Re: ECN: Clearing the air (fwd)

jamal (hadi@cyberus.ca)
Sun, 28 Jan 2001 13:08:40 -0500 (EST)


On Sun, 28 Jan 2001, Rogier Wolff wrote:

> jamal wrote:
> > > Yes,
> > > those firewalls should be updated to allow ECN-enabled packets
> > > through. However, to break connectivity to such sites deliberately just
> > > because they are not supporting an *experimental* extension to the current
> > > protocols is rather silly.
> > >
> >
> > This is the way it's done with all protocols. or i should say the way it
> > used to be done. How do you expect ECN to be deployed otherwise?
>
> Thinking about this a bit more:
>
> A sufficiently paranoid firewall should block requests that he doesn't
> fully understand. ECN was in this category, so old firewalls are
> "right" to block these. (Sending an 'RST' is not elegant. So be it.)
>
> However, ECN is now "understood", and operators are now in a position
> to configure their firewall to "do the right thing". This is

This would have been easier. The firewall operators were not provided with
this option. This is hard-coded. I agree with the rest of your message.

cheers,
jamal

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/