Re: Is there a list of sites that require ECN to be disabled?



On Thu, 15 Mar 2007 15:00:45 -0500, ibuprofin@xxxxxxxxxxxxxxxxxxxxxx
(Moe Trin) wrote:

On Wed, 14 Mar 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <qk3hv2d607qn3gdk62erif2t29drui5f4j@xxxxxxx>, buck wrote:

Today I solved a problem wherein a website refused to respond. It
turned out to be a problem with ECN (Explicit Congestion
Notification). When I disabled ECN for that site, it immediately
started working.

Someone with an old router running an old version of the O/S.

Now we seek a list of sites that are known to require ECN to be
disabled, but Google is not providing any help. Does anyone know if
such a list exists and is kept current?

I don't know of any - the problem _should_ have gone away several years
ago. For example:

------------------------------
Bug ID: CSCds23698
Headline: PIX sends RSET in response to tcp connections with ECN bits
set
Product: PIX
Component: fw
Severity: 2 Status: R [Resolved]
Version Found: 5.1(1) Fixed-in Version: 5.1(2.206) 5.1(2.207)
5.2(1.200)
------------------------------

That was back in October 2000.

ECN is not (or at least is not enabled) in the standard Linux 2.4
kernel. It was added and turned on here, partly because problems
associated with ECN seem to have become very rare. (Either that or
very few _use_ ECN?)

You're pushing memory, but that feature was added in 2.4.0 back in...
well, 2.4.0 is dated Jan 4, 2001 but the problem was seen in the
summer of 2000. I see packets with ECN enabled constantly, so I suspect
you're seeing a rarity.

Old guy

Stuff I find on the web says that 2.4.20 had a bug that was fixed in
2.4.21 kernel versions - having to do with endianess (if I understand
correctly). We are comfortable that our kernel and iptables are OK.

Although this list has not been updated in almost a year, I did find
this "ECN Hall of Shame", and it does contain the Bad Boy I created an
exception for:
http://urchin.earth.li/cgi-bin/ecn.pl

which, after testing, is going to go up on our website because it does
not appear that urchin.earth.li will resume updates.

If anyone knows of a list that IS current, please let us know about
it!
--buck

.



Relevant Pages

  • Re: Is there a list of sites that require ECN to be disabled?
    ... turned out to be a problem with ECN (Explicit Congestion ... Notification). ... When I disabled ECN for that site, ... Product: PIX ...
    (comp.os.linux.networking)
  • Re: Problem accessing some https sites
    ... I am having a similar problem, but the window scaling didn't fix the ... As I read the information in the link, I saw that they had ECN ... The 2.4 kernel is designed to make your Internet Experience ... ECN in the 2.4 kernel either by disabling the CONFIG_INET_ECN option ...
    (Fedora)
  • Re: Problem accessing some https sites
    ... I am having a similar problem, but the window scaling didn't fix the ... As I read the information in the link, I saw that they had ECN ... The 2.4 kernel is designed to make your Internet Experience ... ECN in the 2.4 kernel either by disabling the CONFIG_INET_ECN option ...
    (Fedora)
  • Re: Is there a list of sites that require ECN to be disabled?
    ... Someone with an old router running an old version of the O/S. ... associated with ECN seem to have become very rare. ... kernel versions - having to do with endianess (if I understand ... The Cisco change notice ...
    (comp.os.linux.networking)
  • Re: Cant access a site from Masqueraded host
    ... | Any tricks to find out where that is in the kernel config (make ... Just edit the .config file and use 'oldconfig' instead of ... 'menuconfig'. ... Just because your kernel includes TCP ECN capability doesn't mean you ...
    (Debian-User)