In Oracle Solaris 11.4, TCP actively includes Explicit Congestion Notification (ECN) negotiation with a peer when initiating a connection. ECN negotiation enables TCP to more accurately detect congestion on the network and react appropriately.
This feature requires that you use routers and switches that support ECN and allow ECN-enabled packets to pass through the network. Otherwise, remote connectivity might become problematic and you would need to adjust the ECN setting.
To detect whether a connection problem with a remote host is related to ECN, use the following approach:
Identify the target's IP address.
For this example, assume from the host source-server you are connecting to old-server with the IP address 198.51.100.113.
Use the snoop command as follows:
$ snoop -V from 198.51.100.113 src tcp Using device net3 (promiscuous mode) ________________________________ old-server.example.com -> source-server ETHER Type=0800 (IP), size=60 bytes old-server.example.com -> source-server IP D=198.51.100.124 S=198.51.100.113 LEN=40, ID=30421, TOS=0x0, TTL=25 old-server.example.com -> source-server TCP D=60726 S=2007 Rst Ack=3966642163 Win=0 $ snoop -v -I net3 from 198.51.100.113 src tcp output elided . IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 40 bytes IP: Identification = 22213 IP: Flags = 0x0 IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 25 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = 6157 IP: Source address = 198.51.100.113, old-server.example.com IP: Destination address = 198.51.100.159, source-server.example.com IP: No options IP: output elided
The output's IP Header indicates that ECN is not supported.
Change the default ECN property setting and then retest connections to the target.
root:~$ ipadm set-prop -p ecn=passive tcp