An Acronym for Explicit Congestion Notification.

From the Linux configuration help

Explicit Congestion Notification (ECN) allows routers to notify clients about network congestion, resulting in fewer dropped packets and increased network performance. This option adds ECN support to the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which allows ECN support to be disabled at runtime.

Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl.

Apparently most ECN problems are caused by CiscoPix routers dropping IP packets that have ECN set.

Cisco IOS was fixed in version 12.2(8)T according to this page of Sally Floyd's (one of the authors of ECN) - http://www.icir.org/floyd/ecn.html

This version of IOS was released around 2002 or 2003 so if a firewall is still running that version it probably is very insecure too and should be upgraded.

If you encounter this problem, you can disable ECN at run time:

# echo 0 > /proc/sys/net/ipv4/tcp_ecn

It would also be good to tell the site that they are using obsolete, and probably insecure, equipment.

CategoryNetworking