Date: Sat, 22 Jan 2005 02:07:29 +0100 (CET) From: Ingo <chaoztc@confusion.at> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: [PATCH] 802.1p priority (fixed) Message-ID: <20050122020040.J93890-100000@ix.reflection.at> In-Reply-To: <20050121230726.GB18608@odin.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi > > In an Isp backbone I trust 802.1Q packets because no customer has access > > to tagged vlan connections. > > Trusting in TOS bit is in such a network no good idea because every > > customer could send IP traffic. And overwriting the TOS bit at all network > > edges could be a pain to not miss some edges. > > 802.1Q is some kind of "out of band" QOS for IP. > > > > L2 Ethernet switches could also handle 802.1Q but not the TOS bits in the > > IP header. > > I'm not sure what your point is. It's certaintly the case that they are > only useful if you trust all hosts on the ethernet. Untagged ethernet could be untrusted because 802.1Q is only possible on tagged ethernet. The priority tag is an extension to the 802.1P vlan header. In an ISP environment there are in most time routing hops between which effecively kill the 802.1Q field. Only easy to select ip-interfaces on more intelligent hardware (L3 switches, ...) could pass the data over routing hops, which are much easier to control than ip routing modems which could easily be hijacked by customers. Also not much modem support the changing of the TOS field. In short wortds: 802.1Q is easy to control and easy to secure. TOS, DSCP, ... is easy to control but hard to secure. bye, Ingo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050122020040.J93890-100000>