Network Working Group F. Baker
Internet-Draft Cisco Systems
Expires: January 20, 2003 July 22, 2002
Recommended Packet Marking Policy
draft-ietf-ieprep-packet-marking-policy-01
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 20, 2003.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This paper summarizes a recommended correlation of applications to
Differentiated Service Code Points. There is no intrinsic
requirement that individual DSCPs correspond to given applications,
but as a policy it is useful if they can be applied consistently.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3].
Baker Expires January 20, 2003 [Page 1]
Internet-Draft Document July 2002
1. Introduction
This paper summarizes a recommended correlation of applications to
Differentiated Service Code Points. There is no intrinsic
requirement that individual DSCPs correspond to given applications,
but as a policy it is useful if they can be applied consistently.
1.1 Expected use in the network
In the Internet today, corporate LANs and ISP WANs are generally not
heavily utilized - they are commonly 10% utilized at most. For this
reason, congestion, loss, and variation in delay within corporate
LANs and ISP backbones is virtually unknown. This clashes with user
perceptions, for three very good reasons.
o The industry moves through cycles of bandwidth boom and bandwidth
bust, depending on prevailing market conditions and the periodic
deployment of new bandwidth-hungry applications.
o In access networks, the state is often different. This may be
because throughput rates are artificially limited, or because of
access network design trade-offs.
o Other characteristics, such as database design on web servers
(which may create contention points, e.g. in filestore), and
configuration of firewalls and routers, often look externally like
a bandwidth limitation.
The intent of this document is to provide a consistent marking
strategy so that it can be configured and put into service on any
link which finds itself congested, typically access links.
1.2 Key Differentiated Services concepts
The reader must be familiar with the principles of the Differentiated
Services Architecture [8]. However, we recapitulate key concepts
here so save searching.
1.2.1 Queue or Class
A queue or class is a data structure that holds traffic that is
awaiting transmission. The traffic will be delayed while in the
queue, possibly due to lack of bandwidth, or because it is low in
priority. There are a number of ways to implement a queue; in some
of these, it is more natural to discuss "classes in a queuing system"
rather than "a set of queues and a scheduler". In the literature, as
a result, the concepts are used somewhat interchangeably.
Baker Expires January 20, 2003 [Page 2]
Internet-Draft Document July 2002
A simple model of a queuing system, however, is a set of data
structures for packet data, which we will call queues or classes, and
a mechanism for selecting the next packet from among them, which we
call a scheduler.
1.2.1.1 Priority Queue
A priority queuing system is a combination of a set of queues and a
scheduler that empties them in priority sequence. When asked for a
packet, the scheduler inspects the first queue, and if there is data
present returns a packet from that queue. Failing that, it inspects
the second queue, and so on. A freeway onramp with a stoplight for
one lane, but which allows vehicles in the high occupancy vehicle
lane to pass, is an example of a priority queuing system; the high
occupancy vehicle lane represents the "queue" having priority.
In a priority queuing system, a packet in the highest priority queue
will experience a readily calculated delay - it is proportional to
the amount of data remaining to be serialized when the packet arrived
plus the volume of the data already queued ahead of it in the same
queue. The technical reason for using a priority queue relates
exactly to this fact: it limits variation in delay and delay, and
should be used for traffic which has that requirement.
1.2.1.2 Rate Queues
Similarly, a rate-based queuing system is a combination of a set of
queues and a scheduler that empties each at a specified rate. An
example of a rate based queuing system is a road intersection with a
stoplight - the stoplight acts as a scheduler, giving each lane a
certain opportunity to pass traffic through the intersection.
In a rate-based queuing system, such as WFQ [27][26] or WRR [28], the
delay that a packet in any given queue will experience is dependant
on the parameters and occupancy of its queue and the parameters and
occupancy of the queues it is competing with. A queue whose traffic
arrival rate is much less than the rate at which it lets traffic
depart will tend to be empty, and packets in it will experience
nominal delays. A packet whose arrival rate approximates or exceeds
its departure rate will tend to be full, and packets in it will
experience greater delay. Such a scheduler can impose a minimum
rate, a maximum rate, or both, on any queue it touches.
1.2.2 Active Queue Management
"Active queue management" or AQM is a generic name for any of a
variety of procedures that use packet dropping or marking to manage
the depth of a queue. The canonical example of such a procedure is
Baker Expires January 20, 2003 [Page 3]
Internet-Draft Document July 2002
Random Early Detection [25], in which a queue is assigned a minimum
and maximum threshold, and the queuing algorithm maintains a moving
average of the queue depth. While the mean queue depth exceeds the
maximum threshold, all arriving traffic is dropped. While the mean
queue depth exceeds the minimum threshold but not the maximum
threshold, a randomly selected subset of arriving traffic is marked
or dropped. This marking or dropping of traffic is intended to
communicate with the sending system, causing its congestion avoidance
algorithms to kick in. As a result of this behavior, it is
reasonable to expect that TCP's cyclic behavior is desynchronized,
and the mean queue depth (and therefore delay) should normally
approximate the minimum threshold.
A variation of the algorithm is applied in Assured Forwarding [11],
in which the behavior aggregate consists of traffic with multiple
DSCP marks, which are intermingled in a common queue. Different
minima and maxima are configured for the several DSCPs separately,
such that traffic which exceeds a stated rate at ingress is more
likely to be dropped or marked than traffic which was within its
contracted rate.
1.2.3 Conditioning of traffic
Additionally, at the first router in a network that a packet crosses,
arriving traffic may be measured, and dropped or marked according to
a policy, or perhaps shaped on network ingress as in [23]. This may
be used to bias feedback loops, such as is done in Assured Forwarding
[11], or to limit the amount of traffic in a system, as is done in
Expedited Forwarding [19]. Such measurement procedures are
collectively referred to as "traffic conditioners".
1.2.4 Differentiated Services Code Point (DSCP)
The DSCP is a number in the range 0..63, which is placed into an IP
packet to mark it according to the class of traffic it belongs in.
Half of these values are earmarked for standardized services, and
half of them are available for local definition.
1.2.5 Per Hop Behavior (PHB)
In the end, the facilities just described are combined to form a
specified set of characteristics for handling different kinds of
traffic, depending on the needs of the application. This document
seeks to identify useful traffic aggregates and specify what PHB
should be applied to them.
Baker Expires January 20, 2003 [Page 4]
Internet-Draft Document July 2002
1.3 Key Service concepts
While Differentiated Services is a general architecture that may be
used to implement a variety of services, three fundamental services
have been defined and characterized for general use. These are basic
service for elastic traffic, the Assured Forwarding service, and the
Expedited Forwarding service for real-time (inelastic) traffic.
The terms "elastic" and "real-time" are defined in RFC 1633 [2]
section 3.1, as a way of understanding broad brush application
requirements. This document should be reviewed to obtain a broad
understanding of the issues in quality of service, just as RFC 2475
[8] should be reviewed to understand the data plane architecture used
in today's Internet.
1.3.1 Best Effort Service
The basic services applied to any class of traffic are those
described in [7] and [6]. Best Effort Service may be summarized as
"I will accept your packets", with no further guarantees. Packets in
transit may be lost, reordered, duplicated, or delayed at random.
Generally, networks are engineered to limit this behavior, but
changing traffic loads can push any network into such a state.
Application traffic in the internet is expected to be "elastic" in
nature. By this, we mean that the receiver will detect loss or
variation in delay in the network and provide feedback such that the
sender adjusts its transmission rate to approximate available
capacity.
For basic best effort service classes, we provide a single DSCP value
to identify the traffic, a queue or class to store it, and active
queue management to protect the network from it and to limit delays.
The interesting thing is that by giving that queue a higher minimum
rate than its measured arrival rate, we can effectively limit the
deleterious effects of congestion on a given class of traffic,
transfering them to another class that is perhaps better able to
absorb the impact or is considered to be of lower value to the
network administration. So, for example, if it is important to
service database exchange or transaction traffic in a timely fashion,
isolating the traffic into a queue and giving it a relatively high
minimum rate will accomplish that.
1.3.2 Assured Forwarding (AF)
The Assured Forwarding [11] service is explicitly modeled on Frame
Relay's DE flag or ATM's CLP capability, and is intended for networks
which (as those do) offer average-rate SLAs. This is an enhanced
Baker Expires January 20, 2003 [Page 5]
Internet-Draft Document July 2002
Best Effort service; traffic is expected to be "elastic" in nature.
By this, we mean that the receiver will detect loss or variation in
delay in the network and provide feedback such that the sender
adjusts its transmission rate to approximate available capacity.
For such classes, we provide a multiple DSCP values (two or three,
perhaps more using local values) to identify the traffic, a common
queue or class to store the aggregate, and active queue management to
protect the network from it and to limit delays. We meter traffic as
it enters the network, and traffic is variously marked depending on
the arrival rate of the aggregate. The premise is that it is normal
for users to occasionally use more capacity than their contract
stipulates, perhaps up to some bound. However, if traffic must be
lost or marked to manage the queue, this excess traffic will be
marked or lost first.
1.3.3 Expedited Forwarding (EF)
Expedited Forwarding [19] was originally proposed as a way to
implement a virtual wire, and can be used in such a manner. It is an
enhanced best effort service: traffic remains subject to loss due to
line errors and reordering during routing changes. However, using
queuing techniques, the probability of delay or variation in delay is
minimized. For this reason, it is generally used as the way to carry
voice, and perhaps video. Voice and video are inelastic "real-time"
applications - they send packets at the rate the codec produces them,
regardless of availability of capacity. As such, this service has
the potential to disrupt or congest a network if not controlled. It
also has the potential for abuse.
To protect the network, at minimum one must police traffic at various
points to ensure that the design of a queue is not over-run, and then
the traffic must be given a low delay queue (often using priority,
although it is asserted that a rate-based queue can do this) to
ensure that variation in delay is not an issue, to meet application
needs.
There is controversy regarding the place of signaling. Call
Admission Control, including call refusal when policy thresholds are
crossed, can assure high quality communication by ensuring the
availability of bandwidth to carry a load. For this purpose, RSVP
[4][13] was designed. However, there is concern with the scalability
[5] of that solution, and in large networks, aggregation [15] of
sessions is appropriate.
Baker Expires January 20, 2003 [Page 6]
Internet-Draft Document July 2002
2. Specified Traffic Classes
Figure A shows eleven classes of traffic that are commonly specified
in enterprise networks or on access links. It is not mandatory to
configure any of them; common experience is that a small subset is
useful in any given network configuration. This specification
recommends that if such a service is deployed, it be deployed in a
manner consistent with this table.
+=====+======+====================+=====================+==============+
|PHB | DSCP | DSCP | Reference | Intended protocols | Configuration|
+=====+======+========+===========+=====================+==============+
|EF | EF | 101110 | RFC 3246 | Interactive Voice |RSVP Admission|
| | | | | |Priority queue|
+-----+------+--------+-----------+---------------------+--------------+
|AF1 | AF11 | 001010 | RFC 2597 | Bulk transfers, web,| drop or mark |
| | AF12 | 001100 | | general data service| AF13 <= AF12 |
| | AF13 | 001110 | | | <= AF11,|
| | | | | possible guaranteed minimum rate|
| | | | | possible guaranteed maximum rate|
+-----+------+--------+-----------+---------------------+--------------+
|AF2 | AF21 | 010010 | RFC 2597 | ERP Database access,| drop or mark |
| | AF22 | 010100 | | transaction services| AF23 <= AF22 |
| | AF23 | 010110 | | interactive traffic | <= AF21,|
| | | | | possible guaranteed minimum rate|
| | | | | possible guaranteed maximum rate|
+-----+------+--------+-----------+---------------------+--------------+
|AF3 | AF31 | 011010 | RFC 2597 | Locally defined | drop or mark |
| | AF32 | 011100 | | mission-critical | AF33 <= AF32 |
| | AF33 | 011110 | | applications | <= AF31,|
| | | | | possible guaranteed minimum rate|
| | | | | possible guaranteed maximum rate|
+-----+------+--------+-----------+---------------------+--------------+
|AF4 | AF41 | 100010 | RFC 2597 | Interactive video, | drop or mark |
| | AF42 | 100100 | | associated voice | AF43 <= AF42 |
| | AF43 | 100110 | | | <= AF41,|
| | | | | possible guaranteed minimum rate|
| | | | | possible guaranteed maximum rate|
| | | | | Bandwidth Signaling|
+-----+------+--------+-----------+---------------------+--------------+
|IP |Class6| 110000 | RFC 2474 | BGP, OSPF, etc | minimum rate |
|Routing | | section 4.2.2 |Deep Queue AQM|
+-----+------+--------+-----------+---------------------+--------------+
|Streaming | 100000 | RFC 2474 | Often proprietary | minimum rate |
|Video|Class4| | section 4.2.2 | AQM |
+-----+------+--------+-----------+---------------------+--------------+
Baker Expires January 20, 2003 [Page 7]
Internet-Draft Document July 2002
+=====+======+====================+=====================+==============+
|PHB | DSCP | DSCP | Reference | Intended protocols | Configuration|
+=====+======+========+===========+=====================+==============+
| |Class3| 011000 | RFC 2474 | SIP, | minimum rate |
|Telephony | | section 4.2.2 H.245/H.225 |Deep Queue AQM|
|Signaling | | | | |
|voice/video | | | | |
+-----+------+--------+-----------+---------------------+--------------+
| |Class2| 010000 | RFC 2474 | SNMP | minimum rate |
|Network | | section 4.2.2 | AQM |
|Management | | | | |
+-----+------+--------+-----------+---------------------+--------------+
| |class1| 001000 |Internet II|User-selected service| AQM |
|Scavenger | | QBSS | | |
+-----+------+--------+-----------+---------------------+--------------+
| |class0| 000000 | RFC 2474 | Unspecified traffic | minimum rate |
|Default | | section 4.1 | AQM |
+=====+======+========+===========+=====================+==============+
Figure A: Summary of specified Differentiated Services classes
2.1 Voice on IP
The voice traffic class serves RTP voice. It is specified in [19].
The fundamental service offered to voice traffic is best effort
service up to a specified upper bound with nominal delay. Operation
is in some respects similar to an ATM CBR VC. The ATM VC is
guaranteed its bandwidth, and if it stays within the negotiated rate
it experiences nominal loss and delay. EF traffic has a similar
guarantee.
Typical configurations negotiate the use of Voice on IP using
protocols such as SIP and RSVP. When a user has been authorized to
send voice traffic, this admission procedure has verified that data
rates will be within the capacity of the network that it will use.
Since RTP voice does not respond to loss or marking in any
substantive way, the network must police at ingress to ensure that
the voice traffic stays within its negotiated bounds. Having thus
assured a predictable input rate, the network may use a priority
queue to ensure nominal delay and variation in delay.
When used to give preferential service, the preferred systems or
sessions must be authenticated during the process of resource
assignment [12][22][16][17]. They may be given preferential access
in whatever manner is appropriate.
Baker Expires January 20, 2003 [Page 8]
Internet-Draft Document July 2002
2.2 File Transfer Service
The File Transfer traffic class serves applications which run over
TCP [1] or a transport with a consistent congestion avoidance
procedure [9][10], and normally drive as high a data rate as they can
obtain over a long period of time. The FTP protocol is a common
example, although one cannot definitively say that all FTP transfers
are moving data in bulk. The PHB is specified in [11].
The fundamental service offered to file transfer traffic is best
effort service with a specified minimum rate. One must assume that
this class will consume any available capacity, and on congested
links may experience queuing delay or loss.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6], and may impose
a minimum or maximum rate. In queues, the probability of loss of
AF11 traffic may not exceed the probability of loss of AF12 traffic,
which in turn may not exceed the probability of loss of AF13 traffic.
Ingress traffic conditioning passes traffic in the class up to some
specified threshold marked AF11, additional traffic up to some
secondary threshold marked as AF12, and potentially passes additional
traffic marked AF13. In such a case, if one network customer is
driving significant excess and another seeks to use the link, any
losses will be experienced by the high rate user, causing him to
reduce his rate.
When used to give preferential service, the preferred systems or
sessions must be authenticated, and ingress policing increases the
drop or mark probability of any authorized traffic, it must increase
the drop or mark probability of all unauthorized traffic.
2.3 Human-response Applications
The human response traffic class serves applications which run over
TCP [1] or a transport with a consistent congestion avoidance
procedure [9][10], and serve transaction, database access, or
interactive protocols. Such applications might include telnet,
common ERP applications, instant messaging, or other applications,
which hold a user waiting until they respond. The PHB is specified
in [11].
The fundamental service offered to human response traffic is best
effort service with a specified minimum rate. The rate should be
specified significantly in excess of actual measured rates, in order
to ensure that this traffic experiences only nominal delay or loss.
Typical configurations use Explicit Congestion Notification [14] or
Baker Expires January 20, 2003 [Page 9]
Internet-Draft Document July 2002
random loss to implement active queue management [6], and may impose
a minimum or maximum rate. In queues, the probability of loss of
AF21 traffic may not exceed the probability of loss of AF22 traffic,
which in turn may not exceed the probability of loss of AF23 traffic.
When used to give preferential service, the preferred systems or
sessions must be authenticated, and ingress policing increases the
drop or mark probability of any authorized traffic, it must increase
the drop or mark probability of all unauthorized traffic.
2.4 Mission Specific and Critical Applications
The mission-specific traffic class serves applications which run over
TCP [1] or a transport with a consistent congestion avoidance
procedure [9][10], and serve needs the network administrator deems to
need special support. For example, in a banking network, it might
support electronic banking protocols. The PHB is specified in [11].
The fundamental service offered to mission critical traffic is best
effort service with a specified minimum rate. The rate should be
specified significantly in excess of actual measured rates, in order
to ensure that this traffic experiences only nominal delay or loss.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6], and may impose
a minimum or maximum rate. In queues, the probability of loss of
AF31 traffic may not exceed the probability of loss of AF32 traffic,
which in turn may not exceed the probability of loss of AF33 traffic.
When used to give preferential service, the preferred systems or
sessions must be authenticated, and ingress policing increases the
drop or mark probability of any authorized traffic, it must increase
the drop or mark probability of all unauthorized traffic.
2.5 Network Multimedia (video)
The Network Multimedia traffic class serves applications that carry
RTP data streams whose rate has been negotiated with the network
using a protocol such as RSVP [4]. If the mean rate is conceived as
Bc/frame interval and the difference between the mean and peak rate
is Be/frame interval, the first Bc packets in a frame are marked
AF41, the next Be packets are marked AF42, and any additional packets
may be summarily dropped, or marked AF43 and subjected to loss in any
but a queue of nominal depth. This PHB is specified in [11].
The fundamental service offered to network multimedia traffic is best
effort service with controlled rate and delay. This traffic does not
respond to loss or marking, and can be severely compromise by loss or
Baker Expires January 20, 2003 [Page 10]
Internet-Draft Document July 2002
delays that exceed its framing interval. It can be assumed, however,
to have been initially transmitted in a manner roughly comparable to
[23]. As such, active queue management [6] serves primarily to deal
with extreme cases; ingress traffic conditioning is depended on to
ensure rate compliance. In queues, the probability of loss of AF41
traffic may not exceed the probability of loss of AF42 traffic, which
in turn may not exceed the probability of loss of AF43 traffic if
any.
When used to give preferential service, the preferred systems or
sessions must be authenticated during the process of resource
assignment [12][22][16][17]. They may be given preferential access
in whatever manner is appropriate.
2.6 IP Routing Protocols
The IP Routing traffic class serves IP Routing Applications such as
BGP or OSPF. It is specified in [7].
The fundamental service offered to routing traffic is best effort
service with minimal loss, even at the cost of delays on the order of
tens to hundreds of milliseconds. By placing it into a separate
queue or class to minimize loss, the routing it supports is helped to
converge.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6], and may impose
a minimum or maximum rate.
Preferential access is undefined for this traffic class.
2.7 Streaming Video
The streaming video traffic class serves applications like Windows
Media Player or RealAudio. These may use standard or proprietary
bulk transfer protocols, using TCP as a transport or application-
specific transports built on UDP, for buffering prior to playout.
The service model is specified in [7].
The fundamental service offered to streaming video is best effort
service. By placing it into a separate queue or class, it may be
ensured minima or maxima consistent with a specific service level
agreement.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6], and may impose
a minimum or maximum rate.
Baker Expires January 20, 2003 [Page 11]
Internet-Draft Document July 2002
Preferential access is undefined for this traffic class.
2.8 Telephony Signaling
The Telephony Signaling traffic class serves network control
applications like SIP and H.245/H.225 when used to route Voice on
IP, Video on IP, and related applications. It is specified in [7].
The fundamental service offered to Telephony Signaling traffic is
best effort service with minimize loss. The reason for this is to
maximize the speed of such routing, and avoid the poor user
experience that results from loss of control traffic. By placing it
into a separate queue or class, it may be ensured minima or maxima
consistent with a specific service level agreement.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6], and may impose
a minimum or maximum rate. The AQM parameters are specified in such
a manner as to permit relatively deep queues to form temporarily.
Preferential access is undefined for this traffic class.
2.9 Network Management
The management traffic class serves applications that are necessary
to manage the network, such as SNMP servers, but which implement no
congestion avoidance procedure. It is specified in [7].
The fundamental service offered to the network traffic class is best
effort service with minimization of loss. By placing it into a
separate queue or class, it may be ensured minima or maxima
consistent with a specific service level agreement.
Typical configurations use random loss to implement active queue
management [6], to maximize the utility of network management
applications while protecting the network in the event of an
overload.
Preferential access is undefined for this traffic class.
2.10 Scavenger class
The scavenger traffic class serves applications which run over TCP
[1] or a transport with a consistent congestion avoidance procedure
[9][10], and which the user is willing to accept service without
guarantees. It is specified in [20].
The fundamental service offered to the scavenger traffic class is
Baker Expires January 20, 2003 [Page 12]
Internet-Draft Document July 2002
best effort service. By placing it into a separate queue or class,
it may be treated in a manner consistent with a specific service
level agreement.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6]. It generally
does not impose a minimum or maximum rate, although it could.
Preferential access is undefined for this traffic class.
2.11 Default traffic class
The default traffic class serves applications which have not been
otherwise specified, but which run over TCP [1] or a transport with
a consistent congestion avoidance procedure [9][10]. It is specified
in [7].
The fundamental service offered to the default traffic class is best
effort service with active queue management to limit over-all delay.
By placing it into a separate queue or class, it may be ensured
minima or maxima consistent with a specific service level agreement.
Typical configurations use Explicit Congestion Notification [14] or
random loss to implement active queue management [6], and may impose
a minimum or maximum rate on the queue.
Preferential access is undefined for this traffic class.
Baker Expires January 20, 2003 [Page 13]
Internet-Draft Document July 2002
3. Security Considerations
This document discusses policy, and describes a common policy
configuration, for the use of a Differentiated Services Code Point by
transports and applications. If implemented as described, it should
ask the network to do nothing that the network has not already
allowed. If that is the case, no new security issues should arise
from the use of such a policy.
It is possible, however, for the policy to be applied incorrectly, or
for another policy to be applied, which would be incorrect in the
network. In that case, a policy issue exists which the network must
detect, assess, and deal with. This is a known security issue in any
network dependent on policy-directed behavior.
A well-known flaw applies when bandwidth is reserved or enabled for a
service (for example, voice transport) and another service or an
attacking traffic stream uses it. This possibility is inherent in
diffserv technology, which depends on appropriate packet markings.
When bandwidth reservation or a priority queuing system is used in a
vulnerable network, the use of a scheme such as RSVP Policy Marking
[12] and RSVP Identity [16] is important. To the author's knowledge,
there is no technical way to respond to an unauthenticated data
stream using service that it is not intended to use, and such is the
nature of the Internet.
Baker Expires January 20, 2003 [Page 14]
Internet-Draft Document July 2002
4. Acknowledgements
The author acknowledges a great many inputs, most notably from Bruce
Davie, Dave Oran. Kimberly King and Alistair Munroe each did a
thorough proof-reading, and the document is better for it.
Baker Expires January 20, 2003 [Page 15]
Internet-Draft Document July 2002
Normative References
[1] Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
September 1981.
[2] Braden, B., Clark, D. and S. Shenker, "Integrated Services in
the Internet Architecture: an Overview", RFC 1633, June 1994.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[4] Zhang, L., Berson, S., Herzog, S. and S. Jamin, "Resource
ReSerVation Protocol (RSVP) -- Version 1 Functional
Specification", RFC 2205, September 1997.
[5] Baker, F., Krawczyk, J. and A. Sastry, "RSVP Management
Information Base using SMIv2", RFC 2206, September 1997.
[6] Braden, B., Clark, D., Crowcroft, J., Davie, B., Deering, S.,
Estrin, D., Floyd, S., Jacobson, V., Minshall, G., Partridge,
C., Peterson, L., Ramakrishnan, K., Shenker, S., Wroclawski, J.
and L. Zhang, "Recommendations on Queue Management and
Congestion Avoidance in the Internet", RFC 2309, April 1998.
[7] Nichols, K., Blake, S., Baker, F. and D. Black, "Definition of
the Differentiated Services Field (DS Field) in the IPv4 and
IPv6 Headers", RFC 2474, December 1998.
[8] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z. and W.
Weiss, "An Architecture for Differentiated Services", RFC 2475,
December 1998.
[9] Allman, M., Paxson, V. and W. Stevens, "TCP Congestion
Control", RFC 2581, April 1999.
[10] Floyd, S. and T. Henderson, "The NewReno Modification to TCP's
Fast Recovery Algorithm", RFC 2582, April 1999.
[11] Heinanen, J., Baker, F., Weiss, W. and J. Wroclawski, "Assured
Forwarding PHB Group", RFC 2597, June 1999.
[12] Herzog, S., "RSVP Extensions for Policy Control", RFC 2750,
January 2000.
[13] Bernet, Y., "Format of the RSVP DCLASS Object", RFC 2996,
November 2000.
[14] Ramakrishnan, K., Floyd, S. and D. Black, "The Addition of
Baker Expires January 20, 2003 [Page 16]
Internet-Draft Document July 2002
Explicit Congestion Notification (ECN) to IP", RFC 3168,
September 2001.
[15] Baker, F., Iturralde, C., Le Faucheur, F. and B. Davie,
"Aggregation of RSVP for IPv4 and IPv6 Reservations", RFC 3175,
September 2001.
[16] Herzog, S., "Signaled Preemption Priority Policy Element", RFC
3181, October 2001.
[17] Yadav, S., Yavatkar, R., Pabbati, R., Ford, P., Moore, T.,
Herzog, S. and R. Hess, "Identity Representation for RSVP", RFC
3182, October 2001.
[18] Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M.,
Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J. and S.
Waldbusser, "Terminology for Policy-Based Management", RFC
3198, November 2001.
[19] Davie, B., Charny, A., Bennet, J., Benson, K., Le Boudec, J.,
Courtney, W., Davari, S., Firoiu, V. and D. Stiliadis, "An
Expedited Forwarding PHB (Per-Hop Behavior)", RFC 3246, March
2002.
[20] , "QBone Scavenger Service (QBSS) Definition", Internet2
Technical Report Proposed Service Definition, March 2001.
Baker Expires January 20, 2003 [Page 17]
Internet-Draft Document July 2002
Informative References
[21] Durham, D., Boyle, J., Cohen, R., Herzog, S., Rajan, R. and A.
Sastry, "The COPS (Common Open Policy Service) Protocol", RFC
2748, January 2000.
[22] Bernet, Y. and R. Pabbati, "Application and Sub Application
Identity Policy Element for Use with RSVP", RFC 2872, June
2000.
[23] Bonaventure, O. and S. De Cnodder, "A Rate Adaptive Shaper for
Differentiated Services", RFC 2963, October 2000.
[24] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, K.,
Herzog, S., Reichmeyer, F., Yavatkar, R. and A. Smith, "COPS
Usage for Policy Provisioning (COPS-PR)", RFC 3084, March 2001.
[25] Floyd, S. and V. Jacobson, "Random Early Detection Gateways for
Congestion Avoidance", IEEE/ACM Transactions on Networking ,
August 1993.
[26] Zhang, L., "Virtual Clock: A New Traffic control Algorithm for
Packet Switching Networks", ACM SIGCOMM 1990, September 1990.
[27] Keshav, S., "On the Efficient Implementation of Fair Queueing",
Internetworking: Research and Experiences Vol 2, September
1991.
[28] Katevenis, M., Sidiropoulos, S. and C. Courcoubetis, "Weighted
Round-Robin Cell Multiplexing in a General Purpose ATM Switch
Chip", IEEE JSAC Vol. 9, No. 8, October 1991.
[29] "International Emergency Preparedness Scheme", ITU E.106, March
2000.
[30] "Service Description for an International Emergency Multimedia
Service (Draft)", ITU-T F.706, August 2001.
Baker Expires January 20, 2003 [Page 18]
Internet-Draft Document July 2002
Author's Address
Fred Baker
Cisco Systems
1121 Via Del Rey
Santa Barbara, CA 93117
US
Phone: +1-408-526-4257
Fax: +1-413-473-2403
EMail: fred@cisco.com
Baker Expires January 20, 2003 [Page 19]
Internet-Draft Document July 2002
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Baker Expires January 20, 2003 [Page 20]
