EXPLICIT CONGESTION NOTIFICATION – Due November 10, 2005

CISC 856 TCP/IP & Upper Layer Protocols

NOTE: Do NOT do #4 at the last minute!

  1. RFC 3168 recommends not to provide any ECN information (i.e. ECT and CWR should not be set) in retransmitted PDUs. Why do you think the above recommendation is made?
  1. Some faulty firewalls either drop ECN-setup SYN packet or respond with an RST TCP-PDU. Why do you think they(some firewalls) do this? How can an ECN-enabled linux host can still connect to such “problem” destinations while still using ECN for other destinations? (hint: man iptables in linux and/or RFC3168)
  1. Recall that one of the ICMP error reporting messages, i.e., SOURCE QUENCH,

also notifies the end hosts when a router experiences congestion. Source quench more quickly notifies the sender of congestion. Why is ECN a better approach from the perspective of a congested router and/or a congested network?

  1. Experimenting with ECN. IMPORTANT: Although ECN is intended to address congestion, modern routers/servers in large datacenters are not easy to congest. Do NOT attempt to congest anything by sending huge amounts of traffic, etc. In all likelihood, if you do, the only one who notices will be your ISP, which may not be happy. In 4.c, you will attempt to congest a slow connection using a legitimate (mostly harmless) amount of traffic. Slow connections like the upstream connection on a cable modem are frequently congested during normal use. You can attempt 4.c a few times, and can experiment with your own computer if you also have a slow connection. However, do not place more load on the network than you would while performing “normal” tasks, such as trying to download 1 file at a time.

We would like to see whether other hosts support ECN and/or properly implement ECN. To do this, be sure your computer supports ECN (windows does NOT) and that your analysis tool supports ECN (recent versions of ethereal and tcpdump DO). Under most unixes, sysctl allows you to find this out, and allows root to change this setting. Run “man 7 tcp” to find the relevant setting. You can read sysctl values like this:

cat /path/that/you/found/config_value

If you are root, you can w rite sysctl values like this:

echo value > /path/that/you/found/config_value

If you do not have access to an ECN-enabled host, and are not root so that you can turn on ECN, you can connect via ssh to alpha.squidserver.com with username 'cisc856' and password 'ecnr00lz' (those are zeros).

Provide output showing that your host is configured to use ECN.

4.a) Determining whether hosts support ECN: From an ECN-enabled host, use telnet to open a connection to several other hosts. Provide a tcpdump/ethereal transcript and indicate proof of at least 1 TCP connection where the hosts agree to use ECN and 1 where they do not. (hint: try port 80 on any webserver, port 22 on alpha.squidserver.com or port 443 on fw.skiingyac.com) You only need to show proof that the hosts have agreed ECN may be used, not that ECN is used during data transfer. Note that you'll need to run tcpdump/ethereal on the ECN-enabled host. If using your own computer for data capture, be sure you are using a recent version of tcpdump/ethereal with ECN support. Tcpdump is available on alpha.squidserver.com at /usr/local/sbin/tcpdump and is up-to-date.

Tcpdump uses the following conventions to show ECN bits:

ECE=1 – An “E” between the destination host and the sequence numbers

CWR=1 – A “W” between the destination host and the sequence numbers

ECT and CE – If set, these are noted after the TOS bits

4.b) From a non-ECN-enabled host, connect to an ECN-enabled host found in question 4.a. Can you still tell that the ECN-enabled host is ECN-enabled? Why/why not?

4.c) Determining whether hosts use ECN: From an ECN-enabled host, try to transfer a large file from another ECN-enabled host on a slow link. fw.skiingyac.com is connected to the internet via a cable modem with a ~40KB/s upload capacity, which is easily congestable with a legitimate amount of traffic which will not affect other hosts. Start tcpdump and then transfer 1 copy of blind.avi, a large (1.5MB) file, from fw.skiingyac.com. Use wget, lynx, or links, i.e.:

wget --no-check-certificate https://fw.skiingyac.com/testing/blind.avi

If needed, use HTTP username 'remote' and password 'caygniiks'.

Ignore any SSL errors, the important thing is that the file transfers.

Print out roughly 2 pages worth of a partial tcpdump/ethereal transcript showing that the hosts agree to use ECN and showing a few short sections of the output with congestion and/or some interesting PDUs. Is any congestion reported by ECN? Is there any evidence that congestion is experienced by any of the data PDUs sent from fw.skiingyac.com? There should be some congestion within the first few hundred PDUs! If no congestion is reported by ECN, why might this be the case? If congestion is reported by ECN, how does TCP react? Annotate any interesting or unexpected behavior.

You do NOT need to turn in, annotate, or closely examine every PDU. You should notice areas where congestion is experienced by quickly looking through the first few hundred PDUs received from fw.skiingyac.com. Select only a few of these interesting areas to look more closely at and comment on.