Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle^® Solaris 11.4

Using the TCP ECN Feature

In Oracle Solaris 11.4, TCP actively includes Explicit Congestion Notification (ECN) negotiation with a peer when initiating a connection. ECN negotiation enables TCP to more accurately detect congestion on the network and react appropriately.

This feature requires that you use routers and switches that support ECN and allow ECN-enabled packets to pass through the network. Otherwise, remote connectivity might become problematic and you would need to adjust the ECN setting.

To detect whether a connection problem with a remote host is related to ECN, use the following approach:

1. Identify the target's IP address.

   For this example, assume from the host source-server you are connecting to old-server with the IP address 198.51.100.113.

2. Use the snoop command as follows:

   $ snoop -V from 198.51.100.113 src tcp
   
   Using device net3 (promiscuous mode)
   ________________________________
   old-server.example.com -> source-server ETHER Type=0800 (IP), size=60 bytes
   old-server.example.com -> source-server IP  D=198.51.100.124 S=198.51.100.113 LEN=40, ID=30421, TOS=0x0, TTL=25
   old-server.example.com -> source-server TCP D=60726 S=2007 Rst Ack=3966642163 Win=0
   
   $ snoop -v -I net3 from 198.51.100.113 src tcp
   
   output elided
   .
   IP:   ----- IP Header -----
   IP:
   IP:   Version = 4
   IP:   Header length = 20 bytes
   IP:   Type of service = 0x00
   IP:         xxx. .... = 0 (precedence)
   IP:         ...0 .... = normal delay
   IP:         .... 0... = normal throughput
   IP:         .... .0.. = normal reliability
   IP:         .... ..0. = not ECN capable transport
   IP:         .... ...0 = no ECN congestion experienced
   IP:   Total length = 40 bytes
   IP:   Identification = 22213
   IP:   Flags = 0x0
   IP:         .0.. .... = may fragment
   IP:         ..0. .... = last fragment
   IP:   Fragment offset = 0 bytes
   IP:   Time to live = 25 seconds/hops
   IP:   Protocol = 6 (TCP)
   IP:   Header checksum = 6157
   IP:   Source address = 198.51.100.113, old-server.example.com
   IP:   Destination address = 198.51.100.159, source-server.example.com
   IP:   No options
   IP:
   
   output elided
   

   The output's IP Header indicates that ECN is not supported.

3. Change the default ECN property setting and then retest connections to the target.

   root:~$ ipadm set-prop -p ecn=passive tcp