[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
Olivier Kreet writes:
> Joe Touch wrote:
> [...]
>
> > 2003bis should discuss the clearing of these bits as an option, and
> > discuss the implications of using that option, precisely because it is
> > needed, e.g., for 2401 (or 2401bis).
> >
> > Then 2401bis can refer back to 2003bis for the specification of the
> > tunnel headers, and indicate that 'clearing the bits' may be required
> > for security reasons, and that it can use exactly the header specified
> > by 2003bis.
> >
> > Joe
>
> As stated in the first post of this discussion thread, besides security reasons,
> clearing the TOS field may also be required when QoS is to be applied on the path
> of the tunnel. The packet reordering may cause the anti-replay mechanism to
> reject low prio packets that were (strongly) delayed due to QoS. See
> draft-ietf-diffserv-tunnels-02.txt, section 5.1.
> This is related to ESP and AH sequence numbers, that are specific to IPSec and
> not an IP in IP encapsulation problem. This point should go to RFC2401, right?
I'm not sure how this is especially different than
how you would deal with any other interface with a
fixed -- and perhaps too short -- queue length.
You either need to:
1) deal with whatever is causing the congestive loss
(best)
2) don't mix the BE traffic with the other traffic by
placing different classes in their own tunnels
(better)
3) increase the depth of the queue (not especially good
for EF marked traffic, typically)
Mike
References: