Internet DRAFT - draft-blake-explu-dscp-rec


Internet Engineering Task Force                                 S. Blake
Internet-Draft                                             25 April 2020
Intended status: Informational                                          
Expires: 27 October 2020

   Recommendations for Forwarding Packets Marked with EXP/LU DSCPs in
                           Diffserv Networks


   Some network operators implementing Diffserv are purported to remark
   some IP packets with non-zero DSCP values to the default DSCP value
   '000000' at their ingress network boundaries.  This behavior is often
   not strictly necessary to protect an operator's network resources,
   and it impedes end-to-end experimentation of new differentiated
   services.  This document recommends that Diffserv network operators
   refrain from remarking packets received with an EXP/LU DSCP value
   [RFC2474][RFC8436] that is not in use within the operator's network,
   and recommends that operators forward these packets at each Diffserv
   node (DS-node) using the Default "best-effort" PHB.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 27 October 2020.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (
   license-info) in effect on the date of publication of this document.

Blake                    Expires 27 October 2020                [Page 1]
Internet-Draft    Forwarding Packets with EXP/LU DSCPs        April 2020

   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  EXP/LU DSCPs  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  End-to-End Diffserv Experiments Using EXP/LU DSCP Values  . .   3
   4.  Recommendations For Forwarding Packets With EXP/LU DSCP
           Values  . . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Recommendations For Allocating EXP/LU DSCP Values . . . . . .   4
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   The Differentiated Service (Diffserv) architecture defines the
   differentiated services field codepoint (DSCP) in IP packets to
   select among a set of per-hop forwarding behaviors (PHBs) in Diffserv
   nodes (DS-nodes) [RFC2474][RFC2475].  Network operators enforce
   traffic conditioning specifications (TCSs) [RFC3260] at network
   ingress boundaries to regulate the traffic parameters of ingressing
   Diffserv behavior aggregates (BAs) marked with specific DSCP values
   to deliver differentiated services to these BAs according to the
   traffic provisioning and PHB configuration policies the operator has

   One aspect of a TCS is regulating which packet flows are admitted to
   the operator's network while using a non-default (i.e., non-zero)
   DSCP value.  If such a BA is in violation of a TCS, or if no TCS is
   in effect for this BA, then the network operator may need to discard
   or remark the associated packets of the BA to preserve network
   resources.  Some network operators are purported to remark packets in
   such a BA to the default DSCP value '000000'.  This behavior is
   referred to as "DSCP bleaching" [CVF][CSF][BWEDIG].

   Packets in a BA that is in violation of an operator's TCS generally
   should not be forwarded at DS-nodes using an enhanced PHB, but should
   instead be forwarded using the Default "best-effort" PHB
   [RFC2474][RFC2475], if they are not discarded according to some
   security policy.  However, this does not automatically imply that
   such packets must be DSCP bleached.  If the BA's packets are marked
   with a non-zero DSCP value that is not in use by some differentiated

Blake                    Expires 27 October 2020                [Page 2]
Internet-Draft    Forwarding Packets with EXP/LU DSCPs        April 2020

   service within the operator's network, then it is generally safe for
   the operator to forward these packets without remarking their DSCP
   value, so long as each DS-node in the operator's network is
   configured to forward packets with unused DSCP values using the
   Default PHB.  In Diffserv vernacular, these unused DSCP values are
   mapped to the Default PHB at each DS-node.


   [RFC2474] divided the 64 DSCP values into three pools.  Pool 2
   ('xxxx11') and Pool 3 ('xxxx01') were set aside for experimental or
   local use, and were denoted as EXP/LU DSCPs.  [RFC8436] later
   instructed IANA that Pool 3 should be available for standards-action
   DSCP allocation for standardized PHBs.  This leaves the 16 DSCP
   values in Pool 2 for use in IETF-sanctioned experiments or for local
   use by network operators.

3.  End-to-End Diffserv Experiments Using EXP/LU DSCP Values

   DSCP bleaching impedes experimentation of new differentiated services
   that might extend beyond a single Diffserv domain network.  For
   example, some differentiated services may yield particular benefits
   if deployed in ingress and/or egress access networks, but may be
   insensitive to deployment within transit networks that are often
   over-provisioned.  These experiments are impeded if packet DSCP
   values are bleached at the ingress to a transit Diffserv network, as
   now downstream transit or access networks can no longer distinguish
   BAs that are participating in the experiment.

   As noted in [RFC3260], [RFC2474] and [RFC2475] make conflicting or
   ambiguous recommendations regarding when networks should remark
   packets with unrecognized (unused) DSCP values.  As a general
   principle, it can be argued that, in the exception of some security
   policy, packets in a BA with a particular DSCP value should not be
   remarked unless they are (a) marked with a DSCP value in use within
   an operator's Diffserv network and (b) the BA is not in compliance
   with a TCS.  If the BA is using a DSCP value not in use by the
   network operator, then the packets could be forwarded without
   remarking at each DS-node using the Default PHB, which is the
   forwarding behavior such packets would otherwise receive if their
   DSCP value were bleached.

   Despite this general principle, this document restricts itself to
   making recommendations for forwarding of packets with EXP/LU DSCP
   values, in the following section.  It also makes recommendations for
   allocating EXP/LU DSCP values to minimize the need for network

Blake                    Expires 27 October 2020                [Page 3]
Internet-Draft    Forwarding Packets with EXP/LU DSCPs        April 2020

4.  Recommendations For Forwarding Packets With EXP/LU DSCP Values

   Diffserv network operators may participate in one or more IETF-
   sanctioned experiments which utilize an IANA-allocated EXP/LU DSCP
   value.  Such operators may also utilize one or more EXP/LU DSCP
   values for network-internal use.  Operators may enforce TCSs at the
   operator's ingress network boundary for BAs which are marked with one
   of these in-use EXP/LU DSCP values.  Operators should forward packets
   with unused EXP/LU DSCPs without remarking, using the Default PHB at
   each DS-node.  These packets will transit the operators network
   transparently with the same DSCP value they arrived with at the
   operator's network ingress.

5.  Recommendations For Allocating EXP/LU DSCP Values

   DSCP Pool 2 is not structured, hence there is no subset that is
   reserved for IANA allocation nor for allocation by individual network
   operators.  However, to avoid frequent network reconfiguration, it
   may be desirable to allocate DSCPs from this pool in such a way as to
   minimize collisions between IANA-allocated and locally assigned DSCP

   Network operators are recommended to allocate EXP/LU DSCP values for
   internal use starting at '111111' and decrementing as follows:
   '111111', '111011', '110111', '110011', ... '000011'.

   Recommendations to IANA for EXP/LU DSCP value allocation are given in
   the next section.

6.  IANA Considerations

   In the event that IANA allocates EXP/LU DSCP values for experimental
   RFCs, it is recommended to allocate the EXP/LU DSCP values using the
   following sequence: '000011', '000111', '001011', '001111', ...

   Note: the process for IANA allocation of EXP/LU DSCP values is not
   described in [RFC2474].

Blake                    Expires 27 October 2020                [Page 4]
Internet-Draft    Forwarding Packets with EXP/LU DSCPs        April 2020

7.  Security Considerations

   As described above, Diffserv network operators may remark packets in
   a BA arriving at an ingress network boundary which are using DSCP
   values in use by the operator, but that are not in compliance with a
   TCS.  If the BA traffic is deemed to be part of a denial-of-service
   attack, the network operator may choose to discard some or all of the
   associated packets.  A network operator may also DSCP bleach packets
   marked internally with a locally assigned EXP/LU DSCP value on egress
   from the operators network.

8.  References

   [BWEDIG]   Barik, R., Welzl, M., Elmokashfi, A., Dreibholz, T.,
              Islam, S., and S. Gjessing, "On the utility of unregulated
              IP DiffServ Code Point (DSCP) usage by end systems",
              Performance Evaluation 135, August 2019,

   [CSF]      Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP
              modification pathologies in the Internet", Computer
              Communications 127, June 2018,

   [CVF]      Custura, A., Venne, A., and G. Fairhurst, "Exploring DSCP
              modification pathologies in mobile edge networks", 2017
              Network Traffic Measurement and Analysis Conference
              (TMA) , June 2017,

   [RFC2474]  Nichols, K., Blake, S., Baker, F., and D. Black,
              "Definition of the Differentiated Services Field (DS
              Field) in the IPv4 and IPv6 Headers", RFC 2474,
              DOI 10.17487/RFC2474, December 1998,

   [RFC2475]  Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
              and W. Weiss, "An Architecture for Differentiated
              Services", RFC 2475, DOI 10.17487/RFC2475, December 1998,

   [RFC3260]  Grossman, D., "New Terminology and Clarifications for
              Diffserv", RFC 3260, DOI 10.17487/RFC3260, April 2002,

Blake                    Expires 27 October 2020                [Page 5]
Internet-Draft    Forwarding Packets with EXP/LU DSCPs        April 2020

   [RFC8436]  Fairhurst, G., "Update to IANA Registration Procedures for
              Pool 3 Values in the Differentiated Services Field
              Codepoints (DSCP) Registry", RFC 8436,
              DOI 10.17487/RFC8436, August 2018,

Author's Address

   Steven Blake


Blake                    Expires 27 October 2020                [Page 6]