[Cake] ECN not working?
xnor
xnoreq at gmail.com
Tue Dec 22 16:44:43 EST 2020
> Not all servers have ECN support enabled. A SYN-ACK without the ECE bit set indicates it does not. The connection then proceeds as Not-ECT.
>
> I'm reasonably sure Akamai has specifically enabled ECN support. A lot of smaller webservers are probably running with the default passive-mode ECN support as well (ie. will negotiate inbound but not initiate outbound).
>
> - Jonathan Morton
Why would my server not support ECN? I have full control over both the
client and server, my previous mail contained the ECN kernel parameter
configuration, and I also did the packet capture directly on the server.
The server is using fq_codel with ecn enabled, and also has a basic
nftables firewall but it doesn't mess with packet headers or do anything
fancy.
The only thing I can think of could be a hidden requirement on
conntrack, which on the server is disabled for some ports, though I
couldn't find any mention of this anywhere.
More information about the Cake
mailing list