diff options
| author | job@openbsd.org <job@openbsd.org> | 2018-04-04 15:12:17 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-04-06 14:20:33 +1000 |
| commit | 5ee8448ad7c306f05a9f56769f95336a8269f379 (patch) | |
| tree | fac0e97f27145aeef62714ac0f50651ef4621df9 /sshd_config.5 | |
| parent | 424b544fbda963f973da80f884717c3e0a513288 (diff) | |
upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index e3c7c3936..0b7e396fd 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.263 2018/02/16 02:40:45 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.264 2018/04/04 15:12:17 job Exp $ |
| 37 | .Dd $Mdocdate: February 16 2018 $ | 37 | .Dd $Mdocdate: April 4 2018 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -816,9 +816,11 @@ If one argument is specified, it is used as the packet class unconditionally. | |||
| 816 | If two values are specified, the first is automatically selected for | 816 | If two values are specified, the first is automatically selected for |
| 817 | interactive sessions and the second for non-interactive sessions. | 817 | interactive sessions and the second for non-interactive sessions. |
| 818 | The default is | 818 | The default is |
| 819 | .Cm lowdelay | 819 | .Cm af21 |
| 820 | .Ar (Low-Latency Data) | ||
| 820 | for interactive sessions and | 821 | for interactive sessions and |
| 821 | .Cm throughput | 822 | .Cm cs1 |
| 823 | .Ar (Lower Effort) | ||
| 822 | for non-interactive sessions. | 824 | for non-interactive sessions. |
| 823 | .It Cm KbdInteractiveAuthentication | 825 | .It Cm KbdInteractiveAuthentication |
| 824 | Specifies whether to allow keyboard-interactive authentication. | 826 | Specifies whether to allow keyboard-interactive authentication. |