• Florian Westphal's avatar
    net: allow setting ecn via routing table · f7b3bec6
    Florian Westphal authored
    This patch allows to set ECN on a per-route basis in case the sysctl
    tcp_ecn is not set to 1. In other words, when ECN is set for specific
    routes, it provides a tcp_ecn=1 behaviour for that route while the rest
    of the stack acts according to the global settings.
    
    One can use 'ip route change dev $dev $net features ecn' to toggle this.
    
    Having a more fine-grained per-route setting can be beneficial for various
    reasons, for example, 1) within data centers, or 2) local ISPs may deploy
    ECN support for their own video/streaming services [1], etc.
    
    There was a recent measurement study/paper [2] which scanned the Alexa's
    publicly available top million websites list from a vantage point in US,
    Europe and Asia:
    
    Half of the Alexa list will now happily use ECN (tcp_ecn=2, most likely
    blamed to commit 255cac91 ("tcp: extend ECN sysctl to allow server-side
    only ECN") ;)); the break in connectivity on-path was found is about
    1 in 10,000 cases. Timeouts rather than receiving back RSTs were much
    more common in the negotiation phase (and mostly seen in the Alexa
    middle band, ranks around 50k-150k): from 12-thousand hosts on which
    there _may_ be ECN-linked connection failures, only 79 failed with RST
    when _not_ failing with RST when ECN is not requested.
    
    It's unclear though, how much equipment in the wild actually marks CE
    when buffers start to fill up.
    
    We thought about a fallback to non-ECN for retransmitted SYNs as another
    global option (which could perhaps one day be made default), but as Eric
    points out, there's much more work needed to detect broken middleboxes.
    
    Two examples Eric mentioned are buggy firewalls that accept only a single
    SYN per flow, and middleboxes that successfully let an ECN flow establish,
    but later mark CE for all packets (so cwnd converges to 1).
    
     [1] http://www.ietf.org/proceedings/89/slides/slides-89-tsvarea-1.pdf, p.15
     [2] http://ecn.ethz.ch/
    
    Joint work with Daniel Borkmann.
    
    Reference: http://thread.gmane.org/gmane.linux.network/335797Suggested-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
    Acked-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    f7b3bec6
syncookies.c 7.62 KB