Here is my reference
http://eltoday.com/article.php3?ltsn=2001-04-17-001-14-PS
Why Can't My 2.4 Kernel See Some Web Sites?
Apr 17, 2001, 17 :57 UTC (0 Talkback[s]) (23219 reads) (Other stories by
Scott Courtney)
By Scott Courtney
Your upgrade to kernel 2.4.0, or anything later, went perfectly, or so you
thought. You downloaded all the files you needed, built the kernel, upgraded
modutils, and booted. Voila! Working system! So you played around a bit,
decided it was working fine, and went back to your normal work.
Around noontime you decided to check your stock portfolio on E-Trade or to
look at the financial news on the NASDAQ web site. "Gee!" you thought as your
browser failed to connect, "It's amazing that both of these major financial
sites are down at the same time!" So you went back to what you were doing. A
couple of hours later they were still unreachable, and you began to wonder if
the problem was really at their end, or at yours.
Since the only thing you changed was the kernel, you rebooted under your old
kernel and tried NASDAQ. It was working fine now. Boot the 2.4.x kernel and
it's gone again. What's going on here?
The answer is that Linux is once again on the cutting edge of networking
technology with its implementation of an experimental protocol called
Explicit Congestion Notification, or ECN. The technical details of ECN are
described in a Request for Comment (RFC) document published by the Internet
Engineering Task Force (IETF). RFC 2481 is the relevant document, with RFC
2884 providing additional information. (http://www.ietf.org/).
In layman's terms, ECN is a way to improve the speed of the Internet for
everyone by allowing hosts or routers to specifically notify one another when
there is congestion due to heavy traffic. With the existing TCP/IP standards,
the only way to detect congestion was that routers would drop packets when
they had no bandwidth available. These packets would be automatically
retransmitted by the sending host, but the host would (presumably) notice
that packets were being dropped and would decrease its transmission rate.
ECN changes all that by allowing routers to notify hosts that the packet they
just received experienced congestion delays as it wended its way across the
Internet. The presumption is that the hosts become active partners with the
Internet infrastructure, helping to manage the overall traffic pattern by
making more reasonable requests of the infrastructure.
The problem with Linux 2.4.x and ECN is that not all of the existing routers
and other devices on the Internet can support ECN. In fact, some older
devices actually treat ECN packets as invalid, and discard them altogether.
This explains the problem with NASDAQ and E-Trade's web sites, both of which
(as of a few days ago) did not support ECN packets. There are other sites
with this problem as well, and in fact Internet.com had to upgrade some of
its own equipment several months ago as a result of this new protocol.
Eventually, the network infrastructure will be updated so that this new
protocol (currently experimental) is supported everywhere, but what can a
Linux user do about the problem in the meantime? The good news is that there
is an easy workaround, and it doesn't involve staying with the 2.2.x kernel.
In configuring the 2.4.x kernels, you can disable ECN by turning off the
CONFIG_INET_ECN option (titled "IP: TCP Explicit Congestion Notification" in
the interactive configurators) before building the kernel. This completely
removes ECN support from the kernel, but of course you then have no way to
test with it to see when you might turn it back on.
Another, perhaps simpler, approach is to use the sysctl feature of the /proc
virtual filesystem to turn off ECN at runtime. Executing this command:
echo "0" > /proc/sys/net/ipv4/tcp_ecn
will turn off ECN support until the next reboot, while replacing "0" with "1"
in the above command will turn ECN back on. You can safely put this command
in your rc.local or other bootup script, or make it part of your SysV init
processing.
With E
On Wednesday 02 May 2001 05:18 am, you wrote:
> I stand corrected. I was on my mandrake 7.2 when I was
> able to make my connection. Now that I am back in 8
> (cooker) I cannot connect to that site either. I tried
> several different browsers including lynx.
>
> --- Vincent Meyer <[EMAIL PROTECTED]> wrote:
> > Made sure that it was set to accept all cookies...
> > that doesn't
> > seem to be the problem. Were you able to get in to
> > the site?
> >
> > V.
> >
> > On Wednesday 02 May 2001 00:12, you wrote:
> > > Check your cookie maintenance section. I had
> >
> > problems
> >
> > > with some sites and discovered that I had refused
> >
> > some
> >
> > > key cookies. To verify accept all cookies from all
> > > servers when you try to go these sites.
> > >
> > > --- Vincent Meyer <[EMAIL PROTECTED]> wrote:
> > > > Hello,
> > > >
> > > > Could someone confirm something for me? I'm
> > > > running what
> > > > I think is the current cooker, and am having
> >
> > trouble
> >
> > > > getting into some of
> > > > the websites that I've never had a problem with
> > > > before. At first I thought
> > > > it was related to the network at my office, but
> >
> > now
> >
> > > > that i'm home and on
> > > > my cable modem, it does the same thing.
> > > >
> > > > One site is www.sfnb.com - Konqueror puts up
> >
> > an
> >
> > > > error box "could
> > > > not connect to host www.sfnb.com" Netscapes
> >
> > says
> >
> > > > the site is unavailable.
> > > > The site is indeed up - and accessable from
> >
> > windows.
> >
> > > > Is it my machine,
> > > > or is there something wrong in the current
> >
> > cooker?
> >
> > > > Can dig the ip address,
> > > > and can ping it without problems from linux.
> > > >
> > > > Am using caching name server, but don't think
> > > > that's the problem.
> > > >
> > > > Could someone try this and verify it for me?
> > > >
> > > > Thanks,
> > > >
> > > > Vinny
> > >
> > > =====
> > > SI Reasoning
> > > [EMAIL PROTECTED]
> > > gnupg/pgp key id 035213BC
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Yahoo! Auctions - buy the things you want at great
> >
> > prices
> >
> > > http://auctions.yahoo.com/
>
> =====
> SI Reasoning
> [EMAIL PROTECTED]
> gnupg/pgp key id 035213BC
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/