[Search] [pdf|bibtex] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02                                                      
Internet Emergency Preparedness                              R. Atarashi
Working Group                                    IIJ Research Laboratory
Internet-Draft                                                  F. Baker
Expires: December 29, 2003                                 Cisco Systems
                                                           June 30, 2003

                         Reflexive DSCP Policy

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at http://

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on December 29, 2003.

Copyright Notice

   Copyright (C) The Internet Society (2003). All Rights Reserved.


   In reviewing the specific use of the Differentiated Services
   Architecture for supporting the Internet Emergency Preparedness
   System, we found what we believe is a general issue. This is that
   even though a client or peer can connect to a server or peer with a
   predictable DSCP value, the response does not have a predictable DSCP
   value. We consider the issues, and recommend an approach to
   application policy regarding the DSCP.

Atarashi & Baker       Expires December 29, 2003                [Page 1]

Internet-Draft                  Document                       June 2003

1. Introduction

   In reviewing the specific use of the Differentiated Services
   Architecture for supporting the Internet Emergency Preparedness
   System, we found what we believe is a general issue. This is that
   even though a client or peer can connect to a server or peer with a
   predictable DSCP value, the response does not have a predictable DSCP
   value. We consider the issues, and recommend an approach to
   application policy regarding the DSCP.

   As such, we will make specific recommendations for all applications.
   In doing so, we will use the language described in RFC 2119 [1]. The
   key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC 2119 [1].

1.1 Problem Statement

    Figure 1 presents a connection being placed between two applications
   across a differentiated services network.

          . . . . .                  . . . . .                    . . . . .
      .              .           .              .             .              .
    .   Client          .      .                  .          .     Server      .
   .   /-----------/    .     .   /------------/   .       .   /---------------/.
   .           Router -----/----- Router  Router -----/----- Router            .
    .                  .       .                  .        .                   .
      .              .           .              .            .               .
          . . . . .                  . . . . .                    . . . . .

   Figure 1: Connection across a network

   A behavior aggregate originated in part by a certain client toward a
   given server in a remote network may have certain application
   requirements, such as requiring service appropriate to an ERP
   application, videostream or voice. One application may use different
   aggregates for different purposes, and therefore have different
   requirements. So the application may not be able to tell a priori
   what DSCP it should use or respond with.

   In addition, DSCPs have local significance in the Differentiated
   Services Architecture. It is possible and perhaps likely that a
   behavior aggregate might use different code points in different

Atarashi & Baker       Expires December 29, 2003                [Page 2]

Internet-Draft                  Document                       June 2003

2. Policy recommendations

   We consider that there are a number of possible approaches to this
   issue. The simplest, which we fear is currently standard in
   Differentiated Services hosts, is to simply select a default value,
   such as "always make TCP applications use AF11". For some
   applications, such as voice (EF), this approach is appropriate, but
   for many it is not.

2.1 Default DSCP policy in a responder

   When a system accepts sessions initiated from another system, and
   there is no specific local policy, the responder SHOULD use the same
   DSCP Group as its request. Thus, if a TCP SYN arrives using any of
   AF11, AF12, or AF13, the TCP SYN-ACK and subsequent messages SHOULD
   use AF11 as the DSCP. When in doubt as to the set of DSCP code points
   comprising a DSCP Group, it SHOULD respond with exactly the same

   There has been interest of late in changing the quality of service
   behavior for different portions of the same session, such as on a
   per-URL basis. The requester could initiate this. Thus, if the DSCP
   received on one TCP segment differs from the TCP used on a prior TCP
   segment in a session, the new DSCP SHOULD be reflected unless local
   policy prevents this.

   One way to implement this requires the receiving transport (TCP,
   SCTP, etc) to save the received DSCP and use an API to determine the
   correct responding DSCP from a configuration file. The configuration
   file lists the 64 possible DSCP values and the correct response. In
   most cases, the two SHOULD be the same, but the AFxy code points map
   to AFx1. Local policy MAY update this mapping.

2.2 Application-directed DSCP policy

   The originator of a session, which is to say the application that
   opens it, SHOULD normally select the DSCP value used. This, of
   course, needs to be consistent with local network policy, and may be
   dictated entirely by that policy.

   The application would do this through an API, ideally one that maps
   the application to a DSCP value through local administrative policy.
   Thus, the API could set the DSCP for signaling of voice calls to a
   specific value, such as AF31. It would be better, though, if the API
   were to set it to a key word such as "VoiceSignaling" or
   "DatabaseAccess", and enable the network administration to interpret
   the key word to an appropriate code point. One way to implement this
   would be for the API code to look the key word up in a file or an

Atarashi & Baker       Expires December 29, 2003                [Page 3]

Internet-Draft                  Document                       June 2003

   LDAP Policy.

   It is possible for the responding application to use this same API.
   For example, separate policies might apply to database records of one
   type and database records of another type, something that only the
   database access application could determine. It is also possible for
   the application exchange to communicate a desired DSCP, and the
   responding application to use the API accordingly. In such a case,
   the application exchange MUST specify the key word or metadata rather
   than the specific DSCP, as it cannot know the applicable policy in
   the responder's network.

Atarashi & Baker       Expires December 29, 2003                [Page 4]

Internet-Draft                  Document                       June 2003

3. IANA Considerations

   No action has been requested of IANA.

Atarashi & Baker       Expires December 29, 2003                [Page 5]

Internet-Draft                  Document                       June 2003

4. Security Considerations

   This document discusses policy, and describes a recommended default
   policy, for the use of a Differentiated Services Code Point by
   transports and applications. If implemented as described, it should
   ask the network to do nothing that the network has not already
   allowed. If that is the case, no new security issues should arise
   from the use of such a policy.

   It is possible, however, for the policy to be applied incorrectly, or
   for another policy to be applied, which would be incorrect in the
   network. In that case, a policy issue exists which the network must
   detect, assess, and deal with. This is a known security issue in any
   network dependent on policy-directed behavior.

Atarashi & Baker       Expires December 29, 2003                [Page 6]

Internet-Draft                  Document                       June 2003

5. Acknowledgements

   The authors would like to thank Hiroyuki Ohno, Toshio Shimojo,
   Shigeru Miyake and Yoshifumi Atarashi for their suggetions.

Atarashi & Baker       Expires December 29, 2003                [Page 7]

Internet-Draft                  Document                       June 2003


   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [2]  Nichols, K., Blake, S., Baker, F. and D. Black, "Definition of
        the Differentiated Services Field (DS Field) in the IPv4 and
        IPv6 Headers", RFC 2474, December 1998.

   [3]  Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z. and W.
        Weiss, "An Architecture for Differentiated Services", RFC 2475,
        December 1998.

   [4]  Heinanen, J., Baker, F., Weiss, W. and J. Wroclawski, "Assured
        Forwarding PHB Group", RFC 2597, June 1999.

   [5]  Bernet, Y., Ford, P., Yavatkar, R., Baker, F., Zhang, L., Speer,
        M., Braden, R., Davie, B., Wroclawski, J. and E. Felstaine, "A
        Framework for Integrated Services Operation over Diffserv
        Networks", RFC 2998, November 2000.

Authors' Addresses

   Ray S. Atarashi
   IIJ Research Laboratory
   Jinbocho Mitsui Bldg., 1-105 Kanda Jinbo-cho
   Chiyoda-ku, Tokyo  101-0051

   Phone: +81-3-5205-6464
   Fax:   +81-3-5205-6466
   EMail: ray@iijlab.net

   Fred Baker
   Cisco Systems
   1121 Via Del Rey
   Santa Barbara, CA  93117

   Phone: +1-408-526-4257
   Fax:   +1-413-473-2403
   EMail: fred@cisco.com

Atarashi & Baker       Expires December 29, 2003                [Page 8]

Internet-Draft                  Document                       June 2003

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights. Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11. Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard. Please address the information to the IETF Executive

Full Copyright Statement

   Copyright (C) The Internet Society (2003). All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees.

   This document and the information contained herein is provided on an

Atarashi & Baker       Expires December 29, 2003                [Page 9]

Internet-Draft                  Document                       June 2003



   Funding for the RFC Editor function is currently provided by the
   Internet Society.

Atarashi & Baker       Expires December 29, 2003               [Page 10]