[tsvwg] Re: NQB claim of DSCP-
Vasilenko Eduard <vasilenko.eduard@huawei.com> Mon, 03 June 2024 07:52 UTC
Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D2B4C151710 for <tsvwg@ietfa.amsl.com>; Mon, 3 Jun 2024 00:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AHW8dH_7ZVQ for <tsvwg@ietfa.amsl.com>; Mon, 3 Jun 2024 00:52:27 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4689C14F5E6 for <tsvwg@ietf.org>; Mon, 3 Jun 2024 00:52:27 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.31]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Vt5Wm6q8Gz6K9Kw; Mon, 3 Jun 2024 15:51:16 +0800 (CST)
Received: from mscpeml100004.china.huawei.com (unknown [7.188.51.133]) by mail.maildlp.com (Postfix) with ESMTPS id ADA99140B2F; Mon, 3 Jun 2024 15:52:24 +0800 (CST)
Received: from mscpeml500004.china.huawei.com (7.188.26.250) by mscpeml100004.china.huawei.com (7.188.51.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Mon, 3 Jun 2024 10:52:24 +0300
Received: from mscpeml500004.china.huawei.com ([7.188.26.250]) by mscpeml500004.china.huawei.com ([7.188.26.250]) with mapi id 15.02.1258.034; Mon, 3 Jun 2024 10:52:24 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Sebastian Moeller <moeller0=40gmx.de@dmarc.ietf.org>, "Livingood, Jason" <jason_livingood=40comcast.com@dmarc.ietf.org>
Thread-Topic: [tsvwg] Re: NQB claim of DSCP-
Thread-Index: AQHasperow0L050uoE6B8xcjls9onLGwu2QAgADNZQCAAQY+AIADFrLg
Date: Mon, 03 Jun 2024 07:52:24 +0000
Message-ID: <dfb81e732fc648c293375c61f05d9f7e@huawei.com>
References: <B9CF3DCA-03E5-497C-9951-6D24DFDCCE72@gmx.de> <1B85F167-AC2F-4024-BCC9-C0CA565DCED6@comcast.com> <AA79DF37-0E82-4111-84C0-3F4612223402@gmx.de> <6A816C4B-64EA-461A-82CC-D75071CA4E29@comcast.com> <FC25FEDB-FEDD-4F5E-A174-36B852ACDC63@gmx.de>
In-Reply-To: <FC25FEDB-FEDD-4F5E-A174-36B852ACDC63@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.199.59.222]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Message-ID-Hash: 42WRGHEYZKIYLKJ2PD56CGJJL6I2XX57
X-Message-ID-Hash: 42WRGHEYZKIYLKJ2PD56CGJJL6I2XX57
X-MailFrom: vasilenko.eduard@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tsvwg <tsvwg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: NQB claim of DSCP-
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/7DEroYZOT4oKNwWtTDZvuiZcm_g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
> applaud you for taking on the effort to make DSCPs, or specifically DSCP dec45 useful It is not possible to develop any mechanism of DSCP usage in the open Internet (cross-AS, peering) till all ISPs agree to charge additional money for this DSCP (that is not possible to negotiate). If not charged, then this DSCP code point would be abused for profit (if the resource is unlimited and could preempt other traffic, like DualQ) or DDoS (if the resource is fixed, like NQB 5%). Abuse mitigation techniques: 1. Monitoring per flow is not scalable, defeats the purpose because then it is better to have per-flow treatment initially and achieve even better service. This mitigation is not useful at all. 2. The potential abuser (every subscriber) could be isolated in his personal scheduler. Per-user scheduler (HQoS) is available on BNG/CMTS/UPF and scalable to have it per every subscriber. This mitigation is possible only on the specific subscriber-serving device. DSCP is useful for VPNs where it is separately charged. But even VPNs are not standardized cross-AS. Ed/ -----Original Message----- From: Sebastian Moeller <moeller0=40gmx.de@dmarc.ietf.org> Sent: Saturday, June 1, 2024 14:03 To: Livingood, Jason <jason_livingood=40comcast.com@dmarc.ietf.org> Cc: tsvwg <tsvwg@ietf.org> Subject: [tsvwg] Re: NQB claim of DSCP- Hi Jason, > On 31. May 2024, at 21:24, Livingood, Jason <jason_livingood=40comcast.com@dmarc.ietf.org> wrote: > > On 5/31/24, 03:10, "Sebastian Moeller" <moeller0=40gmx.de@dmarc.ietf.org <mailto:40gmx.de@dmarc.ietf.org>> wrote: >>>> We can easily see that my ISP (O2/Telefonica) does not remark DSCP decimal 45 (they do remap tos 192 (CS6) and tos 224 (CS7) but I assume that these DSCPs are used in the O2 network itself; >>> [JL] I wonder if that is unintentional - it would be great to pull in a Telefonica network engineer to see. > >> [SM] Good question, curious to hear some answer to that one. What makes you believe that this might not be intended? > > [JL] Because I have seen many examples over the years where people claim we're doing X or Y due to some presumed policy decision only to find it is an error or something missing in a config on a limited number of devices. [SM2] Fair enough, I am not privy to the intended goals of O2's DSCP policy, and believe I have no way of figuring this out. Speaking of DSCP re-mapping is it intentional that 75.75.75.75 remaps to TOS 0x20, aka CS1, when seeing 0x34 from the outside: user@123-1234567 CODE % traceroute -aD -t 180 75.75.75.75 traceroute to 75.75.75.75 (75.75.75.75), 64 hops max, 40 byte packets 1 [AS0] 192.168.42.1 (192.168.42.1) 2.414 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc94000001110000c0a82af94b4b4b4bcc93829b00142e5f000000000000000000000000 ____________________6a45________________________________________________________ 2 [AS6805] loopback1.0001.acln.06.ham.de.net.telefonica.de (62.52.201.198) 42.187 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc95000002110000c0a82af94b4b4b4bcc93829c00142e5e000000000000000000000000 ________________01__6a44________________________________ 3 [AS6805] bundle-ether8.0002.dbrx.06.ham.de.net.telefonica.de (62.53.1.234) 11.143 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc96000003110000c0a82af94b4b4b4bcc93829d00142e5d000000000000000000000000 ________________01__6a43________________________________________________________00000000000000000000000000000000000000000000000000000000 4 [AS6805] bundle-ether5.0003.corx.01.ham.de.net.telefonica.de (62.53.14.28) 21.078 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc97000004110000c0a82af94b4b4b4bcc93829e00142e5c000000000000000000000000 ________________01__6a42________________________________________________________0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020007fd900080101041c5b01 5 [AS6805] ae6-0.0001.corx.01.off.de.net.telefonica.de (62.53.0.35) 19.715 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc98000005110000c0a82af94b4b4b4bcc93829f00142e5b000000000000000000000000 ________________02__6941________________________________________________________000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000dfe600080101040efb01 6 [AS6805] ae2-0.0001.inrx.04.str.de.net.telefonica.de (62.53.2.151) 18.245 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc99000006110000c0a82af94b4b4b4bcc9382a000142e5a000000000000000000000000 ________________03__6840________________________________________________________000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000dfe600080101040efb01 7 [AS6805] ae0-0.0001.prrx.02.dus.de.net.telefonica.de (62.53.13.221) 20.081 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc9a000007110000c0a82af94b4b4b4bcc9382a100142e59000000000000000000000000 ________________01__6a3f________________________________ 8 * 9 [AS12956] 213.140.36.245 (213.140.36.245) 29.769 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc9c000009110000c0a82af94b4b4b4bcc9382a300142e57000000000000000000000000 __34____________01__6abd________________________________ 10 [AS12956] 213.140.35.238 (213.140.35.238) 105.953 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc9d00000a110000c0a82af94b4b4b4bcc9382a400142e56000000000000000000000000 __34____________01__6abc________________________________________________________00000000000000000000000000000000000000000000000000000000 11 [AS7922] be-204-pe13.ashburn.va.ibone.comcast.net (71.25.197.185) 105.751 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc9e00000b110000c0a82af94b4b4b4bcc9382a500142e55000000000000000000000000 __34____________01__6abb________________________________________________________00000000000000000000000000000000000000000000000000000000 12 [AS7922] be-3313-cs03.beaumeade.va.ibone.comcast.net (68.86.166.217) 105.551 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cc9f00000c110000c0a82af94b4b4b4bcc9382a600142e54000000000000000000000000 __20____________01__6ace________________________________________________________00000000000000000000000000000000000000000000000000000000 13 [AS7922] be-31411-arsc1.capitolhghts.md.bad.comcast.net (96.110.40.18) 109.026 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cca000000d110000c0a82af94b4b4b4bcc9382a700142e53000000000000000000000000 __20____________01__6acd________________________________________________________00000000000000000000000000000000000000000000000000000000 14 [AS7922] po-1-xar01.alexandria.va.bad.comcast.net (96.216.131.254) 108.005 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cca100000e110000c0a82af94b4b4b4bcc9382a800142e52000000000000000000000000 __20____________01__6acc________________________________________________________ 15 [AS7922] po-200-rur201.alexandria.va.bad.comcast.net (68.86.204.102) 107.570 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cca200000f110000c0a82af94b4b4b4bcc9382a900142e51000000000000000000000000 __20____________01__6acb________________________________________________________ 16 [AS7922] dns-sw01.alexandria.va.bad.comcast.net (68.85.113.126) 113.486 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cca3000010110000c0a82af94b4b4b4bcc9382aa00142e50000000000000000000000000 __20____________01__6aca________________________________________________________ 17 [AS7922] cdns01.comcast.net (75.75.75.75) 108.596 ms vhtslen id off tlprsum srcip dstip spt dpt len sum 45b42800cca4000011110000c0a82af94b4b4b4bcc9382ab00142e4f000000000000000000000000 __20____________01__6ac9________________________________________________________ CS1 being traditional background category, that might make some sense in that access to comcast's DNS servers might be considered lower priority than for comcast customers (but I can not really test that hypothesis). > >> Look, I understand that DSCPs do not currently traverse the internet reliably and robustly, but that is not the same as a reliable neutering of NQB over not NQB-aware paths. Delegating safety tor accidental configurations (that are not really aligned with IETF recommendations) seems neither robust nor reliable to me. > > [JL] My observation as an operator is that every other network with which we connect is bleaching our inbound DSCP marks. That is one of the things that will make NQB challenging; we need to get networks to allow 45 marking inbound - so NQB will likely take more time for adoption that L4S, since in most cases ECN is not bleached on ingress. [SM] Yes I : a) applaud you for taking on the effort to make DSCPs, or specifically DSCP dec45 useful over more than a single link (I disagree with NQB's current draft and design, but I agree with it being quite attractive to make a few DSCPs capable of traversing end to end) b) Getting a specific DSCP traverse the internet reliably un-changed is a requirement for making that DSCP really useful, but to make the expected re-marking a safety feature IMHO requires that remapping is almost universal, and I think I brought a 'black swan' to this discussion already. Still possible, that the likelihood of re-markung is high enough to consider that a back-stop, but I really would like to see some data assessing that re-marking probability per residential ISP. Regards Sebastian > >
- [tsvwg] NQB claim of DSCP- Sebastian Moeller
- [tsvwg] Re: NQB claim of DSCP- Livingood, Jason
- [tsvwg] Re: NQB claim of DSCP- Sebastian Moeller
- [tsvwg] Re: NQB claim of DSCP- Livingood, Jason
- [tsvwg] Re: NQB claim of DSCP- Sebastian Moeller
- [tsvwg] Re: NQB claim of DSCP- Vasilenko Eduard