Re: [Ecn-sane] [Bloat] Issue with negotiating ECN with Cloudflare hosts?

Discussion of explicit congestion notification's impact on the Internet
 help / color / mirror / Atom feed

From: Marek Majkowski <marek@cloudflare.com>
To: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: "Toke Høiland-Jørgensen" <toke@toke.dk>,
	ecn-sane@lists.bufferbloat.net, bloat@lists.bufferbloat.net
Subject: Re: [Ecn-sane] [Bloat] Issue with negotiating ECN with Cloudflare hosts?
Date: Fri, 20 Sep 2019 09:49:59 +0200	[thread overview]
Message-ID: <CAJPywT+Xa9pXpZ66eKR7NOpn8T-Tt_obU6HjShzw=zQCDeudfg@mail.gmail.com> (raw)
In-Reply-To: <20190920092408.58747a48@carbon>

We definitely don't do anything fancy about ECN on our side. It must
be some middle-box or intermediate router.

Could you share your source IP, traceroute, and ideally "traceroute
-S" (tcp/SYN mode).

On Fri, Sep 20, 2019 at 9:24 AM Jesper Dangaard Brouer
<brouer@redhat.com> wrote:
>
>
> On Thu, 19 Sep 2019 19:50:45 +0200 Toke Høiland-Jørgensen <toke@toke.dk> wrote:
>
> > Is anyone else experiencing problems negotiating ECN when connecting to
> > Cloudflare? I see this for most sites protected by Cloudflare (such as
> > bufferbloat.net), but only when using IPv4:
> >
> > # sysctl -w net.ipv4.tcp_ecn=1
> > net.ipv4.tcp_ecn = 1
> > # curl -v 1.1.1.1
> > *   Trying 1.1.1.1:80...
> > * TCP_NODELAY set
> > * Connected to 1.1.1.1 (1.1.1.1) port 80 (#0)
> > > GET / HTTP/1.1
> > > Host: 1.1.1.1
> > > User-Agent: curl/7.66.0
> > > Accept: */*
> > >
> > * Recv failure: Connection reset by peer
> > * Closing connection 0
> > curl: (56) Recv failure: Connection reset by peer
>
> It works for me when repeating your experiment:
>
> $ sysctl -w net.ipv4.tcp_ecn=1
> net.ipv4.tcp_ecn = 1
>
> $ curl -v 1.1.1.1
> * Rebuilt URL to: 1.1.1.1/
> *   Trying 1.1.1.1...
> * TCP_NODELAY set
> * Connected to 1.1.1.1 (1.1.1.1) port 80 (#0)
> > GET / HTTP/1.1
> > Host: 1.1.1.1
> > User-Agent: curl/7.61.1
> > Accept: */*
> >
> < HTTP/1.1 301 Moved Permanently
> < Date: Fri, 20 Sep 2019 07:19:48 GMT
> < Content-Type: text/html
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < Location: https://1.1.1.1/
> < Served-In-Seconds: 0.000
> < CF-Cache-Status: HIT
> < Age: 5944
> < Expires: Fri, 20 Sep 2019 11:19:48 GMT
> < Cache-Control: public, max-age=14400
> < Server: cloudflare
> < CF-RAY: 519208830aced891-CPH
> [...]
>
>
> > # sysctl -w net.ipv4.tcp_ecn=0
> > net.ipv4.tcp_ecn = 0
> > # curl -v 1.1.1.1
> > *   Trying 1.1.1.1:80...
> > * TCP_NODELAY set
> > * Connected to 1.1.1.1 (1.1.1.1) port 80 (#0)
> > > GET / HTTP/1.1
> > > Host: 1.1.1.1
> > > User-Agent: curl/7.66.0
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 301 Moved Permanently
> > < Date: Thu, 19 Sep 2019 17:42:22 GMT
> > < Content-Type: text/html
> > < Transfer-Encoding: chunked
> > < Connection: keep-alive
> > < Location: https://1.1.1.1/
> > < Served-In-Seconds: 0.000
> > < CF-Cache-Status: HIT
> > < Age: 4442
> > < Expires: Thu, 19 Sep 2019 21:42:22 GMT
> > < Cache-Control: public, max-age=14400
> > < Server: cloudflare
> > < CF-RAY: 518d5b13fcfcd43f-HAM
> > <
> > <html>
> > <head><title>301 Moved Permanently</title></head>
> > <body bgcolor="white">
> > <center><h1>301 Moved Permanently</h1></center>
> > <hr><center>cloudflare-lb</center>
> > </body>
> > </html>
> > * Connection #0 to host 1.1.1.1 left intact
> >
> >
> > I've opened a support request with my ISP, but thought I'd ask if anyone
> > else was seeing this? (Is anyone else running with ECN enabled?)
>
> I'm not seeing it, so it might be your ISP?
>
> --
> Best regards,
>   Jesper Dangaard Brouer
>   MSc.CS, Principal Kernel Engineer at Red Hat
>   LinkedIn: http://www.linkedin.com/in/brouer

next prev parent reply	other threads:[~2019-09-20  7:50 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-19 17:50 [Ecn-sane] " Toke Høiland-Jørgensen
2019-09-19 18:26 ` Jeremy Harris
2019-09-20  7:24 ` [Ecn-sane] [Bloat] " Jesper Dangaard Brouer
2019-09-20  7:49   ` Marek Majkowski [this message]
2019-09-20  9:38     ` Toke Høiland-Jørgensen
2019-09-20  9:41   ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/ecn-sane.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJPywT+Xa9pXpZ66eKR7NOpn8T-Tt_obU6HjShzw=zQCDeudfg@mail.gmail.com' \
    --to=marek@cloudflare.com \
    --cc=bloat@lists.bufferbloat.net \
    --cc=brouer@redhat.com \
    --cc=ecn-sane@lists.bufferbloat.net \
    --cc=toke@toke.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox