[aqm] A new(ish) study on ECN in the Internet

Brian Trammell <ietf@trammell.ch> Wed, 04 March 2015 12:57 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: aqm@ietfa.amsl.com
Delivered-To: aqm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 5DF681A03C7; Wed, 4 Mar 2015 04:57:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.788
X-Spam-Status: No, score=0.788 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id QlTTjSgcnyXI; Wed, 4 Mar 2015 04:57:07 -0800 (PST)
Received: from trammell.ch (trammell.ch []) by ietfa.amsl.com (Postfix) with ESMTP id E3AB11A0390; Wed, 4 Mar 2015 04:57:06 -0800 (PST)
Received: from pb-10243.ethz.ch (pb-10243.ethz.ch []) by trammell.ch (Postfix) with ESMTPSA id F32301A0032; Wed, 4 Mar 2015 13:57:05 +0100 (CET)
From: Brian Trammell <ietf@trammell.ch>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <C1817D7C-3A17-4A5F-97F3-5B5A53137453@trammell.ch>
Date: Wed, 4 Mar 2015 13:57:05 +0100
To: aqm@ietf.org, tcpm IETF list <tcpm@ietf.org>, tsvwg WG <tsvwg@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/aqm/a5ylo-mgCM3SZgXwrl8DycTGLS8>
Subject: [aqm] A new(ish) study on ECN in the Internet
X-BeenThere: aqm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for active queue management and flow isolation." <aqm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/aqm>, <mailto:aqm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/aqm/>
List-Post: <mailto:aqm@ietf.org>
List-Help: <mailto:aqm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/aqm>, <mailto:aqm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2015 12:57:09 -0000

Greetings, all,

We'll be publishing an active measurement study on ECN negotiability and connectivity risk at PAM 2015, just before the IETF; the author copy of the paper is at 


The key findings are:

(1) More than half of the Alexa top million web servers (600k accounting for duplicate IPs) will happily negotiate and mark ECT0 if you ask nicely (at least as of September 2014). This mainly reflects people upgrading Linux servers to kernels where tcp_ecn=2 is the default, and strongly validates changing default configurations as a method for increasing ECN deployment.

(2) 0.42% of these webservers will fail to connect if you try to negotiate ECN, but simple ECN fallback as in RFC 3168 (retransmitted SYN ECE CWR sent as SYN) commutes this to a risk of slightly increased handshake latency.

(3) A vanishingly small number (15 / ~600k) of these have *different* ECN connectivity dependency depending on where you connect from, indicating that the box breaking ECN is not directly adjacent to the server. A third of these (6) are GoDaddy parking sites.

(4) There is more mangling of the ECN IP header bits than connectivity dependency, and successful negotiation does not always mean successful marking. About 2% of IPv4 servers and 15% (!!!) of IPv6 servers signal in other than expected ways, indicating that negotiated ECN might not be useful.

(5) We appear to have seen two (count 'em, two!) CE markings in the wild, both from the same webserver (www.grandlyon.com) when probing 600k IP addresses 3 times from 3 different locations (i.e., 2 out of 5.6 million flows). This is neither encouraging nor surprising.

Bottom line, the risk to connectivity of turning ECN on by default in clients is vanishingly low, though not yet in the one in ten million range, when simple fallback as in RFC3168 is implemented. Modern Windows and Mac OS X do this; Linux doesn't yet, though we have a three line patch (which, anecdotally, I've been running without incident on my desktop for the past half year). 

Given the signaling anomalies, especially on IPv6, defining simple methods to detect and dynamically ignore anomalous signaling at the endpoints is probably the next area of work to getting ECN deployable. There *is* some path dependency of ECN brokenness, but not enough to make it worth it to continue working on the approach in the expired draft-kuehlewind-tcpm-ecn-fallback until we have a solution for the general ECN IP signaling anomalies.

I was hoping to get continuous measurements based on a new version of the measurement and analysis scripts up and running before the IETF, but this has fallen to task queue triage. We also have a student working on doing this for things other than the web; all of this is in my queue for mid-May at this point, so watch this space.


Brian and Mirja