[PATCH] 802.1p priority (fixed)
Ingo
chaoztc at confusion.at
Fri Jan 21 17:07:37 PST 2005
Hi
> > In an Isp backbone I trust 802.1Q packets because no customer has access
> > to tagged vlan connections.
> > Trusting in TOS bit is in such a network no good idea because every
> > customer could send IP traffic. And overwriting the TOS bit at all network
> > edges could be a pain to not miss some edges.
> > 802.1Q is some kind of "out of band" QOS for IP.
> >
> > L2 Ethernet switches could also handle 802.1Q but not the TOS bits in the
> > IP header.
>
> I'm not sure what your point is. It's certaintly the case that they are
> only useful if you trust all hosts on the ethernet.
Untagged ethernet could be untrusted because 802.1Q is only possible on
tagged ethernet. The priority tag is an extension to the 802.1P vlan
header.
In an ISP environment there are in most time routing hops between which
effecively kill the 802.1Q field. Only easy to select ip-interfaces on
more intelligent hardware (L3 switches, ...) could pass the data over routing
hops, which are much easier to control than ip routing modems which could
easily be hijacked by customers. Also not much modem support the changing
of the TOS field.
In short wortds:
802.1Q is easy to control and easy to secure.
TOS, DSCP, ... is easy to control but hard to secure.
bye,
Ingo
More information about the freebsd-net
mailing list