idnits 2.17.1 draft-ietf-tsvwg-nqb-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (25 October 2021) is 908 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2983 == Outdated reference: A later version (-07) exists of draft-briscoe-docsis-q-protection-00 == Outdated reference: A later version (-25) exists of draft-ietf-tsvwg-aqm-dualq-coupled-18 == Outdated reference: A later version (-13) exists of draft-ietf-tsvwg-dscp-considerations-00 == Outdated reference: A later version (-29) exists of draft-ietf-tsvwg-ecn-l4s-id-19 == Outdated reference: A later version (-20) exists of draft-ietf-tsvwg-l4s-arch-10 Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Transport Area Working Group G. White 3 Internet-Draft CableLabs 4 Updates: rfc8325 (if approved) T. Fossati 5 Intended status: Standards Track ARM 6 Expires: 28 April 2022 25 October 2021 8 A Non-Queue-Building Per-Hop Behavior (NQB PHB) for Differentiated 9 Services 10 draft-ietf-tsvwg-nqb-08 12 Abstract 14 This document specifies properties and characteristics of a Non- 15 Queue-Building Per-Hop Behavior (NQB PHB). The purpose of this NQB 16 PHB is to provide a separate queue that enables smooth, low-data- 17 rate, application-limited traffic flows, which would ordinarily share 18 a queue with bursty and capacity-seeking traffic, to avoid the 19 latency, latency variation and loss caused by such traffic. This PHB 20 is implemented without prioritization and without rate policing, 21 making it suitable for environments where the use of either these 22 features may be restricted. The NQB PHB has been developed primarily 23 for use by access network segments, where queuing delays and queuing 24 loss caused by Queue-Building protocols are manifested, but its use 25 is not limited to such segments. In particular, applications to 26 cable broadband links, Wi-Fi links, and mobile network radio and core 27 segments are discussed. This document recommends a specific 28 Differentiated Services Code Point (DSCP) to identify Non-Queue- 29 Building flows. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on 28 April 2022. 48 Copyright Notice 50 Copyright (c) 2021 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 55 license-info) in effect on the date of publication of this document. 56 Please review these documents carefully, as they describe your rights 57 and restrictions with respect to this document. Code Components 58 extracted from this document must include Simplified BSD License text 59 as described in Section 4.e of the Trust Legal Provisions and are 60 provided without warranty as described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 66 3. Context . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 67 3.1. Non-Queue-Building Behavior . . . . . . . . . . . . . . . 4 68 3.2. Relationship to the Diffserv Architecture . . . . . . . . 4 69 3.3. Relationship to L4S . . . . . . . . . . . . . . . . . . . 6 70 4. DSCP Marking of NQB Traffic . . . . . . . . . . . . . . . . . 6 71 4.1. Non-Queue-Building Sender Requirements . . . . . . . . . 6 72 4.2. Aggregation of the NQB DSCP with other Diffserv PHBs . . 7 73 4.3. End-to-end usage and DSCP Re-marking . . . . . . . . . . 8 74 4.3.1. Unmanaged Networks . . . . . . . . . . . . . . . . . 9 75 4.4. The NQB DSCP and Tunnels . . . . . . . . . . . . . . . . 9 76 5. Non-Queue-Building PHB Requirements . . . . . . . . . . . . . 10 77 5.1. Primary Requirements . . . . . . . . . . . . . . . . . . 10 78 5.2. Traffic Protection . . . . . . . . . . . . . . . . . . . 11 79 6. Impact on Higher Layer Protocols . . . . . . . . . . . . . . 12 80 7. Configuration and Management . . . . . . . . . . . . . . . . 12 81 8. Example Use Cases . . . . . . . . . . . . . . . . . . . . . . 12 82 8.1. DOCSIS Access Networks . . . . . . . . . . . . . . . . . 12 83 8.2. Mobile Networks . . . . . . . . . . . . . . . . . . . . . 13 84 8.3. WiFi Networks . . . . . . . . . . . . . . . . . . . . . . 13 85 8.3.1. Interoperability with Existing WiFi Networks . . . . 14 86 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 87 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 88 11. Security Considerations . . . . . . . . . . . . . . . . . . . 15 89 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 90 12.1. Normative References . . . . . . . . . . . . . . . . . . 16 91 12.2. Informative References . . . . . . . . . . . . . . . . . 17 92 Appendix A. DSCP Remarking Pathologies . . . . . . . . . . . . . 19 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 95 1. Introduction 97 This document defines a Differentiated Services per-hop behavior 98 (PHB) called "Non-Queue-Building Per-Hop Behavior" (NQB PHB), which 99 isolates traffic flows that are relatively low data rate and that do 100 not themselves materially contribute to queueing delay and loss, 101 allowing them to avoid the queuing delays and losses caused by other 102 traffic. Such Non-Queue-Building flows (for example: interactive 103 voice, gaming, machine-to-machine applications) are application 104 limited flows that are distinguished from traffic flows managed by an 105 end-to-end congestion control algorithm. 107 The vast majority of packets that are carried by broadband access 108 networks are managed by an end-to-end congestion control algorithm, 109 such as Reno, Cubic or BBR. These congestion control algorithms 110 attempt to seek the available capacity of the end-to-end path (which 111 can frequently be the access network link capacity), and in doing so 112 generally overshoot the available capacity, causing a queue to build- 113 up at the bottleneck link. This queue build up results in queuing 114 delay (variable latency) and possibly packet loss that can affect all 115 of the applications that are sharing the bottleneck link. 117 In contrast to traditional congestion-controlled applications, there 118 are a variety of relatively low data rate applications that do not 119 materially contribute to queueing delay and loss, but are nonetheless 120 subjected to it by sharing the same bottleneck link in the access 121 network. Many of these applications may be sensitive to latency or 122 latency variation, as well as packet loss, and thus produce a poor 123 quality of experience in such conditions. 125 Active Queue Management (AQM) mechanisms (such as PIE [RFC8033], 126 DOCSIS-PIE [RFC8034], or CoDel [RFC8289]) can improve the quality of 127 experience for latency sensitive applications, but there are 128 practical limits to the amount of improvement that can be achieved 129 without impacting the throughput of capacity-seeking applications. 130 For example, AQMs generally allow a significant amount of queue depth 131 variation in order to accommodate the behaviors of congestion control 132 algorithms such as Reno and Cubic. If the AQM attempted to control 133 the queue much more tightly, applications using those algorithms 134 would not perform well. Alternatively, flow queueuing systems, such 135 as fq_codel [RFC8290] can be employed to isolate flows from one 136 another, but these are not appropriate for all bottleneck links, due 137 to complexity or other reasons. 139 The NQB PHB supports differentiating between these two classes of 140 traffic in bottleneck links and queuing them separately in order that 141 both classes can deliver satisfactory quality of experience for their 142 applications. 144 To be clear, a network implementing the NQB PHB solely provides 145 isolation for traffic classified as behaving in conformance with the 146 NQB DSCP (and optionally enforces that behavior). It is the NQB 147 senders' behavior itself which results in low latency and low loss. 149 2. Requirements Language 151 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 152 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 153 "OPTIONAL" in this document are to be interpreted as described in BCP 154 14 [RFC2119] [RFC8174] when, and only when, they appear in all 155 capitals, as shown here. 157 3. Context 159 3.1. Non-Queue-Building Behavior 161 There are many applications that send traffic at relatively low data 162 rates and/or in a fairly smooth and consistent manner such that they 163 are highly unlikely to exceed the available capacity of the network 164 path between source and sink. These applications may themselves only 165 cause very small, transient queues to form in network buffers, but 166 nonetheless they can be subjected to packet delay and delay variation 167 as a result of sharing a network buffer with applications that tend 168 to cause large and/or standing queues to form. Many of these 169 applications are negatively affected by excessive packet delay and 170 delay variation. Such applications are ideal candidates to be queued 171 separately from the applications that are the cause of queue buildup, 172 latency and loss. 174 In contrast, Queue-building (QB) flows include those that use TCP or 175 QUIC, with Cubic, Reno or other TCP congestion control algorithms 176 that probe for the link capacity and induce latency and loss as a 177 result. Other types of QB flows include those that frequently send 178 at a high burst rate (e.g. several consecutive packets sent well in 179 excess of 1 Mbps) even if the long-term average data rate is much 180 lower. 182 3.2. Relationship to the Diffserv Architecture 184 The IETF has defined the Differentiated Services architecture 185 [RFC2475] with the intention that it allows traffic to be marked in a 186 manner that conveys the performance requirements of that traffic 187 either quantitatively or in a relative sense (i.e. priority). The 188 architecture defines the use of the Diffserv field [RFC2474] for this 189 purpose, and numerous RFCs have been written that describe 190 recommended interpretations of the values (Diffserv Code Points) of 191 the field, and standardized treatments (traffic conditioning and per- 192 hop-behaviors) that can be implemented to satisfy the performance 193 requirements of traffic so marked. 195 While this architecture is powerful, and can be configured to meet 196 the performance requirements of a variety of applications and traffic 197 categories, or to achieve differentiated service offerings, it has 198 proven problematic to enable its use for these purposes end-to-end 199 across the Internet. 201 This difficulty is in part due to the fact that meeting (in an end- 202 to-end context) the performance requirements of an application 203 involves all of the networks in the path agreeing on what those 204 requirements are, and sharing an interest in meeting them. In many 205 cases this is made more difficult due to the fact that the 206 performance "requirements" are not strict ones (e.g. applications 207 will degrade in some manner as loss/latency/jitter increase), so the 208 importance of meeting them for any particular application in some 209 cases involves a judgment as to the value of avoiding some amount of 210 degradation in quality for that application in exchange for an 211 increase in the degradation of another application. 213 Further, in many cases the implementation of Diffserv PHBs has 214 historically involved prioritization of service classes with respect 215 to one another, which sets up the zero-sum game alluded to in the 216 previous paragraph, and results in the need to limit access to higher 217 priority classes via mechanisms such as access control, admission 218 control, traffic conditioning and rate policing, and/or to meter and 219 bill for carriage of such traffic. These mechanisms can be difficult 220 or impossible to implement in an end-to-end context. 222 Finally, some jurisdictions impose regulations that limit the ability 223 of networks to provide differentiation of services, in large part 224 based on the belief that doing so necessarily involves prioritization 225 or privileged access to bandwidth, and thus a benefit to one class of 226 traffic always comes at the expense of another. 228 In contrast, the NQB PHB has been designed with the goal that it 229 avoids many of these issues, and thus could conceivably be deployed 230 end-to-end across the Internet. The intent of the NQB DSCP is that 231 it signals verifiable behavior that permits the sender to request 232 differentiated treatment. Also, the NQB traffic is to be given a 233 separate queue with priority equal to default traffic, and given no 234 reserved bandwidth other than the bandwidth that it shares with 235 default traffic. As a result, the NQB PHB does not aim to meet 236 specific application performance requirements. Instead the goal of 237 the NQB PHB is to provide statistically better loss, latency, and 238 jitter performance for traffic that is itself only an insignificant 239 contributor to those degradations. The PHB is also designed to 240 minimize any incentives for a sender to mismark its traffic, since 241 neither higher priority nor reserved bandwith are being offered. 242 These attributes eliminate many of the tradeoffs that underlie the 243 handling of differentiated service classes in the Diffserv 244 architecture as it has traditionally been defined. They also 245 significantly simplify access control and admission control 246 functions, reducing them to simple verification of behavior. 248 3.3. Relationship to L4S 250 The NQB DSCP and PHB described in this draft have been defined to 251 operate independently of the experimental L4S Architecture 252 [I-D.ietf-tsvwg-l4s-arch]. Nonetheless, the NQB traffic flows are 253 intended to be compatible with [I-D.ietf-tsvwg-l4s-arch], with the 254 result being that NQB traffic and L4S traffic can share the low- 255 latency queue in an L4S DualQ node 256 [I-D.ietf-tsvwg-aqm-dualq-coupled]. Compliance with the DualQ 257 Coupled AQM requirements (Section 2.5 of 258 [I-D.ietf-tsvwg-aqm-dualq-coupled]) is considered sufficient to 259 support the NQB PHB requirement of fair allocation of bandwidth 260 between the QB and NQB queues (Section 5). 262 4. DSCP Marking of NQB Traffic 264 4.1. Non-Queue-Building Sender Requirements 266 Non-queue-building (NQB) flows are typically UDP flows that don't 267 seek the maximum capacity of the link (examples: online games, voice 268 chat, DNS lookups, real-time IoT analytics data). Here the data rate 269 is limited by the application itself rather than by network capacity 270 - these applications send, at most, the equivalent of a few well- 271 spaced packets per RTT, even if the packets are not actually RTT- 272 clocked. In today's network this corresponds to an instantaneous 273 data rate (packet size divided by packet inter-arrival time) of no 274 more than about 1 Mbps (e.g. no more than one 1250 B packet every 10 275 ms), but there is no precise bound since it depends on the conditions 276 in which the application is operating. 278 Note that, while such flows ordinarily don't implement a traditional 279 congestion control mechanism, they nonetheless are expected to comply 280 with existing guidance for safe deployment on the Internet, for 281 example the requirements in [RFC8085] and Section 2 of [RFC3551] 282 (also see the circuit breaker limits in Section 4.3 of [RFC8083] and 283 the description of inelastic pseudowires in Section 4 of [RFC7893]). 284 To be clear, the description of NQB flows in this document should not 285 be interpreted as suggesting that such flows are in any way exempt 286 from this responsibility. 288 Applications that align with the description of NQB behavior in the 289 preceding paragraphs SHOULD identify themselves to the network using 290 a Diffserv Code Point (DSCP) of 45 (decimal) so that their packets 291 can be queued separately from QB flows. The choice of the value 45 292 is motivated in part by the desire to achieve separate queuing in 293 existing WiFi networks (see Section 8.3). In networks where another 294 (e.g. a local-use) codepoint is designated for NQB traffic, or where 295 specialized PHBs are available that can meet specific application 296 requirements (e.g. a guaranteed-latency path for voice traffic), it 297 may be preferred to use another DSCP. 299 If the application's traffic exceeds more than a few packets per RTT, 300 or exceeds approximately 1 Mbps on an instantaneous (inter-packet) 301 basis, the application SHOULD NOT mark its traffic with the NQB DSCP. 302 In such a case, the application has to instead implement a relevant 303 congestion control mechanism, for example as described in Section 3.1 304 of [RFC8085] or [I-D.ietf-tsvwg-ecn-l4s-id]. 306 4.2. Aggregation of the NQB DSCP with other Diffserv PHBs 308 It is RECOMMENDED that networks and nodes that do not support the NQB 309 PHB be configured to treat NQB marked traffic the same as traffic 310 marked "Default". It is additionally RECOMMENDED that such networks 311 and nodes simply classify the NQB DSCP into the same treatment 312 aggregate as Default traffic, or encapsulate the NQB marked packet, 313 rather than re-marking NQB traffic as Default. This preservation of 314 the NQB marking enables hops further along the path to provide the 315 NQB PHB successfully. 317 In backbone and core network switches (particularly if shallow- 318 buffered), and nodes that do not typically experience congestion, 319 treating NQB marked traffic the same as Default may be sufficient to 320 preserve loss/latency/jitter performance for NQB traffic. In other 321 nodes, treating NQB marked traffic as Default could result in 322 degradation of loss/latency/jitter performance but is recommended 323 nonetheless in order to preserve the incentives described in 324 Section 5. An alternative, in controlled environments where there is 325 no risk of mismarking of traffic, would be to aggregate NQB marked 326 traffic with real-time, latency sensitive traffic. Similarly, 327 networks and nodes that aggregate service classes as discussed in 328 [RFC5127] and [RFC8100] may not be able to provide a PDB/PHB that 329 meets the requirements of this document. In these cases it is 330 RECOMMENDED that NQB-marked traffic be aggregated into the Elastic 331 Treatment Aggregate (for [RFC5127] networks) or the Default / Elastic 332 Treatment Aggregate (for [RFC8100] networks), although in some cases 333 a network operator may instead choose to aggregate NQB traffic into 334 the (Bulk) Real-Time Treatment Aggregate. Either approach comes with 335 trade-offs: when the aggregated traffic encounters a bottleneck, 336 aggregating with Default/Elastic traffic could result in a 337 degradation of loss/latency/jitter performance for NQB traffic, while 338 aggregating with Real-Time (assuming such traffic is provided a 339 prioritized PHB) risks creating an incentive for mismarking of non- 340 compliant traffic as NQB (except in controlled environments). In 341 either case, the NQB DSCP SHOULD be preserved (possibly via 342 encapsulation) in order to limit the negative impact that such 343 networks would have on end-to-end performance for NQB traffic. This 344 aligns with recommendations in [RFC5127]. 346 Nodes that support the NQB PHB may choose to aggregate other service 347 classes into the NQB queue. Candidate service classes for this 348 aggregation would include those that carry inelastic traffic that has 349 low to very-low tolerance for loss, latency and/or jitter as 350 discussed in [RFC4594]. These could include Telephony (EF/VA), 351 Signaling (CS5), Real-Time Interactive (CS4) and Broadcast Video 352 (CS3). 354 4.3. End-to-end usage and DSCP Re-marking 356 In contrast to some existing standard PHBs, many of which are 357 typically only meaningful within a Diffserv Domain (e.g. an AS or an 358 enterprise network), this PHB is expected to be used end-to-end 359 across the Internet, wherever suitable operator agreements apply. 360 Under the [RFC2474] model, this requires that the corresponding DSCP 361 is recognized by all operators and mapped across their boundaries 362 accordingly. 364 To support NQB, networks MUST preserve a DSCP marking distinction 365 between NQB traffic and Default traffic when forwarding via an 366 interconnect from or to another network. To facilitate the default 367 treatment of NQB traffic in backbones and core networks discussed in 368 the previous section (where IP Precedence may be deployed), networks 369 that support NQB SHOULD remap NQB traffic (DSCP 45) to DSCP 5 prior 370 to interconnection, unless agreed otherwise between the 371 interconnecting partners. The fact that this PHB is intended for 372 end-to-end usage does not preclude networks from mapping the NQB DSCP 373 to a value other than 45 or 5 for internal usage, as long as the 374 appropriate NQB DSCP is restored when forwarding to another network. 375 Additionally, interconnecting networks are not precluded from 376 negotiating (via an SLA or some other agreement) a different DSCP to 377 use to signal NQB across the interconnect. 379 Furthermore, in other network environments where IP Precedence 380 ([RFC0791]) is deployed, it is RECOMMENDED that the network operator 381 re-mark NQB traffic to DSCP 5 in order to ensure that it is 382 aggregated with Default traffic. 384 In order to enable interoperability with WiFi equipment as described 385 in Section 8.3.1, networks SHOULD re-mark NQB traffic (e.g. DSCP 5) 386 to DSCP 45 prior to a customer access link, subject to the safeguards 387 described below and in that section. 389 Thus, this document recommends two DSCPs to designate NQB, the value 390 45 for use by hosts and in WiFi networks, and the value 5 for use 391 across network interconnections. 393 4.3.1. Unmanaged Networks 395 In cases where a network operator is delivering traffic into an 396 unmanaged network outside of their control (e.g. a residential ISP 397 delivering traffic to a customer's home network), the network 398 operator should presume that the existing network equipment in the 399 user network supports the WiFi default DSCP mapping (see Section 8.3) 400 and/or IP Precedence, and does not support the safeguards that are 401 provided by the NQB PHB requirements. As a result, the network 402 operator should take precautions to prevent issues. When the data 403 rate of the access network segment is less than the expected data 404 rate of the user network, this is unlikely to be an issue. However, 405 if the access network rate exceeds the expected rate of the user 406 network, the operator SHOULD deploy a policing function on NQB marked 407 traffic that minimizes the potential for negative impacts on traffic 408 marked Default, for example by limiting the rate of such traffic to a 409 set fraction of the customer's service rate, with excess traffic 410 either dropped or re-marked as Default. 412 As an additional safeguard, and to prevent the inadvertent 413 introduction of problematic traffic into unmanaged user networks, 414 network equipment that is intended to deliver traffic into unmanaged 415 user networks (e.g. an access network gateway for a residential ISP) 416 MUST by default ensure that NQB traffic is marked with a DSCP that 417 selects the WiFi "Best Effort" Access Category and the "Routine" IP 418 Precedence level (i.e. DSCP 0-7). Such equipment MUST support the 419 ability to configure the remapping, so that (when appropriate 420 safeguards are in place) traffic can be delivered as NQB-marked. 422 4.4. The NQB DSCP and Tunnels 424 [RFC2983] discusses tunnel models that support Diffserv. It 425 describes a "uniform model" in which the inner DSCP is copied to the 426 outer header at encapsulation, and the outer DSCP is copied to the 427 inner header at decapsulation. It also describes a "pipe model" in 428 which the outer DSCP is not copied to the inner header at 429 decapsulation. Both models can be used in conjunction with the NQB 430 PHB. In the case of the pipe model, any DSCP manipulation (re- 431 marking) of the outer header by intermediate nodes would be discarded 432 at tunnel egress, potentially improving the possibility of achieving 433 NQB treatment in subsequent nodes. 435 As is discussed in [RFC2983], tunnel protocols that are sensitive to 436 reordering can result in undesirable interactions if multiple DSCP 437 PHBs are signaled for traffic within a tunnel instance. This is true 438 for NQB marked traffic as well. If a tunnel contains a mix of QB and 439 NQB traffic, and this is reflected in the outer DSCP in a network 440 that supports the NQB PHB, it would be necessary to avoid a 441 reordering-sensitive tunnel protocol. 443 5. Non-Queue-Building PHB Requirements 445 It is worthwhile to note again that the NQB designation and marking 446 is intended to convey verifiable traffic behavior, as opposed to 447 simply a desire for differentiated treatment. Also, it is important 448 that incentives are aligned correctly, i.e. that there is a benefit 449 to the application in marking its packets correctly, and a 450 disadvantage (or at least no benefit) to an application in 451 intentionally mismarking its traffic. Thus, a useful property of 452 nodes (i.e. network switches and routers) that support separate 453 queues for NQB and QB flows is that for NQB flows, the NQB queue 454 provides better performance than the QB queue; and for QB flows, the 455 QB queue provides better performance than the NQB queue (this is 456 discussed further in this section and Section 11). By adhering to 457 these principles, there is no incentive for senders to mismark their 458 traffic as NQB, and further, any mismarking can be identified by the 459 network. 461 5.1. Primary Requirements 463 A node supporting the NQB PHB makes no guarantees on latency or data 464 rate for NQB marked flows, but instead aims to provide a bound on 465 queuing delay for as many such marked flows as it can, and shed load 466 when needed. 468 A node supporting the NQB PHB MUST provide a queue for non-queue- 469 building traffic separate from any queue used for queue-building 470 traffic. 472 NQB traffic, in aggregate, SHOULD NOT be rate limited or rate policed 473 separately from queue-building traffic of equivalent importance. 475 The NQB queue SHOULD be given equivalent forwarding preference 476 compared to queue-building traffic of equivalent importance. The 477 node SHOULD provide a scheduler that allows QB and NQB traffic of 478 equivalent importance to share the link in a fair manner, e.g. a 479 deficit round-robin scheduler with equal weights. Compliance with 480 these recommendations helps to ensure that there are no incentives 481 for QB traffic to be mismarked as NQB. In environments where 482 mismarking is not a potential issue (e.g. a network where a marking 483 policy is enforced by other means), these requirements may not be 484 necessary. 486 A node supporting the NQB PHB SHOULD treat traffic marked as Default 487 (DSCP=0) as QB traffic having equivalent importance to the NQB marked 488 traffic. A node supporting the NQB DSCP MUST support the ability to 489 configure the classification criteria that are used to identify QB 490 and NQB traffic of equivalent importance. 492 The NQB queue SHOULD have a buffer size that is significantly smaller 493 than the buffer provided for QB traffic (e.g. single-digit 494 milliseconds). It is expected that most QB traffic is engineered to 495 work well when the network provides a relatively deep buffer (e.g. on 496 the order of tens or hundreds of ms) in nodes where support for the 497 NQB PHB is advantageous (i.e. bottleneck nodes). Providing a 498 similarly deep buffer for the NQB queue would be at cross purposes to 499 providing very low queueing delay, and would erode the incentives for 500 QB traffic to be marked correctly. 502 5.2. Traffic Protection 504 It is possible that due to an implementation error or 505 misconfiguration, a QB flow would end up getting mismarked as NQB, or 506 vice versa. In the case of an NQB flow that isn't marked as NQB and 507 ends up in the QB queue, it would only impact its own quality of 508 service, and so it seems to be of lesser concern. However, a QB flow 509 that is mismarked as NQB would cause queuing delays and/or loss for 510 all of the other flows that are sharing the NQB queue. 512 To prevent this situation from harming the performance of the real 513 NQB flows, network elements that support differentiating NQB traffic 514 SHOULD support a "traffic protection" function that can identify QB 515 flows that are mismarked as NQB, and either reclassify those flows/ 516 packets to the QB queue or discard the offending traffic. Such a 517 function SHOULD be implemented in an objective and verifiable manner, 518 basing its decisions upon the behavior of the flow rather than on 519 application-layer constructs. It may be advantageous for a traffic 520 protection function to employ hysteresis to prevent borderline flows 521 from being reclassified capriciously. 523 One example traffic protection algorithm can be found in 524 [I-D.briscoe-docsis-q-protection]. 526 There are some situations where such function may not be necessary. 527 For example, a network element designed for use in controlled 528 environments (e.g. enterprise LAN) may not require a traffic 529 protection function. Additionally, some networks may prefer to 530 police the application of the NQB DSCP at the ingress edge, so that 531 in-network traffic protection is not needed. 533 6. Impact on Higher Layer Protocols 535 Network elements that support the NQB PHB and that support traffic 536 protection as discussed in the previous section introduce the 537 possibility that flows classified into the NQB queue could experience 538 out of order delivery or packet loss if their behavior is not 539 consistent with NQB. This is particularly true if the traffic 540 protection algorithm makes decisions on a packet-by-packet basis. In 541 this scenario, a flow that is (mis)marked as NQB and that causes a 542 queue to form in this bottleneck link could see some of its packets 543 forwarded by the NQB queue, and some of them either discarded or 544 redirected to the QB queue. In the case of redirection, depending on 545 the queueing latency and scheduling within the network element, this 546 could result in packets being delivered out of order. As a result, 547 the use of the NQB DSCP by a higher layer protocol carries some risk 548 that an increased amount of out of order delivery or packet loss will 549 be experienced. This characteristic provides one disincentive for 550 mis-marking of traffic. 552 7. Configuration and Management 554 As required above, nodes supporting the NQB PHB provide for the 555 configuration of classifiers that can be used to differentiate 556 between QB and NQB traffic of equivalent importance. The default for 557 such classifiers is recommended to be the assigned NQB DSCP (to 558 identify NQB traffic) and the Default (0) DSCP (to identify QB 559 traffic). 561 8. Example Use Cases 563 8.1. DOCSIS Access Networks 565 Residential cable broadband Internet services are commonly configured 566 with a single bottleneck link (the access network link) upon which 567 the service definition is applied. The service definition, typically 568 an upstream/downstream data rate tuple, is implemented as a 569 configured pair of rate shapers that are applied to the user's 570 traffic. In such networks, the quality of service that each 571 application receives, and as a result, the quality of experience that 572 it generates for the user is influenced by the characteristics of the 573 access network link. 575 To support the NQB PHB, cable broadband services MUST be configured 576 to provide a separate queue for NQB marked traffic. The NQB queue 577 MUST be configured to share the service's rate shaped bandwidth with 578 the queue for QB traffic. 580 8.2. Mobile Networks 582 Historically, 3GPP mobile networks have utilised "bearers" to 583 encapsulate each user's user plane traffic through the radio and core 584 networks. A "dedicated bearer" may be allocated a Quality of Service 585 (QoS) to apply any prioritisation to its flows at queues and radio 586 schedulers. Typically an LTE operator provides a dedicated bearer 587 for IMS VoLTE (Voice over LTE) traffic, which is prioritised in order 588 to meet regulatory obligations for call completion rates; and a "best 589 effort" default bearer, for Internet traffic. The "best effort" 590 bearer provides no guarantees, and hence its buffering 591 characteristics are not compatible with low-latency traffic. The 5G 592 radio and core systems offer more flexibility over bearer allocation, 593 meaning bearers can be allocated per traffic type (e.g. loss- 594 tolerant, low-latency etc.) and hence support more suitable treatment 595 of Internet real-time flows. 597 To support the NQB PHB, the mobile network SHOULD be configured to 598 give UEs a dedicated, low-latency, non-GBR, EPS bearer, e.g. one with 599 QCI 7, in addition to the default EPS bearer; or a Data Radio Bearer 600 with 5QI 7 in a 5G system (see Table 5.7.4-1: Standardized 5QI to QoS 601 characteristics mapping in [SA-5G]). 603 A packet carrying the NQB DSCP SHOULD be routed through the dedicated 604 low-latency EPS bearer. A packet that has no associated NQB marking 605 SHOULD NOT be routed through the dedicated low-latency EPS bearer. 607 8.3. WiFi Networks 609 WiFi networking equipment compliant with 802.11e/n/ac/ax [IEEE802-11] 610 generally supports either four or eight transmit queues and four sets 611 of associated Enhanced Multimedia Distributed Control Access (EDCA) 612 parameters (corresponding to the four WiFi Multimedia (WMM) Access 613 Categories) that are used to enable differentiated media access 614 characteristics. As discussed in [RFC8325], most existing WiFi 615 implementations use a default DSCP to User Priority mapping that 616 utilizes the most significant three bits of the Diffserv Field to 617 select "User Priority" which is then mapped to the four WMM Access 618 Categories. [RFC8325] also provides an alternative mapping that more 619 closely aligns with the DSCP recommendations provided by the IETF. 621 In addition to the requirements provided in other sections of this 622 document, to support the NQB PHB, WiFi equipment (including equipment 623 compliant with [RFC8325]) SHOULD map the NQB codepoint 45 into a 624 separate queue in the same Access Category as the queue that carries 625 default traffic (i.e. the Best Effort Access Category). 627 8.3.1. Interoperability with Existing WiFi Networks 629 While some existing WiFi equipment may be capable (in some cases via 630 firmware update) of supporting the NQB PHB requirements, many 631 currently deployed devices cannot be configured in this way. As a 632 result the remainder of this section discusses interoperability with 633 these existing WiFi networks, as opposed to PHB compliance. 635 In order to increase the likelihood that NQB traffic is provided a 636 separate queue from QB traffic in existing WiFi equipment that uses 637 the default mapping, the 45 code point is recommended for NQB. This 638 maps NQB to UP_5 which is in the "Video" Access Category. While this 639 DSCP to User Priority mapping enables these WiFi systems to support 640 the NQB PHB requirement for segregated queuing, it does not support 641 the remaining NQB PHB requirements in Section 5. The ramifications 642 of, and remedies for this are discussed further below. 644 Existing WiFi devices are unlikely to support a traffic protection 645 algorithm, so traffic mismarked as NQB is not likely to be detected 646 and remedied by such devices. 648 Furthermore, in their default configuration, existing WiFi devices 649 utilize EDCA parameters that result in statistical prioritization of 650 the "Video" Access Category above the "Best Effort" Access Category. 651 If left unchanged, this would violate the NQB PHB requirement for 652 equal prioritization, and could erode the principle of alignment of 653 incentives. In order to preserve the incentives principle for NQB, 654 WiFi systems SHOULD configure the EDCA parameters for the Video 655 Access Category to match those of the Best Effort Access Category. 657 Similarly, systems that utilize [RFC8325] but that are unable to 658 fully support the PHB requirements, SHOULD map the recommended NQB 659 code point 45 (or the locally determined alternative) to UP_5 in the 660 "Video" Access Category. 662 9. Acknowledgements 664 Thanks to Diego Lopez, Stuart Cheshire, Brian Carpenter, Bob Briscoe, 665 Greg Skinner, Toke Hoeiland-Joergensen, Luca Muscariello, David 666 Black, Sebastian Moeller, Ruediger Geib, Jerome Henry, Steven Blake, 667 Jonathan Morton, Roland Bless, Kevin Smith, Martin Dolly, and Kyle 668 Rose for their review comments. Thanks also to Gorry Fairhurst, Ana 669 Custura, and Ruediger Geib for their input on selection of 670 appropriate DSCPs. 672 10. IANA Considerations 674 This document requests that IANA assign the Differentiated Services 675 Field Codepoints (DSCP) 5 ('0b000101', 0x05) and 45 ('0b101101', 676 0x2D) from the "Differentiated Services Field Codepoints (DSCP)" 677 registry (https://www.iana.org/assignments/dscp-registry/) ("DSCP 678 Pool 3 Codepoints", Codepoint Space xxxx01, Standards Action) as the 679 RECOMMENDED codepoints for Non-Queue-Building behavior. 681 11. Security Considerations 683 When the NQB PHB is fully supported in bottleneck links, there is no 684 incentive for a queue-building application to mismark its packets as 685 NQB (or vice versa). If a queue-building flow were to mark its 686 packets as NQB, it would be unlikely to receive a benefit by doing 687 so, and it could experience excessive packet loss, excessive latency 688 variation and/or excessive out-of-order delivery (depending on the 689 nature of the traffic protection function). If a non-queue-building 690 flow were to fail to mark its packets as NQB, it could suffer the 691 latency and loss typical of sharing a queue with capacity seeking 692 traffic. 694 In order to preserve low latency performance for NQB traffic, 695 networks that support the NQB PHB will need to ensure that mechanisms 696 are in place to prevent malicious NQB-marked traffic from causing 697 excessive queue delays. This document recommends the implementation 698 of a traffic protection mechanism to achieve this goal, but 699 recognizes that other options may be more desirable in certain 700 situations. 702 Notwithstanding the above, the choice of DSCP for NQB does allow 703 existing WiFi networks to readily (and by default) support some of 704 the PHB requirements, but without a traffic protection function, and 705 (when left in the default state) by giving NQB traffic higher 706 priority than QB traffic. This does open up the NQB marking to 707 potential abuse on these WiFi links, but since these existing WiFi 708 networks already give one quarter of the DSCP space this same 709 treatment, and further they give another quarter of the DSCP space 710 even higher priority, the NQB DSCP does not seem to be of any greater 711 risk for abuse than these others. 713 The NQB signal is not integrity protected and could be flipped by an 714 on-path attacker. This might negatively affect the QoS of the 715 tampered flow. 717 12. References 719 12.1. Normative References 721 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 722 DOI 10.17487/RFC0791, September 1981, 723 . 725 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 726 Requirement Levels", BCP 14, RFC 2119, 727 DOI 10.17487/RFC2119, March 1997, 728 . 730 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 731 "Definition of the Differentiated Services Field (DS 732 Field) in the IPv4 and IPv6 Headers", RFC 2474, 733 DOI 10.17487/RFC2474, December 1998, 734 . 736 [RFC2983] Black, D., "Differentiated Services and Tunnels", 737 RFC 2983, DOI 10.17487/RFC2983, October 2000, 738 . 740 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 741 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 742 March 2017, . 744 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 745 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 746 May 2017, . 748 [RFC8325] Szigeti, T., Henry, J., and F. Baker, "Mapping Diffserv to 749 IEEE 802.11", RFC 8325, DOI 10.17487/RFC8325, February 750 2018, . 752 12.2. Informative References 754 [Barik] Barik, R., Welzl, M., Elmokashfi, A., Dreibholz, T., and 755 S. Gjessing, "Can WebRTC QoS Work? A DSCP Measurement 756 Study", ITC 30, September 2018. 758 [Custura] Custura, A., Venne, A., and G. Fairhurst, "Exploring DSCP 759 modification pathologies in mobile edge networks", TMA , 760 2017. 762 [I-D.briscoe-docsis-q-protection] 763 Briscoe, B. and G. White, "Queue Protection to Preserve 764 Low Latency", Work in Progress, Internet-Draft, draft- 765 briscoe-docsis-q-protection-00, 8 July 2019, 766 . 769 [I-D.ietf-tsvwg-aqm-dualq-coupled] 770 Schepper, K. D., Briscoe, B., and G. White, "DualQ Coupled 771 AQMs for Low Latency, Low Loss and Scalable Throughput 772 (L4S)", Work in Progress, Internet-Draft, draft-ietf- 773 tsvwg-aqm-dualq-coupled-18, 25 October 2021, 774 . 777 [I-D.ietf-tsvwg-dscp-considerations] 778 Custura, A., Fairhurst, G., and R. Secchi, "Considerations 779 for Assigning a new Recommended DiffServ Codepoint 780 (DSCP)", Work in Progress, Internet-Draft, draft-ietf- 781 tsvwg-dscp-considerations-00, 26 July 2021, 782 . 785 [I-D.ietf-tsvwg-ecn-l4s-id] 786 Schepper, K. D. and B. Briscoe, "Explicit Congestion 787 Notification (ECN) Protocol for Very Low Queuing Delay 788 (L4S)", Work in Progress, Internet-Draft, draft-ietf- 789 tsvwg-ecn-l4s-id-19, 26 July 2021, 790 . 793 [I-D.ietf-tsvwg-l4s-arch] 794 Briscoe, B., Schepper, K. D., Bagnulo, M., and G. White, 795 "Low Latency, Low Loss, Scalable Throughput (L4S) Internet 796 Service: Architecture", Work in Progress, Internet-Draft, 797 draft-ietf-tsvwg-l4s-arch-10, 1 July 2021, 798 . 801 [IEEE802-11] 802 IEEE-SA, "IEEE 802.11-2020", IEEE 802, December 2020, 803 . 805 [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., 806 and W. Weiss, "An Architecture for Differentiated 807 Services", RFC 2475, DOI 10.17487/RFC2475, December 1998, 808 . 810 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 811 Video Conferences with Minimal Control", STD 65, RFC 3551, 812 DOI 10.17487/RFC3551, July 2003, 813 . 815 [RFC4594] Babiarz, J., Chan, K., and F. Baker, "Configuration 816 Guidelines for DiffServ Service Classes", RFC 4594, 817 DOI 10.17487/RFC4594, August 2006, 818 . 820 [RFC5127] Chan, K., Babiarz, J., and F. Baker, "Aggregation of 821 Diffserv Service Classes", RFC 5127, DOI 10.17487/RFC5127, 822 February 2008, . 824 [RFC7893] Stein, Y(J)., Black, D., and B. Briscoe, "Pseudowire 825 Congestion Considerations", RFC 7893, 826 DOI 10.17487/RFC7893, June 2016, 827 . 829 [RFC8033] Pan, R., Natarajan, P., Baker, F., and G. White, 830 "Proportional Integral Controller Enhanced (PIE): A 831 Lightweight Control Scheme to Address the Bufferbloat 832 Problem", RFC 8033, DOI 10.17487/RFC8033, February 2017, 833 . 835 [RFC8034] White, G. and R. Pan, "Active Queue Management (AQM) Based 836 on Proportional Integral Controller Enhanced PIE) for 837 Data-Over-Cable Service Interface Specifications (DOCSIS) 838 Cable Modems", RFC 8034, DOI 10.17487/RFC8034, February 839 2017, . 841 [RFC8083] Perkins, C. and V. Singh, "Multimedia Congestion Control: 842 Circuit Breakers for Unicast RTP Sessions", RFC 8083, 843 DOI 10.17487/RFC8083, March 2017, 844 . 846 [RFC8100] Geib, R., Ed. and D. Black, "Diffserv-Interconnection 847 Classes and Practice", RFC 8100, DOI 10.17487/RFC8100, 848 March 2017, . 850 [RFC8289] Nichols, K., Jacobson, V., McGregor, A., Ed., and J. 851 Iyengar, Ed., "Controlled Delay Active Queue Management", 852 RFC 8289, DOI 10.17487/RFC8289, January 2018, 853 . 855 [RFC8290] Hoeiland-Joergensen, T., McKenney, P., Taht, D., Gettys, 856 J., and E. Dumazet, "The Flow Queue CoDel Packet Scheduler 857 and Active Queue Management Algorithm", RFC 8290, 858 DOI 10.17487/RFC8290, January 2018, 859 . 861 [SA-5G] 3GPP, "System Architecture for 5G", TS 23.501, 2019. 863 Appendix A. DSCP Remarking Pathologies 865 Some network operators typically bleach (zero out) the Diffserv field 866 on ingress into their network 867 [I-D.ietf-tsvwg-dscp-considerations][Custura][Barik], and in some 868 cases apply their own DSCP for internal usage. Bleaching the NQB 869 DSCP is not expected to cause harm to default traffic, but it will 870 severely limit the ability to provide NQB treatment end-to-end. 871 Reports on existing deployments of DSCP manipulation [Custura][Barik] 872 categorize the re-marking behaviors into the following six policies: 873 bleach all traffic (set DSCP to zero), set the top three bits (the 874 former Precedence bits) on all traffic to 0b000, 0b001, or 0b010, set 875 the low three bits on all traffic to 0b000, or remark all traffic to 876 a particular (non-zero) DSCP value. 878 Regarding the DSCP values of 5 & 45, there were no observations of 879 DSCP manipulation reported in which traffic was marked 5 or 45 by any 880 of these policies. Thus it appears that these re-marking policies 881 would be unlikely to result in QB traffic being marked as NQB (45). 882 In terms of the fate of NQB-marked traffic that is subjected to one 883 of these policies, the result would be that NQB marked traffic would 884 be indistinguishable from some subset (possibly all) of other 885 traffic. In the policies where all traffic is remarked using the 886 same (zero or non-zero) DSCP, the ability for a subsequent network 887 hop to differentiate NQB traffic via DSCP would clearly be lost 888 entirely. 890 In the policies where the top three bits are overwritten, both NQB 891 values (5 & 45) would receive the same marking as would the currently 892 unassigned Pool 3 DSCPs 13,21,29,37,53,61, with all of these code 893 points getting mapped to DSCP=5, 13 or 21 (depending on the overwrite 894 value used). Since none of the DSCPs in the preceding lists are 895 currently assigned by IANA, and they all are set aside for Standards 896 Action, it is believed that they are not widely used currently, but 897 this may vary based on local-usage. 899 For the policy in which the low three bits are set to 0b000, the NQB 900 (45) value would be mapped to CS5 and would be indistinguishable from 901 CS5, VA, EF (and the unassigned DSCPs 41, 42, 43). Traffic marked 902 using the existing standardized DSCPs in this list are likely to 903 share the same general properties as NQB traffic (non capacity- 904 seeking, very low data rate or relatively low and consistent data 905 rate). Similarly, any future recommended usage for DSCPs 41, 42, 43 906 would likely be somewhat compatible with NQB treatment, assuming that 907 IP Precedence compatibility (see Section 1.5.4 of [RFC4594]) is 908 maintained in the future. Here there may be an opportunity for a 909 node to provide the NQB PHB or the CS5 PHB to CS5-marked traffic and 910 retain some of the benefits of NQB marking. This could be another 911 motivation to (as discussed in Section 4.2) classify CS5-marked 912 traffic into NQB queue. For this same re-marking policy, the NQB (5) 913 value would be mapped to CS0/default and would be indistinguishable 914 from CS0, LE (and the unassigned DSCPs 2,3,4,6,7). In this case, NQB 915 traffic is likely to be given default treatment in all subsequent 916 nodes, which would eliminate the ability to provide NQB treatment in 917 those nodes, but would be relatively harmless otherwise. 919 Authors' Addresses 921 Greg White 922 CableLabs 924 Email: g.white@cablelabs.com 926 Thomas Fossati 927 ARM 929 Email: Thomas.Fossati@arm.com