[j-nsp] Network-control queue counter increases on ccc-configured interface

Saku Ytti saku at ytti.fi
Thu Jan 26 13:31:30 EST 2012


On (2012-01-26 12:32 -0500), Keegan Holley wrote:
 
> I can't see this being a huge risk.  Most of your upstreams will
> remark on ingress and not hand you traffic tagged with NC.  If you are

I've not actually before tested how typically in INET would NC propagate,
but I just ran ping -Q192 from 74 nodes around the Internet, and this is
what I got back:

% sudo tshark -i eth0 "ip[1]==192 and dst host 194.100.7.227" -w prec5.pcap
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
55

So 55/74 vantage points passed 0b101 to my server.

Vantage points here:
https://ring.nlnog.net/participants/

So you shouldn't trust others to do TOS resetting for you, if you do trust TOS
and you do want to continue trusting it (instead of rewriting cos/exp value and
trust it instead) you should reset it in peering/transit.
Neat way to get your own 5% from congested default configured JNPR network

-- 
  ++ytti


More information about the juniper-nsp mailing list