> > Perfectly clear, thanks. So the FTOS target (but not the new DSCP) can be > > also used to selectively remove the ECN-enabled bit from syn packets going > > to some "bad" hosts throwing away any ECN-enabled connection (until the new > > ECN target is finished ...). > > NO, you can NOT!!! Please DON'T do this. YOU are causing ECN blackholes > this way. > > In order to work around ECN blackholes, one needs to clear the ECN bits > in the TCP header, not IP header.
Please can you explain further which bits in TCP header exactly? I thought that was the purpose of the planned ECN target to work around "brain-death" ISPs, which have firewalls blocking any ECN-enabled traffic, by zeroing the IP ECN bits without disabling ECN globally (please see the original letter of this thread). So far I couldn't use ECN because of one POP3 provider which is blocking the ECN-enabled traffic but I want to experiment with ECN because of some really nasty intercontinental packet lost on my route. BTW does anyone know the difference between ECN and the PMTUBlackHoleDetect feature of Microsoft's TCP stack?. Also if I understood it correctly ECN doesn't work for anything else than TCP (e.g. UDP, GRE protocols), right? So no help on tunnels (VPN, IPSEC) using mainly UDP ... Taka
