IP DSCP across the Internet
John van Oppen
jvanoppen at spectrumnet.us
Thu May 7 20:02:04 UTC 2015
seems pretty real to me, I know we (AS11404) mark to zero on ingress... I think that is the typical case otherwise people would just tag their flood style ddos traffic as max and try to take out everything.
John
________________________________________
From: NANOG [nanog-bounces at nanog.org] on behalf of Mike Hammett [nanog at ics-il.net]
Sent: Thursday, May 07, 2015 4:46 AM
To: nanog list
Subject: Re: IP DSCP across the Internet
That sounds like a rather poor implementation. What if they had more than one VoIP call?
Seems like this thread has more FUD than real examples.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
----- Original Message -----
From: "Mikael Abrahamsson" <swmike at swm.pp.se>
To: "Mark Tinka" <mark.tinka at seacom.mu>
Cc: "nanog list" <nanog at nanog.org>
Sent: Thursday, May 7, 2015 4:32:52 AM
Subject: Re: IP DSCP across the Internet
On Wed, 6 May 2015, Mark Tinka wrote:
> With color-aware policing toward a customer in Uganda, any traffic
> coming from that peer in South Africa was getting dropped toward that
> customer in Uganda. After a very odd sequence of troubleshooting events,
> we found that the AF DSCP alues being set by the peer in South Africa
> (and us passing them due to the old kit not being able to remark on
> ingress) was causing the color-aware policer in Uganda to drop traffic
> toward the customer there.
I have heard similar stories where game traffic ended up in a 100
kilobit/s VoIP queue which worked fine until there were a lot of nearby
players in the game, then things started working very badly. Also nice
corner case :P
So yes, setting all external Internet traffic to DSCP=BE (0) is something
one wants to do.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list