Internet-Draft Forwarding Packets with EXP/LU DSCPs April 2020
Blake Expires 27 October 2020 [Page]
Workgroup:
Internet Engineering Task Force
Internet-Draft:
draft-blake-explu-dscp-rec-00
Published:
Intended Status:
Informational
Expires:
Author:
S. Blake

Recommendations for Forwarding Packets Marked with EXP/LU DSCPs in Diffserv Networks

Abstract

Some network operators implementing Diffserv are purported to remark some IP packets with non-zero DSCP values to the default DSCP value '000000' at their ingress network boundaries. This behavior is often not strictly necessary to protect an operator's network resources, and it impedes end-to-end experimentation of new differentiated services. This document recommends that Diffserv network operators refrain from remarking packets received with an EXP/LU DSCP value [RFC2474][RFC8436] that is not in use within the operator's network, and recommends that operators forward these packets at each Diffserv node (DS-node) using the Default "best-effort" PHB.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 27 October 2020.

Table of Contents

1. Introduction

The Differentiated Service (Diffserv) architecture defines the differentiated services field codepoint (DSCP) in IP packets to select among a set of per-hop forwarding behaviors (PHBs) in Diffserv nodes (DS-nodes) [RFC2474][RFC2475]. Network operators enforce traffic conditioning specifications (TCSs) [RFC3260] at network ingress boundaries to regulate the traffic parameters of ingressing Diffserv behavior aggregates (BAs) marked with specific DSCP values to deliver differentiated services to these BAs according to the traffic provisioning and PHB configuration policies the operator has enacted.

One aspect of a TCS is regulating which packet flows are admitted to the operator's network while using a non-default (i.e., non-zero) DSCP value. If such a BA is in violation of a TCS, or if no TCS is in effect for this BA, then the network operator may need to discard or remark the associated packets of the BA to preserve network resources. Some network operators are purported to remark packets in such a BA to the default DSCP value '000000'. This behavior is referred to as "DSCP bleaching" [CVF][CSF][BWEDIG].

Packets in a BA that is in violation of an operator's TCS generally should not be forwarded at DS-nodes using an enhanced PHB, but should instead be forwarded using the Default "best-effort" PHB [RFC2474][RFC2475], if they are not discarded according to some security policy. However, this does not automatically imply that such packets must be DSCP bleached. If the BA's packets are marked with a non-zero DSCP value that is not in use by some differentiated service within the operator's network, then it is generally safe for the operator to forward these packets without remarking their DSCP value, so long as each DS-node in the operator's network is configured to forward packets with unused DSCP values using the Default PHB. In Diffserv vernacular, these unused DSCP values are mapped to the Default PHB at each DS-node.

2. EXP/LU DSCPs

[RFC2474] divided the 64 DSCP values into three pools. Pool 2 ('xxxx11') and Pool 3 ('xxxx01') were set aside for experimental or local use, and were denoted as EXP/LU DSCPs. [RFC8436] later instructed IANA that Pool 3 should be available for standards-action DSCP allocation for standardized PHBs. This leaves the 16 DSCP values in Pool 2 for use in IETF-sanctioned experiments or for local use by network operators.

3. End-to-End Diffserv Experiments Using EXP/LU DSCP Values

DSCP bleaching impedes experimentation of new differentiated services that might extend beyond a single Diffserv domain network. For example, some differentiated services may yield particular benefits if deployed in ingress and/or egress access networks, but may be insensitive to deployment within transit networks that are often over-provisioned. These experiments are impeded if packet DSCP values are bleached at the ingress to a transit Diffserv network, as now downstream transit or access networks can no longer distinguish BAs that are participating in the experiment.

As noted in [RFC3260], [RFC2474] and [RFC2475] make conflicting or ambiguous recommendations regarding when networks should remark packets with unrecognized (unused) DSCP values. As a general principle, it can be argued that, in the exception of some security policy, packets in a BA with a particular DSCP value should not be remarked unless they are (a) marked with a DSCP value in use within an operator's Diffserv network and (b) the BA is not in compliance with a TCS. If the BA is using a DSCP value not in use by the network operator, then the packets could be forwarded without remarking at each DS-node using the Default PHB, which is the forwarding behavior such packets would otherwise receive if their DSCP value were bleached.

Despite this general principle, this document restricts itself to making recommendations for forwarding of packets with EXP/LU DSCP values, in the following section. It also makes recommendations for allocating EXP/LU DSCP values to minimize the need for network reconfiguration.

4. Recommendations For Forwarding Packets With EXP/LU DSCP Values

Diffserv network operators may participate in one or more IETF-sanctioned experiments which utilize an IANA-allocated EXP/LU DSCP value. Such operators may also utilize one or more EXP/LU DSCP values for network-internal use. Operators may enforce TCSs at the operator's ingress network boundary for BAs which are marked with one of these in-use EXP/LU DSCP values. Operators should forward packets with unused EXP/LU DSCPs without remarking, using the Default PHB at each DS-node. These packets will transit the operators network transparently with the same DSCP value they arrived with at the operator's network ingress.

5. Recommendations For Allocating EXP/LU DSCP Values

DSCP Pool 2 is not structured, hence there is no subset that is reserved for IANA allocation nor for allocation by individual network operators. However, to avoid frequent network reconfiguration, it may be desirable to allocate DSCPs from this pool in such a way as to minimize collisions between IANA-allocated and locally assigned DSCP values.

Network operators are recommended to allocate EXP/LU DSCP values for internal use starting at '111111' and decrementing as follows: '111111', '111011', '110111', '110011', ... '000011'.

Recommendations to IANA for EXP/LU DSCP value allocation are given in the next section.

6. IANA Considerations

In the event that IANA allocates EXP/LU DSCP values for experimental RFCs, it is recommended to allocate the EXP/LU DSCP values using the following sequence: '000011', '000111', '001011', '001111', ... '111111'.

Note: the process for IANA allocation of EXP/LU DSCP values is not described in [RFC2474].

7. Security Considerations

As described above, Diffserv network operators may remark packets in a BA arriving at an ingress network boundary which are using DSCP values in use by the operator, but that are not in compliance with a TCS. If the BA traffic is deemed to be part of a denial-of-service attack, the network operator may choose to discard some or all of the associated packets. A network operator may also DSCP bleach packets marked internally with a locally assigned EXP/LU DSCP value on egress from the operators network.

8. References

[BWEDIG]
Barik, R., Welzl, M., Elmokashfi, A., Dreibholz, T., Islam, S., and S. Gjessing, "On the utility of unregulated IP DiffServ Code Point (DSCP) usage by end systems", Performance Evaluation 135, , <https://www.simula.no/sites/default/files/publications/files/peva2019.pdf>.
[CSF]
Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP modification pathologies in the Internet", Computer Communications 127, , <https://reader.elsevier.com/reader/sd/pii/S0140366417312835?token=B3D362186989AE41D5DCEE042E4865121E7E2254B51E2236517E76DA5E93BB0A92D494D496B488A54A165049A0F0B211>.
[CVF]
Custura, A., Venne, A., and G. Fairhurst, "Exploring DSCP modification pathologies in mobile edge networks", 2017 Network Traffic Measurement and Analysis Conference (TMA) , , <https://ieeexplore.ieee.org/document/8002923>.
[RFC2474]
Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 10.17487/RFC2474, , <https://www.rfc-editor.org/info/rfc2474>.
[RFC2475]
Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., and W. Weiss, "An Architecture for Differentiated Services", RFC 2475, DOI 10.17487/RFC2475, , <https://www.rfc-editor.org/info/rfc2475>.
[RFC3260]
Grossman, D., "New Terminology and Clarifications for Diffserv", RFC 3260, DOI 10.17487/RFC3260, , <https://www.rfc-editor.org/info/rfc3260>.
[RFC8436]
Fairhurst, G., "Update to IANA Registration Procedures for Pool 3 Values in the Differentiated Services Field Codepoints (DSCP) Registry", RFC 8436, DOI 10.17487/RFC8436, , <https://www.rfc-editor.org/info/rfc8436>.

Author's Address

Steven Blake