[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

2.4.x Kernel, ECN And Problem Websites


Are you aware that the enabling ECN in the 2.4.x kernels is 
causing some heartache and isn't recommended in the kernel 
docs.  It is also a difficult problem to diagnose as some 
sites work and others don't.

A number of large sites are uncontactable 
(news-server.vic.bigpond.net.au, EveryBuddy package MSN,
ETrade, NASDAQ, ...) as well as other web sites.  Slashdot 
has documented some of the problems at


One of the comments on /. also states;

" If you find ECN enabled in your distributor's 2.4.x kernel 
package by default, please consider this a severe mistake on 
your distributor's part."

I had the problem here and hadn't dug too deeply, instead 
reverted to 2.2.x kernels until I saw the /. article.  tcpdump
was telling me there were extra TCP flags set, but I was having 
problems working out exactly what they were.

Given this causes major incompatibility across a lot of packages
I think it is important to leave ECN disabled for the binary kernels.

I am happy to file a bug report, but thought I would discuss 
on devel first as I'm sure there are others who are having 
the same problem.


Explicit Congestion Notification (ECN) allows routers to notify
clients about network congestion, resulting in fewer dropped packets
and increased network performance. This option adds ECN support to the
Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which
allows ECN support to be disabled at runtime.

Note that, on the Internet, there are many broken firewalls which
refuse connections from ECN-enabled machines, and it may be a while
before these firewalls are fixed. Until then, to access a site behind
such a firewall (some of which are major sites, at the time of this
writing) you will have to disable this option, either by saying N now
or by using the sysctl.
If in doubt, say N.

Attachment: pgpJ3BdgAjb8W.pgp
Description: PGP signature

Reply to: