[tsvwg] NQB claim of DSCP-
Sebastian Moeller <moeller0@gmx.de> Thu, 30 May 2024 07:49 UTC
Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAA7BC14F700 for <tsvwg@ietfa.amsl.com>; Thu, 30 May 2024 00:49:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.847
X-Spam-Level:
X-Spam-Status: No, score=-6.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amuG80dMxUAg for <tsvwg@ietfa.amsl.com>; Thu, 30 May 2024 00:48:57 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6707C14F5E6 for <tsvwg@ietf.org>; Thu, 30 May 2024 00:48:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1717055335; x=1717660135; i=moeller0@gmx.de; bh=mbo0C+8nTvCL/dQpgd9u8Lf+ex0xDhNHs8aINbNP6ME=; h=X-UI-Sender-Class:From:Content-Type:Content-Transfer-Encoding: Mime-Version:Subject:Message-Id:Date:To:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=eqEaKucEsAZi45+z3APwslSwxvVybqqBFmozimIBq8mcNYEKpsuRXcNe1DIe1/8V bfw39l7j6GCRzUBxBuYr30t30rjensHx8jKlgVxJ7oee0et8ZWJUV8B9kErzoDJx2 ecdXyHAB+4w4KSdk59E7uQ7L+f1WbfqwLGrRXR7eX005avsXoqCwiqR/IJU7FC0j8 9U+kx6VE2mv71/8nkE2oqlFbmnivUb4eAKxyhulnTVQR7AlTPQsKhYRY33GF7PeIX Wysf0UTecgJ1Rg4Cun8Go8O5rw7u6yTpsfJ14Fwe9K5cnCF+E4sDISkXs6kbHlrDZ HHoTAwSYEWSnoP+1Kw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([134.76.241.253]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mjj8D-1stInV3Y0x-00lDGO for <tsvwg@ietf.org>; Thu, 30 May 2024 09:48:54 +0200
From: Sebastian Moeller <moeller0@gmx.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Message-Id: <B9CF3DCA-03E5-497C-9951-6D24DFDCCE72@gmx.de>
Date: Thu, 30 May 2024 09:48:44 +0200
To: tsvwg <tsvwg@ietf.org>
X-Mailer: Apple Mail (2.3774.600.62)
X-Provags-ID: V03:K1:SHVtrWVbp4ottL8NEsrzt2Sjy6y/jBpHjVK8g0aZyB0QsGB6ZJe emydMDq7tIfJ4rlVXNITRg6Bpfu/f5hU6zP/f8EyJO7gUeuwBv7SDUHfw9zN+BMCGtXvH2v hRQHsZBb07L6GVr+kopTdfjb7BuW+yIO4rLH1kS14b7u9xiDrqrwHzBIixPdkhguQxeE9S7 mwyjsGyAf4UXPw37SgDjg==
UI-OutboundReport: notjunk:1;M01:P0:klEenyOwELY=;voleIP3jOHDsF1ageVZongTs9If gCjRzJqhBDpsDn6ikyW1EbqARv/UNc5cBdrlFqsBBsgw5MhhkHgAIiNXicc/q+jgnAbU8S9Wh hAYaSNw6PClRxbo+/2G1ZNxd0mdnlM64t286nC/zmk+YJO/CmkY0gofkSmiVSeS561tt+wKYd Gr/txk8Tjky7N2y6F7fhW/U9iJLn0UhkxYc04j3VHVGvrmsaFfGNwj6/rSESnbMrwaMhYwnPa z00oakXOOG79JaVywWCJUtCyEJZpNa2HW9+y3/1g3CUX5FJJowYtrUMWSVg2KrbHelHv3yxfs HvbQjpB/I8y0L1jcptI4bWdQSoEucX2tGmlhm0BrmovX3v42cRWB7PnIVfyR3qrc/IGQ0rlDa UPERDiFjlIm338ZgseqYzamlYXmzjctKexivev4REtmu3Hzkc3uLvZiRMtiG6DeO5SyUNw/ok ExeY89hyyAjQVyw/NWovh+VAAMRW7EKSaxbKUgchuW2PfC8X84uxzI9x0e8VKdPoJM0Q0amFD OMZXfMPgSjLUflv7BuFIIXyca5qzXlOUP/0TNOtpnpJq1fp5chJtvg3UpZxneVm2nLwKFHLC6 WtbYhj0h/B19KoR5ObYnZaAYuGJMfEa9ndi1pWlVT4vlRfSVdzmdOEI0ynKHgsWnGDyV2Pnfz FcIg6Eooe82un2vunmxpPme96ty/zULpHSenEiL7N4moZBI7BPOnZTT7yApo2ND2SnxUklfuW 8lASfOaHUeCnmHPMW+1ulwWojDim8AQHWNDzMxDeUjRqCxtIrPoxlb0Im8Irz3c4cluWL5LLa xbDorcw2hobaZyLUbOX5qMeSDO0p1Fzc1WZtxmfi97bJM=
Message-ID-Hash: BGJMVZG4ANING5OB5IKEDC6JYH7756M7
X-Message-ID-Hash: BGJMVZG4ANING5OB5IKEDC6JYH7756M7
X-MailFrom: moeller0@gmx.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] NQB claim of DSCP-
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/-4796GcjAlKa9uBjZbjeAtMozbU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
Dear All, https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-nqb-23#name-security-considerations • For application traffic that originates outside of the Wi-Fi network, and thus is transmitted by the Access Point, the choice of DSCP 45 does create a potential for abuse by non-compliant applications. But, opportunities exist in the network components upstream of the Wi-Fi Access Point to police the usage of the NQB DSCP and potentially re-mark traffic that is considered non-compliant, as is recommended in Section 4.4.1. Furthermore, it is a common practice for residential ISPs to re-mark the Diffserv field to zero on all traffic destined to their customers' networks, and any change to this practice done to enable the NQB DSCP to pass through could be done alongside the implementation of the recommendations in Section 4.4.1. This section proposes the theory that ISPs commonly violate IETF recommendations and re-mark the Diffserv field to zero. Fortunately that is an hypothesis that is open to relative easy testing at least on systems offering freebsd's traceroute utility: The -D option will show differences in the header of the transmitted packet and the header returned as part of the TTL exceeded response and helpfully even shows just the changed bits. The -t 180 option will set the TOS bitfield to decimal 180 or 0xB4 which corresponds to DSCP decimal 45 and Not-ECT in the ECN bitfield In this example my router was set to forward port 2224 to an internal host to not have this trace end at my firewall: user@123-1234567 script % traceroute -aD -e -p 2224 -t 180 77.10.144.227 traceroute to 77.10.144.227 (77.10.144.227), 64 hops max, 40 byte packets 1 [AS0] 192.168.250.1 (192.168.250.1) 1.469 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb82000001110000c0a8fa664d0a90e3fb8208b000146296000000000000000000000000 ____________________2492________________________________________________________ 2 [AS680] xr-physik1-zgpz.net.gwdg.de (134.76.241.254) 1.174 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb83000002110000c0a8fa664d0a90e3fb8308b000146295000000000000000000000000 ________________01__2491________________________________ 3 [AS680] 134.76.250.59 (134.76.250.59) 1.471 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb84000003110000c0a8fa664d0a90e3fb8408b000146294000000000000000000000000 ________________01__2490________________________________ 4 [AS680] fw-perimeter-gwdg-bb-xr-int.net.gwdg.de (134.76.131.51) 1.356 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb85000004110000c0a8fa664d0a90e3fb8508b000146293000000000000000000000000 ________________01__248f________________________________________________________ 5 [AS680] xr-fmz1-ext-bb-fw-perimeter.net.gwdg.de (134.76.131.37) 1.927 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb86000005110000c0a8fa664d0a90e3fb8608b000146292000000000000000000000000 ________________01__248e________________________________ 6 [AS680] ae0-1624.cr-gfmz1.as207592.net (195.12.38.74) 1.854 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb87000006110000c0a8fa664d0a90e3fb8708b000146291000000000000000000000000 ________________01__248d________________________________ 7 [AS680] cr-fra2-be18-1180.x-win.dfn.de (188.1.238.181) 5.765 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb88000007110000c0a8fa664d0a90e3fb8808b000146290000000000000000000000000 ________________01__248c________________________________________________________00000000000000000000000000000000000000000000000000000000 8 [AS680] cr-fra2-be18-1180.x-win.dfn.de (188.1.238.181) 5.544 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb89000008110000c0a8fa664d0a90e3fb8908b00014628f000000000000000000000000 ________________01__248b________________________________________________________00000000000000000000000000000000000000000000000000000000 9 [AS6805] ae64-0.0001.prrx.13.fra.de.net.telefonica.de (212.23.106.20) 11.321 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb8a000009110000c0a8fa664d0a90e3fb8a08b00014628e000000000000000000000000 ________________01__248a________________________________ 10 [AS6805] ae3-0.0002.corx.02.fra.de.net.telefonica.de (62.53.0.208) 42.210 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb8b00000a110000c0a8fa664d0a90e3fb8b08b00014628d000000000000000000000000 ________________01__2489________________________________________________________000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000fdcd000801010027e101 11 [AS6805] ae10-0.0001.corx.06.ham.de.net.telefonica.de (62.53.0.48) 12.880 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb8c00000b110000c0a8fa664d0a90e3fb8c08b00014628c000000000000000000000000 ________________01__2488________________________________________________________0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020006dce0008010100277101 12 [AS6805] bundle-ether9.0003.corx.01.ham.de.net.telefonica.de (62.53.0.34) 14.325 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb8d00000c110000c0a8fa664d0a90e3fb8d08b00014628b000000000000000000000000 ________________03__2287________________________________________________________0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001e13000801010fe2b101 13 [AS6805] bundle-ether2.0001.cord.01.ham.de.net.telefonica.de (62.53.14.231) 13.602 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb8e00000d110000c0a8fa664d0a90e3fb8e08b00014628a000000000000000000000000 ________________04__2186________________________________________________________000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000fe14000801010fe0d101 14 [AS6805] dynamic-077-010-144-227.77.10.pool.telefonica.de (77.10.144.227) 22.576 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb8f00000e110000c0a8fa664d0a90e3fb8f08b000146289000000000000000000000000 ________________01__2485________________________________________________________ 15 [AS6805] dynamic-077-010-144-227.77.10.pool.telefonica.de (77.10.144.227) 23.264 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800fb9000000f110000c0a8fa664d0a90e3fb9008b000146288000000000000000000000000 ________________01__2484________________________________________________________ We can easily see that my ISP (O2/Telefonica) does not remark DSCP decimal 45 (they do remap tos 192 (CS6) and tos 224 (CS7), but I assume that these DSCPs are used in the O2 network itself; all in all this looks like the expected behaviour, of letting DSCPs that do not interfere with local use traverse unchanged). This makes me wonder whether the hypothesis should be removed from the draft or sufficiently quantified. I am open to the possibility that most other ISPs will remark DSCPs, but I would do mike to see actual data showing such remarking executed by the residential ISP, please.
- [tsvwg] NQB claim of DSCP- Sebastian Moeller
- [tsvwg] Re: NQB claim of DSCP- Livingood, Jason
- [tsvwg] Re: NQB claim of DSCP- Sebastian Moeller
- [tsvwg] Re: NQB claim of DSCP- Livingood, Jason
- [tsvwg] Re: NQB claim of DSCP- Sebastian Moeller
- [tsvwg] Re: NQB claim of DSCP- Vasilenko Eduard