You may not have been aware of the ECN and its significance; however, this can have an impact in how devices communicate congestion on the network. Let's take a look at how these two bits can improve data flow.
In the original RFC 791, the last two bits of the DiffServ field are Reserved for Future Use, as shown in the following screenshot:
In 2001, RFC 3168 (https://tools.ietf.org/html/rfc3168) found a use for the last two bits. RFC 3168 outlined ECN, which provides a congestion notification on the network. Let's see how ECN improves over the classic method of managing network congestion.
Typically, when TCP experiences congestion, the hosts respond to dropped packets by going into congestion control, which results in the following:
- The client sends duplicate acknowledgments, indicating that there are missing packets.
- The server uses fast retransmission, which resends lost packets.
ECN is an improvement over this behavior by providing a congestion notification. This ultimately prevents the additional traffic that occurs when there are duplicate acknowledgments and fast retransmissions.
ECN uses both the TCP and IP header, as outlined here:
- The IP header uses the two bits at the end of the differentiated services field to indicate ECN-Capable Transport (ECT) and Congestion Experienced (CE).
- The TCP header uses two flags: CWR and ECE.
When using ECN, the two bits of the DiffServ field identify the code point. In the following table you'll see the bits, what the combination indicates, and what you might see in Wireshark as an indicator when displaying the DiffServ field values:
|
Bits |
Indication |
Identifier |
|
00 |
Non ECN-Capable Transport) |
Non-ECT |
|
10 |
ECN Capable Transport) |
ECT(0) |
|
01 |
ECN Capable Transport |
ECT(1) |
|
11 |
Congestion Encountered |
CE |
As you can see, code points 01 and 10 are basically the same.
In bigFlows.pcap frame 1, if we expand the IPv4 header, we see Explicit Congestion Notification: Not ECN-Capable Transport (0), which means this connection doesn't support ECN, as shown here:
The devices involved in the connection will communicate with one another and when available, use ECN, which helps notify endpoints on congestion issues.
Although the IP is a connectionless protocol, it provides methods to improve the priority of traffic, along with ways of notifying devices of congestion issues on the network. The next group of field values in the IP header deal with using fragmentation.