Bug #125

ECN blacklist iptables rules

Added by Dave Täht on May 7, 2011. Updated on Jun 24, 2014.
Closed Normal Steven Bauer


Much like we have email blacklists, a malfunctioning ECN server blacklist could be maintained, and used as a standard iptables rule, to prevent ECN negotiation to malfunctioning hosts.

It could use ipset to check for malfunctioning hosts on connect and rsync or wget to periodically update the file, much like how spam sources are tracked today. It would be awesome if it could check automagically and phone home with the data…


Updated by Steven Bauer on May 8, 2011.
Lets discuss… most ECN “problems” are caused by network elements of one sort or another (routers, switches, load balancers, etc).

So a ECN server blacklist perhaps isn’t quite the right thing. Moreover, ECN problems can be introduced by a device very close to the client. For such a client, essentially the entire Internet would have to be blacklisted. (This in fact was exactly the case at my lab before it was fixed.)

Now, perhaps your point is there are servers that have topologically close problems and those could reasonably be put on a global list so everyone doesn’t go negotiating an ECN connection that ends up broken. Could be fairly large list. But even here since ECN brokenness is a path issue, the blacklist might not be correct for some clients depending upon the network topology and the location of the problems.

Updated by Dave Täht on Jul 27, 2011.
Updated by Dave Täht on Jun 24, 2014.

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent Updates

Oct 20, 2023 Wiki page
What Can I Do About Bufferbloat?
Dec 3, 2022 Wiki page
Codel Wiki
Jun 11, 2022 Wiki page
More about Bufferbloat
Jun 11, 2022 Wiki page
Tests for Bufferbloat
Dec 7, 2021 Wiki page
Getting SQM Running Right

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine


Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation

Bufferbloat Related Projects

OpenWrt Project
Congestion Control Blog
Flent Network Test Suite
The Cake shaper
CeroWrt (where it all started)

Network Performance Related Resources

Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".