On 2/Oct/18 13:03, Saku Ytti wrote:
> You continue to miss the point. You brought antispoofing as an
> example, it's same thing, not everyone needs to do the right thing,
> anyone changing is better. And as I pointed out, the discussion isn't
> even 'how widely it works, if it doesn't work widely we shouldn't do
> it' that's illogical. Discussion should be 'should work, should we
> transit DSCP values as-is'.
>
> If you globally test (ring, ripe) how DSCP transits Internet, it's not
> horror story, it transit fairly well.
Having troubleshot 2 cases of this over several weeks each, it's not the
kind of time I'd like to put into it again while customers are suffering
some form of outage to/from some parts of the Internet.
While BCP-38 is poorly deployed globally, a network not doing this in
Russia does not - in the immediate term - have as big of an impact on a
random user in Papua New Guinea that can't be easily and quickly
diagnosed and/or fixed. So I'm more than happy to deploy BCP-38 in my
network even though other networks decide not to, because the added
protection for my network does not lead to an outage for my customers,
or for other networks that do not yet deploy BCP-38.
> We should not promote idea that you MUST reset DSCP at edge, we should
> promote idea you SHOULD tunnel your internal QoS, do not trust or
> modify external DSCP. I fully understand that some networks have no
> other recourse, they don't have overlay which to use QoS for, then
> they MUST reset DSCP as they MUST act on DSCP, that's entirely valid
> excuse. But networks which CAN transit it without caring about it,
> SHOULD do it, rather than assume they know how DSCP is used and should
> be used, they should assume they don't know and they're not going be
> the network which stops others from using DSCP.
I'm not asking or advising any network operator to do what I am doing. I
am just providing my viewpoint (and as others have shown, this is not a
problem I have suffered alone).
If a network operator feels that they want to allow DSCP values on
Internet traffic as they come into their network, unmolested, as we
always say, "Your network, your rules".
Again, from a practical standpoint, in my corner of the Internet,
remarking DSCP to 0 on ingress into my AS for Internet traffic has not
broken anything upstream or downstream. If it did, I'd give this more
attention.
Mark.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
