* ECN for servers ?
@ 2001-02-14 17:01 Petru Paler
2001-02-14 20:19 ` James Stevenson
2001-02-14 20:41 ` H. Peter Anvin
0 siblings, 2 replies; 7+ messages in thread
From: Petru Paler @ 2001-02-14 17:01 UTC (permalink / raw)
To: linux-kernel
Hello,
What is the impact of enabling ECN on the server side ? I mean, will
any clients (with broken firewalls) be affected if a SMTP/HTTP server
has ECN enabled ?
On the other hand, is there any advantage with ECN enabled on the server
side ?
--
Petru Paler, mailto:ppetru@ppetru.net
http://www.ppetru.net - ICQ: 41817235
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: ECN for servers ?
2001-02-14 17:01 ECN for servers ? Petru Paler
@ 2001-02-14 20:19 ` James Stevenson
2001-02-14 20:41 ` H. Peter Anvin
1 sibling, 0 replies; 7+ messages in thread
From: James Stevenson @ 2001-02-14 20:19 UTC (permalink / raw)
To: ppetru; +Cc: linux-kernel
Hi
no they should not be effected
the place that starts the connection eg send the first SYN
has to ask to use ECN if it is not requested it will
never be used in that connection
In local.linux-kernel-list, you wrote:
>Hello,
>
>What is the impact of enabling ECN on the server side ? I mean, will
>any clients (with broken firewalls) be affected if a SMTP/HTTP server
>has ECN enabled ?
>
>On the other hand, is there any advantage with ECN enabled on the server
>side ?
>
>--
>Petru Paler, mailto:ppetru@ppetru.net
>http://www.ppetru.net - ICQ: 41817235
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.tux.org/lkml/
>
--
---------------------------------------------
Check Out: http://stev.org
E-Mail: mistral@stev.org
8:10pm up 13 days, 3:55, 2 users, load average: 0.08, 0.28, 0.14
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: ECN for servers ?
2001-02-14 17:01 ECN for servers ? Petru Paler
2001-02-14 20:19 ` James Stevenson
@ 2001-02-14 20:41 ` H. Peter Anvin
2001-02-14 20:53 ` Jeff Garzik
2001-02-14 22:11 ` Graham Murray
1 sibling, 2 replies; 7+ messages in thread
From: H. Peter Anvin @ 2001-02-14 20:41 UTC (permalink / raw)
To: linux-kernel
Followup to: <20010214190128.G923@ppetru.net>
By author: Petru Paler <ppetru@ppetru.net>
In newsgroup: linux.dev.kernel
>
> Hello,
>
> What is the impact of enabling ECN on the server side ? I mean, will
> any clients (with broken firewalls) be affected if a SMTP/HTTP server
> has ECN enabled ?
>
> On the other hand, is there any advantage with ECN enabled on the server
> side ?
>
Pro: better behaviour in presence of network congestion.
Con: people behind broken firewalls can't connect.
-hpa
--
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: ECN for servers ?
2001-02-14 20:41 ` H. Peter Anvin
@ 2001-02-14 20:53 ` Jeff Garzik
2001-02-14 21:00 ` H. Peter Anvin
2001-02-14 21:09 ` Alan Cox
2001-02-14 22:11 ` Graham Murray
1 sibling, 2 replies; 7+ messages in thread
From: Jeff Garzik @ 2001-02-14 20:53 UTC (permalink / raw)
To: H. Peter Anvin; +Cc: linux-kernel
On 14 Feb 2001, H. Peter Anvin wrote:
> By author: Petru Paler <ppetru@ppetru.net>
> > What is the impact of enabling ECN on the server side ? I mean, will
> > any clients (with broken firewalls) be affected if a SMTP/HTTP server
> > has ECN enabled ?
> Pro: better behaviour in presence of network congestion.
>
> Con: people behind broken firewalls can't connect.
Since you can use ICMP to tunnel data, a lot of security ppl are
reluctant to stop filtering ICMP :/
Jeff
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: ECN for servers ?
2001-02-14 20:53 ` Jeff Garzik
@ 2001-02-14 21:00 ` H. Peter Anvin
2001-02-14 21:09 ` Alan Cox
1 sibling, 0 replies; 7+ messages in thread
From: H. Peter Anvin @ 2001-02-14 21:00 UTC (permalink / raw)
To: Jeff Garzik; +Cc: H. Peter Anvin, linux-kernel
Jeff Garzik wrote:
>
> On 14 Feb 2001, H. Peter Anvin wrote:
> > By author: Petru Paler <ppetru@ppetru.net>
> > > What is the impact of enabling ECN on the server side ? I mean, will
> > > any clients (with broken firewalls) be affected if a SMTP/HTTP server
> > > has ECN enabled ?
>
> > Pro: better behaviour in presence of network congestion.
> >
> > Con: people behind broken firewalls can't connect.
>
> Since you can use ICMP to tunnel data, a lot of security ppl are
> reluctant to stop filtering ICMP :/
>
You can use DNS to tunnel data, too. As far as ICMP is concerned,
perhaps they should consider sterilizing approaches instead.
-hp
--
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: ECN for servers ?
2001-02-14 20:53 ` Jeff Garzik
2001-02-14 21:00 ` H. Peter Anvin
@ 2001-02-14 21:09 ` Alan Cox
1 sibling, 0 replies; 7+ messages in thread
From: Alan Cox @ 2001-02-14 21:09 UTC (permalink / raw)
To: Jeff Garzik; +Cc: H. Peter Anvin, linux-kernel
> > Con: people behind broken firewalls can't connect.
>
> Since you can use ICMP to tunnel data, a lot of security ppl are
> reluctant to stop filtering ICMP :/
ICMP isnt the problem. Some of the load balancers and proxy setups didnt
allow ECN frames through. ICMP blocking just breaks path mtu discovery and
accessing the site via IPsec, via mobile ip and a few other things.
And you can tunnel data over ack sequence spaces, IP over http is trivial.
There are reasons proper proxy setups have passwords outgoing and do not let
any control data/header info across untouched
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: ECN for servers ?
2001-02-14 20:41 ` H. Peter Anvin
2001-02-14 20:53 ` Jeff Garzik
@ 2001-02-14 22:11 ` Graham Murray
1 sibling, 0 replies; 7+ messages in thread
From: Graham Murray @ 2001-02-14 22:11 UTC (permalink / raw)
To: linux-kernel
"H. Peter Anvin" <hpa@zytor.com> writes:
> Con: people behind broken firewalls can't connect.
Are you sure that is correct? "Servers" normally listen for incoming
connections from clients rather than establish them[1]. So, if the
server implements ECN then it will respond appropriately to incoming
SYN packets irrespective of whether the ECN bits are set. People, who
use ECN, who are behind a broken firewall will have problems
connecting irrespective of whether or not the server implements ECN.
[1] Passive FTP being an exception.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2001-02-14 23:22 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-02-14 17:01 ECN for servers ? Petru Paler
2001-02-14 20:19 ` James Stevenson
2001-02-14 20:41 ` H. Peter Anvin
2001-02-14 20:53 ` Jeff Garzik
2001-02-14 21:00 ` H. Peter Anvin
2001-02-14 21:09 ` Alan Cox
2001-02-14 22:11 ` Graham Murray
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox