Networking optimize

Try this workaround for time-out issues in kernel 2.6.17 and higher

Have you found that there are some Web sites that time out on you, and you're not sure why? It may be due to the TCP window scaling issue in Linux kernel 2.6.17 and higher. This tip gives you the background on the problem and a workaround.

Because of a recent change in TCP window scale settings in Linux 2.6.17 kernel and higher, you may have had some problems connecting to certain Web sites. In this tip, I'll show you a workaround for the time-out problem, but first, let me give you the background on this issue.

A typical TCP packet has a window field that allows for a maximum window size of 64 KB. While this was sufficient when the Internet was young and most systems didn't have the power to handle anything greater, it's quite small for today's bandwidth-hungry applications.

As a result, a solution called window scaling was codified back in 1992; this provided an extra TCP option that contains an eight-bit scale factor. The value of this field indicates how much larger the window size should be by shifting the value of the window sizes by a certain number of bits. For instance, if the scale factor is set to 5, the window size would be shifted by 5 bits or multiplied by 32.

The problem is that in 2.6.16 and earlier, the default scale factor was 0, so there was no increase in TCP window sizes. In the 2.6.17 kernel, this was changed to a value of 7. In an ideal world, this wouldn't be a problem. In practice, however, some "broken" routers are rewriting the window scale TCP option -- setting the scale factor to 0 but leaving the actual enabling option in place.

Essentially, all of this means that there are some Web sites that cannot be connected to from a system using kernel 2.6.17 and higher. The kernel developer's stance is that those routers are broken and need to be replaced. In the real world, these routers may continue to operate for years before being fixed or replaced.

One solution is to reset the Linux kernel's window scaling option. While this doesn't fix broken routers, it will allow your system to connect to a remote site if you find you are experiencing the window scaling problem. If you're unsure whether this is the problem you are having, you can test it by executing:

echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale

To make the setting permanent, edit /etc/sysctl.conf and add:

net.ipv4.tcp_default_win_scale = 0

This will disable window scaling completely, which will allow you to reach some sites you couldn't before. Right or wrong, the kernel developers refuse to revert the change, so options are either to disable window scaling on your own and go back to pre-2.6.17 defaults, or contact those sites that can't be reached and try to convince them to find and replace the broken routers.

Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

7 comments
tony
tony

Since I see that my Linux Kernel version (2.6.19-2) does not have this entry in the /proc file system, maybe listing an example site that is unreachable will help determine if I have the problem or not! Any chance you will list at least one unreachable site? Cheers, tony. PS: Wanted to mention that I do get timeout issues when sending mail to some sites with Sendmail - could it be related?

Martin Evans
Martin Evans

On my ubuntu 2.6.17-10, echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale gives no such file or directory but I found cat /proc/sys/net/ipv4/tcp_window_scaling 1 I've never noticed a problem but I'll be watching out for it now.

johnson12
johnson12

I would like to know which distro this command will work on.... BSD dude why do you feel it necessary to bash Linux? You sound like so many new Linux users bashing MS. Do you have an inferiority complex or are you still in HS? :)

ergodic
ergodic

Fedora Core 6 behavior is identical to that of Ubunto

danno
danno

Guess it's time to use a real operating system instead of Linux. I hate to be mean, but first they don't test it well before releasing it, then they refuse to code it to take into account 'broken routers' that's BS... I'd like to see just how 'broken' they really are... probably not broken at all...