nanog mailing list archives
Re: IP DSCP across the Internet
From: Mark Tinka <mark.tinka () seacom mu>
Date: Wed, 6 May 2015 07:43:10 +0200
On 6/May/15 03:35, Tim Jackson wrote:
In general there are very few bad actors here in regards to trusting/accepting/using DSCP across the internet. Apple has a tendency to mark some traffic with EF that shouldn't be EF on PNIs, and Cogent leaks a lot of their internal markings into customers, but it's generally unmarked traffic from certain customers/peers. Other than that IMHO it's totally valid to accept, and nobody abuses it (other than those 2). We accept DSCP from the internet and do queue a few things higher towards customers for things like OTT VoIP etc. Remarking DSCP is bad IMHO, trusting it is another thing. You just have to be careful, and I suggest good netflow tools to keep an eye on it.
We had an odd experience, once, where - due to old hardware - we could not remark traffic we were picking up from a peer in South Africa. With color-aware policing toward a customer in Uganda, any traffic coming from that peer in South Africa was getting dropped toward that customer in Uganda. After a very odd sequence of troubleshooting events, we found that the AF DSCP alues being set by the peer in South Africa (and us passing them due to the old kit not being able to remark on ingress) was causing the color-aware policer in Uganda to drop traffic toward the customer there. Re-configuring the policer to be color-blind fixed the issue, but you can imagine how such a corner case this was. Naturally, with new kit in now, our global QoS policy is in effect. We don't honor DSCP values that comes in via best-effort circuits (i.e., the Internet). Although not a very strong reason, this particular experience is one reason why. Mark.
Current thread:
- IP DSCP across the Internet Ramy Hashish (May 05)
- Re: IP DSCP across the Internet Roland Dobbins (May 05)
- Re: IP DSCP across the Internet Joel Mulkey (May 06)
- Re: IP DSCP across the Internet Roland Dobbins (May 06)
- Re: IP DSCP across the Internet Joel Mulkey (May 06)
- Re: IP DSCP across the Internet Tim Jackson (May 05)
- Re: IP DSCP across the Internet Blake Dunlap (May 05)
- Re: IP DSCP across the Internet James Bensley (May 07)
- Re: IP DSCP across the Internet Mark Tinka (May 07)
- Re: IP DSCP across the Internet Jay Hennigan (May 08)
- Re: IP DSCP across the Internet Blake Dunlap (May 05)
- Re: IP DSCP across the Internet Roland Dobbins (May 05)
- Re: IP DSCP across the Internet Mark Tinka (May 05)
- Re: IP DSCP across the Internet Randy Bush (May 05)
- Re: IP DSCP across the Internet Mikael Abrahamsson (May 07)
- Re: IP DSCP across the Internet Mike Hammett (May 07)
- RE: IP DSCP across the Internet John van Oppen (May 07)
- RE: IP DSCP across the Internet Charles Wyble (May 06)