Bug #125
ECN blacklist iptables rules
Closed
Normal
Steven Bauer
Description
Much like we have email blacklists, a malfunctioning ECN server blacklist could be maintained, and used as a standard iptables rule, to prevent ECN negotiation to malfunctioning hosts.It could use ipset to check for malfunctioning hosts on connect and rsync or wget to periodically update the file, much like how spam sources are tracked today. It would be awesome if it could check automagically and phone home with the data…
History
Updated by Dave Täht on Jul 27, 2011.
Updated by Dave Täht on Jun 24, 2014.
This is a static export of the original bufferbloat.net issue
database. As such, no further commenting is possible; the
information is solely here for archival purposes.
Cerowrt Project
Recent Updates
Find us elsewhere
Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine
Nlnet Foundation
Shuttleworth Foundation
GoFundMe
Congestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)
Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine
Sponsors
Comcast Research Innovation FundNlnet Foundation
Shuttleworth Foundation
GoFundMe
Bufferbloat Related Projects
OpenWrt ProjectCongestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)
Network Performance Related Resources
Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".
So a ECN server blacklist perhaps isn’t quite the right thing. Moreover, ECN problems can be introduced by a device very close to the client. For such a client, essentially the entire Internet would have to be blacklisted. (This in fact was exactly the case at my lab before it was fixed.)
Now, perhaps your point is there are servers that have topologically close problems and those could reasonably be put on a global list so everyone doesn’t go negotiating an ECN connection that ends up broken. Could be fairly large list. But even here since ECN brokenness is a path issue, the blacklist might not be correct for some clients depending upon the network topology and the location of the problems.