[e2e] opening multiple TCP connections getting popular

Glen Turner gdt at gdt.id.au
Fri Sep 21 00:18:06 PDT 2007

On Fri, 2007-08-31 at 08:07 -0700, rick jones wrote:
> On Aug 31, 2007, at 5:33 AM, David P. Reed wrote:
> > It's fascinating to me that Window Scaling (an end-to-end option) 
> > would be screwed by bugs in *routers*.
> If my experience interacting with end users in netnews is 
> representative, these "routers" are likely as not the 
> NAT/firewall/switch boxes like the one sitting between me and my DSL 
> line at the moment.  They get branded with the term "router" all the 
> time.

The problem is well described at
and in the threads at

The known faulty equipment is:

Cisco PIX NAT feature corrupting in presence of SACK and window
scaling. I don't have a Cisco bug ID for that -- the Cisco bug
navigator requires the specific version of software to be
known to hunt for a bug, which makes finding historical bugs
hard.  You would presume that people kept their firewall software
up-to-date, but the PIX had a bug where it filtered packets with
IP.ECN != 00 and that took years to disappear.

Linux routers running the Netfilter firewalling package with
the tcp-window-tracking module from the Netfilter Patch-o-matic.
This bug was fixed in May 2003
but made it into a lot of domestic appliance firewall/routers
in 2002-4.  Workaround is to disable firewall, fix is to
upgrade software (which may not be possible since many
manufacturers don't support older models and the source
code for self-support is often not available, despite the

It is suspected that other faults exist, simply because of the
number of bandwidth-shaping middleboxes which munge with the TCP

Best wishes, Glen

More information about the end2end-interest mailing list