diff options
| author | job@openbsd.org <job@openbsd.org> | 2018-04-04 15:12:17 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-04-06 14:20:33 +1000 |
| commit | 5ee8448ad7c306f05a9f56769f95336a8269f379 (patch) | |
| tree | fac0e97f27145aeef62714ac0f50651ef4621df9 /ssh_config.5 | |
| parent | 424b544fbda963f973da80f884717c3e0a513288 (diff) | |
upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 71705cabd..010bca479 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh_config.5,v 1.268 2018/02/23 07:38:09 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.269 2018/04/04 15:12:17 job Exp $ |
| 37 | .Dd $Mdocdate: February 23 2018 $ | 37 | .Dd $Mdocdate: April 4 2018 $ |
| 38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -984,9 +984,11 @@ If one argument is specified, it is used as the packet class unconditionally. | |||
| 984 | If two values are specified, the first is automatically selected for | 984 | If two values are specified, the first is automatically selected for |
| 985 | interactive sessions and the second for non-interactive sessions. | 985 | interactive sessions and the second for non-interactive sessions. |
| 986 | The default is | 986 | The default is |
| 987 | .Cm lowdelay | 987 | .Cm af21 |
| 988 | .Ar (Low-Latency Data) | ||
| 988 | for interactive sessions and | 989 | for interactive sessions and |
| 989 | .Cm throughput | 990 | .Cm cs1 |
| 991 | .Ar (Lower Effort) | ||
| 990 | for non-interactive sessions. | 992 | for non-interactive sessions. |
| 991 | .It Cm KbdInteractiveAuthentication | 993 | .It Cm KbdInteractiveAuthentication |
| 992 | Specifies whether to use keyboard-interactive authentication. | 994 | Specifies whether to use keyboard-interactive authentication. |