* [Cake] ECN not working?
@ 2020-12-22 20:06 xnor
2020-12-22 20:15 ` Jonathan Morton
0 siblings, 1 reply; 3+ messages in thread
From: xnor @ 2020-12-22 20:06 UTC (permalink / raw)
To: cake
Hello,
after observing mostly drops in cake (instead of marks) I did a little test:
Client is a Linux 5.9.13, server is the same.
Kernel ECN parameters are set identically for both client and server to:
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_ecn_fallback = 1
Using tcpdump on the server I see the following:
The client initiates the IPv4 TCP connection with:
IP Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
TCP Flags: 0x0c2 (SYN, ECN, CWR)
Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
The server responds:
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Flags: 0x012 (SYN, ACK)
Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1 WS=128
Shouldn't the server respond with ECT set in the SYN ACK packet
and possibly also have ECN-related flags set in the TCP header?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Cake] ECN not working?
2020-12-22 20:06 [Cake] ECN not working? xnor
@ 2020-12-22 20:15 ` Jonathan Morton
2020-12-22 21:44 ` xnor
0 siblings, 1 reply; 3+ messages in thread
From: Jonathan Morton @ 2020-12-22 20:15 UTC (permalink / raw)
To: xnor; +Cc: cake
> On 22 Dec, 2020, at 10:06 pm, xnor <xnoreq@gmail.com> wrote:
>
> The client initiates the IPv4 TCP connection with:
> IP Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
> TCP Flags: 0x0c2 (SYN, ECN, CWR)
> Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
>
> The server responds:
> Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
> Flags: 0x012 (SYN, ACK)
> Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1 WS=128
>
> Shouldn't the server respond with ECT set in the SYN ACK packet
> and possibly also have ECN-related flags set in the TCP header?
Not all servers have ECN support enabled. A SYN-ACK without the ECE bit set indicates it does not. The connection then proceeds as Not-ECT.
I'm reasonably sure Akamai has specifically enabled ECN support. A lot of smaller webservers are probably running with the default passive-mode ECN support as well (ie. will negotiate inbound but not initiate outbound).
- Jonathan Morton
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Cake] ECN not working?
2020-12-22 20:15 ` Jonathan Morton
@ 2020-12-22 21:44 ` xnor
0 siblings, 0 replies; 3+ messages in thread
From: xnor @ 2020-12-22 21:44 UTC (permalink / raw)
To: Jonathan Morton; +Cc: cake
> Not all servers have ECN support enabled. A SYN-ACK without the ECE bit set indicates it does not. The connection then proceeds as Not-ECT.
>
> I'm reasonably sure Akamai has specifically enabled ECN support. A lot of smaller webservers are probably running with the default passive-mode ECN support as well (ie. will negotiate inbound but not initiate outbound).
>
> - Jonathan Morton
Why would my server not support ECN? I have full control over both the
client and server, my previous mail contained the ECN kernel parameter
configuration, and I also did the packet capture directly on the server.
The server is using fq_codel with ecn enabled, and also has a basic
nftables firewall but it doesn't mess with packet headers or do anything
fancy.
The only thing I can think of could be a hidden requirement on
conntrack, which on the server is disabled for some ports, though I
couldn't find any mention of this anywhere.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-22 21:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-22 20:06 [Cake] ECN not working? xnor
2020-12-22 20:15 ` Jonathan Morton
2020-12-22 21:44 ` xnor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox