|Summary:||[feature request] set DSCP on neighbor solicitation|
|Product:||Base System||Reporter:||Jason Mader <jasonmader>|
|Component:||kern||Assignee:||freebsd-net (Nobody) <net>|
|Severity:||Affects Only Me||CC:||ae, bz, hrs, sbruno|
Description Jason Mader 2017-02-03 01:58:37 UTC
Feature request to have neighbor solicitation set the DSCP to 56 the way a Cisco router does, 01:49:04.603032 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::ca08 > fe80::1: ICMP6, neighbor solicitation, length 32, who has fe80::1 source link-address option (1), length 8 (1): 00:00:00:00:ca:08 01:49:04.606351 IP6 (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::1 > fe80::ca08: ICMP6, neighbor advertisement, length 24, tgt is fe80::1, Flags [router, solicited]
Comment 1 Hiren Panchasara 2017-02-03 17:52:55 UTC
Adding bz@ and ae@ too. I am not quite sure if standards are clear on what should be done here so someone with more v6 clue can help.
Comment 2 Andrey V. Elsukov 2017-02-04 02:43:01 UTC
I didn't seen any information about this in RFC. You can use "ipfw setdscp" rule to set the DSCP, e.g. ipfw add setdscp 56 ip6 from me6 to any icmp6types 135
Comment 3 Hiroki Sato 2017-02-06 21:37:41 UTC
I think it is not a bad idea to implement a configuration knob of DSCP value of ND messages while it is possible to set one via a packet filter as ae@ explains. RFC 4594 recommends to set CS6 for network control traffic. I was not aware of Cisco's but it seems it uses CS7 according to the original report. I do not think this causes an interoperability issue. One question: does anyone know (or have access to) routers other than Cisco's which set non-zero DSCP value and what value is actually set? While CS7 is a reasonable option, I want to know how popular such an implementation is before going ahead.
Comment 4 Jason Mader 2017-02-06 23:49:31 UTC
The neighbor discovery uses CS7 (network), and Cisco uses CS6 on Internet routing protocols. Which make sense. Unfortunately I don't have any other information on how common it is. I have looked and Linux and Arista do not set a DSCP on NDP.