Re: [tsvwg] draft diffserv-intercon: Handling of a scavenger class / CS1

[Mikael Abrahamsson <swmike@swm.pp.se>]

On Mon, 29 Jun 2015, Ruediger.Geib@telekom.de wrote:

> I repeat that I've talked with my RIPE/NANOG colleagues to get feedback 
> - they came back only with one or two names with whom to discuss QoS 
> interconnection. And I never got any useful response (positive or 
> negative) from those.

This is the problem, that's not how to do this, the way to do this is to 
announce an idea on the nanog mailing list and see who might be 
interested.

As far as I read your document, it has nothing in it about how to 
incrementally get an Internet-wide scavenger class operationally deployed 
over time. To me it reads more like a document for business VPN 
Carriers-Carrier services style interconnect/interworking. It has no 
operational advice at all in it on how to deal with DDoS, how to configure 
access equipment, how to set up queuing strategies on different kinds of 
equipment, listing what equipment might do what, etc.

I suggested how to actually make this incrementally and widely deployable 
across the world, and that is to aim for a 000xxx style scavenger class. 
This seems to not work for some reason that is unclear to me, your 
document doesn't seem to be operational at all, it doesn't propose 
something that is operationally deployable on the wider Internet, so 
that's why I think we would need another document for this purpose. If 
that is not a goal we can agree on, then there is no need to write one.

So just to sum up: I'm sure your document is fine for what it intends to 
do, it just doesn't answer any of the concerns an IP network 
engineer/architect might have about implementing this on an Internet 
peering link where there is little or no control over what traffic will 
pass or what this traffic might do to the rest of their network. It 
suggests a way to do something with no operational analysis or risk 
mitigation at all.

The first thing that will pop into any good IP architects head nowadays 
will be "oh, what happens to my network when I get 200 gigabits/s of 64 
byte packets marked EF from that 5 million strong DDoS-drone network all 
across the world, aimed for my customer base?"

The answer to that is "I'll bleach DSCP it because that's the only way to 
handle it". So in order to get a scavenger class actually deployable, you 
have to come up with something that means they can relax the bleaching a 
little bit by some operators, but their infrastructure would still treat 
the traffic the same. You also have to take into account that a lot of 
core IP network equipment can't do DSCP mapping very well. This kind of 
functionality makes equipment more expensive and thus less likely to exist 
widely.

-- 
Mikael Abrahamsson email: swmike@swm.pp.se