Re: [Tsv-art] DCSP mapping
Bob Briscoe <in@bobbriscoe.net> Fri, 21 September 2018 16:44 UTC
Return-Path: <in@bobbriscoe.net>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0297A130DFA for <tsv-art@ietfa.amsl.com>; Fri, 21 Sep 2018 09:44:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qYNSWXbeqy72 for <tsv-art@ietfa.amsl.com>; Fri, 21 Sep 2018 09:44:33 -0700 (PDT)
Received: from server.dnsblock1.com (server.dnsblock1.com [85.13.236.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84B201277CC for <tsv-art@ietf.org>; Fri, 21 Sep 2018 09:44:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:Cc:References:To:Subject:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=D35PQkoxreGGbriAnLu0JgEpIZRaCSkvlZsf+4Ny6vg=; b=9SL/5fZqCCDpeMFds9p7hSeyQ PiPoGqmSz/MhQ2rmToGs8tdJFGk790WUuE9rLTopHK8r4gmeSxLXvZg2wLGeGh25p0p4e2r0QNh8k 6bSZfv7fQ/sDzpEBpJechwV4D2jGP98L3Ge2fhxO+jKzEaJtYDiIFKBEAWdfNWpaNJI/IB2aifvnH Kt/x7O7e9NEiGCGrTrlN8zASV83YLcl+seWI0zaFiyBkuH3KMlskZO1gdsO2P07+s2ObU09SH0Ge3 K1HVDf14/PfiWs1wruxhbZbBf89vzg7uNhAxrGr20ct1xVHQlglZRezl8WsQdsSxjtSayNLLuLcXd PMxMWuVqg==;
Received: from 188.74.9.51.dyn.plus.net ([51.9.74.188]:59352 helo=[192.168.0.7]) by server.dnsblock1.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <in@bobbriscoe.net>) id 1g3OXe-0007yn-Un; Fri, 21 Sep 2018 17:44:31 +0100
To: "Black, David" <David.Black@dell.com>, "ietf@kuehlewind.net" <ietf@kuehlewind.net>, "tsv-art@ietf.org" <tsv-art@ietf.org>
References: <81F8CC39-469C-45AA-A01C-3142C9439605@kuehlewind.net> <62e7537082694d8abe1c8b66e35e0776@ericsson.com> <CE03DB3D7B45C245BCA0D2432779493630295360@MX307CL04.corp.emc.com>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>
From: Bob Briscoe <in@bobbriscoe.net>
Message-ID: <b6d0d1fa-f164-0fce-f462-cd8964e71b17@bobbriscoe.net>
Date: Fri, 21 Sep 2018 17:44:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CE03DB3D7B45C245BCA0D2432779493630295360@MX307CL04.corp.emc.com>
Content-Type: multipart/alternative; boundary="------------9743D27EFDEB3842265E82EE"
Content-Language: en-GB
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.dnsblock1.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: server.dnsblock1.com: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: server.dnsblock1.com: in@bobbriscoe.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/s_t6plb2VThjjgJr7hf434JtnOE>
Subject: Re: [Tsv-art] DCSP mapping
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2018 16:44:37 -0000
Mirja, It might save some reading (at the risk of summarizing 2983 wrongly in front of the author) to say that 2983 offers two modes of Diffserv tunnel, with the choice between them based on policy: 1. uniform (on encap copy to outer; on decap copy from outer) 2. pipe (on decap, use inner for traffic conditioning) Some of the confusion between different advice can be explained by the fact that, altho the decap node might also be on a policy boundary, the policy function can be considered to be applied before or after decap. Then, whether the mode of the tunnel is uniform or pipe interacts with the policy function in ways that depend on exactly where the operator locates the policy boundary within the machine, relative to where decap is located within the machine. So, as David said, there really is no simple answer. An operator can pretty much put it all together to achieve whatever outcome it wants. So I don't think it would be helpful for 6830bis to recommend or require any one approach. Bob On 20/09/18 15:35, Black, David wrote: > There's no simple answer here. The overall framework is in RFC 2983, but it probably doesn't have the specific guidance that's desired. > > For IPsec, the simple discussion in RFC 2474 has been superseded by material in RFC 4301. > > Thanks, --David > >> -----Original Message----- >> From: Tsv-art [mailto:tsv-art-bounces@ietf.org] On Behalf Of Magnus >> Westerlund >> Sent: Thursday, September 20, 2018 8:41 AM >> To: ietf@kuehlewind.net; tsv-art@ietf.org >> Subject: Re: [Tsv-art] DCSP mapping >> >> >> [EXTERNAL EMAIL] >> Please report any suspicious attachments, links, or requests for sensitive >> information. >> >> >> Hi, >> >> Yes, the coping is only relevant if the entity decapsulating the packet isn't >> sitting on an administrative boundary between two different domains with >> potentially different markings. For LISP it appears likely that the LISP >> decapsulator will need to perform DSCP remapping and policing functions. >> >> Cheers >> >> Magnus Westerlund >> >> -----Original Message----- >> From: Tsv-art <tsv-art-bounces@ietf.org> On Behalf Of Mirja Kuehlewind >> (IETF) >> Sent: den 20 september 2018 12:42 >> To: TSV-ART <tsv-art@ietf.org> >> Subject: [Tsv-art] DCSP mapping >> >> Hi all, >> >> while reviewing lisp (rfc6830bis) I wasn’t really able to find guidance on what >> to do with DSCP for IP in IP tunnels. rfc6830bis say "SHOULD be copied from >> the inner-header DSCP field“ on encapsulation and decapsulation. Other >> docs even say MUST (e.g. rfc6333 section-7.1). rfc2474 section-7.2 say that >> for IPsec it MUST NOT be copied on decapsulation. So I guess, at least for >> decapsulation, it might not alway make sense to overwrite the inner DSCP >> with the changed outer DSCP and I would think that in most cases this is >> rather a local policy question. Do we have any more guidance on this in any >> RFC that I couldn’t find, or is further guidance needed here? >> >> >> Mirja >> >> P.S: For rfc6830bis I would like the author to add a sentence that this SHOULD >> may depend on local policy. („In absence of a different local policy for use of >> DCSP, the DCSP field SHOULD be copied..“ or something like this) >> >> >> _______________________________________________ >> Tsv-art mailing list >> Tsv-art@ietf.org >> https://www.ietf.org/mailman/listinfo/tsv-art > _______________________________________________ > Tsv-art mailing list > Tsv-art@ietf.org > https://www.ietf.org/mailman/listinfo/tsv-art -- ________________________________________________________________ Bob Briscoe http://bobbriscoe.net/
- Re: [Tsv-art] DCSP mapping Magnus Westerlund
- [Tsv-art] DCSP mapping Mirja Kuehlewind (IETF)
- Re: [Tsv-art] DCSP mapping Black, David
- Re: [Tsv-art] DCSP mapping Bob Briscoe