--- "Mark E. Donaldson" <markee@xxxxxxxxxxxxxxx> wrote: > > > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On > Behalf Of Pawel Pilat > Sent: Tuesday, June 22, 2004 1:34 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: ECN problem? > > > > -----Original Message----- > > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On > Behalf Of Pawel Pilat > > Sent: Monday, June 21, 2004 1:59 AM > > To: netfilter@xxxxxxxxxxxxxxxxxxx > > Subject: ECN problem? > > > > Hello everyone, > > it's my first post on this list so plese > understanding ... > > I think that i have problem with ECN , this is my > > situation: > > > > IN--->R--->ISP > > > > where: > > IN - my internal net > > R - my linux router (2.4.25, ipt-1.2.9) ISP - my > ISP > > > > so when i trying to connect from internal net to > Internet i > > expirencing very slow transfers (500 - 700 > > bps) but from router everything is ok (transfer > rate 50 - 60 kbps) > > when i used tcpdump on external interfece on > router i realized that my > > ISP sends to me in every TCP packet TOS field set > to 0x03 (ECN-CT > > + ECN-CE) i think that > > is the problem > > > > i tried using: > > > > iptables -t mangle -A PREROUTING -i $EXTIF -j TOS > --set-tos 0x00 but > > without any result > > > > my question is: > > 1.it is possible to set linux box to ignore this > fields in packets? > > 2. there is another way to solve the problem? > > > > thank for advices > > best regards > > > > POSTER PL > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Take Yahoo! Mail with you! Get it on your mobile > phone. > > http://mobile.yahoo.com/maildemo > > > > Most ISP have ECN enabled on their routers today, > so this is not > > unusual. If the packets you are receiving from > your ISP have > > Cx=1 (0x03) then this means > > it is indeed experiencing congestion, and if your > box is also ECN > > enabled, then the congestion windows on both > devices are probably > > being cut in half. > > This needs to be confirmed before you do anything. > > To confirm this, I would > > suggest that you first check and see if you box is > ECN enabled by > > checking your kernel config for CONFIG_INET_ECN=y. > If it is, check the > > two high-order bits of bite 13 of the suspect TCP > packet headers to > > see if the congestion windows are being cut. If > so, then this is > > probably a correct assumption on your part. If so, > the easiest > > solution would be to disable ECN on your box. > > You would need to recompile the kernel to that of > course. However, it > > would seem as though ECN is only doing its job and > you may want to > > explore that avenue. > > > > > > > > > ######################################################## > > This message has been scanned for viruses and > dangerous content by > > MailScanner, and is believed to be clean. > > > > postmaster@xxxxxxxxxxxxxxx > > MailScanner at bandwidthco.com is for your > absolute protection. > > > ######################################################## > > Thnx Mark > > my box isn't ECN enabled for sure > to be completly sure I issued: echo "0" > > /proc/sys/net/ipv4/tcp_ecn > > but this kind of behavior is strange for me or maybe > my understanding of ECN > isn't enough when i connect directly to ISP link non > routing host everything > seems to be OK (transfers rates) but EVERY returning > packet in TCP sequence > has TOS set to 0x03. > > it seems that every packet in connection from my > hosts makes ISP router > congested - I don't think so - both interfaces of > router are ethernet 100 i > set MTU on external if to 1460 also tried with lower > values and iptables > ...... -j TCPMSS ... also without results > > so my theories : > > 1. ISP sets TOS field to 0x03 on purpose on EVERY > TCP packet directed to my > host, but why? > NAT preventing or sth ? > > 2. bad ECN implementation ? > it is possible but affects only those people who > share their connection. > at this point i must say that i dont want to make > war with my ISP - i have 3 > PC and i want them all to be connected (network > protocols and features test > purposes) generally it's not forbidden by ISP > > i will examine those bytes just in case it's getting > much interesting with > each packet i captured ... :) > > i will be grateful for any advices > > best regards > POSTER PL > > > > This is indeed an interesting problem, and it > sounds like you have been > investigating it for a while. You mentioned that the > TOS target was not > effective. Why not try the -m tos match, and send > the 0x03 TOS packets to > the ECN target for processing? This target allows > you to selectively work > around known ECN blackholes: -j ECN > --ecn-tcp-remove. Apply this in the > mangle table with -p tcp. Just out of curiosity, > what type of NICs are in > your box? > > > > ######################################################## > This message has been scanned for viruses and > dangerous > content by MailScanner, and is believed to be clean. > > postmaster@xxxxxxxxxxxxxxx > MailScanner at bandwidthco.com is for your absolute > protection. > ######################################################## > > both are planet 8139 chipset based NICs so nothing unusual i totally forgot this netfilter target (ECN)! thnx for that ! i will try it - i hope that it's what i needed thnx best regards POSTER PL __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
