> On 1 Dec, 2019, at 12:17 am, Carsten Bormann <c...@tzi.org> wrote: > >> There are unfortunate problems with introducing new TCP options, in that >> some overzealous firewalls block traffic which uses them. This would be a >> deployment hazard for SCE, which merely using a spare header flag avoids. >> So instead we are still planning to use the spare bit - which happens to be >> one that AccECN also uses, but AccECN negotiates in such a way that SCE can >> safely use it even with an AccECN capable partner. > > This got me curious: Do you have any evidence that firewalls are friendlier > to new flags than to new options?
Mirja Kuhlewind said as much during the TCPM session we attended, and she ought to know. There appear to have been several studies performed on this subject; reserved TCP flags tend to get ignored pretty well, but unknown TCP options tend to get either stripped or blocked. This influenced the design of AccECN as well; in an early version it would have used only a TCP option and left the TCP flags alone. When it was found that firewalls would often interfere with this, the three-bit field in the TCP flags area was cooked up. - Jonathan Morton _______________________________________________ Bloat mailing list Bloat@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/bloat
