU DSCP Values 147 Diffserv network operators may participate in one or more IETF- 148 sanctioned experiments which utilize an IANA-allocated EXP/LU DSCP 149 value. Such operators may also utilize one or more EXP/LU DSCP 150 values for network-internal use. Operators may enforce TCSs at the 151 operator's ingress network boundary for BAs which are marked with one 152 of these in-use EXP/LU DSCP values. Operators should forward packets 153 with unused EXP/LU DSCPs without remarking, using the Default PHB at 154 each DS-node. These packets will transit the operators network 155 transparently with the same DSCP value they arrived with at the 156 operator's network ingress. 158 5. Recommendations For Allocating EXP/LU DSCP Values 160 DSCP Pool 2 is not structured, hence there is no subset that is 161 reserved for IANA allocation nor for allocation by individual network 162 operators. However, to avoid frequent network reconfiguration, it 163 may be desirable to allocate DSCPs from this pool in such a way as to 164 minimize collisions between IANA-allocated and locally assigned DSCP 165 values. 167 Network operators are recommended to allocate EXP/LU DSCP values for 168 internal use starting at '111111' and decrementing as follows: 169 '111111', '111011', '110111', '110011', ... '000011'. 171 Recommendations to IANA for EXP/LU DSCP value allocation are given in 172 the next section. 174 6. IANA Considerations 176 In the event that IANA allocates EXP/LU DSCP values for experimental 177 RFCs, it is recommended to allocate the EXP/LU DSCP values using the 178 following sequence: '000011', '000111', '001011', '001111', ... 179 '111111'. 181 Note: the process for IANA allocation of EXP/LU DSCP values is not 182 described in [RFC2474]. 184 7. Security Considerations 186 As described above, Diffserv network operators may remark packets in 187 a BA arriving at an ingress network boundary which are using DSCP 188 values in use by the operator, but that are not in compliance with a 189 TCS. If the BA traffic is deemed to be part of a denial-of-service 190 attack, the network operator may choose to discard some or all of the 191 associated packets. A network operator may also DSCP bleach packets 192 marked internally with a locally assigned EXP/LU DSCP value on egress 193 from the operators network. 195 8. References 197 [BWEDIG] Barik, R., Welzl, M., Elmokashfi, A., Dreibholz, T., 198 Islam, S., and S. Gjessing, "On the utility of unregulated 199 IP DiffServ Code Point (DSCP) usage by end systems", 200 Performance Evaluation 135, August 2019, 201 . 204 [CSF] Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP 205 modification pathologies in the Internet", Computer 206 Communications 127, June 2018, 207 . 211 [CVF] Custura, A., Venne, A., and G. Fairhurst, "Exploring DSCP 212 modification pathologies in mobile edge networks", 2017 213 Network Traffic Measurement and Analysis Conference 214 (TMA) , June 2017, 215 . 217 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 218 "Definition of the Differentiated Services Field (DS 219 Field) in the IPv4 and IPv6 Headers", RFC 2474, 220 DOI 10.17487/RFC2474, December 1998, 221 . 223 [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., 224 and W. Weiss, "An Architecture for Differentiated 225 Services", RFC 2475, DOI 10.17487/RFC2475, December 1998, 226 . 228 [RFC3260] Grossman, D., "New Terminology and Clarifications for 229 Diffserv", RFC 3260, DOI 10.17487/RFC3260, April 2002, 230 . 232 [RFC8436] Fairhurst, G., "Update to IANA Registration Procedures for 233 Pool 3 Values in the Differentiated Services Field 234 Codepoints (DSCP) Registry", RFC 8436, 235 DOI 10.17487/RFC8436, August 2018, 236 . 238 Author's Address 240 Steven Blake 242 Email: slblake@petri-meat.com