seems pretty real to me, I know we (AS11404) mark to zero on ingress... I think that is the typical case otherwise people would just tag their flood style ddos traffic as max and try to take out everything. John ________________________________________ From: NANOG [nanog-bounces@nanog.org] on behalf of Mike Hammett [nanog@ics-il.net] Sent: Thursday, May 07, 2015 4:46 AM To: nanog list Subject: Re: IP DSCP across the Internet That sounds like a rather poor implementation. What if they had more than one VoIP call? Seems like this thread has more FUD than real examples. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Mikael Abrahamsson" <swmike@swm.pp.se> To: "Mark Tinka" <mark.tinka@seacom.mu> Cc: "nanog list" <nanog@nanog.org> Sent: Thursday, May 7, 2015 4:32:52 AM Subject: Re: IP DSCP across the Internet On Wed, 6 May 2015, Mark Tinka wrote:
With color-aware policing toward a customer in Uganda, any traffic coming from that peer in South Africa was getting dropped toward that customer in Uganda. After a very odd sequence of troubleshooting events, we found that the AF DSCP alues being set by the peer in South Africa (and us passing them due to the old kit not being able to remark on ingress) was causing the color-aware policer in Uganda to drop traffic toward the customer there.
I have heard similar stories where game traffic ended up in a 100 kilobit/s VoIP queue which worked fine until there were a lot of nearby players in the game, then things started working very badly. Also nice corner case :P So yes, setting all external Internet traffic to DSCP=BE (0) is something one wants to do. -- Mikael Abrahamsson email: swmike@swm.pp.se