Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
ECN
Edit
PageHistory
Diff
Info
LikePages
An [Acronym] for __E__xplicit __C__ongestion __N__otification. From the [Linux] configuration help Explicit Congestion Notification (ECN) allows routers to notify clients about network congestion, resulting in fewer dropped packets and increased network performance. This option adds ECN support to the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which allows ECN support to be disabled at runtime. Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl. ---- Apparently most ECN problems are caused by [CiscoPix] routers dropping [IP] packets that have ECN set. Cisco IOS was fixed in version 12.2(8)T according to this page of Sally Floyd's (one of the authors of ECN) - http://www.icir.org/floyd/ecn.html This version of IOS was released around 2002 or 2003 so if a firewall is still running that version it probably is very insecure too and should be upgraded. If you encounter this problem, you can disable ECN at run time: <pre> # echo 0 > /proc/sys/net/ipv4/tcp_ecn </pre> It would also be good to tell the site that they are using obsolete, and probably insecure, equipment. ---- CategoryNetworking
5 pages link to
ECN
:
CWR
ECE
SysControls
RTA220
FirewallNotes
