From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.toke.dk (mail.toke.dk [52.28.52.200]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 517943B2A4; Fri, 20 Sep 2019 05:41:31 -0400 (EDT) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1568972490; bh=av5GJ4HvJVWxoYkPjV2dstadNCp7pX3MZfepQXAUTiM=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=hi1CVupMcWgaq89IIIxceYkxk3rxojZr1SzVYs0lwpDxLyPa6A2byCd8vlC7TuPS4 nYcKcn6Ms2igkUtBwSJhSv6hLqo3kIUjNcQAZvh+UASYA9LnFK/6A1cKtL/YiB2cfY 1erjrTpuOOuRV7dBzleXbTZIhkDb2Ze08SRhWt62P5T6vI4zVjiUn7JNmhCGfI8A1a VUG4A4ZMu2aqi9zg+xi9dBjepPynt4pRzhURxPWIS01ef65lzCIZJ4bH46n2DuEwNn EMxxuIE1LUAnOmRVn4RVFuFdVBpisf5wZBNNTRbia+imoe+bdYw9B5lfCEyQuxh+q8 qF5lSUxIJDmIA== To: Jesper Dangaard Brouer Cc: ecn-sane@lists.bufferbloat.net, bloat@lists.bufferbloat.net, brouer@redhat.com, Marek Majkowski In-Reply-To: <20190920092408.58747a48@carbon> References: <87o8zgdvka.fsf@toke.dk> <20190920092408.58747a48@carbon> Date: Fri, 20 Sep 2019 11:41:29 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87ftkrcnjq.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Bloat] Issue with negotiating ECN with Cloudflare hosts? X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Sep 2019 09:41:31 -0000 Jesper Dangaard Brouer writes: > On Thu, 19 Sep 2019 19:50:45 +0200 Toke H=C3=B8iland-J=C3=B8rgensen wrote: > >> Is anyone else experiencing problems negotiating ECN when connecting to >> Cloudflare? I see this for most sites protected by Cloudflare (such as >> bufferbloat.net), but only when using IPv4: >>=20 >> # sysctl -w net.ipv4.tcp_ecn=3D1 >> net.ipv4.tcp_ecn =3D 1 >> # curl -v 1.1.1.1 >> * Trying 1.1.1.1:80... >> * TCP_NODELAY set >> * Connected to 1.1.1.1 (1.1.1.1) port 80 (#0) >> > GET / HTTP/1.1 >> > Host: 1.1.1.1 >> > User-Agent: curl/7.66.0 >> > Accept: */* >> >=20=20=20 >> * Recv failure: Connection reset by peer >> * Closing connection 0 >> curl: (56) Recv failure: Connection reset by peer > > It works for me when repeating your experiment: > > $ sysctl -w net.ipv4.tcp_ecn=3D1 > net.ipv4.tcp_ecn =3D 1 > > $ curl -v 1.1.1.1 > * Rebuilt URL to: 1.1.1.1/ > * Trying 1.1.1.1... > * TCP_NODELAY set > * Connected to 1.1.1.1 (1.1.1.1) port 80 (#0) >> GET / HTTP/1.1 >> Host: 1.1.1.1 >> User-Agent: curl/7.61.1 >> Accept: */* >>=20 > < HTTP/1.1 301 Moved Permanently > < Date: Fri, 20 Sep 2019 07:19:48 GMT > < Content-Type: text/html > < Transfer-Encoding: chunked > < Connection: keep-alive > < Location: https://1.1.1.1/ > < Served-In-Seconds: 0.000 > < CF-Cache-Status: HIT > < Age: 5944 > < Expires: Fri, 20 Sep 2019 11:19:48 GMT > < Cache-Control: public, max-age=3D14400 > < Server: cloudflare > < CF-RAY: 519208830aced891-CPH > [...] >=20=20 >=20=20 >> # sysctl -w net.ipv4.tcp_ecn=3D0 >> net.ipv4.tcp_ecn =3D 0 >> # curl -v 1.1.1.1 >> * Trying 1.1.1.1:80... >> * TCP_NODELAY set >> * Connected to 1.1.1.1 (1.1.1.1) port 80 (#0) >> > GET / HTTP/1.1 >> > Host: 1.1.1.1 >> > User-Agent: curl/7.66.0 >> > Accept: */* >> >=20=20=20 >> * Mark bundle as not supporting multiuse >> < HTTP/1.1 301 Moved Permanently >> < Date: Thu, 19 Sep 2019 17:42:22 GMT >> < Content-Type: text/html >> < Transfer-Encoding: chunked >> < Connection: keep-alive >> < Location: https://1.1.1.1/ >> < Served-In-Seconds: 0.000 >> < CF-Cache-Status: HIT >> < Age: 4442 >> < Expires: Thu, 19 Sep 2019 21:42:22 GMT >> < Cache-Control: public, max-age=3D14400 >> < Server: cloudflare >> < CF-RAY: 518d5b13fcfcd43f-HAM >> <=20 >> >> 301 Moved Permanently >> >>

301 Moved Permanently

>>
cloudflare-lb
>> >> >> * Connection #0 to host 1.1.1.1 left intact >>=20 >>=20 >> I've opened a support request with my ISP, but thought I'd ask if anyone >> else was seeing this? (Is anyone else running with ECN enabled?) > > I'm not seeing it, so it might be your ISP? Yeah, guess I'll get to see if my ISP support knows what ECN is... Should be fun :P -Toke