RE: IP DSCP across the Internet

[John van Oppen <jvanoppen () spectrumnet us>]

seems pretty real to me, I know we (AS11404) mark to zero on ingress...   I think that is the typical case otherwise 
people would just tag their flood style ddos traffic as max and try to take out everything.

John 
________________________________________
From: NANOG [nanog-bounces () nanog org] on behalf of Mike Hammett [nanog () ics-il net]
Sent: Thursday, May 07, 2015 4:46 AM
To: nanog list
Subject: Re: IP DSCP across the Internet

That sounds like a rather poor implementation. What if they had more than one VoIP call?

Seems like this thread has more FUD than real examples.




-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

----- Original Message -----

From: "Mikael Abrahamsson" <swmike () swm pp se>
To: "Mark Tinka" <mark.tinka () seacom mu>
Cc: "nanog list" <nanog () nanog org>
Sent: Thursday, May 7, 2015 4:32:52 AM
Subject: Re: IP DSCP across the Internet

On Wed, 6 May 2015, Mark Tinka wrote:

> With color-aware policing toward a customer in Uganda, any traffic
> coming from that peer in South Africa was getting dropped toward that
> customer in Uganda. After a very odd sequence of troubleshooting events,
> we found that the AF DSCP alues being set by the peer in South Africa
> (and us passing them due to the old kit not being able to remark on
> ingress) was causing the color-aware policer in Uganda to drop traffic
> toward the customer there.

I have heard similar stories where game traffic ended up in a 100
kilobit/s VoIP queue which worked fine until there were a lot of nearby
players in the game, then things started working very badly. Also nice
corner case :P

So yes, setting all external Internet traffic to DSCP=BE (0) is something
one wants to do.

--
Mikael Abrahamsson email: swmike () swm pp se