[e2e] opening multiple TCP connections getting popular
Glen Turner
gdt at gdt.id.au
Fri Sep 21 00:18:06 PDT 2007
On Fri, 2007-08-31 at 08:07 -0700, rick jones wrote:
> On Aug 31, 2007, at 5:33 AM, David P. Reed wrote:
>
> > It's fascinating to me that Window Scaling (an end-to-end option)
> > would be screwed by bugs in *routers*.
>
> If my experience interacting with end users in netnews is
> representative, these "routers" are likely as not the
> NAT/firewall/switch boxes like the one sitting between me and my DSL
> line at the moment. They get branded with the term "router" all the
> time.
The problem is well described at
http://lwn.net/Articles/92727/
and in the threads at
http://oss.sgi.com/archives/netdev/2004-07/msg00146.html
http://kerneltrap.org/node/6723
The known faulty equipment is:
Cisco PIX NAT feature corrupting in presence of SACK and window
scaling. I don't have a Cisco bug ID for that -- the Cisco bug
navigator requires the specific version of software to be
known to hunt for a bug, which makes finding historical bugs
hard. You would presume that people kept their firewall software
up-to-date, but the PIX had a bug where it filtered packets with
IP.ECN != 00 and that took years to disappear.
Linux routers running the Netfilter firewalling package with
the tcp-window-tracking module from the Netfilter Patch-o-matic.
This bug was fixed in May 2003
http://oss.sgi.com/archives/netdev/2004-07/msg00261.html
but made it into a lot of domestic appliance firewall/routers
in 2002-4. Workaround is to disable firewall, fix is to
upgrade software (which may not be possible since many
manufacturers don't support older models and the source
code for self-support is often not available, despite the
GPL).
It is suspected that other faults exist, simply because of the
number of bandwidth-shaping middleboxes which munge with the TCP
window.
Best wishes, Glen
More information about the end2end-interest
mailing list