Re: hotmail not dealing with ECN

Gregory Maxwell (greg@linuxpower.cx)
Sat, 27 Jan 2001 15:14:28 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert D. Cahalan: "Re: the remount problem [2.4.0] kind of solved [patch]"
Previous message: Stephen C. Tweedie: "Re: Renaming lost+found"

On Sat, Jan 27, 2001 at 08:58:51PM +0100, Jamie Lokier wrote:
[snip]
> > I think that older Checkpoint firewalls (perhaps current?) zeroed out SACK
> > on 'hide nat'ed connections. This causes unreasonable stalls for users on
> > SACK enabled clients. Not cool.
>
> If both SACK and SACK_PERMITTED were zeroed out, the clients would
> negotiate non-SACK connections and everythings ok. A performance
> disadvantage relative to allowing SACK, but that's true of ECN as well.

Some checkpoint firewalls have caused stalls on SACK enabled clients. I
don't recall the exact configuration or method of action, but it does
happen. I suspect that it didn't kill the SackOK but only the actual SACKs
data.

Breaking end-to-end is the path to maddness. Trusting practically any
network that leaves a room is insane.

Firewalling should be implemented on the hosts, perhaps with centralized
policy management. In such a situation, there would be no reason to filter
on funny IP options.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Albert D. Cahalan: "Re: the remount problem [2.4.0] kind of solved [patch]"
Previous message: Stephen C. Tweedie: "Re: Renaming lost+found"