Re: [tsvwg] draft diffserv-intercon: Handling of a scavenger class / CS1

["Bless, Roland (TM)" <roland.bless@kit.edu>]

Hi Mikael,

Am 29.06.2015 um 09:37 schrieb Mikael Abrahamsson:
> As far as I read your document, it has nothing in it about how to
> incrementally get an Internet-wide scavenger class operationally
> deployed over time. To me it reads more like a document for business VPN
> Carriers-Carrier services style interconnect/interworking. It has no
> operational advice at all in it on how to deal with DDoS, how to
> configure access equipment, how to set up queuing strategies on
> different kinds of equipment, listing what equipment might do what, etc.

Normally, RFC 4594 (https://datatracker.ietf.org/doc/rfc4594/)
defines many of such aspects, however, mainly conceptually, not
by concrete network gear and focusing on a single DS domain.

> I suggested how to actually make this incrementally and widely
> deployable across the world, and that is to aim for a 000xxx style
> scavenger class. This seems to not work for some reason that is unclear
> to me, your document doesn't seem to be operational at all, it doesn't
> propose something that is operationally deployable on the wider
> Internet, so that's why I think we would need another document for this
> purpose. If that is not a goal we can agree on, then there is no need to
> write one.

RFC 3662 (https://datatracker.ietf.org/doc/rfc3662/) normally gives
enough hints how to implement a lower effort (LE) PDB. A simple priority
scheduler and two queues are sufficient to support LE and BE
(Best-effort). The good thing is that you don't need any traffic
conditioning
mechanisms in place, thus not much configuration required, except for
the queue, scheduling and DSCP classifier.

> So just to sum up: I'm sure your document is fine for what it intends to
> do, it just doesn't answer any of the concerns an IP network
> engineer/architect might have about implementing this on an Internet
> peering link where there is little or no control over what traffic will
> pass or what this traffic might do to the rest of their network. It
> suggests a way to do something with no operational analysis or risk
> mitigation at all.

The basic concept of DiffServ is intentionally held very flexible and
every operator may do his own things. However, if the implementations
are very different, services may become inconsistent across different
DS domains, i.e., within a DS region. Therefore, recommendations for
some of those behaviors would be good.

> The first thing that will pop into any good IP architects head nowadays
> will be "oh, what happens to my network when I get 200 gigabits/s of 64
> byte packets marked EF from that 5 million strong DDoS-drone network all
> across the world, aimed for my customer base?"

DiffServ depends very much on the correct operation of the boundary
nodes, i.e., they represent a trust boundary. For example, EF requires
admission control prior use and if this is missing, but EF traffic
enters a DS domain, violations of SLAs may follow.

> The answer to that is "I'll bleach DSCP it because that's the only way
> to handle it". So in order to get a scavenger class actually deployable,

Yes, because DS boundary nodes are located at the trust boundaries and
thus need to enforce a provider's policies. If two DS domains trust each
others markings (and thus policing at their respective boundaries), then
there is no need for bleaching/remarking to other PHBs.

> you have to come up with something that means they can relax the
> bleaching a little bit by some operators, but their infrastructure would
> still treat the traffic the same. You also have to take into account
> that a lot of core IP network equipment can't do DSCP mapping very well.
> This kind of functionality makes equipment more expensive and thus less
> likely to exist widely. 

The very good thing about Lower Effort traffic is that it does no
harm to ordinary BE traffic. That was one of its design goals. So
letting in LE traffic is "always safe", no requirement for bleaching.
More precisely, LE traffic from domain A may affect LE traffic within
domain B while traversing it, but it will never cause harm to BE traffic
carried in domain B. Moreover, LE traffic is also quite well suited to
fill up any protection/overprovisioned capacity.
The currently problem is the ambiguity of using CS1 as DSCP for LE.
If CS1 is handled as in RFC 2474, it may adversely affect BE traffic,
if CS1 is handled as in RFC 3662 there shouldn't be any problem.

Regards,
 Roland