Broken routers and firewalls
Posted Jul 8, 2004 20:15 UTC (Thu) by Ross
Parent article: TCP window scaling and broken routers
"If ... the situation is left as it is, pressure on the router
manufacturers should get the problem fixed relatively quickly.
... Linux has a strong enough presence in the networking world
that it can get away with taking this sort of position."
Really? Is that why all of the broken firewalls stopped blocking packets
with ECN bits? Well, all of them except for a few tiny obscure places like
Sun, Sprint, CitiBank, Cornell, SAE, ISOC, Iomega, US DoJ, Wells Fargo, and
Checker Auto Parts :)
But seriously, while I hope this does force vendors to fix their broken
code I just don't have a lot of faith that it will work.
I _still_ find websites behind broken firewalls which stop all ICMP
packets, including "must fragment" errors. This doesn't just affect Linux
users. Well I can't reliably visit some of those sites (iptables PMTU
clamping helps considerably). The same thing with ECN. I once went to the
trouble of actually calling a network admin at Southwest Airlines to help
them fix the problem. It worked, in less than one week they had patched
their router, but now it is broken again.
The basic problem is that it doesn't affect them, and they have little
incentive to fix it. There's no clear communications channel to get the
information to the people who need it.
If you want to report ECN problems here's a good resource:
(follow the link to the "ECN Hall of Shame")
to post comments)