ECN problem?

ECN problem?

[Pawel Pilat]

Hello everyone,
it's my first post on this list so plese understanding
...
I think that i have problem with ECN , this is my
situation:

IN--->R--->ISP

where:
IN - my internal net
R - my linux router (2.4.25, ipt-1.2.9)
ISP - my ISP

so when i trying to connect from internal net to
Internet i expirencing very slow transfers (500 - 700
bps) but from router everything is ok (transfer rate
50 - 60 kbps)
when i used tcpdump on external interfece on router i
realized that my ISP sends to me in every TCP packet
TOS field set to 0x03 (ECN-CT + ECN-CE)
i think that is the problem

i tried using:

iptables -t mangle -A PREROUTING -i $EXTIF -j TOS
--set-tos 0x00 but without any result

my question is:
1.it is possible to set linux box to ignore this
fields in packets?
2. there is another way to solve the problem?

thank for advices
best regards

POSTER PL



		
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 

RE: ECN problem?

[Mark E. Donaldson]

 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Pawel Pilat
Sent: Monday, June 21, 2004 1:59 AM
To: netfilter@lists.netfilter.org
Subject: ECN problem?

Hello everyone,
it's my first post on this list so plese understanding ...
I think that i have problem with ECN , this is my
situation:

IN--->R--->ISP

where:
IN - my internal net
R - my linux router (2.4.25, ipt-1.2.9)
ISP - my ISP

so when i trying to connect from internal net to Internet i expirencing very
slow transfers (500 - 700
bps) but from router everything is ok (transfer rate 50 - 60 kbps) when i
used tcpdump on external interfece on router i realized that my ISP sends to
me in every TCP packet TOS field set to 0x03 (ECN-CT + ECN-CE) i think that
is the problem

i tried using:

iptables -t mangle -A PREROUTING -i $EXTIF -j TOS --set-tos 0x00 but without
any result

my question is:
1.it is possible to set linux box to ignore this fields in packets?
2. there is another way to solve the problem?

thank for advices
best regards

POSTER PL



		
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 

Most ISP have ECN enabled on their routers today, so this is not unusual. If
the packets you are receiving from your ISP have Cx=1 (0x03) then this means
it is indeed experiencing congestion, and if your box is also ECN enabled,
then the congestion windows on both devices are probably being cut in half.
This needs to be confirmed before you do anything. To confirm this, I would
suggest that you first check and see if you box is ECN enabled by checking
your kernel config for CONFIG_INET_ECN=y. If it is, check the two high-order
bits of bite 13 of the suspect TCP packet headers to see if the congestion
windows are being cut. If so, then this is probably a correct assumption on
your part. If so, the easiest solution would be to disable ECN on your box.
You would need to recompile the kernel to that of course. However, it would
seem as though ECN is only doing its job and you may want to explore that
avenue.



########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at bandwidthco.com is for your absolute protection.
########################################################

ECN problem?

[Pawel Pilat]

 
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On
> Behalf Of Pawel Pilat
> Sent: Monday, June 21, 2004 1:59 AM
> To: netfilter@lists.netfilter.org
> Subject: ECN problem?
> 
> Hello everyone,
> it's my first post on this list so plese
> understanding ...
> I think that i have problem with ECN , this is my
> situation:
> 
> IN--->R--->ISP
> 
> where:
> IN - my internal net
> R - my linux router (2.4.25, ipt-1.2.9)
> ISP - my ISP
> 
> so when i trying to connect from internal net to
> Internet i expirencing very
> slow transfers (500 - 700
> bps) but from router everything is ok (transfer rate
> 50 - 60 kbps) when i
> used tcpdump on external interfece on router i
> realized that my ISP sends to
> me in every TCP packet TOS field set to 0x03 (ECN-CT
> + ECN-CE) i think that
> is the problem
> 
> i tried using:
> 
> iptables -t mangle -A PREROUTING -i $EXTIF -j TOS
> --set-tos 0x00 but without
> any result
> 
> my question is:
> 1.it is possible to set linux box to ignore this
> fields in packets?
> 2. there is another way to solve the problem?
> 
> thank for advices
> best regards
> 
> POSTER PL
> 
> 
> 
> 		
> __________________________________
> Do you Yahoo!?
> Take Yahoo! Mail with you! Get it on your mobile
> phone.
> http://mobile.yahoo.com/maildemo 
> 
> Most ISP have ECN enabled on their routers today, so
> this is not unusual. If
> the packets you are receiving from your ISP have
> Cx=1 (0x03) then this means
> it is indeed experiencing congestion, and if your
> box is also ECN enabled,
> then the congestion windows on both devices are
> probably being cut in half.
> This needs to be confirmed before you do anything.
> To confirm this, I would
> suggest that you first check and see if you box is
> ECN enabled by checking
> your kernel config for CONFIG_INET_ECN=y. If it is,
> check the two high-order
> bits of bite 13 of the suspect TCP packet headers to
> see if the congestion
> windows are being cut. If so, then this is probably
> a correct assumption on
> your part. If so, the easiest solution would be to
> disable ECN on your box.
> You would need to recompile the kernel to that of
> course. However, it would
> seem as though ECN is only doing its job and you may
> want to explore that
> avenue.
> 
> 
> 
>
########################################################
> This message has been scanned for viruses and
> dangerous 
> content by MailScanner, and is believed to be clean.
> 
> postmaster@bandwidthco.com
> MailScanner at bandwidthco.com is for your absolute
> protection.
>
########################################################

Thnx Mark 

my box isn't ECN enabled for sure
to be completly sure I issued: echo "0" >
/proc/sys/net/ipv4/tcp_ecn

but this kind of behavior is strange for me or maybe
my understanding of ECN isn't enough
when i connect directly to ISP link non routing host
everything seems to be OK (transfers rates) but EVERY
returning packet in TCP sequence has TOS set to 0x03.

it seems that every packet in connection from my hosts
makes ISP router congested - I don't think so -
both interfaces of router are ethernet 100
i set MTU on external if to 1460
also tried with lower values and 
iptables ..... -j TCPMSS ... also without results 

so my theories :

1. ISP sets TOS field to 0x03 on purpose on EVERY TCP
packet directed to my host, but why?
NAT preventing or sth ?

2. bad ECN implementation ?
it is possible but affects only those people who share
their connection.
at this point i must say that i dont want to make war
with my ISP - i have 3 PC and i want them all to be
connected (network protocols and features test
purposes)  generally it's not forbidden by ISP

i will examine those bytes just in case 
it's getting much interesting with each packet i
captured ... :)  

i will be grateful for any advices

best regards
POSTER PL

  

 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail

RE: ECN problem?

[Mark E. Donaldson]

 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Pawel Pilat
Sent: Tuesday, June 22, 2004 1:34 AM
To: netfilter@lists.netfilter.org
Subject: ECN problem?

 
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Pawel Pilat
> Sent: Monday, June 21, 2004 1:59 AM
> To: netfilter@lists.netfilter.org
> Subject: ECN problem?
> 
> Hello everyone,
> it's my first post on this list so plese understanding ...
> I think that i have problem with ECN , this is my
> situation:
> 
> IN--->R--->ISP
> 
> where:
> IN - my internal net
> R - my linux router (2.4.25, ipt-1.2.9) ISP - my ISP
> 
> so when i trying to connect from internal net to Internet i 
> expirencing very slow transfers (500 - 700
> bps) but from router everything is ok (transfer rate 50 - 60 kbps) 
> when i used tcpdump on external interfece on router i realized that my 
> ISP sends to me in every TCP packet TOS field set to 0x03 (ECN-CT
> + ECN-CE) i think that
> is the problem
> 
> i tried using:
> 
> iptables -t mangle -A PREROUTING -i $EXTIF -j TOS --set-tos 0x00 but 
> without any result
> 
> my question is:
> 1.it is possible to set linux box to ignore this fields in packets?
> 2. there is another way to solve the problem?
> 
> thank for advices
> best regards
> 
> POSTER PL
> 
> 
> 
> 		
> __________________________________
> Do you Yahoo!?
> Take Yahoo! Mail with you! Get it on your mobile phone.
> http://mobile.yahoo.com/maildemo
> 
> Most ISP have ECN enabled on their routers today, so this is not 
> unusual. If the packets you are receiving from your ISP have
> Cx=1 (0x03) then this means
> it is indeed experiencing congestion, and if your box is also ECN 
> enabled, then the congestion windows on both devices are probably 
> being cut in half.
> This needs to be confirmed before you do anything.
> To confirm this, I would
> suggest that you first check and see if you box is ECN enabled by 
> checking your kernel config for CONFIG_INET_ECN=y. If it is, check the 
> two high-order bits of bite 13 of the suspect TCP packet headers to 
> see if the congestion windows are being cut. If so, then this is 
> probably a correct assumption on your part. If so, the easiest 
> solution would be to disable ECN on your box.
> You would need to recompile the kernel to that of course. However, it 
> would seem as though ECN is only doing its job and you may want to 
> explore that avenue.
> 
> 
> 
>
########################################################
> This message has been scanned for viruses and dangerous content by 
> MailScanner, and is believed to be clean.
> 
> postmaster@bandwidthco.com
> MailScanner at bandwidthco.com is for your absolute protection.
>
########################################################

Thnx Mark 

my box isn't ECN enabled for sure
to be completly sure I issued: echo "0" > /proc/sys/net/ipv4/tcp_ecn

but this kind of behavior is strange for me or maybe my understanding of ECN
isn't enough when i connect directly to ISP link non routing host everything
seems to be OK (transfers rates) but EVERY returning packet in TCP sequence
has TOS set to 0x03.

it seems that every packet in connection from my hosts makes ISP router
congested - I don't think so - both interfaces of router are ethernet 100 i
set MTU on external if to 1460 also tried with lower values and iptables
..... -j TCPMSS ... also without results 

so my theories :

1. ISP sets TOS field to 0x03 on purpose on EVERY TCP packet directed to my
host, but why?
NAT preventing or sth ?

2. bad ECN implementation ?
it is possible but affects only those people who share their connection.
at this point i must say that i dont want to make war with my ISP - i have 3
PC and i want them all to be connected (network protocols and features test
purposes)  generally it's not forbidden by ISP

i will examine those bytes just in case it's getting much interesting with
each packet i captured ... :)  

i will be grateful for any advices

best regards
POSTER PL

  

 This is indeed an interesting problem, and it sounds like you have been
investigating it for a while. You mentioned that the TOS target was not
effective. Why not try the -m tos match, and send the 0x03 TOS packets to
the ECN target for processing? This target allows you to selectively work
around known ECN blackholes: -j ECN --ecn-tcp-remove. Apply this in the
mangle table with -p tcp. Just out of curiosity, what type of NICs are in
your box? 



########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at bandwidthco.com is for your absolute protection.
########################################################

RE: ECN problem?

[Pawel Pilat]

--- "Mark E. Donaldson" <markee@bandwidthco.com>
wrote:
>  
> 
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On
> Behalf Of Pawel Pilat
> Sent: Tuesday, June 22, 2004 1:34 AM
> To: netfilter@lists.netfilter.org
> Subject: ECN problem?
> 
>  
> > -----Original Message-----
> > From: netfilter-admin@lists.netfilter.org
> > [mailto:netfilter-admin@lists.netfilter.org] On
> Behalf Of Pawel Pilat
> > Sent: Monday, June 21, 2004 1:59 AM
> > To: netfilter@lists.netfilter.org
> > Subject: ECN problem?
> > 
> > Hello everyone,
> > it's my first post on this list so plese
> understanding ...
> > I think that i have problem with ECN , this is my
> > situation:
> > 
> > IN--->R--->ISP
> > 
> > where:
> > IN - my internal net
> > R - my linux router (2.4.25, ipt-1.2.9) ISP - my
> ISP
> > 
> > so when i trying to connect from internal net to
> Internet i 
> > expirencing very slow transfers (500 - 700
> > bps) but from router everything is ok (transfer
> rate 50 - 60 kbps) 
> > when i used tcpdump on external interfece on
> router i realized that my 
> > ISP sends to me in every TCP packet TOS field set
> to 0x03 (ECN-CT
> > + ECN-CE) i think that
> > is the problem
> > 
> > i tried using:
> > 
> > iptables -t mangle -A PREROUTING -i $EXTIF -j TOS
> --set-tos 0x00 but 
> > without any result
> > 
> > my question is:
> > 1.it is possible to set linux box to ignore this
> fields in packets?
> > 2. there is another way to solve the problem?
> > 
> > thank for advices
> > best regards
> > 
> > POSTER PL
> > 
> > 
> > 
> > 		
> > __________________________________
> > Do you Yahoo!?
> > Take Yahoo! Mail with you! Get it on your mobile
> phone.
> > http://mobile.yahoo.com/maildemo
> > 
> > Most ISP have ECN enabled on their routers today,
> so this is not 
> > unusual. If the packets you are receiving from
> your ISP have
> > Cx=1 (0x03) then this means
> > it is indeed experiencing congestion, and if your
> box is also ECN 
> > enabled, then the congestion windows on both
> devices are probably 
> > being cut in half.
> > This needs to be confirmed before you do anything.
> > To confirm this, I would
> > suggest that you first check and see if you box is
> ECN enabled by 
> > checking your kernel config for CONFIG_INET_ECN=y.
> If it is, check the 
> > two high-order bits of bite 13 of the suspect TCP
> packet headers to 
> > see if the congestion windows are being cut. If
> so, then this is 
> > probably a correct assumption on your part. If so,
> the easiest 
> > solution would be to disable ECN on your box.
> > You would need to recompile the kernel to that of
> course. However, it 
> > would seem as though ECN is only doing its job and
> you may want to 
> > explore that avenue.
> > 
> > 
> > 
> >
>
########################################################
> > This message has been scanned for viruses and
> dangerous content by 
> > MailScanner, and is believed to be clean.
> > 
> > postmaster@bandwidthco.com
> > MailScanner at bandwidthco.com is for your
> absolute protection.
> >
>
########################################################
> 
> Thnx Mark 
> 
> my box isn't ECN enabled for sure
> to be completly sure I issued: echo "0" >
> /proc/sys/net/ipv4/tcp_ecn
> 
> but this kind of behavior is strange for me or maybe
> my understanding of ECN
> isn't enough when i connect directly to ISP link non
> routing host everything
> seems to be OK (transfers rates) but EVERY returning
> packet in TCP sequence
> has TOS set to 0x03.
> 
> it seems that every packet in connection from my
> hosts makes ISP router
> congested - I don't think so - both interfaces of
> router are ethernet 100 i
> set MTU on external if to 1460 also tried with lower
> values and iptables
> ...... -j TCPMSS ... also without results 
> 
> so my theories :
> 
> 1. ISP sets TOS field to 0x03 on purpose on EVERY
> TCP packet directed to my
> host, but why?
> NAT preventing or sth ?
> 
> 2. bad ECN implementation ?
> it is possible but affects only those people who
> share their connection.
> at this point i must say that i dont want to make
> war with my ISP - i have 3
> PC and i want them all to be connected (network
> protocols and features test
> purposes)  generally it's not forbidden by ISP
> 
> i will examine those bytes just in case it's getting
> much interesting with
> each packet i captured ... :)  
> 
> i will be grateful for any advices
> 
> best regards
> POSTER PL
> 
>   
> 
>  This is indeed an interesting problem, and it
> sounds like you have been
> investigating it for a while. You mentioned that the
> TOS target was not
> effective. Why not try the -m tos match, and send
> the 0x03 TOS packets to
> the ECN target for processing? This target allows
> you to selectively work
> around known ECN blackholes: -j ECN
> --ecn-tcp-remove. Apply this in the
> mangle table with -p tcp. Just out of curiosity,
> what type of NICs are in
> your box? 
> 
> 
> 
>
########################################################
> This message has been scanned for viruses and
> dangerous 
> content by MailScanner, and is believed to be clean.
> 
> postmaster@bandwidthco.com
> MailScanner at bandwidthco.com is for your absolute
> protection.
>
########################################################
> 
> 
 
both are planet 8139 chipset based NICs so nothing
unusual
i totally forgot this netfilter target (ECN)! thnx for
that !
i will try it - i hope that it's what i needed

thnx

best regards 
POSTER PL


	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail