rfc2474.txt

来自「中、英文RFC文档大全打包下载完全版 .」· 文本 代码 · 共 1,124 行 · 第 1/4 页


RFC 2474             Differentiated Services Field         December 1998


   generally based on policies encoded in filters in the routers, which
   examined IP addresses, IP protocol numbers, TCP or UDP ports, and
   other header fields.  IP Precedence was and is among the options such
   filters can examine.

   In short, IP Precedence is widely deployed and widely used, if not in
   exactly the manner intended in [RFC791].  This was recognized in
   [RFC1122], which states that while the use of the IP Precedence field
   is valid, the specific assignment of the priorities in [RFC791] were
   merely historical.

4.2.2  Subsuming IP Precedence into Class Selector Codepoints

   A specification of the packet forwarding treatments selected by the
   IP Precedence field today would have to be quite general; probably
   not specific enough to build predictable services from in the
   differentiated services framework.  To preserve partial backwards
   compatibility with known current uses of the IP Precedence field
   without sacrificing future flexibility, we have taken the approach of
   describing minimum requirements on a set of PHBs that are compatible
   with most of the deployed forwarding treatments selected by the IP
   Precedence field.  In addition, we give a set of codepoints that MUST
   map to PHBs meeting these minimum requirements.  The PHBs mapped to
   by these codepoints MAY have a more detailed list of specifications
   in addition to the required ones stated here.  Other codepoints MAY
   map to these same PHBs.  We refer to this set of codepoints as the
   Class Selector Codepoints, and the minimum requirements for PHBs that
   these codepoints may map to are called the Class Selector PHB
   Requirements.

4.2.2.1  The Class Selector Codepoints

   A specification of the packet forwarding treatments selected by the
   The DS field values of 'xxx000|xx', or DSCP = 'xxx000' and CU
   subfield unspecified, are reserved as a set of Class Selector
   Codepoints.  PHBs which are mapped to by these codepoints MUST
   satisfy the Class Selector PHB requirements in addition to preserving
   the Default PHB requirement on codepoint '000000' (Sec. 4.1).

4.2.2.2  The Class Selector PHB Requirements

   We refer to a Class Selector Codepoint with a larger numerical value
   than another Class Selector Codepoint as having a higher relative
   order while a Class Selector Codepoint with a smaller numerical value
   than another Class Selector Codepoint is said to have a lower
   relative order.  The set of PHBs mapped to by the eight Class
   Selector Codepoints MUST yield at least two independently forwarded
   classes of traffic, and PHBs selected by a Class Selector Codepoint



Nichols, et. al.            Standards Track                    [Page 11]

RFC 2474             Differentiated Services Field         December 1998


   SHOULD give packets a probability of timely forwarding that is not
   lower than that given to packets marked with a Class Selector
   codepoint of lower relative order, under reasonable operating
   conditions and traffic loads.  A discarded packet is considered to be
   an extreme case of untimely forwarding.  In addition, PHBs selected
   by codepoints '11x000' MUST give packets a preferential forwarding
   treatment by comparison to the PHB selected by codepoint '000000' to
   preserve the common usage of IP Precedence values '110' and '111' for
   routing traffic.

   Further, PHBs selected by distinct Class Selector Codepoints SHOULD
   be independently forwarded; that is, packets marked with different
   Class Selector Codepoints MAY be re-ordered.  A network node MAY
   enforce limits on the amount of the node's resources that can be
   utilized by each of these PHBs.

   PHB groups whose specification satisfy these requirements are
   referred to as Class Selector Compliant PHBs.

   The Class Selector PHB Requirements on codepoint '000000' are
   compatible with those listed for the Default PHB in Sec. 4.1.

4.2.2.3  Using the Class Selector PHB Requirements for IP Precedence
         Compatibility

   A DS-compliant network node can be deployed with a set of one or more
   Class Selector Compliant PHB groups.  This document states that the
   set of codepoints 'xxx000' MUST map to such a set of PHBs.  As it is
   also possible to map multiple codepoints to the same PHB, the vendor
   or the network administrator MAY configure the network node to map
   codepoints to PHBs irrespective of bits 3-5 of the DSCP field to
   yield a network that is compatible with historical IP Precedence use.
   Thus, for example, codepoint '011010' would map to the same PHB as
   codepoint '011000'.

4.2.2.4  Example Mechanisms for Implementing Class Selector Compliant
         PHB Groups

   Class Selector Compliant PHBs can be realized by a variety of
   mechanisms, including strict priority queueing, weighted fair
   queueing (WFQ), WRR, or variants [RPS, HPFQA, DRR], or Class-Based
   Queuing [CBQ].  The distinction between PHBs and mechanisms is
   described in more detail in Sec. 5.

   It is important to note that these mechanisms might be available
   through other PHBs (standardized or not) that are available in a
   particular vendor's equipment.  For example, future documents may
   standardize a Strict Priority Queueing PHB group for a set of



Nichols, et. al.            Standards Track                    [Page 12]

RFC 2474             Differentiated Services Field         December 1998


   recommended codepoints.  A network administrator might configure
   those routers to select the Strict Priority Queueing PHBs with
   codepoints 'xxx000' in conformance with the requirements of this
   document.

   As a further example, another vendor might employ a CBQ mechanism in
   its routers.  The CBQ mechanism could be used to implement the Strict
   Priority Queueing PHBs as well as a set of Class Selector Compliant
   PHBs with a wider range of features than would be available in a set
   of PHBs that did no more than meet the minimum Class Selector PHB
   requirements.

4.3  Summary

   This document defines codepoints 'xxx000' as the Class Selector
   codepoints, where PHBs selected by these codepoints MUST meet the
   Class Selector PHB Requirements described in Sec. 4.2.2.2.  This is
   done to preserve a useful level of backward compatibility with
   current uses of the IP Precedence field in the Internet without
   unduly limiting future flexibility.  In addition, codepoint '000000'
   is used as the Default PHB value for the Internet and, as such, is
   not configurable.  The remaining seven non-zero Class Selector
   codepoints are configurable only to the extent that they map to PHBs
   that meet the requirements in Sec. 4.2.2.2.

5.  Per-Hop Behavior Standardization Guidelines

   The behavioral characteristics of a PHB are to be standardized, and
   not the particular algorithms or the mechanisms used to implement
   them.  A node may have a (possibly large) set of parameters that can
   be used to control how packets are scheduled onto an output interface
   (e.g., N separate queues with settable priorities, queue lengths,
   round-robin weights, drop algorithm, drop preference weights and
   thresholds, etc).  To illustrate the distinction between a PHB and a
   mechanism, we point out that Class Selector Compliant PHBs might be
   implemented by several mechanisms, including: strict priority
   queueing, WFQ, WRR, or variants [HPFQA, RPS, DRR], or CBQ [CBQ], in
   isolation or in combination.

   PHBs may be specified individually, or as a group (a single PHB is a
   special case of a PHB group).  A PHB group usually consists of a set
   of two or more PHBs that can only be meaningfully specified and
   implemented simultaneously, due to a common constraint applying to
   each PHB within the group, such as a queue servicing or queue
   management policy.  A PHB group specification SHOULD describe
   conditions under which a packet might be re-marked to select another
   PHB within the group.  It is RECOMMENDED that PHB implementations do
   not introduce any packet re-ordering within a microflow.  PHB group



Nichols, et. al.            Standards Track                    [Page 13]

RFC 2474             Differentiated Services Field         December 1998


   specifications MUST identify any possible packet re-ordering
   implications which may occur for each individual PHB, and which may
   occur if different packets within a microflow are marked for
   different PHBs within the group.

   Only those per-hop behaviors that are not described by an existing
   PHB standard, and have been implemented, deployed, and shown to be
   useful, SHOULD be standardized.  Since current experience with
   differentiated services is quite limited, it is premature to
   hypothesize the exact specification of these per-hop behaviors.

   Each standardized PHB MUST have an associated RECOMMENDED codepoint,
   allocated out of a space of 32 codepoints (see Sec. 6).  This
   specification has left room in the codepoint space to allow for
   evolution, thus the defined space ('xxx000') is intentionally sparse.

   Network equipment vendors are free to offer whatever parameters and
   capabilities are deemed useful or marketable.  When a particular,
   standardized PHB is implemented in a node, a vendor MAY use any
   algorithm that satisfies the definition of the PHB according to the
   standard.  The node's capabilities and its particular configuration
   determine the different ways that packets can be treated.

   Service providers are not required to use the same node mechanisms or
   configurations to enable service differentiation within their
   networks, and are free to configure the node parameters in whatever
   way that is appropriate for their service offerings and traffic
   engineering objectives.  Over time certain common per-hop behaviors
   are likely to evolve (i.e., ones that are particularly useful for
   implementing end-to-end services) and these MAY be associated with
   particular EXP/LU PHB codepoints in the DS field, allowing use across
   domain boundaries (see Sec. 6).  These PHBs are candidates for future
   standardization.

   It is RECOMMENDED that standardized PHBs be specified in accordance
   with the guidelines set out in [ARCH].

6.  IANA Considerations

   The DSCP field within the DS field is capable of conveying 64
   distinct codepoints.  The codepoint space is divided into three pools
   for the purpose of codepoint assignment and management: a pool of 32
   RECOMMENDED codepoints (Pool 1) to be assigned by Standards Action as
   defined in [CONS], a pool of 16 codepoints (Pool 2) to be reserved
   for experimental or Local Use (EXP/LU) as defined in [CONS], and a
   pool of 16 codepoints (Pool 3) which are initially available for
   experimental or local use, but which should be preferentially




Nichols, et. al.            Standards Track                    [Page 14]

RFC 2474             Differentiated Services Field         December 1998


   utilized for standardized assignments if Pool 1 is ever exhausted.
   The pools are defined in the following table (where 'x' refers to
   either '0' or '1'):

   Pool        Codepoint space          Assignment Policy
   ----        ---------------          -----------------

    1            xxxxx0                 Standards Action
    2            xxxx11                 EXP/LU
    3            xxxx01                 EXP/LU (*)

   (*) may be utilized for future Standards Action allocations as
       necessary

   This document assigns eight RECOMMENDED codepoints ('xxx000') which
   are drawn from Pool 1 above.  These codepoints MUST be mapped, not to
   specific PHBs, but to PHBs that meet "at least" the requirements set
   forth in Sec. 4.2.2.2 to provide a minimal level of backwards
   compatibility with IP Precedence as defined in [RFC791] and as
   deployed in some current equipment.

7.  Security Considerations

   This section considers security issues raised by the introduction of
   differentiated services, primarily the potential for denial-of-
   service attacks, and the related potential for theft of service by
   unauthorized traffic (Section 7.1).  Section 7.2 addresses the
   operation of differentiated services in the presence of IPsec
   including its interaction with IPsec tunnel mode and other tunnelling
   protocols.  See [ARCH] for more extensive treatment of the security
   concerns raised by the overall differentiated services architecture.

7.1  Theft and Denial of Service

   The primary goal of differentiated services is to allow different
   levels of service to be provided for traffic streams on a common
   network infrastructure.  A variety of techniques may be used to
   achieve this, but the end result will be that some packets receive
   different (e.g., better) service than others.  The mapping of network
   traffic to the specific behaviors that result in different (e.g.,
   better or worse) service is indicated primarily by the DS codepoint,
   and hence an adversary may be able to obtain better service by
   modifying the codepoint to values indicating behaviors used for
   enhanced services or by injecting packets with such codepoint values.
   Taken to its limits, such theft-of-service becomes a denial-of-
   service attack when the modified or injected traffic depletes the
   resources available to forward it and other traffic streams.




Nichols, et. al.            Standards Track                    [Page 15]