From owner-freebsd-net@freebsd.org Sat Sep 5 01:05:38 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4BA49CB473 for ; Sat, 5 Sep 2015 01:05:38 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9208F834; Sat, 5 Sep 2015 01:05:38 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by igbut12 with SMTP id ut12so25823046igb.1; Fri, 04 Sep 2015 18:05:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=MeHXChYAY5pCa1EPbq3IZuXo4941O6GJla42YlKkwAQ=; b=rEGuxCwJy4s3LjT7AxbdKqO6J7vqUMZ6SfX3DAmuHd2EdRvsqYraGzzwAjHjMzpjgT kHphu9W9GLbQK5AZVNjtujjXb+QpiyuPrhUi6zHG6B1G6CX54mVMVfNL/bQnEhQMq6Cw Fo4gVp+DdDL+nqcIYEKDaLauIdQ9E+GQ7tbmz8VtLJWpGZ38qIc0CKkcoWoPur9ZSDXs P/G5p6gpl3CWazj/PGfRamPneu/WqiyuJMKQjP00kj4HfMqvOtzZyRGSY7Qkp+O5GRoz loaLEeJwtVM5hcON4hbnS2RVNNziVDqTZaGt4ta6mciBBNw6TokAfueE+VUuvKz9ZiM5 s6Qw== MIME-Version: 1.0 X-Received: by 10.50.33.68 with SMTP id p4mr8754337igi.60.1441415138006; Fri, 04 Sep 2015 18:05:38 -0700 (PDT) Sender: kmacybsd@gmail.com Received: by 10.36.30.202 with HTTP; Fri, 4 Sep 2015 18:05:37 -0700 (PDT) In-Reply-To: <201509050053.t850rh9P071595@gw.catspoiler.org> References: <201509050053.t850rh9P071595@gw.catspoiler.org> Date: Fri, 4 Sep 2015 18:05:37 -0700 X-Google-Sender-Auth: QrGs-2nOedZQ9brgDLTGs-z0scM Message-ID: Subject: Re: default ECN settings From: "K. Macy" To: Don Lewis Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Sep 2015 01:05:38 -0000 On Fri, Sep 4, 2015 at 5:53 PM, Don Lewis wrote: > On 4 Sep, K. Macy wrote: >> By default ECN is completely disabled on FreeBSD. On Linux the default >> is to disable it outbound (not request it) but enable it inbound >> (accept new connections asking for it). Is there a good reason to only >> set ECN_PERMIT on inbound connections if the system is doing ECN on >> outbound connections? > > Not that I can think of. The risk in enabling ECN for outbound > connections is that some connection attempts can fail, especially if you > are attempting to connect to some old and oddball device. That should > not be a risk for inbound connections since those devices won't be > requesting ECN. Even with 'oddball' devices the stack is configured to retry ECN n times where n defaults to 1 and then revert to not requesting ECN support. Thus connections would take longer on 'oddball' devices. The solution that *I* would choose for that would be to track ECN support in the host cache. The first connection to a new host would always try ECN and in the event that that failed all subsequent connection attempts would not try ECN. To me this seems like the most robust compromise. However, I don't yet have enough information to say how much benefit this would confer. > Seems like we should be defaulting ECN on for inbound connections, > though we currently can't control the two directions separately. That is a straightforward change. Cheers.