Explicit Congestion Notification
|Internet protocol suite|
Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168 (2001). ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that may be used between two ECN-enabled endpoints when the underlying network infrastructure also supports it.
Conventionally, TCP/IP networks signal congestion by dropping packets. When ECN is successfully negotiated, an ECN-aware router may set a mark in the IP header instead of dropping a packet in order to signal impending congestion. The receiver of the packet echoes the congestion indication to the sender, which reduces its transmission rate as if it detected a dropped packet.
Rather than responding properly or ignoring the bits, some outdated or faulty network equipment has historically dropped or mangled packets that have ECN bits set. As of 2015[update], measurements suggested that the fraction of web servers on the public Internet for which setting ECN prevents network connections had been reduced to less than 1%.
Passive support has existed in Ubuntu Linux since 12.04 and in Windows Server since 2012. Passive support in the most popular websites has increased from 8.5% in 2012 to over 70% in May 2017. Adoption across the Internet now requires clients to actively request ECN. In June 2015, Apple announced that ECN will be enabled by default on its supported and future products, to help drive the adoption of ECN signaling industry-wide.
ECN requires specific support at both the Internet layer and the transport layer for the following reasons:
- In TCP/IP, routers operate within the Internet layer, while the transmission rate is handled by the endpoints at the transport layer.
- Congestion may be handled only by the transmitter, but since it is known to have happened only after a packet was sent, there must be an echo of the congestion indication by the receiver to the transmitter.
Without ECN, congestion indication echo is achieved indirectly by the detection of lost packets. With ECN, the congestion is indicated by setting the ECN field within an IP packet to CE (Congestion Encountered) and is echoed back by the receiver to the transmitter by setting proper bits in the header of the transport protocol. For example, when using TCP, the congestion indication is echoed back by setting the ECE bit.
Operation of ECN with IP
00– Non ECN-Capable Transport, Non-ECT
10– ECN Capable Transport, ECT(0)
01– ECN Capable Transport, ECT(1)
11– Congestion Encountered, CE.
When both endpoints support ECN they mark their packets with ECT(0) or ECT(1). Routers treat the ECT(0) and ECT(1) codepoints as equivalent. If the packet traverses an active queue management (AQM) queue (e.g., a queue that uses random early detection (RED)) that is experiencing congestion and the corresponding router supports ECN, it may change the code point to
CE instead of dropping the packet. This act is referred to as "marking" and its purpose is to inform the receiving endpoint of impending congestion. At the receiving endpoint, this congestion indication is handled by the upper layer protocol (transport layer protocol) and needs to be echoed back to the transmitting node in order to signal it to reduce its transmission rate.
Because the CE indication can only be handled effectively by an upper layer protocol that supports it, ECN is only used in conjunction with upper layer protocols, such as TCP, that support congestion control and have a method for echoing the CE indication to the transmitting endpoint.
Operation of ECN with TCP
TCP supports ECN using two flags in the TCP header. The first, ECN-Echo (ECE) is used to echo back the congestion indication (i.e., signal the sender to reduce the transmission rate). The second, Congestion Window Reduced (CWR), to acknowledge that the congestion-indication echoing was received. Use of ECN on a TCP connection is optional; for ECN to be used, it must be negotiated at connection establishment by including suitable options in the SYN and SYN-ACK segments.
When ECN has been negotiated on a TCP connection, the sender indicates that IP packets that carry TCP segments of that connection are carrying traffic from an ECN Capable Transport by marking them with an ECT code point. This allows intermediate routers that support ECN to mark those IP packets with the CE code point instead of dropping them in order to signal impending congestion.
Upon receiving an IP packet with the Congestion Experienced code point, the TCP receiver echoes back this congestion indication using the ECE flag in the TCP header. When an endpoint receives a TCP segment with the ECE bit it reduces its congestion window as for a packet drop. It then acknowledges the congestion indication by sending a segment with the CWR bit set.
A node keeps transmitting TCP segments with the ECE bit set until it receives a segment with the CWR bit set.
To see affected packets with tcpdump, use the filter predicate
(tcp & 0xc0 != 0).
ECN and TCP control packets
Since the Transmission Control Protocol (TCP) does not perform congestion control on control packets (pure ACKs, SYN, FIN segments), control packets are usually not marked as ECN-capable.
Operation of ECN with other transport protocols
ECN is also defined for other transport layer protocols that perform congestion control, notably DCCP and Stream Control Transmission Protocol (SCTP). The general principle is similar to TCP, although the details of the on-the-wire encoding differ.
It is possible to use ECN with protocols layered above UDP. However, UDP requires that congestion control be performed by the application, and early UDP based protocols such as DNS did not use ECN. More recent UDP based protocols such as QUIC are using ECN for congestion control.
Effects on performance
Since ECN is only effective in combination with an Active Queue Management (AQM) policy, the benefits of ECN depend on the precise AQM being used. A few observations, however, appear to hold across different AQMs.
As expected, ECN reduces the number of packets dropped by a TCP connection, which, by avoiding a retransmission, reduces latency and especially jitter. This effect is most drastic when the TCP connection has a single outstanding segment, when it is able to avoid an RTO timeout; this is often the case for interactive connections, such as remote logins, and transactional protocols, such as HTTP requests, the conversational phase of SMTP, or SQL requests.
Use of ECN has been found to be detrimental to performance on highly congested networks when using AQM algorithms that never drop packets. Modern AQM implementations avoid this pitfall by dropping rather than marking packets at very high load.
Many modern implementations of the TCP/IP protocol suite have some support for ECN; however, they usually ship with ECN disabled.
ECN support in TCP by hosts
Windows versions since Windows Server 2008 and Windows Vista support ECN for TCP. Since Windows Server 2012, it is enabled by default in Windows Server versions, because Data Center Transmission Control Protocol (DCTCP) is used. In previous Windows versions and non-server versions it is disabled by default.
ECN support can be enabled using a shell command such as
netsh interface tcp set global ecncapability=enabled.
On FreeBSD, ECN for TCP can be configured using the net.inet.tcp.ecn.enable sysctl. By default, it is enabled only for incoming connections that request it. It can also be enabled for all connections or disabled entirely.
Since version 2.4.20 of the Linux kernel, released in November 2002, Linux supports three working modes of the ECN for TCP, as configured through the sysctl interface by setting parameter /proc/sys/net/ipv4/tcp_ecn to one of the following values:
- 0 – disable ECN and neither initiate nor accept it
- 1 – enable ECN when requested by incoming connections, and also request ECN on outgoing connection attempts
- 2 – (default) enable ECN when requested by incoming connections, but do not request ECN on outgoing connections
Beginning with version 4.1 of the Linux kernel, released in June 2015, the tcp_ecn_fallback mechanism, as specified in RFC 3168 section 126.96.36.199, is enabled by default when ECN is enabled (the value of 1). The fallback mechanism attempts ECN connectivity in the initial setup of outgoing connections, with a graceful fallback for transmissions without ECN capability, mitigating issues with ECN-intolerant hosts or firewalls.
Mac OS X
Mac OS X 10.5 and 10.6 implement ECN support for TCP. It is controlled using the boolean sysctl variables net.inet.tcp.ecn_negotiate_in and net.inet.tcp.ecn_initiate_out. The first variable enables ECN on incoming connections that already have ECN flags set; the second one tries to initiate outgoing connections with ECN enabled. Both variables default to 0, but can be set to 1 to enable the respective behavior.
In June 2015, Apple Inc. announced that OS X 10.11 would have ECN turned on by default, but the OS shipped without that default behavior. In macOS Sierra, ECN is enabled for half of TCP sessions.
In June 2015, Apple Inc. announced that iOS 9, its next version of iOS, would support ECN and have it turned on by default. TCP ECN negotiation is enabled on 5% of randomly selected connections over Wi-Fi / Ethernet in iOS 9 and 50% of randomly selected connections over Wi-Fi / Ethernet and a few cellular carriers in iOS 10 and 100% for iOS 11
- never – no ECN
- active – use ECN
- passive – only advertise ECN support when asked for.
As of Solaris 11.4, the default behavior is active. ECN usage can be modified via ipadm set-prop -p ecn=active tcp.
ECN support in IP by routers
Since ECN marking in routers is dependent on some form of active queue management, routers must be configured with a suitable queue discipline in order to perform ECN marking.
Cisco IOS routers perform ECN marking if configured with the WRED queuing discipline since version 12.2(8)T.
Linux routers perform ECN marking if configured with one of the RED or GRED queue disciplines with an explicit ecn parameter, by using the sfb discipline, by using the CoDel Fair Queuing (fq_codel) discipline, or the CAKE queuing discipline.
Modern BSD implementations, such as FreeBSD, NetBSD and OpenBSD, have support for ECN marking in the ALTQ queueing implementation for a number of queuing disciplines, notably RED and Blue. FreeBSD 11 included CoDel, PIE, FQ-CoDel and FQ-PIE queuing disciplines implementation in ipfw/dummynet framework with ECN marking capability.
Data Center TCP
Data Center Transmission Control Protocol (Data Center TCP or DCTCP) utilizes ECN to enhance the Transmission Control Protocol congestion control algorithm. It is used in data center networks. Whereas the standard TCP congestion control algorithm is only able to detect the presence of congestion, DCTCP, using ECN, is able to gauge the extent of congestion.
DCTCP modifies the TCP receiver to always relay the exact ECN marking of incoming packets at the cost of ignoring a function that is meant to preserve signalling reliability. This makes a DCTCP sender vulnerable to loss of ACKs from the receiver, which it has no mechanism to detect or cope with. As of July 2014[update], algorithms that provide equivalent or better receiver feedback in a more reliable approach are an active research topic.
- Steven Bauer; Robert Beverly; Arthur Berger (2011). "Measuring the State of ECN Readiness in Servers, Clients, and Routers" (PDF). Internet Measurement Conference 2011. Archived (PDF) from the original on 2014-03-22.
- Alberto Medina; Mark Allman; Sally Floyd. "Measuring Interactions Between Transport Protocols and Middleboxes" (PDF). Internet Measurement Conference 2004. Archived (PDF) from the original on 2016-03-04.
- "TBIT, the TCP Behavior Inference Tool: ECN". Icir.org. Archived from the original on 2013-03-11. Retrieved 2014-03-22.
- Brian Trammell; Mirja Kühlewind; Damiano Boppart; Iain Learmonth; Gorry Fairhurst; Richard Scheffenegger (2015). "Enabling Internet-Wide Deployment of Explicit Congestion Notification" (PDF). Proceedings of the Passive and Active Measurement Conference 2015. Archived from the original (PDF) on 15 June 2015. Retrieved 14 June 2015.
- David Murray; Terry Koziniec; Sebastian Zander; Michael Dixon; Polychronis Koutsakis (2017). "An Analysis of Changing Enterprise Network Traffic Characteristics" (PDF). The 23rd Asia-Pacific Conference on Communications (APCC 2017). Archived (PDF) from the original on 3 October 2017. Retrieved 3 October 2017.
- "Your App and Next Generation Networks". Apple Inc. 2015. Archived from the original on 2015-06-15.
- Kuzmanovic, A.; Mondal, A.; Floyd, S.; Ramakrishnan, K. (June 2009). Adding Explicit Congestion Notification Capability to TCP's SYN/ACK Packets. doi:10.17487/RFC5562. RFC 5562.
- Aleksandar Kuzmanovic. The power of explicit congestion notification. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications. 2005.
- Jamal Hadi Salim and Uvaiz Ahmed. Performance Evaluation of Explicit Congestion Notification (ECN) in IP Networks. RFC 2884. July 2000
- Marek Malowidzki, Simulation-based Study of ECN Performance in RED Networks, In Proc. SPECTS'03. 2003.
- "New Networking Features in Windows Server 2008 and Windows Vista". Archived from the original on 2010-01-15.
- "Data Center Transmission Control Protocol (DCTCP) (Windows Server 2012)". Archived from the original on 2017-08-26.
- "tcp(4) - Internet Transmission Control Protocol". FreeBSD Kernel Interfaces Manual. Retrieved 3 April 2020.
- "Announcing NetBSD 4.0". 2007-12-19. Archived from the original on 2014-10-31. Retrieved 2014-10-13.
- Michael Lucas (2013). Absolute OpenBSD: UNIX for the Practical Paranoid. ISBN 9781593274764. Retrieved 2014-03-22.
- "A Map of the Networking Code in Linux Kernel 2.4.20, Technical Report DataTAG-2004-1, FP5/IST DataTAG Project" (PDF). datatag.web.cern.ch. March 2004. Archived (PDF) from the original on 27 October 2015. Retrieved 1 September 2015.
- "Documentation/networking/ip-sysctl.txt: /proc/sys/net/ipv4/* Variables". kernel.org. Archived from the original on 2016-03-05. Retrieved 2016-02-15.
- The Addition of Explicit Congestion Notification (ECN) to IP. September 2001. doi:10.17487/RFC3168. RFC 3168. Retrieved 2016-02-15.
- "Linux man pages". man7.org. 2015-12-05. Archived from the original on 2016-02-16. Retrieved 2016-02-15.
- "ECN (Explicit Congestion Notification) in TCP/IP". Archived from the original on 2012-06-19.
- "macOS 10.12 Sierra: The Ars Technica review". Ars Technica. 20 September 2016. Archived from the original on 26 April 2018. Retrieved 25 April 2018.
- Inc., Apple. "Networking for the Modern Internet - WWDC 2016 - Videos - Apple Developer". Apple Developer. Archived from the original on 18 April 2018. Retrieved 18 April 2018.
- Bhooma, Padma (March 2017). "TCP ECN — Experience with enabling ECN on the Internet" (PDF). Archived (PDF) from the original on 2018-05-09. Retrieved 2017-05-03.
- Inc., Apple. "Advances in Networking, Part 1 - WWDC 2017 - Videos - Apple Developer". Apple Developer. Archived from the original on 31 January 2018. Retrieved 18 April 2018.
- "ipadm(8)". Oracle Solaris 11.4 Information Library. Oracle. Retrieved 6 May 2021.
- "Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle® Solaris 11.4, Using the TCP ECN Feature". Oracle Solaris 11.4 Information Library. Oracle. Retrieved 6 May 2021.
- Høiland-Jørgensen, Toke; Täht, Dave; Morton, Jonathan (2018). "Piece of CAKE: A Comprehensive Queue Management Solution for Home Gateways". arXiv:1804.07617v2 [cs.NI].
- "Import Dummynet AQM version 0.2.1 (CoDel, FQ-CoDel, PIE and FQ-PIE) to FreeBSD 11". The FreeBSD Project, FreeBSD r300779. Retrieved 5 August 2016.
- Data Center TCP (DCTCP): TCP Congestion Control for Data Centers. doi:10.17487/RFC8257. RFC 8257. Retrieved August 21, 2021.
- Problem Statement and Requirements for Increased Accuracy in Explicit Congestion Notification (ECN) Feedback. August 26, 2015. doi:10.17487/RFC7560. RFC 7560. Retrieved August 21, 2021.
- ECN web page by Sally Floyd
- RFC 4774 (BCP 124), Specifying Alternate Semantics for the Explicit Congestion Notification (ECN) Field, S. Floyd, (November 2006)
- Linux kernel support for defining a per-route/destination congestion control algorithm (merged in Linux kernel 4.0)