Skip to main content

9. Security Considerations

The main security risk is that traffic marked with the NQB DSCP can affect capacity, delay, delay variation, or loss experienced by other flows that share a bottleneck. Full NQB support limits incentives for QB traffic to mis-mark itself as NQB, especially when traffic protection is present.

Without traffic protection, malicious or misconfigured QB microflows can build a queue in the shallow NQB buffer. Overflow can cause reforwarding as Default, discarding, reordering, excessive delay variation, or packet loss that affects correctly marked NQB traffic as well. Per-user provisioning limits help constrain the blast radius.

Traffic protection may require finite flow state, so implementations must account for flow-state exhaustion attacks. The RFC requires traffic protection to be designed so the node does not fail when that state is exhausted.

Existing Wi-Fi deployments can give DSCP 45 traffic AC_VI treatment by default, which is not compliant NQB behavior but may still occur. DSCP fields have no integrity protection, so on-path attackers can alter DSCPs; NQB does not change that Diffserv property.