Silently dropping QoS marked packets on the greater Internet

Saku Ytti saku at ytti.fi
Fri Sep 2 14:48:17 UTC 2011


On (2011-09-02 10:24 -0400), Jesse McGraw wrote:

>   I've recently run into a hard-to-troubleshoot issue where,
> somewhere out in the greater Internet, someone was silently dropping
> packets from my company that happened to be marked with DSCP AF21.
> I'd fully expect others to either ignore these markings or zero them
> out but just silently dropping them seems unnecessary.
> 
> So, how do you guys treat marked packets that come into/through your
> networks?

There really are three options.

1. Zero them out (or mark what ever value you handle as 'public internet'

2. Leave them alone, and never use them (either you don't have QoS deployed, or
you trust MPLS EXP or comparable marking in other layer than IP, which is
explictly coloured to reflect 'public internet'

3. Have mutual trust between both parties how traffic market and trusted, this
will never work for IP transit.

Seems in this instance someone has deployed QoS and is trusting markings from
Internet, which is just broken, as they cannot anymore guarantee that customer
video/voice etc works during congestion, so the QoS product is broken.


-- 
  ++ytti




More information about the NANOG mailing list