[ubuntu-hardened] Explicit Congestion Notification (ECN): disable or leave the default setting?

Kees Cook kees at ubuntu.com
Sun Jul 14 16:25:48 UTC 2013 

Using the existing default seems entirely correct to me:

tcp_ecn - INTEGER
        Control use of Explicit Congestion Notification (ECN) by TCP.
        ECN is used only when both ends of the TCP connection indicate
        support for it.  This feature is useful in avoiding losses due
        to congestion by allowing supporting routers to signal
        congestion before having to drop packets.
        Possible values are:
                0 Disable ECN.  Neither initiate nor accept ECN.
                1 Enable ECN when requested by incoming connections and
                  also request ECN on outgoing connection attempts.
                2 Enable ECN when requested by incoming connections
                  but do not request ECN on outgoing connections.
        Default: 2


If the other end requests it, use it. I see no reason to disable it by
default.

-Kees

On Sun, Jul 14, 2013 at 03:25:39PM +0200, Daniel Curtis wrote:
> Hi
> 
> I would like to ask about so-called Explicit Congestion
> Notification (ECN) option, which - probably - resulting in increased
> network performance. Apparently on the network there is much,
> let say,  *broken* firewalls, which refuse connections from
> ECN-enabled machines. So to access to such site ECN should be
> disabled.
> 
> So what is the best solution, to do with this option? I have to
> mention, that I don't see any problems with accessing to
> the websites. Maybe sometimes, but it is really rare behavior. By
> default e.g. in Xubuntu 12.04 LTS, ECN is set to 2. So it is a good
> idea to disable this?;
> 
> echo 0 > /proc/sys/net/ipv4/tcp_ecn
> 
> What to do with this option? Leaving it as is, or disable? Almost
> on every website (related to Linux etc,) is written, that it is better
> to disable this option (e.g. Gentoo documentation [1]). Why, for example,
> in Xubuntu this option is set to the 2?
> 
> Best regards.
> ______________
> [1] pretty old tutorial for Linux 2.4:
> http://www.gentoo.org/doc/en/articles/linux-24-stateful-fw-design.xml

> -- 
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened

-- 
Kees Cook

More information about the ubuntu-hardened mailing list