Internet Engineering Task Force (IETF)                     D. Black, Ed.
Request for Comments: 7657                                           EMC
Category: Informational                                         P. Jones
ISSN: 2070-1721                                                    Cisco
                                                           November 2015
Internet Engineering Task Force (IETF)                     D. Black, Ed.
Request for Comments: 7657                                           EMC
Category: Informational                                         P. Jones
ISSN: 2070-1721                                                    Cisco
                                                           November 2015

Differentiated Services (Diffserv) and Real-Time Communication




This memo describes the interaction between Differentiated Services (Diffserv) network quality-of-service (QoS) functionality and real-time network communication, including communication based on the Real-time Transport Protocol (RTP). Diffserv is based on network nodes applying different forwarding treatments to packets whose IP headers are marked with different Diffserv Codepoints (DSCPs). WebRTC applications, as well as some conferencing applications, have begun using the Session Description Protocol (SDP) bundle negotiation mechanism to send multiple traffic streams with different QoS requirements using the same network 5-tuple. The results of using multiple DSCPs to obtain different QoS treatments within a single network 5-tuple have transport protocol interactions, particularly with congestion control functionality (e.g., reordering). In addition, DSCP markings may be changed or removed between the traffic source and destination. This memo covers the implications of these Diffserv aspects for real-time network communication, including WebRTC.


Status of This Memo


This document is not an Internet Standards Track specification; it is published for informational purposes.


This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at


Copyright Notice


Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents


   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Real-Time Communications  . . . . . . . . . . . . . . . . . .   3
     2.1.  RTP Background  . . . . . . . . . . . . . . . . . . . . .   4
     2.2.  RTP Multiplexing  . . . . . . . . . . . . . . . . . . . .   6
   3.  Differentiated Services (Diffserv)  . . . . . . . . . . . . .   7
     3.1.  Diffserv Per-Hop Behaviors (PHBs) . . . . . . . . . . . .  10
     3.2.  Traffic Classifiers and DSCP Remarking  . . . . . . . . .  10
   4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
   5.  Diffserv Interactions . . . . . . . . . . . . . . . . . . . .  13
     5.1.  Diffserv, Reordering, and Transport Protocols . . . . . .  13
     5.2.  Diffserv, Reordering, and Real-Time Communication . . . .  15
     5.3.  Drop Precedence and Transport Protocols . . . . . . . . .  16
     5.4.  Diffserv and RTCP . . . . . . . . . . . . . . . . . . . .  17
   6.  Guidelines  . . . . . . . . . . . . . . . . . . . . . . . . .  18
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  19
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  20
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  20
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  22
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  26
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  26
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Real-Time Communications  . . . . . . . . . . . . . . . . . .   3
     2.1.  RTP Background  . . . . . . . . . . . . . . . . . . . . .   4
     2.2.  RTP Multiplexing  . . . . . . . . . . . . . . . . . . . .   6
   3.  Differentiated Services (Diffserv)  . . . . . . . . . . . . .   7
     3.1.  Diffserv Per-Hop Behaviors (PHBs) . . . . . . . . . . . .  10
     3.2.  Traffic Classifiers and DSCP Remarking  . . . . . . . . .  10
   4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
   5.  Diffserv Interactions . . . . . . . . . . . . . . . . . . . .  13
     5.1.  Diffserv, Reordering, and Transport Protocols . . . . . .  13
     5.2.  Diffserv, Reordering, and Real-Time Communication . . . .  15
     5.3.  Drop Precedence and Transport Protocols . . . . . . . . .  16
     5.4.  Diffserv and RTCP . . . . . . . . . . . . . . . . . . . .  17
   6.  Guidelines  . . . . . . . . . . . . . . . . . . . . . . . . .  18
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  19
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  20
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  20
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  22
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  26
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  26
1. Introduction
1. 介绍

This memo describes the interactions between Differentiated Services (Diffserv) network quality-of-service (QoS) functionality [RFC2475] and real-time network communication, including communication based on the Real-time Transport Protocol (RTP) [RFC3550]. Diffserv is based on network nodes applying different forwarding treatments to packets whose IP headers are marked with different Diffserv Codepoints (DSCPs) [RFC2474]. In the past, distinct RTP streams have been sent over different transport-level flows, sometimes multiplexed with the RTP Control Protocol (RTCP). WebRTC applications, as well as some conferencing applications, are now using the Session Description Protocol (SDP) [RFC4566] bundle negotiation mechanism [SDP-BUNDLE] to send multiple traffic streams with different QoS requirements using the same network 5-tuple. The results of using multiple DSCPs to obtain different QoS treatments within a single network 5-tuple have transport protocol interactions, particularly with congestion control functionality (e.g., reordering). In addition, DSCP markings may be changed or removed between the traffic source and destination. This memo covers the implications of these Diffserv aspects for real-time network communication, including WebRTC traffic [WEBRTC-OVERVIEW].


The memo is organized as follows. Background is provided in Section 2 on real-time communications and Section 3 on Differentiated Services. Section 4 describes some examples of Diffserv usage with real-time communications. Section 5 explains how use of Diffserv features interacts with both transport and real-time communications protocols and Section 6 provides guidance on Diffserv feature usage to control undesired interactions. Security considerations are discussed in Section 7.


2. Real-Time Communications
2. 实时通信

Real-time communications enables communication in real time over an IP network using voice, video, text, content sharing, etc. It is possible to use more than one of these modes concurrently to provide a rich communication experience.


A simple example of real-time communications is a voice call placed over the Internet where an audio stream is transmitted in each direction between two users. A more complex example is an immersive videoconferencing system that has multiple video screens, multiple cameras, multiple microphones, and some means of sharing content. For such complex systems, there may be multiple media and non-media streams transmitted via a single IP address and port or via multiple IP addresses and ports.


2.1. RTP Background
2.1. RTP背景

The most common protocol used for real-time media is RTP [RFC3550]. RTP defines a common encapsulation format and handling rules for real-time data transmitted over the Internet. Unfortunately, RTP terminology usage has been inconsistent. For example, RFC 7656 [RFC7656] on RTP terminology observes that:

实时媒体最常用的协议是RTP[RFC3550]。RTP为通过Internet传输的实时数据定义了通用的封装格式和处理规则。不幸的是,RTP术语的使用一直不一致。例如,RTP术语中的RFC 7656[RFC7656]指出:

RTP [RFC3550] uses media stream, audio stream, video stream, and a stream of (RTP) packets interchangeably, which are all RTP streams.


Terminology in this memo is based on that RTP terminology document with the following terms being of particular importance (see that terminology document for full definitions):


Source Stream: A reference clock synchronized, time progressing, digital media stream.


RTP Stream: A stream of RTP packets containing media data, which may be source data or redundant data. The RTP stream is identified by an RTP synchronization source (SSRC) belonging to a particular RTP session. An RTP stream may be a secured RTP stream when RTP-based security is used.


In addition, this memo follows [RFC3550] in using the term "SSRC" to designate both the identifier of an RTP stream and the entity that sends that RTP stream.


Media encoding and packetization of a source stream results in a source RTP stream plus zero or more redundancy RTP streams that provide resilience against loss of packets from the source RTP stream [RFC7656]. Redundancy information may also be carried in the same RTP stream as the encoded source stream, e.g., see Section 7.2 of [RFC5109]. With most applications, a single media type (e.g., audio) is transmitted within a single RTP session. However, it is possible to transmit multiple, distinct source streams over the same RTP session as one or more individual RTP streams. This is referred to as RTP multiplexing. In addition, an RTP stream may contain multiple source streams, e.g., components or programs in an MPEG Transport Stream [H.221].


The number of source streams and RTP streams in an overall real-time interaction can be surprisingly large. In addition to a voice source stream and a video source stream, there could be separate source streams for each of the cameras or microphones on a videoconferencing system. As noted above, there might also be separate redundancy RTP streams that provide protection to a source RTP stream, using


techniques such as forward error correction. Another example is simulcast transmission, where a video source stream can be transmitted as high resolution and low resolution RTP streams at the same time. In this case, a media processing function might choose to send one or both RTP streams onward to a receiver based on bandwidth availability or who the active speaker is in a multipoint conference. Lastly, a transmitter might send the same media content concurrently as two RTP streams using different encodings (e.g., video encoded as VP8 [RFC6386] in parallel with H.264 [H.264]) to allow a media processing function to select a media encoding that best matches the capabilities of the receiver.


For the WebRTC protocol suite [WEBRTC-TRANSPORTS], an individual source stream is a MediaStreamTrack, and a MediaStream contains one or more MediaStreamTracks [W3C.WD-mediacapture-streams-20130903]. A MediaStreamTrack is transmitted as a source RTP stream plus zero or more redundant RTP streams, so a MediaStream that consists of one MediaStreamTrack is transmitted as a single source RTP stream plus zero or more redundant RTP streams. For more information on use of RTP in WebRTC, see [RTP-USAGE].


RTP is usually carried over a datagram protocol, such as UDP [RFC768], UDP-Lite [RFC3828], or the Datagram Congestion Control Protocol (DCCP) [RFC4340]; UDP is most commonly used, but a non-datagram protocol (e.g., TCP [RFC793]) may also be used. Transport protocols other than UDP or UDP-Lite may also be used to transmit real-time data or near-real-time data. For example, the Stream Control Transmission Protocol (SCTP) [RFC4960] can be utilized to carry application-sharing or whiteboarding information as part of an overall interaction that includes real-time media. These additional transport protocols can be multiplexed with an RTP session via UDP encapsulation, thereby using a single pair of UDP ports.

RTP通常通过数据报协议进行传输,如UDP[RFC768]、UDP Lite[RFC3828]或数据报拥塞控制协议(DCCP)[RFC4340];UDP是最常用的,但也可以使用非数据报协议(例如TCP[RFC793])。UDP或UDP Lite以外的传输协议也可用于传输实时数据或近实时数据。例如,流控制传输协议(SCTP)[RFC4960]可用于承载应用程序共享或白板信息,作为包括实时媒体的整体交互的一部分。这些额外的传输协议可以通过UDP封装与RTP会话复用,从而使用一对UDP端口。

The WebRTC protocol suite encompasses a number of forms of multiplexing:


1. Individual source streams are carried in one or more individual RTP streams. These RTP streams can be multiplexed onto a single transport-layer flow or sent as separate transport-layer flows. This memo only considers the case where the RTP streams are to be multiplexed onto a single transport-layer flow, forming a single RTP session as described in [RFC3550];

1. 单个源流在一个或多个单个RTP流中承载。这些RTP流可以多路复用到单个传输层流上,或者作为单独的传输层流发送。本备忘录仅考虑RTP流被多路复用到单个传输层流上,形成单个RTP会话的情况,如[RFC3550]中所述;

2. RTCP (see [RFC3550]) may be multiplexed onto the same transport-layer flow as the RTP streams with which it is associated, as described in [RFC5761], or it may be sent on a separate transport-layer flow;

2. RTCP(参见[RFC3550])可以被多路复用到与其关联的RTP流相同的传输层流上,如[RFC5761]中所述,或者可以在单独的传输层流上发送;

3. An RTP session could be multiplexed with a single SCTP association over Datagram Transport Layer Security (DTLS) and with both Session Traversal Utilities for NAT (STUN) [RFC5389] and TURN [RFC5766] traffic into a single transport-layer flow as described in [RFC5764] with the updates in [SRTP-DTLS]. The STUN [RFC5389] and Traversal Using Relays around NAT (TURN) [RFC5766] protocols provide NAT/FW (Network Address Translator / Firewall) traversal and port mapping.

3. RTP会话可以通过数据报传输层安全性(DTLS)和NAT(STUN)[RFC5389]的两个会话遍历实用程序与单个SCTP关联进行多路复用,并将[RFC5766]通信量转换为[RFC5764]中所述的单个传输层流,并在[SRTP-DTLS]中进行更新。STUN[RFC5389]和使用NAT(TURN)[RFC5766]协议周围的中继进行的遍历提供了NAT/FW(网络地址转换器/防火墙)遍历和端口映射。

The resulting transport-layer flow is identified by a network 5-tuple, i.e., a combination of two IP addresses (source and destination), two ports (source and destination), and the transport protocol used (e.g., UDP). SDP bundle negotiation restrictions [SDP-BUNDLE] limit WebRTC to using at most a single DTLS session per network 5-tuple. In contrast to WebRTC use of a single SCTP association with DTLS, multiple SCTP associations can be directly multiplexed over a single UDP 5-tuple as specified in [RFC6951].

由此产生的传输层流由网络5元组标识,即两个IP地址(源和目标)、两个端口(源和目标)和所使用的传输协议(例如UDP)的组合。SDP包协商限制[SDP-bundle]将WebRTC限制为每个网络5元组最多使用一个DTLS会话。与WebRTC使用单个SCTP关联和DTL不同,多个SCTP关联可以直接在单个UDP 5元组上多路复用,如[RFC6951]中所述。

The STUN and TURN protocols were originally designed to use UDP as a transport; however, TURN has been extended to use TCP as a transport for situations in which UDP does not work [RFC6062]. When TURN selects use of TCP, the entire real-time communications session is carried over a single TCP connection (i.e., 5-tuple).


For IPv6, addition of the flow label [RFC6437] to network 5-tuples results in network 6-tuples (or 7-tuples for bidirectional flows), but in practice, use of a flow label is unlikely to result in a finer-grain traffic subset than the corresponding network 5-tuple (e.g., the flow label is likely to represent the combination of two ports with use of the UDP protocol). For that reason, discussion in this document focuses on UDP 5-tuples.

对于IPv6,向网络5元组添加流标签[RFC6437]会产生网络6元组(或双向流的7元组),但在实践中,使用流标签不太可能产生比相应网络5元组更细粒度的流量子集(例如,流标签可能表示使用UDP协议的两个端口的组合)。因此,本文档中的讨论重点是UDP 5元组。

2.2. RTP Multiplexing
2.2. RTP多路复用

Section 2.1 explains how source streams can be multiplexed in a single RTP session, which can in turn be multiplexed over UDP with packets generated by other transport protocols. This section provides background on why this level of multiplexing is desirable. The rationale in this section applies both to multiplexing of source streams in a single RTP session and multiplexing of an RTP session with traffic from other transport protocols via UDP encapsulation.


Multiplexing reduces the number of ports utilized for real-time and related communication in an overall interaction. While a single endpoint might have plenty of ports available for communication, this traffic often traverses points in the network that are constrained on the number of available ports or whose performance degrades as the number of ports in use increases. A good example is a NAT/FW device


sitting at the network edge. As the number of simultaneous protocol sessions increases, so does the burden placed on these devices to provide port mapping.


Another reason for multiplexing is to help reduce the time required to establish bidirectional communication. Since any two communicating users might be situated behind different NAT/FW devices, it is necessary to employ techniques like STUN and TURN along with Interactive Connectivity Establishment (ICE) [RFC5245] to get traffic to flow between the two devices [WEBRTC-TRANSPORTS]. Performing the tasks required by these protocols takes time, especially when multiple protocol sessions are involved. While tasks for different sessions can be performed in parallel, it is nonetheless necessary for applications to wait for all sessions to be opened before communication between two users can begin. Reducing the number of STUN/ICE/TURN steps reduces the likelihood of loss of a packet for one of these protocols; any such loss adds delay to setting up a communication session. Further, reducing the number of STUN/ICE/TURN tasks places a lower burden on the STUN and TURN servers.


Multiplexing may reduce the complexity and resulting load on an endpoint. A single instance of STUN/ICE/TURN is simpler to execute and manage than multiple instances STUN/ICE/TURN operations happening in parallel, as the latter require synchronization and create more complex failure situations that have to be cleaned up by additional code.


3. Differentiated Services (Diffserv)
3. 区分服务(Diffserv)

The Diffserv architecture [RFC2475][RFC4594] is intended to enable scalable service discrimination in the Internet without requiring each node in the network to store per-flow state and participate in per-flow signaling. The services may be end to end or within a network; they include both those that can satisfy quantitative performance requirements (e.g., peak bandwidth) and those based on relative performance (e.g., "class" differentiation). Services can be constructed by a combination of well-defined building blocks deployed in network nodes that:


o classify traffic and set bits in an IP header field at network boundaries or hosts,

o 在网络边界或主机的IP报头字段中对流量进行分类并设置位,

o use those bits to determine how packets are forwarded by the nodes inside the network, and

o 使用这些位确定网络内节点如何转发数据包,以及

o condition the marked packets at network boundaries in accordance with the requirements or rules of each service.

o 根据每个服务的要求或规则,在网络边界处调整标记的数据包。

Traffic conditioning may include changing the DSCP in a packet (remarking it), delaying the packet (as a consequence of traffic shaping), or dropping the packet (as a consequence of traffic policing).


A network node that supports Diffserv includes a classifier that selects packets based on the value of the DS field in IP headers (the Diffserv codepoint or DSCP), along with buffer management and packet scheduling mechanisms capable of delivering the specific packet forwarding treatment indicated by the DS field value. Setting of the DS field and fine-grain conditioning of marked packets need only be performed at network boundaries; internal network nodes operate on traffic aggregates that share a DS field value, or in some cases, a small set of related values.


The Diffserv architecture [RFC2475] maintains distinctions among:


o the QoS service provided to a traffic aggregate,

o 向流量聚合提供的QoS服务,

o the conditioning functions and per-hop behaviors (PHBs) used to realize services,

o 用于实现服务的调节功能和每跳行为(PHB),

o the DSCP in the IP header used to mark packets to select a per-hop behavior, and

o IP报头中用于标记数据包以选择每跳行为的DSCP,以及

o the particular implementation mechanisms that realize a per-hop behavior.

o 实现每跳行为的特定实现机制。

This memo focuses on PHBs and the usage of DSCPs to obtain those behaviors. In a network node's forwarding path, the DSCP is used to map a packet to a particular forwarding treatment, or to a per-hop behavior (PHB) that specifies the forwarding treatment.


The specification of a PHB describes the externally observable forwarding behavior of a network node for network traffic marked with a DSCP that selects that PHB. In this context, "forwarding behavior" is a general concept - for example, if only one DSCP is used for all traffic on a link, the observable forwarding behavior (e.g., loss, delay, jitter) will often depend only on the loading of the link. To obtain useful behavioral differentiation, multiple traffic subsets are marked with different DSCPs for different PHBs for which node resources such as buffer space and bandwidth are allocated. PHBs provide the framework for a Diffserv network node to allocate resources to traffic subsets, with network-scope Differentiated Services constructed on top of this basic hop-by-hop resource allocation mechanism.


The codepoints (DSCPs) may be chosen from a small set of fixed values (the class selector codepoints), from a set of recommended values defined in PHB specifications, or from values that have purely local meanings to a specific network that supports Diffserv; in general, packets may be forwarded across multiple such networks between source and destination.


The mandatory DSCPs are the class selector codepoints as specified in [RFC2474]. The class selector codepoints (CS0-CS7) extend the deprecated concept of IP Precedence in the IPv4 header; three bits are added, so that the class selector DSCPs are of the form 'xxx000'. The all-zero DSCP ('000000' or CS0) is always assigned to a Default PHB that provides best-effort forwarding behavior, and the remaining class selector codepoints are intended to provide relatively better per-hop-forwarding behavior in increasing numerical order, but:


o A network endpoint cannot rely upon different class selector codepoints providing Differentiated Services via assignment to different PHBs, as adjacent class selector codepoints may use the same pool of resources on each network node in some networks. This generalizes to ranges of class selector codepoints, but with limits -- for example, CS6 and CS7 are often used for network control (e.g., routing) traffic [RFC4594] and hence are likely to provide better forwarding behavior under network load to prioritize network recovery from disruptions. There is no effective way for a network endpoint to determine which PHBs are selected by the class selector codepoints on a specific network, let alone end to end.

o 网络端点不能依赖于通过分配给不同PHB来提供不同服务的不同类别选择器码点,因为在某些网络中,相邻类别选择器码点可能在每个网络节点上使用相同的资源池。这概括了类选择器代码点的范围,但有一些限制——例如,CS6和CS7通常用于网络控制(例如,路由)流量[RFC4594],因此可能在网络负载下提供更好的转发行为,以优先考虑网络中断恢复。网络端点没有有效的方法来确定由特定网络上的类选择器代码点选择哪些PHB,更不用说端到端了。

o CS1 ('001000') was subsequently designated as the recommended codepoint for the Lower Effort (LE) PHB [RFC3662]. An LE service forwards traffic with "lower" priority than best effort and can be "starved" by best-effort and other "higher" priority traffic. Not all networks offer an LE service, hence traffic marked with the CS1 DSCP may not receive lower effort forwarding; such traffic may be forwarded with a different PHB (e.g., the Default PHB), remarked to another DSCP (e.g., CS0) and forwarded accordingly, or dropped. A network endpoint cannot rely upon the presence of an LE service that is selected by the CS1 DSCP on a specific network, let alone end to end. Packets marked with the CS1 DSCP may be forwarded with best-effort service or another "higher" priority service; see [RFC2474]. See [RFC3662] for further discussion of the LE PHB and service.

o CS1(“001000”)随后被指定为较低工作量(LE)PHB[RFC3662]的建议代码点。LE服务转发优先级比尽力而为“低”的流量,并且可能被尽力而为和其他“高”优先级流量“饿死”。并非所有的网络都提供LE服务,所以用CS1 DSCP标记的流量可能不会收到较低的转发工作量;此类流量可使用不同的PHB(例如,默认PHB)转发,标记到另一个DSCP(例如,CS0)并相应转发,或丢弃。网络端点不能依赖于CS1 DSCP在特定网络上选择的LE服务的存在,更不用说端到端了。标记有CS1 DSCP的分组可以用尽力而为服务或另一个“更高”优先级服务转发;见[RFC2474]。有关LE PHB和服务的进一步讨论,请参见[RFC3662]。

3.1. Diffserv Per-Hop Behaviors (PHBs)
3.1. 区分服务每跳行为(PHB)

Although Differentiated Services is a general architecture that may be used to implement a variety of services, three fundamental forwarding behaviors (PHBs) have been defined and characterized for general use. These are:


1. Default Forwarding (DF) for elastic traffic [RFC2474]. The Default PHB is always selected by the all-zero DSCP and provides best-effort forwarding.

1. 弹性流量的默认转发(DF)[RFC2474]。默认PHB始终由全零DSCP选择,并提供尽力而为的转发。

2. Assured Forwarding (AF) [RFC2597] to provide Differentiated Service to elastic traffic. Each instance of the AF behavior consists of three PHBs that differ only in drop precedence, e.g., AF11, AF12, and AF13; such a set of three AF PHBs is referred to as an AF class, e.g., AF1x. There are four defined AF classes, AF1x through AF4x, with higher numbered classes intended to receive better forwarding treatment than lower numbered classes. Use of multiple PHBs from a single AF class (e.g., AF1x) does not enable network traffic reordering within a single network 5-tuple, although such reordering may occur for other transient reasons (e.g., routing changes or ECMP rebalancing).

2. 保证转发(AF)[RFC2597]为弹性流量提供差异化服务。AF行为的每个实例由三个仅在丢弃优先级上不同的PHB组成,例如AF11、AF12和AF13;这样一组三个AF phb被称为AF类,例如AF1x。有四个定义的AF类,从AF1x到AF4x,编号较高的类要比编号较低的类接受更好的转发处理。使用单个AF类(例如AF1x)中的多个PHB不会在单个网络5元组中启用网络流量重新排序,尽管这种重新排序可能由于其他瞬态原因(例如路由更改或ECMP重新平衡)而发生。

3. Expedited Forwarding (EF) [RFC3246] intended for inelastic traffic. Beyond the basic EF PHB, the VOICE-ADMIT PHB [RFC5865] is an admission-controlled variant of the EF PHB. Both of these PHBs are based on preconfigured limited forwarding capacity; traffic in excess of that capacity is expected to be dropped.

3. 用于非弹性流量的快速转发(EF)[RFC3246]。除了基本EF PHB之外,语音准入PHB[RFC5865]是EF PHB的准入控制变体。这两个PHB都基于预配置的有限转发容量;超过该容量的流量预计将减少。

3.2. Traffic Classifiers and DSCP Remarking
3.2. 流量分类器与DSCP标注

DSCP markings are not end to end in general. Each network can make its own decisions about what PHBs to use and which DSCP maps to each PHB. While every PHB specification includes a recommended DSCP, and RFC 4594 [RFC4594] recommends their end-to-end usage, there is no requirement that every network support any PHBs (aside from the Default PHB for best-effort forwarding) or use any specific DSCPs, with the exception of the support requirements for the class selector codepoints (see RFC 2474 [RFC2474]). When Diffserv is used, the edge or boundary nodes of a network are responsible for ensuring that all traffic entering that network conforms to that network's policies for DSCP and PHB usage, and such nodes may change DSCP markings on traffic to achieve that result. As a result, DSCP remarking is possible at any network boundary, including the first network node that traffic sent by a host encounters. Remarking is also possible within a network, e.g., for traffic shaping.

DSCP标记通常不是端到端的。每个网络可以自行决定使用哪些PHB以及哪些DSCP映射到每个PHB。虽然每个PHB规范都包括一个推荐的DSCP,RFC 4594[RFC4594]推荐其端到端使用,但不要求每个网络支持任何PHB(除了用于尽力而为转发的默认PHB)或使用任何特定的DSCP,但类选择器代码点的支持要求除外(参见RFC 2474[RFC2474])。使用Diffserv时,网络的边缘或边界节点负责确保进入该网络的所有流量符合该网络的DSCP和PHB使用策略,并且这些节点可以更改流量上的DSCP标记以实现该结果。因此,DSCP标记可以在任何网络边界上进行,包括first主机发送的流量遇到的网络节点。在网络中也可以进行注释,例如,用于流量整形。

DSCP remarking is part of traffic conditioning; the traffic conditioning functionality applied to packets at a network node is determined by a traffic classifier [RFC2475]. Edge nodes of a Diffserv network classify traffic based on selected packet header fields; typical implementations do not look beyond the traffic's network 5-tuple in the IP and transport protocol headers (e.g., for SCTP or RTP encapsulated in UDP, header-based classification is unlikely to look beyond the outer UDP header). As a result, when multiple DSCPs are used for traffic that shares a network 5-tuple, remarking at a network boundary may result in all of the traffic being forwarded with a single DSCP, thereby removing any differentiation within the network 5-tuple downstream of the remarking location. Network nodes within a Diffserv network generally classify traffic based solely on DSCPs, but may perform finer-grain traffic conditioning similar to that performed by edge nodes.


So, for two arbitrary network endpoints, there can be no assurance that the DSCP set at the source endpoint will be preserved and presented at the destination endpoint. Rather, it is quite likely that the DSCP will be set to zero (e.g., at the boundary of a network operator that distrusts or does not use the DSCP field) or to a value deemed suitable by an ingress classifier for whatever network 5-tuple it carries.


In addition, remarking may remove application-level distinctions in forwarding behavior - e.g., if multiple PHBs within an AF class are used to distinguish different types of frames within a video RTP stream, token-bucket-based remarkers operating in color-blind mode (see [RFC2697] and [RFC2698] for examples) may remark solely based on flow rate and burst behavior, removing the drop precedence distinctions specified by the source.


Backbone and other carrier networks may employ a small number of DSCPs (e.g., less than half a dozen) to manage a small number of traffic aggregates; hosts that use a larger number of DSCPs can expect to find that much of their intended differentiation is removed by such networks. Better results may be achieved when DSCPs are used to spread traffic among a smaller number of Diffserv-based traffic subsets or aggregates; see [DIFFSERV-INTERCON] for one proposal. This is of particular importance for MPLS-based networks due to the limited size of the Traffic Class (TC) field in an MPLS label [RFC5462] that is used to carry Diffserv information and the use of that TC field for other purposes, e.g., Explicit Congestion Notification (ECN) [RFC5129]. For further discussion on use of Diffserv with MPLS, see [RFC3270] and [RFC5127].


4. Examples
4. 例子

For real-time communications, one might want to mark the audio packets using EF and the video packets as AF41. However, a video conference receiving the audio packets significantly ahead of the video is not useful because lip sync is necessary between audio and video. It may still be desirable to send audio with a PHB that provides better service, because more reliable arrival of audio helps assure smooth audio rendering, which is often more important than fully faithful video rendering. There are also limits, as some devices have difficulties in synchronizing voice and video when packets that need to be rendered together arrive at significantly different times. It makes more sense to use different PHBs when the audio and video source streams do not share a strict timing relationship. For example, video content may be shared within a video conference via playback, perhaps of an unedited video clip that is intended to become part of a television advertisement. Such content sharing video does not need precise synchronization with video conference audio, and could use a different PHB, as content sharing video is more tolerant to jitter, loss, and delay.


Within a layered video RTP stream, ordering of frame communication is preferred, but importance of frame types varies, making use of PHBs with different drop precedences appropriate. For example, I-frames that contain an entire image are usually more important than P-frames that contain only changes from the previous image because loss of a P-frame (or part thereof) can be recovered (at the latest) via the next I-frame, whereas loss of an I-frame (or part thereof) may cause rendering problems for all of the P-frames that depend on the missing I-frame. For this reason, it is appropriate to mark I-frame packets with a PHB that has lower drop precedence than the PHB used for P-frames, as long as the PHBs preserve ordering among frames (e.g., are in a single AF class) - AF41 for I-frames and AF43 for P-frames is one possibility. Additional spatial and temporal layers beyond the base video layer could also be marked with higher drop precedence than the base video layer, as their loss reduces video quality, but does not disrupt video rendering.


Additional RTP streams in a real-time communication interaction could be marked with CS0 and carried as best-effort traffic. One example is real-time text transmitted as specified in RFC 4103 [RFC4103]. Best-effort forwarding suffices because such real-time text has loose timing requirements; RFC 4103 recommends sending text in chunks every 300 ms. Such text is technically real-time, but does not need a PHB promising better service than best effort, in contrast to audio or video.

实时通信交互中的附加RTP流可以用CS0标记,并作为尽力而为的流量进行传输。一个示例是按照RFC 4103[RFC4103]中的规定传输的实时文本。尽最大努力转发就足够了,因为这样的实时文本具有松散的时间要求;RFC 4103建议每300毫秒发送一次文本块。这种文本在技术上是实时的,但与音频或视频相比,不需要PHB承诺比尽力而为更好的服务。

A WebRTC application may use one or more RTP streams, as discussed above. In addition, it may use an SCTP-based data channel [DATA-CHAN] whose QoS treatment depends on the nature of the application. For example, best-effort treatment of data channels is likely to suffice for messaging, shared white board, and guided browsing applications, whereas latency-sensitive games might desire better QoS for their data channels.


5. Diffserv Interactions
5. 区分服务交互
5.1. Diffserv, Reordering, and Transport Protocols
5.1. 区分服务、重新排序和传输协议

Transport protocols provide data communication behaviors beyond those possible at the IP layer. An important example is that TCP [RFC793] provides reliable in-order delivery of data with congestion control. SCTP [RFC4960] provides additional properties such as preservation of message boundaries, and the ability to avoid head-of-line blocking that may occur with TCP.


In contrast, UDP [RFC768] is a basic unreliable datagram protocol that provides port-based multiplexing and demultiplexing on top of IP. Two other unreliable datagram protocols are UDP-Lite [RFC3828], a variant of UDP that may deliver partially corrupt payloads when errors occur, and DCCP [RFC4340], which provides a range of congestion control modes for its unreliable datagram service.

相反,UDP[RFC768]是一种基本的不可靠数据报协议,它在IP之上提供基于端口的多路复用和解多路复用。另外两个不可靠的数据报协议是UDP Lite[RFC3828],这是UDP的一个变体,在发生错误时可能会交付部分损坏的有效负载,以及DCCP[RFC4340],它为其不可靠的数据报服务提供一系列拥塞控制模式。

Transport protocols that provide reliable delivery (e.g., TCP, SCTP) are sensitive to network reordering of traffic. When a protocol that provides reliable delivery receives a packet other than the next expected packet, the protocol usually assumes that the expected packet has been lost and updates the peer, which often causes a retransmission. In addition, congestion control functionality in transport protocols (including DCCP) usually infers congestion when packets are lost. This creates additional sensitivity to significant network packet reordering, as such reordering may be (mis)interpreted as loss of the out-of-order packets, causing a congestion control response.


This sensitivity to reordering remains even when ECN [RFC3168] is in use, as ECN receivers are required to treat missing packets as potential indications of congestion, because:


o Severe congestion may cause ECN-capable network nodes to drop packets, and

o 严重拥塞可能导致支持ECN的网络节点丢弃数据包,以及

o ECN traffic may be forwarded by network nodes that do not support ECN and hence drop packets to indicate congestion.

o ECN流量可由不支持ECN的网络节点转发,因此丢弃数据包以指示拥塞。

Congestion control is an important aspect of the Internet architecture; see [RFC2914] for further discussion.


In general, marking packets with different DSCPs results in different PHBs being applied at nodes in the network, making reordering very likely due to use of different pools of forwarding resources for each PHB. This should not be done within a single network 5-tuple for current transport protocols, with the important exceptions of UDP and UDP-Lite.

通常,使用不同的DSCP标记数据包会导致在网络中的节点上应用不同的PHB,由于每个PHB使用不同的转发资源池,因此很可能会重新排序。对于当前的传输协议,这不应该在单个网络5元组内完成,UDP和UDP Lite除外。

When PHBs that enable reordering are mixed within a single network 5-tuple, the effect is to mix QoS-based traffic classes within the scope of a single transport protocol connection or association. As these QoS-based traffic classes receive different network QoS treatments, they use different pools of network resources and hence may exhibit different levels of congestion. The result for congestion-controlled protocols is that a separate instance of congestion control functionality is needed per QoS-based traffic class. Current transport protocols support only a single instance of congestion control functionality for an entire connection or association; extending that support to multiple instances would add significant protocol complexity. Traffic in different QoS-based classes may use different paths through the network; this complicates path integrity checking in connection- or association-based protocols, as those paths may fail independently.


The primary example where usage of multiple PHBs does not enable reordering within a single network 5-tuple is use of PHBs from a single AF class (e.g., AF1x). Traffic reordering within the scope of a network 5-tuple that uses a single PHB or AF class may occur for other transient reasons (e.g., routing changes or ECMP rebalancing).


Reordering also affects other forms of congestion control, such as techniques for RTP congestion control that were under development when this memo was published; see [RMCAT-CC] for requirements. These techniques prefer use of a common (coupled) congestion controller for RTP streams between the same endpoints to reduce packet loss and delay by reducing competition for resources at any shared bottleneck.


Shared bottlenecks can be detected via techniques such as correlation of one-way delay measurements across RTP streams. An alternate approach is to assume that the set of packets on a single network 5-tuple marked with DSCPs that do not enable reordering will utilize a common network path and common forwarding resources at each network node. Under that assumption, any bottleneck encountered by such packets is shared among all of them, making it safe to use a common (coupled) congestion controller (see [COUPLED-CC]). This is not a safe assumption when the packets involved are marked with DSCP values


that enable reordering because a bottleneck may not be shared among all such packets (e.g., when the DSCP values result in use of different queues at a network node, but only one queue is a bottleneck).


UDP and UDP-Lite are not sensitive to reordering in the network, because they do not provide reliable delivery or congestion control. On the other hand, when used to encapsulate other protocols (e.g., as UDP is used by WebRTC; see Section 2.1), the reordering considerations for the encapsulated protocols apply. For the specific usage of UDP by WebRTC, every encapsulated protocol (i.e., RTP, SCTP, and TCP) is sensitive to reordering as further discussed in this memo. In addition, [RFC5405] provides general guidelines for use of UDP (and UDP-Lite); the congestion control guidelines in that document apply to protocols encapsulated in UDP (or UDP-Lite).

UDP和UDP Lite对网络中的重新排序不敏感,因为它们不提供可靠的传递或拥塞控制。另一方面,当用于封装其他协议时(例如,由于WebRTC使用UDP;请参见第2.1节),适用于封装协议的重新排序注意事项。对于WebRTC对UDP的特定使用,每个封装协议(即RTP、SCTP和TCP)都对重新排序非常敏感,本备忘录将对此进行进一步讨论。此外,[RFC5405]提供了使用UDP(和UDP Lite)的一般指南;该文档中的拥塞控制指南适用于UDP(或UDP Lite)中封装的协议。

5.2. Diffserv, Reordering, and Real-Time Communication
5.2. 区分服务、重新排序和实时通信

Real-time communications are also sensitive to network reordering of packets. Such reordering may lead to unneeded retransmission and spurious retransmission control signals (such as NACK) in reliable delivery protocols (see Section 5.1). The degree of sensitivity depends on protocol or stream timers, in contrast to reliable delivery protocols that usually react to all reordering.


Receiver jitter buffers have important roles in the effect of reordering on real-time communications:


o Minor packet reordering that is contained within a jitter buffer usually has no effect on rendering of the received RTP stream because packets that arrive out of order are retrieved in order from the jitter buffer for rendering.

o 抖动缓冲区中包含的次要数据包重新排序通常对所接收RTP流的呈现没有影响,因为无序到达的数据包是按顺序从抖动缓冲区检索以进行呈现的。

o Packet reordering that exceeds the capacity of a jitter buffer can cause user-perceptible quality problems (e.g., glitches, noise) for delay-sensitive communication, such as interactive conversations for which small jitter buffers are necessary to preserve human perceptions of real-time interaction. Interactive real-time communication implementations often discard data that is sufficiently late so that it cannot be rendered in source stream order, making retransmission counterproductive. For this reason, implementations of interactive real-time communication often do not use retransmission.

o 超过抖动缓冲区容量的数据包重新排序可能会导致用户可感知的延迟敏感通信质量问题(例如,小故障、噪声),例如交互式对话,其中需要小抖动缓冲区来保持人类对实时交互的感知。交互式实时通信实现通常会丢弃足够晚的数据,使其无法按源流顺序呈现,从而导致重传适得其反。因此,交互式实时通信的实现通常不使用重传。

o In contrast, replay of recorded media can tolerate significantly longer delays than interactive conversations, so replay is likely to use larger jitter buffers than interactive conversations. These larger jitter buffers increase the tolerance of replay to

o 相比之下,录制媒体的重播可以容忍比交互式对话更长的延迟,因此重播可能比交互式对话使用更大的抖动缓冲区。这些更大的抖动缓冲区增加了重播的容错性

reordering by comparison to interactive conversations. The size of the jitter buffer imposes an upper bound on replay tolerance to reordering but does enable retransmission to be used when the jitter buffer is significantly larger than the amount of data that can be expected to arrive during the round-trip latency for retransmission.


Network packet reordering has no effective upper bound and can exceed the size of any reasonable jitter buffer. In practice, the size of jitter buffers for replay is limited by external factors such as the amount of time that a human is willing to wait for replay to start.


5.3. Drop Precedence and Transport Protocols
5.3. 丢弃优先级和传输协议

Packets within the same network 5-tuple that use PHBs within a single AF class can be expected to draw upon the same forwarding resources on network nodes (e.g., use the same router queue), and hence use of multiple drop precedences within an AF class is not expected to cause latency variation. When PHBs within a single AF class are mixed within a flow, the resulting overall likelihood that packets will be dropped from that flow is a mix of the drop likelihoods of the PHBs involved.


There are situations in which drop precedences should not be mixed. A simple example is that there is little value in mixing drop precedences within a TCP connection, because TCP's ordered delivery behavior results in any drop requiring the receiver to wait for the dropped packet to be retransmitted. Any resulting delay depends on the RTT and not the packet that was dropped. Hence a single DSCP should be used for all packets in a TCP connection.


As a consequence, when TCP is selected for NAT/FW traversal (e.g., by TURN), a single DSCP should be used for all traffic on that TCP connection. An additional reason for this recommendation is that packetization for STUN/ICE/TURN occurs before passing the resulting packets to TCP; TCP resegmentation may result in a different packetization on the wire, breaking any association between DSCPs and specific data to which they are intended to apply.


SCTP [RFC4960] differs from TCP in a number of ways, including the ability to deliver messages in an order that differs from the order in which they were sent and support for unreliable streams. However, SCTP performs congestion control and retransmission across the entire association, and not on a per-stream basis. Although there may be advantages to using multiple drop precedence across SCTP streams or within an SCTP stream that does not use reliable ordered delivery, there is no practical operational experience in doing so (e.g., the SCTP sockets API [RFC6458] does not support use of more than one DSCP


for an SCTP association). As a consequence, the impacts on SCTP protocol and implementation behavior are unknown and difficult to predict. Hence a single DSCP should be used for all packets in an SCTP association, independent of the number or nature of streams in that association. Similar reasoning applies to a DCCP connection; a single DSCP should be used because the scope of congestion control is the connection and there is no operational experience with using more than one DSCP. This recommendation may be revised in the future if experiments, analysis, and operational experience provide compelling reasons to change it.


Guidance on transport protocol design and implementation to provide support for use of multiple PHBs and DSCPs in a transport protocol connection (e.g., DCCP) or transport protocol association (e.g., SCTP) is out of scope for this memo.


5.4. Diffserv and RTCP
5.4. 区分服务与RTCP

RTCP [RFC3550] is used with RTP to monitor quality of service and convey information about RTP session participants. A sender of RTCP packets that also sends RTP packets (i.e., originates an RTP stream) should use the same DSCP marking for both types of packets. If an RTCP sender doesn't send any RTP packets, it should mark its RTCP packets with the DSCP that it would use if it did send RTP packets with media similar to the RTP traffic that it receives. If the RTCP sender uses or would use multiple DSCPs that differ only in drop precedence for RTP, then it should use the DSCP with the least likelihood of drop for RTCP to increase the likelihood of RTCP packet delivery.


If the SDP bundle extension [SDP-BUNDLE] is used to negotiate sending multiple types of media in a single RTP session, then receivers will send separate RTCP reports for each type of media, using a separate SSRC for each media type; each RTCP report should be marked with the DSCP corresponding to the type of media handled by the reporting SSRC.


This guidance may result in different DSCP markings for RTP streams and RTCP receiver reports about those RTP streams. The resulting variation in network QoS treatment by traffic direction is necessary to obtain representative round-trip time (RTT) estimates that correspond to the media path RTT, which may differ from the transport protocol RTT. RTCP receiver reports may be relatively infrequent, and hence the resulting RTT estimates are of limited utility for transport protocol congestion control (although those RTT estimates have other important uses; see [RFC3550]). For this reason, it is important that RTCP receiver reports sent by an SSRC receive the same network QoS treatment as the RTP stream being sent by that SSRC.


6. Guidelines
6. 指导方针

The only use of multiple standardized PHBs and DSCPs that does not enable network reordering among packets marked with different DSCPs is use of PHBs within a single AF class. All other uses of multiple PHBs and/or the class selector DSCPs enable network reordering of packets that are marked with different DSCPs. Based on this and the foregoing discussion, the guidelines in this section apply to use of Diffserv with real-time communications.


Applications and other traffic sources (including RTP SSRCs):

应用程序和其他流量源(包括RTP SSRC):

o Should limit use of DSCPs within a single RTP stream to those whose corresponding PHBs do not enable packet reordering. If this is not done, significant network reordering may overwhelm implementation assumptions about reordering limits, e.g., jitter buffer size, causing poor user experiences (see Section 5.2). This guideline applies to all of the RTP streams that are within the scope of a common (coupled) congestion controller when that controller does not use per-RTP-stream measurements for bottleneck detection.

o 应将单个RTP流中DSCP的使用限制在其相应PHB不支持数据包重新排序的情况下。如果不这样做,重要的网络重新排序可能会压倒关于重新排序限制的实现假设,例如抖动缓冲区大小,导致用户体验差(见第5.2节)。本指南适用于公共(耦合)拥塞控制器范围内的所有RTP流,前提是该控制器不使用每个RTP流测量值进行瓶颈检测。

o Should use a single DSCP for RTCP packets, which should be a DSCP used for RTP packets that are or would be sent by that SSRC (see Section 5.4).

o RTCP数据包应使用一个DSCP,该DSCP应用于该SSRC正在或将要发送的RTP数据包(见第5.4节)。

o Should use a single DSCP for all packets within a reliable transport protocol session (e.g., TCP connection, SCTP association) or DCCP connection (see Sections 5.1 and 5.3). For SCTP, this requirement applies across the entire SCTP association, and not just to individual streams within an association. When TURN selects TCP for NAT/FW traversal, this guideline applies to all traffic multiplexed onto that TCP connection, in contrast to use of UDP for NAT/FW traversal.

o 对于可靠传输协议会话(如TCP连接、SCTP关联)或DCCP连接(见第5.1和5.3节)内的所有数据包,应使用单个DSCP。对于SCTP,此要求适用于整个SCTP关联,而不仅仅适用于关联中的单个流。当TURN选择TCP进行NAT/FW遍历时,此指南适用于多路传输到该TCP连接上的所有流量,而不是使用UDP进行NAT/FW遍历。

o May use different DSCPs whose corresponding PHBs enable reordering within a single UDP or UDP-Lite 5-tuple, subject to the above constraints. The service differentiation provided by such usage is unreliable, as it may be removed or changed by DSCP remarking at network boundaries as described in Section 3.2 above.

o 可以使用不同的DSCP,其对应的PHB允许在单个UDP或UDP Lite 5元组内重新排序,但需遵守上述约束。这种使用方式所提供的服务差异是不可靠的,因为它可能会被DSCP在上述第3.2节所述的网络边界上进行标记而删除或更改。

o Cannot rely on end-to-end preservation of DSCPs as network node remarking can change DSCPs and remove drop precedence distinctions (see Section 3.2). For example, if a source uses drop precedence distinctions within an AF class to identify different types of video frames, using those DSCP values at the receiver to identify frame type is inherently unreliable.

o 不能依赖于DSCP的端到端保留,因为网络节点标记可以更改DSCP并消除丢弃优先级差异(参见第3.2节)。例如,如果源在AF类中使用丢弃优先级区分来识别不同类型的视频帧,则在接收器处使用这些DSCP值来识别帧类型本质上是不可靠的。

o Should limit use of the CS1 codepoint to traffic for which best effort forwarding is acceptable, as network support for use of CS1 to select a "less than best-effort" PHB is inconsistent. Further, some networks may treat CS1 as providing "better than best-effort" forwarding behavior.

o 应将CS1码点的使用限制为可接受尽力而为转发的流量,因为使用CS1选择“低于尽力而为”PHB的网络支持不一致。此外,一些网络可能将CS1视为提供“比尽力更好”的转发行为。

There is no guidance in this memo on how network operators should differentiate traffic. Networks may support all of the PHBs discussed herein, classify EF and AFxx traffic identically, or even remark all traffic to best effort at some ingress points. Nonetheless, it is useful for applications and other traffic sources to provide finer granularity DSCP marking on packets for the benefit of networks that offer QoS service differentiation. A specific example is that traffic originating from a browser may benefit from QoS service differentiation in within-building and residential access networks, even if the DSCP marking is subsequently removed or simplified. This is because such networks and the boundaries between them are likely traffic bottleneck locations (e.g., due to customer aggregation onto common links and/or speed differences among links used by the same traffic).


7. Security Considerations
7. 安全考虑

The security considerations for all of the technologies discussed in this memo apply; in particular, see the security considerations for RTP in [RFC3550] and Diffserv in [RFC2474] and [RFC2475].


Multiplexing of multiple protocols onto a single UDP 5-tuple via encapsulation has implications for network functionality that monitors or inspects individual protocol flows, e.g., firewalls and traffic monitoring systems. When implementations of such functionality lack visibility into encapsulated traffic (likely for many current implementations), it may be difficult or impossible to apply network security policy and associated controls at a finer granularity than the overall UDP 5-tuple.

通过封装将多个协议多路复用到单个UDP 5元组上会影响到监视或检查单个协议流(例如防火墙和流量监视系统)的网络功能。当此类功能的实现缺乏对封装流量的可见性时(可能对于当前的许多实现),可能难以或不可能以比整体UDP 5元组更精细的粒度应用网络安全策略和相关控制。

Use of multiple DSCPs that enable reordering within an overall real-time communication interaction enlarges the set of network forwarding resources used by that interaction, thereby increasing exposure to resource depletion or failure, independent of whether the underlying cause is benign or malicious. This represents an increase in the effective attack surface of the interaction and is a consideration in selecting an appropriate degree of QoS differentiation among the components of the real-time communication interaction. See Section of [RFC6274] for related discussion of DSCP security considerations.


Use of multiple DSCPs to provide differentiated QoS service may reveal information about the encrypted traffic to which different service levels are provided. For example, DSCP-based identification of RTP streams combined with packet frequency and packet size could reveal the type or nature of the encrypted source streams. The IP header used for forwarding has to be unencrypted for obvious reasons, and the DSCP likewise has to be unencrypted to enable different IP forwarding behaviors to be applied to different packets. The nature of encrypted traffic components can be disguised via encrypted dummy data padding and encrypted dummy packets, e.g., see the discussion of traffic flow confidentiality in [RFC4303]. Encrypted dummy packets could even be added in a fashion that an observer of the overall encrypted traffic might mistake for another encrypted RTP stream.


8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August 1980, <>.

[RFC768]Postel,J.,“用户数据报协议”,STD 6,RFC 768,DOI 10.17487/RFC0768,1980年8月<>.

[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <>.

[RFC793]Postel,J.,“传输控制协议”,标准7,RFC 793,DOI 10.17487/RFC0793,1981年9月<>.

[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 10.17487/RFC2474, December 1998, <>.

[RFC2474]Nichols,K.,Blake,S.,Baker,F.,和D.Black,“IPv4和IPv6报头中区分服务字段(DS字段)的定义”,RFC 2474,DOI 10.17487/RFC2474,1998年12月<>.

[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., and W. Weiss, "An Architecture for Differentiated Services", RFC 2475, DOI 10.17487/RFC2475, December 1998, <>.

[RFC2475]Blake,S.,Black,D.,Carlson,M.,Davies,E.,Wang,Z.,和W.Weiss,“差异化服务架构”,RFC 2475,DOI 10.17487/RFC2475,1998年12月<>.

[RFC2597] Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski, "Assured Forwarding PHB Group", RFC 2597, DOI 10.17487/RFC2597, June 1999, <>.

[RFC2597]Heinanen,J.,Baker,F.,Weiss,W.,和J.Wroclawski,“保付PHB集团”,RFC 2597,DOI 10.17487/RFC2597,1999年6月<>.

[RFC3246] Davie, B., Charny, A., Bennet, J., Benson, K., Le Boudec, J., Courtney, W., Davari, S., Firoiu, V., and D. Stiliadis, "An Expedited Forwarding PHB (Per-Hop Behavior)", RFC 3246, DOI 10.17487/RFC3246, March 2002, <>.

[RFC3246]Davie,B.,Charny,A.,Bennet,J.,Benson,K.,Le Boudec,J.,Courtney,W.,Davari,S.,Firoiu,V.,和D.Stiliadis,“快速转发PHB(每跳行为)”,RFC 3246,DOI 10.17487/RFC3246,2002年3月<>.

[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 2003, <>.

[RFC3550]Schulzrinne,H.,Casner,S.,Frederick,R.,和V.Jacobson,“RTP:实时应用的传输协议”,STD 64,RFC 3550,DOI 10.17487/RFC3550,2003年7月<>.

[RFC3662] Bless, R., Nichols, K., and K. Wehrle, "A Lower Effort Per-Domain Behavior (PDB) for Differentiated Services", RFC 3662, DOI 10.17487/RFC3662, December 2003, <>.

[RFC3662]Bless,R.,Nichols,K.和K.Wehrle,“区分服务的低域行为(PDB)”,RFC 3662,DOI 10.17487/RFC3662,2003年12月<>.

[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., Ed., and G. Fairhurst, Ed., "The Lightweight User Datagram Protocol (UDP-Lite)", RFC 3828, DOI 10.17487/RFC3828, July 2004, <>.

[RFC3828]Larzon,L-A.,Degermark,M.,Pink,S.,Jonsson,L-E.,Ed.,和G.Fairhurst,Ed.,“轻量级用户数据报协议(UDP Lite)”,RFC 3828,DOI 10.17487/RFC3828,2004年7月<>.

[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram Congestion Control Protocol (DCCP)", RFC 4340, DOI 10.17487/RFC4340, March 2006, <>.

[RFC4340]Kohler,E.,Handley,M.和S.Floyd,“数据报拥塞控制协议(DCCP)”,RFC 4340,DOI 10.17487/RFC4340,2006年3月<>.

[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", RFC 4960, DOI 10.17487/RFC4960, September 2007, <>.

[RFC4960]Stewart,R.,Ed.“流控制传输协议”,RFC 4960,DOI 10.17487/RFC4960,2007年9月<>.

[RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines for Application Designers", BCP 145, RFC 5405, DOI 10.17487/RFC5405, November 2008, <>.

[RFC5405]Eggert,L.和G.Fairhurst,“应用程序设计者的单播UDP使用指南”,BCP 145,RFC 5405,DOI 10.17487/RFC5405,2008年11月<>.

[RFC5865] Baker, F., Polk, J., and M. Dolly, "A Differentiated Services Code Point (DSCP) for Capacity-Admitted Traffic", RFC 5865, DOI 10.17487/RFC5865, May 2010, <>.

[RFC5865]Baker,F.,Polk,J.,和M.Dolly,“容量允许流量的差异化服务代码点(DSCP)”,RFC 5865,DOI 10.17487/RFC5865,2010年5月<>.

[RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream Control Transmission Protocol (SCTP) Packets for End-Host to End-Host Communication", RFC 6951, DOI 10.17487/RFC6951, May 2013, <>.

[RFC6951]Tuexen,M.和R.Stewart,“用于端主机到端主机通信的流控制传输协议(SCTP)数据包的UDP封装”,RFC 6951,DOI 10.17487/RFC6951,2013年5月<>.

[RFC7656] Lennox, J., Gross, K., Nandakumar, S., Salgueiro, G., and B. Burman, Ed., "A Taxonomy of Semantics and Mechanisms for the Real-Time Transport Protocol (RTP) Sources", RFC 7656, DOI 10.17487/RFC7656, November 2015, <>.

[RFC7656]Lennox,J.,Gross,K.,Nandakumar,S.,Salgueiro,G.,和B.Burman,Ed.,“实时传输协议(RTP)源的语义和机制分类”,RFC 7656,DOI 10.17487/RFC7656,2015年11月<>.

8.2. Informative References
8.2. 资料性引用

[COUPLED-CC] Welzl, M., Islam, S., and S. Gjessing, "Coupled congestion control for RTP media", Work in Progress, draft-welzl-rmcat-coupled-cc-05, June 2015.


[DATA-CHAN] Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Channels", Work in Progress, draft-ietf-rtcweb-data-channel-13, January 2015.


[DIFFSERV-INTERCON] Geib, R., Ed. and D. Black, "Diffserv interconnection classes and practice", Work in Progress, draft-ietf-tsvwg-diffserv-intercon-03, October 2015.


[H.221] ITU-T, "Frame structure for a 64 to 1920 kbit/s channel in audiovisual teleservices", Recommendation H.221, March 2009.

[H.221]ITU-T,“视听电信业务中64至1920 kbit/s信道的帧结构”,建议H.221,2009年3月。

[H.264] ITU-T, "Advanced video coding for generic audiovisual services", Recommendation H.264, February 2014.


[RFC2697] Heinanen, J. and R. Guerin, "A Single Rate Three Color Marker", RFC 2697, DOI 10.17487/RFC2697, September 1999, <>.

[RFC2697]Heinanen,J.和R.Guerin,“单速率三色标记”,RFC 2697,DOI 10.17487/RFC2697,1999年9月<>.

[RFC2698] Heinanen, J. and R. Guerin, "A Two Rate Three Color Marker", RFC 2698, DOI 10.17487/RFC2698, September 1999, <>.

[RFC2698]Heinanen,J.和R.Guerin,“双速率三色标记”,RFC 2698,DOI 10.17487/RFC2698,1999年9月<>.

[RFC2914] Floyd, S., "Congestion Control Principles", BCP 41, RFC 2914, DOI 10.17487/RFC2914, September 2000, <>.

[RFC2914]Floyd,S.,“拥塞控制原则”,BCP 41,RFC 2914,DOI 10.17487/RFC2914,2000年9月<>.

[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, DOI 10.17487/RFC3168, September 2001, <>.

[RFC3168]Ramakrishnan,K.,Floyd,S.,和D.Black,“向IP添加显式拥塞通知(ECN)”,RFC 3168,DOI 10.17487/RFC3168,2001年9月<>.

[RFC3270] Le Faucheur, F., Wu, L., Davie, B., Davari, S., Vaananen, P., Krishnan, R., Cheval, P., and J. Heinanen, "Multi-Protocol Label Switching (MPLS) Support of Differentiated Services", RFC 3270, DOI 10.17487/RFC3270, May 2002, <>.

[RFC3270]Le Faucheur,F.,Wu,L.,Davie,B.,Davari,S.,Vaananen,P.,Krishnan,R.,Cheval,P.,和J.Heinanen,“区分服务的多协议标签交换(MPLS)支持”,RFC 3270,DOI 10.17487/RFC3270,2002年5月<>.

[RFC4103] Hellstrom, G. and P. Jones, "RTP Payload for Text Conversation", RFC 4103, DOI 10.17487/RFC4103, June 2005, <>.

[RFC4103]Hellstrom,G.和P.Jones,“文本对话的RTP有效载荷”,RFC 4103,DOI 10.17487/RFC4103,2005年6月<>.

[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, DOI 10.17487/RFC4303, December 2005, <>.

[RFC4303]Kent,S.,“IP封装安全有效载荷(ESP)”,RFC 4303,DOI 10.17487/RFC4303,2005年12月<>.

[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, DOI 10.17487/RFC4566, July 2006, <>.

[RFC4566]Handley,M.,Jacobson,V.,和C.Perkins,“SDP:会话描述协议”,RFC 4566,DOI 10.17487/RFC4566,2006年7月<>.

[RFC4594] Babiarz, J., Chan, K., and F. Baker, "Configuration Guidelines for DiffServ Service Classes", RFC 4594, DOI 10.17487/RFC4594, August 2006, <>.

[RFC4594]Babiarz,J.,Chan,K.,和F.Baker,“区分服务服务类的配置指南”,RFC 4594,DOI 10.17487/RFC4594,2006年8月<>.

[RFC5109] Li, A., Ed., "RTP Payload Format for Generic Forward Error Correction", RFC 5109, DOI 10.17487/RFC5109, December 2007, <>.

[RFC5109]Li,A.,Ed.“通用前向纠错的RTP有效载荷格式”,RFC 5109,DOI 10.17487/RFC5109,2007年12月<>.

[RFC5127] Chan, K., Babiarz, J., and F. Baker, "Aggregation of Diffserv Service Classes", RFC 5127, DOI 10.17487/RFC5127, February 2008, <>.

[RFC5127]Chan,K.,Babiarz,J.和F.Baker,“区分服务类的聚合”,RFC 5127,DOI 10.17487/RFC5127,2008年2月<>.

[RFC5129] Davie, B., Briscoe, B., and J. Tay, "Explicit Congestion Marking in MPLS", RFC 5129, DOI 10.17487/RFC5129, January 2008, <>.

[RFC5129]Davie,B.,Briscoe,B.,和J.Tay,“MPLS中的显式拥塞标记”,RFC 5129,DOI 10.17487/RFC5129,2008年1月<>.

[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", RFC 5245, DOI 10.17487/RFC5245, April 2010, <>.

[RFC5245]Rosenberg,J.,“交互式连接建立(ICE):提供/应答协议的网络地址转换器(NAT)遍历协议”,RFC 5245,DOI 10.17487/RFC5245,2010年4月<>.

[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, DOI 10.17487/RFC5389, October 2008, <>.

[RFC5389]Rosenberg,J.,Mahy,R.,Matthews,P.,和D.Wing,“NAT(STUN)的会话遍历实用程序”,RFC 5389,DOI 10.17487/RFC5389,2008年10月<>.

[RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic Class" Field", RFC 5462, DOI 10.17487/RFC5462, February 2009, <>.

[RFC5462]Andersson,L.和R.Asati,“多协议标签交换(MPLS)标签堆栈条目:“EXP”字段重命名为“流量类”字段”,RFC 5462,DOI 10.17487/RFC5462,2009年2月<>.

[RFC5761] Perkins, C. and M. Westerlund, "Multiplexing RTP Data and Control Packets on a Single Port", RFC 5761, DOI 10.17487/RFC5761, April 2010, <>.

[RFC5761]Perkins,C.和M.Westerlund,“在单个端口上多路复用RTP数据和控制数据包”,RFC 5761,DOI 10.17487/RFC5761,2010年4月<>.

[RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)", RFC 5764, DOI 10.17487/RFC5764, May 2010, <>.

[RFC5764]McGrew,D.和E.Rescorla,“为安全实时传输协议(SRTP)建立密钥的数据报传输层安全(DTLS)扩展”,RFC 5764,DOI 10.17487/RFC5764,2010年5月<>.

[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, DOI 10.17487/RFC5766, April 2010, <>.

[RFC5766]Mahy,R.,Matthews,P.,和J.Rosenberg,“使用NAT周围的中继进行遍历(TURN):NAT(STUN)会话遍历实用程序的中继扩展”,RFC 5766,DOI 10.17487/RFC5766,2010年4月<>.

[RFC6062] Perreault, S., Ed. and J. Rosenberg, "Traversal Using Relays around NAT (TURN) Extensions for TCP Allocations", RFC 6062, DOI 10.17487/RFC6062, November 2010, <>.

[RFC6062]Perreault,S.,Ed.和J.Rosenberg,“围绕TCP分配的NAT(TURN)扩展使用中继进行遍历”,RFC 6062,DOI 10.17487/RFC6062,2010年11月<>.

[RFC6274] Gont, F., "Security Assessment of the Internet Protocol Version 4", RFC 6274, DOI 10.17487/RFC6274, July 2011, <>.

[RFC6274]Gont,F.,“互联网协议版本4的安全评估”,RFC 6274,DOI 10.17487/RFC6274,2011年7月<>.

[RFC6386] Bankoski, J., Koleszar, J., Quillio, L., Salonen, J., Wilkins, P., and Y. Xu, "VP8 Data Format and Decoding Guide", RFC 6386, DOI 10.17487/RFC6386, November 2011, <>.

[RFC6386]Bankoski,J.,Koleszar,J.,Quillio,L.,Salonen,J.,Wilkins,P.,和Y.Xu,“VP8数据格式和解码指南”,RFC 6386,DOI 10.17487/RFC6386,2011年11月<>.

[RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, "IPv6 Flow Label Specification", RFC 6437, DOI 10.17487/RFC6437, November 2011, <>.

[RFC6437]Amante,S.,Carpenter,B.,Jiang,S.,和J.Rajahalme,“IPv6流标签规范”,RFC 6437,DOI 10.17487/RFC6437,2011年11月<>.

[RFC6458] Stewart, R., Tuexen, M., Poon, K., Lei, P., and V. Yasevich, "Sockets API Extensions for the Stream Control Transmission Protocol (SCTP)", RFC 6458, DOI 10.17487/RFC6458, December 2011, <>.

[RFC6458]Stewart,R.,Tuexen,M.,Poon,K.,Lei,P.,和V.Yasevich,“流控制传输协议(SCTP)的套接字API扩展”,RFC 6458,DOI 10.17487/RFC6458,2011年12月<>.

[RMCAT-CC] Jesup, R. and Z. Sarker, "Congestion Control Requirements for Interactive Real-Time Media", Work in Progress, draft-ietf-rmcat-cc-requirements-09, December 2014.


[RTP-USAGE] Perkins, C., Westerlund, M., and J. Ott, "Web Real-Time Communication (WebRTC): Media Transport and Use of RTP", Work in Progress, draft-ietf-rtcweb-rtp-usage-25, June 2015.


[SDP-BUNDLE] Holmberg, C., Alvestrand, H., and C. Jennings, "Negotiating Media Multiplexing Using the Session Description Protocol (SDP)", Work in Progress, draft-ietf-mmusic-sdp-bundle-negotiation-23, July 2015.


[SRTP-DTLS] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS)", Work in Progress, draft-petithuguenin-avtcore-rfc5764-mux-fixes-02, March 2015.

[SRTP-DTLS]Petit Huguenin,M.和G.Salgueiro,“数据报传输层安全性(DTLS)安全实时传输协议(SRTP)扩展的多路复用方案更新”,正在进行的工作,草稿-petithuguenin-avtcore-rfc5764-mux-FIXS-022015年3月。

[W3C.WD-mediacapture-streams-20130903] Burnett, D., Bergkvist, A., Jennings, C., and A. Narayanan, "Media Capture and Streams", World Wide Web Consortium Recommendation WD-mediacapture-streams-20130903, September 2013, < WD-mediacapture-streams-20130903>.

[W3C.WD-mediacapture-streams-20130903]Burnett,D.,Bergkvist,A.,Jennings,C.,和A.Narayanan,“媒体捕获和流”,万维网联盟建议WD-mediacapture-streams-20130903,2013年9月< WD-mediacapture-streams-20130903>。

[WEBRTC-OVERVIEW] Alvestrand, H., "Overview: Real Time Protocols for Browser-based Applications", Work in Progress, draft-ietf-rtcweb-overview-14, June 2015.


[WEBRTC-TRANSPORTS] Alvestrand, H., "Transports for WebRTC", Work in Progress, draft-ietf-rtcweb-transports-10, October 2015.




This memo is the result of many conversations that have occurred within the DART working group and other working groups in the RAI and Transport areas. Many thanks to Aamer Akhter, Harald Alvestrand, Fred Baker, Richard Barnes, Erin Bournival, Ben Campbell, Brian Carpenter, Spencer Dawkins, Keith Drage, Gorry Fairhurst, Ruediger Geib, Cullen Jennings, Jonathan Lennox, Karen Nielsen, Colin Perkins, James Polk, Robert Sparks, Tina Tsou, Michael Welzl, Dan York, and the DART WG participants for their reviews and comments.


Authors' Addresses


David Black (editor) EMC 176 South Street Hopkinton, MA 01748 United States

David Black(编辑)美国马萨诸塞州霍普金顿南街176号EMC 01748

   Phone: +1 508 293-7953
   Phone: +1 508 293-7953

Paul Jones Cisco 7025 Kit Creek Road Research Triangle Park, NC 27502 United States

Paul Jones Cisco 7025 Kit Creek Road Research Triangle Park,美国北卡罗来纳州27502

   Phone: +1 919 476 2048
   Phone: +1 919 476 2048