Annotated edit history of
ECN version 4, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 1 |
JohnMcPherson |
1 |
An [Acronym] for __E__xplicit __C__ongestion __N__otification. |
| |
|
2 |
|
| 3 |
CraigBox |
3 |
From the [Linux] configuration help |
| 1 |
JohnMcPherson |
4 |
|
| 3 |
CraigBox |
5 |
Explicit Congestion Notification (ECN) allows routers to notify clients about network congestion, resulting in fewer dropped packets and increased network performance. This option adds ECN support to the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which allows ECN support to be disabled at runtime. |
| |
|
6 |
|
| |
|
7 |
Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl. |
| 1 |
JohnMcPherson |
8 |
|
| |
|
9 |
---- |
| 3 |
CraigBox |
10 |
Apparently most ECN problems are caused by [CiscoPix] routers dropping [IP] packets that have ECN set. |
| 4 |
IanMcDonald |
11 |
|
| |
|
12 |
Cisco IOS was fixed in version 12.2(8)T according to this page of Sally Floyd's (one of the authors of ECN) - http://www.icir.org/floyd/ecn.html |
| |
|
13 |
|
| |
|
14 |
This version of IOS was released around 2002 or 2003 so if a firewall is still running that version it probably is very insecure too and should be upgraded. |
| 1 |
JohnMcPherson |
15 |
|
| |
|
16 |
If you encounter this problem, you can disable ECN at run time: |
| 3 |
CraigBox |
17 |
<pre> |
| |
|
18 |
# echo 0 > /proc/sys/net/ipv4/tcp_ecn |
| |
|
19 |
</pre> |
| 4 |
IanMcDonald |
20 |
|
| |
|
21 |
It would also be good to tell the site that they are using obsolete, and probably insecure, equipment. |
| 2 |
CraigBox |
22 |
---- |
| |
|
23 |
CategoryNetworking |
