Re: IPQoS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Saku,

On Thu, 13 Feb 2014, Saku Ytti wrote:

Real networks use either PREC (as it maps 1:1 to 802.1p and MPLS TC) or DSCP. Interactive SSH uses PREC 0x0, which is just best-effort and DSCP 0x4 which has no standard meaning (found network where DSCP 0x4 was dropped, completely, as it didn't hit any defined/allowed QoS class, obviously misconfig, BE class should eat anything not already defined)

Should interactive use TOS value which has highest chance for priority behaviour? If so, then PREC 5 == DSCP CS5 is best bet.

To my knowledge, DSCP code points have no predefined global interpretation. Their actual interpretation depends on network policy of the network where they are found. The only way to set a sensible DSCP on SSH packets is to make the actual code point configurable, so that admins can configure it according to their site policy.

Because of that, there is no universal agreement (and can never be) on the meanings of TOS flags or DSCP code points when packets move between networks. One must understand the DSCP/TOS assignment of each network that one connects to, and remap inbound packets to conform to one's own policy.

Since this is a complete and utter nightmare of impossibility, virtually nobody has actually done it. I've never seen a packet tagged with a DSCP code point inbound to my networks. Admittedly I haven't been looking very hard, but I do use TOS bits extensively.

Because, since DSCP is useless between networks, an informal ad-hoc "standard" based on the old TOS values has evolved and is in widespread use (but certainly not universal), despite the IETF's best (not very good) effort to "kill it off" by redefining the bits with incompatible meanings in DSCP and ECN.

OpenSSH is conforming to this "informal standard", and with its huge installed user base, helping to define it as well. It already does set a high-priority TOS flag on interactive sessions, and low-priority on non-interactive ones:

* https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1067522
* http://www.gossamer-threads.com/lists/openssh/dev/48410

Until the ability to set a user-defined DSCP is implemented, you would need to remap outgoing packets on your SSH clients and servers to change the TOS flags into DSCP code points according to your site policies.

Cheers, Chris.
--
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig@xxxxxxxxx> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux