seems pretty real to me, I know we (AS11404) mark to zero on ingress... I think that is the typical case otherwise people would just tag their flood style ddos traffic as max and try to take out everything.
John ________________________________________ From: NANOG [nanog-boun...@nanog.org] on behalf of Mike Hammett [na...@ics-il.net] Sent: Thursday, May 07, 2015 4:46 AM To: nanog list Subject: Re: IP DSCP across the Internet That sounds like a rather poor implementation. What if they had more than one VoIP call? Seems like this thread has more FUD than real examples. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Mikael Abrahamsson" <swm...@swm.pp.se> To: "Mark Tinka" <mark.ti...@seacom.mu> Cc: "nanog list" <nanog@nanog.org> Sent: Thursday, May 7, 2015 4:32:52 AM Subject: Re: IP DSCP across the Internet On Wed, 6 May 2015, Mark Tinka wrote: > With color-aware policing toward a customer in Uganda, any traffic > coming from that peer in South Africa was getting dropped toward that > customer in Uganda. After a very odd sequence of troubleshooting events, > we found that the AF DSCP alues being set by the peer in South Africa > (and us passing them due to the old kit not being able to remark on > ingress) was causing the color-aware policer in Uganda to drop traffic > toward the customer there. I have heard similar stories where game traffic ended up in a 100 kilobit/s VoIP queue which worked fine until there were a lot of nearby players in the game, then things started working very badly. Also nice corner case :P So yes, setting all external Internet traffic to DSCP=BE (0) is something one wants to do. -- Mikael Abrahamsson email: swm...@swm.pp.se