IETF Logo Mail Archive

Re: [tsvwg] DSCPs and L4S: Label DSCP

Jonathan Morton <chromatix99@gmail.com> Sat, 29 May 2021 21:49 UTC

Return-Path: <chromatix99@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C2413A215C for <tsvwg@ietfa.amsl.com>; Sat, 29 May 2021 14:49:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id btsbrswOC0RT for <tsvwg@ietfa.amsl.com>; Sat, 29 May 2021 14:49:01 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 948093A215A for <tsvwg@ietf.org>; Sat, 29 May 2021 14:49:01 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id e17so10779030lfb.2 for <tsvwg@ietf.org>; Sat, 29 May 2021 14:49:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8imnCoOvcPqJ54qNHOu6gEdkrbR/JhK3KZ73qrX1xU0=; b=dJrN2ZFEoUs775h5CH09C6xTETMTmrZD0ybrrhYcBoPYwfwtOXjNTIeTNbI7l5l+yZ 5VYwWdSiZmS4W+h9GN3duI5i0Dp2X4QbqDBwOKKYVYPRFR/rQUcTk9tfwUFDKgMesAt+ 2YwR0QJFtBLcOXN2SzNkvIrMsmVQBhObhDA6H7uuqj3+ddbOkfhBuK4Dmv6JjMtQ8UXT XKrofkTF0UMkw7XQI7+W5d8rfHdEfj1eZiw9UZcMyj43SHdmfbm7A80MN1MJFkAtR58b OEMLcS+W5Qzz4wYP6G8zG3qnRd5LIzmpkvMZE+B/ZRY+CyjtMXY2/OsIqoNLpDIOeuMu ub4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8imnCoOvcPqJ54qNHOu6gEdkrbR/JhK3KZ73qrX1xU0=; b=uEAKXlypc6bhg1cmkHc96mDtL4jHiVl7b/+uzmwbPiFqsTZW/m57ppqZPk9Pmypa7/ Bth2JW1IJMRnYlCsyvfYMxkVJ02giJGC1c7wUvObASQexRbvdWSRlUoewrqp/PlOxYhd oQxAWEesI1e6sETdVjIaQ32eXiRPVM71Lp+hmfRHUDrhEhsL+wXPdVVeagLsA0e8+KHv Cas2pgi6kwJ3b1uT9goXZisykVlRIAhTAxVMOxbQGXAAMyo613w+R3dgb/0BzsVMwpj9 cRQREcKlX+F7bD8v/5I1r22w0BmCXOFy9QoTQyj9wJdEYWbPMy0m12IHUTsTQpKpOfh8 BZGg==
X-Gm-Message-State: AOAM532qrMi/HoRaImXbhqIhOcRDeoJd6pwSP0mN3PIwA678P9UoiVuE U73Wsk0WPt+rKsgMWc9oQUc=
X-Google-Smtp-Source: ABdhPJxffIBZ9+9wrcwtGD3Vke5sesKQD3DVtV2WtTqZm0OSBOwohKR3wkzIM2drsKHs4rNoUQOD1w==
X-Received: by 2002:a19:c209:: with SMTP id l9mr1098663lfc.277.1622324938862; Sat, 29 May 2021 14:48:58 -0700 (PDT)
Received: from jonathartonsmbp.lan (87-93-133-133.bb.dnainternet.fi. [87.93.133.133]) by smtp.gmail.com with ESMTPSA id z2sm826316lfe.229.2021.05.29.14.48.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 May 2021 14:48:58 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Jonathan Morton <chromatix99@gmail.com>
In-Reply-To: <MN2PR19MB4045CC6F321E5B64B152FF0183229@MN2PR19MB4045.namprd19.prod.outlook.com>
Date: Sun, 30 May 2021 00:48:56 +0300
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6B4684DD-8130-4D0D-9061-DB2671650797@gmail.com>
References: <MN2PR19MB4045CC6F321E5B64B152FF0183229@MN2PR19MB4045.namprd19.prod.outlook.com>
To: "Black, David" <David.Black@dell.com>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/5KGWpjqB-R181KiBUnvFMIaCpjI>
Subject: Re: [tsvwg] DSCPs and L4S: Label DSCP
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 May 2021 21:49:04 -0000

> On 29 May, 2021, at 1:01 am, Black, David <David.Black@dell.com> wrote:
> 
> The "Label DSCP" approach takes that assumption as a suggestion and accepts the suggestion, i.e., network domains experimenting with L4S MUST use DSCPs to indicate the alternate semantics of the ECN field, specifically the ECT(1) and CE codepoints.

Okay, let me summarise this proposal from a different perspective, to be sure that everyone understands it correctly.  Specifically, in terms of concrete requirements on implementations and deployments.

L4S senders are required to emit the Label DSCP, either natively or by passing through a filter before the first possible bottleneck.  L4S receivers are *not* required to verify the Label DSCP is still on the packet.

The paragraph quoted above implies that any traffic reaching a DualQ instance and *not* carrying the Label DSCP, will go into the C queue and receive RFC-3168 compliant treatment.  For this traffic, DualQ will behave exactly like a single-queue RFC-3168 AQM.

Traffic that *does* carry the Label DSCP will be sorted between the C and L queues based primarily on the ECN field.  Such traffic that goes to the L queue will receive L4S type CE marking, while the C queue will still apply conventional CE marking and/or dropping.

This does not imply that *only* L4S traffic carries the Label DSCP, but that using the Label DSCP indicates at least passive participation in the L4S experiment, which includes the interactions between conventional and L4S traffic.  Non-participating traffic receives only conventional treatment, and is thus independent of L4S' redefinitions of ECN field codepoints and semantics.

L4S traffic reaching the boundary of the participating network will encounter the existing DSCP filtering infrastructure.  It is this which takes primary responsibility for "containment" of the L4S experiment within the participating networks.  (Another necessary aspect of this containment is refraining from deploying L4S endpoints outside that boundary.)  Merely bleaching the DSCP field will simply lead to L4S traffic that crosses the boundary passing through single-queue RFC-3168 AQMs with all the attendant adverse effects on conventional traffic.  Therefore, some more robust measure (rate limiting, blocking) must be applied at the boundary.

VPNs ensure that a single DSCP is applied to outer packet headers of a given SA, by default CS0, regardless of the inner packet's DSCP or ECN fields.  VPNs *may* be configured to create a distinct SA for traffic carrying the Label DSCP, and apply the Label DSCP to the outer header of that SA.  If packets with CS0 on the outer header will all go into the C queue, this avoids accidentally enabling the VPN Replay Window DoS attack for existing VPNs.  Only VPNs specifically configured for the Label DSCP will be vulnerable, and this can be used to explore the problem space.

Obviously, L4S traffic entering a default VPN SA will also go through the C queue, as well as through the same FQ bucket as the rest of the SA, and its modified response to CE marks will have the same effects as have been widely discussed so far.  This is why *all* L4S senders must emit the Label DSCP under this proposal.

If I managed to fundamentally misunderstand anything here, please do clarify.

 - Jonathan Morton

v2.39.1 | Report a Bug | By Email | System Status