Steven M. Bellovin writes: > In message <[EMAIL PROTECTED]>, Brian E Carpenter writes: > >Indeed. All of this is the same for the DSCP actually, and the > >assumption is that operators will protect themselves with > >admission control. > > > >(See sections 7.1 of RFC 2474 and 6.1 of RFC 2475 for detailed discussion) > > > > Right. The question now is how to do that. I was about to agree > strongly with the "must send as zero if not a flow, routers must not modify" > until I started thinking along these lines. What should a border > router do with a packet that doesn't meet its constraints? I only see > three choices: reset the flow label to something locally acceptable, > drop the packet, or tunnel. But dropping the packet means that flow > labels can only be used for flows that stay within a particular flow > label domain, and the tunneling path leads to madness. (Well, perhaps > to MPLS, but I don't think we want to go down that rathole now.) I'm > forced to conclude that we have two choices: either we give up on flow > labels entirely, or we permit them to be modified en route.
First of all, there's nothing that is defined from which to take action based on the flow label, so I think this is largely an academic question. If we suspend some disbelief and posit an edge device which, say, polices a flow to a particular rate, why does it follow that the router would need the ability to rewrite the label? Certainly in the Intserv case, policers don't rewrite the 5 tuple. Their only option is to change the PHB or drop it. In diffserv style, it can in addition to dropping and changing its queuing characteristics, rewrite the DSCP. So I guess I just don't see where a policer would need the ability to alter it. Also: pragmatically, we can alway change our mind on the mutability front if it starts life as *immutable*. Mike -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------