[Ecn-sane] osx not doing ecn for me
Holland, Jake
jholland at akamai.com
Sat Mar 21 14:41:08 EDT 2020
Hi Dave,
On 3/20/20, 9:25 PM, "Dave Taht" <dave.taht at gmail.com> wrote:
> Going back to looking at this my devices... my mac rarely attempts ecn
> over ipv4 or ipv6 nowadays. It seems to fall back to not even trying,
> frequently. So for example on one rrul test on a local AP, it will
> successfuly try for all the connection, but on a subsequent test won't
> try at all or only try two or so. I sat down to look at it harder with
> the rrul test against various servers, today....
>
> There is a complex heuristic at work here that I do not understand.
> It's really hard to do science when you can't force it to always
> negotiate, but I guess it explains
> some of the complex data I have from the field where the attempts do
> not match the size of the deployment in any sane way.
They described at least some of the heuristics at maprg 98, and yes, they're
somewhat complicated:
https://www.youtube.com/watch?v=wKDgVSMUvis&t=32m22s
https://datatracker.ietf.org/meeting/98/materials/slides-98-maprg-tcp-ecn-experience-with-enabling-ecn-on-the-internet-padma-bhooma-00.pdf#page=5
I wouldn't be surprised if rrul tests will hit their thresholds more often
than a normal traffic pattern, that could be messing up your results.
I thought you could turn off the heuristics by fiddling with the right
sysctls, but I haven't tried to nail it down.
> This is osx high sierra 10.13.6.
Catalina has these, fwiw:
$ sysctl -a | grep ecn
net.inet.tcp.ecn_timeout: 60
net.inet.tcp.ecn_setup_percentage: 100
net.inet.tcp.ecn_initiate_out: 2
net.inet.tcp.ecn_negotiate_in: 2
net.inet.ipsec.ecn: 0
net.inet.mptcp.probecnt: 5
net.inet6.ipsec6.ecn: 0
It would not be surprising if they have changed it some since High Sierra.
Best regards,
Jake
More information about the Ecn-sane
mailing list