dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Dax Kelson: Problem Web Sites and Linux-Based ECN-Capable Clients

Sep 10, 2000, 22:59 (6 Talkback[s])
(Other stories by Dax Kelson)

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


We know what our task is at Linux Today this week. ;) If you run a Web site and expect to entertain Linux users, you'll want to pay close attention to this posting.

Executive Summary:
 
Survey shows 8.3% of websites unreachable from an ECN capable client.  
Notable unreachable sites:
 
www.amazon.com, www.ibm.com, www.sun.com, www.apple.com,
www.intel.com, www.disney.com, www.espn.com, www.zdnet.com,
www.ups.com, www.visa.com, abc.com, cbs.com, fox.com, sharkyextreme.com,
www.linuxtoday.com, www.linuxstart.com, www.linuxplanet.com,
www.linuxnewbie.org, www.linux-usb.org
 
Firewalls are improperly rejecting connections, if they aren't fixed,
there will be lots of complaining when the linux 2.4 kernel gets
widespread deployment.
 
Long version:
 
The current 2.4 test kernels include support for "ECN" in the IP
stack.  You can read about it here:

http://www.faqs.org/rfcs/rfc2481.html
 
As the Internet grows, ECN is needed to provide better congestion
management.  Theoretically, a fully ECN enabled Internet would have ZERO
packet loss.
 
The "problem" is that ECN uses two previously unused bits in the IP
header, and because of that many firewalls improperly drop or reject IP
packets from a ECN capable host.
 
There have been various postings to l-k about unreachable sites, I
wondered how widespread the problem was.
 
With the help of perl, and friends, I came up with list of 34,579 unique
websites.  The websites were plucked from the log file of a moderately
busy proxy server that has about 10,000 users behind it.  The sites in the
list are sites that were contacted by the proxy server in the last 5 days.

I wrote a perl script to connect to each website with ECN turned off, and
if I could connect, then to turn on ECN and try again.
 
The results:

From the 34,579 sites I came up with, 33177 were up.  

Sites checked: 34,579
Sites responding: 33177
Responding sites rejecting ECN packets: 2741 (8.3% of responding sites)

It took 12 hours to run the test.

According to NetCraft, there are 19+ million websites.  Did I sample
enough sites?  Mostly likely not, however, the 35k sites I checked
probably are the most popular sites on the Internet. 

Maybe NetCraft should do an ECN check as part of their normal survey.

If anyone is interested in the perl script, or the list of sites, let me
know.

Dax Kelson
Guru Labs