Internet-Draft | ecndep | February 2021 |
Heist | Expires 22 August 2021 | [Page] |
This note presents data gathered at an Internet Service Provider's gateway on the observed deployment and usage of ECN. Relevant IP counter and flow tracking data was collected and analyzed for TCP and other protocols.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 August 2021.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
To help guide the evolution of ECN, there is a need for more data on current deployment status, and observed usage of the ECN related bits, including:¶
For several weeks, we gathered data on all traffic through an Internet Service Provider's gateway. Though some of the results are informative, we caution that a larger, more widely reviewed and geographically distributed survey would be needed to be authoritative.¶
From December 28, 2020 to January 20, 2021, data was gathered on all traffic into and out of the Internet gateway at FreeNet Liberec, a cooperative WISP in an urban area of the Czech Republic. A total of 122.5 TB of incoming data and 12 TB of outgoing data was seen.¶
Around 660 members belong to the ISP, and 861 member IP addresses on the LAN were considered active during data collection. Most member IPs are used by a household of users, while others are for individual devices and public locations.¶
[IPTABLES-ECN] was used to collect and analyze the data. This consists of a script to gather the data using iptables and ipsets in Linux, and an analysis program that produces textual output. An abbreviated version of the output is included in Section 5. See the referred to source repository for more details and full output.¶
Our key observations are summarized as follows, and further expanded upon in the following sections:¶
Of 319.5 million TCP SYNs from LAN to WAN, 1.44% indicated ECN capability. Of 861 active member IP addresses, 390 (45.3%) attempted initiation for at least one ECN flow. A large proportion of the ECN flows are thought to come from Apple devices.¶
While 4.6 million ECN TCP SYNs were seen from LAN to WAN, 3.3 million ECN SYN-ACKs were seen in return. While it's not possible to get an exact ECN acceptance rate from this, it appears to be reasonably high, likely due to default acceptance on prevailing server operating systems like Linux, FreeBSD and recent versions of Windows Server.¶
There appears to be evidence of [RFC3168] marking AQMs. Of 861 active member IP addresses:¶
Two backhaul links have fq_codel [RFC8290] deployed, serving the 10.45.64.0/24 and 10.45.235.0/24 subnets. This accounts for 38 of the 90 member IP addresses that saw CE or ECE, with the source of the remaining CE and ECE marks unknown. These are presumed to be from other [RFC3168] marking AQM instances.¶
Note that depending on the position of the marking AQM relative to the gateway, CE marks may not be seen on some packets, while TCP ECE flags are seen in the opposite direction. For a number of member IP addresses, we saw 0 CE marks downstream, but ECE flags set upstream, suggesting an AQM downstream from the gateway marking downstream traffic.¶
Referring to the packet counts in the All IP / Both Directions table in the stats output in Section 5, where M indicates megapackets and G, gigapackets:¶
TCP | Conntrack (X) | Other | Total | |
---|---|---|---|---|
All | 76.60 G | -> | 43.52 G | 120.14 G |
CE | 10031 | 3.38 M | 813951 | 4.20 M |
ECT(0) | 523.91 M | 9.66 M | 2.55 M | 536.12 M |
ECT(1) | 63 | 6.68 M | 182928 | 6.86 M |
(X) UDP, ICMP, DCCP, SCTP, GRE (Conntrack All packets included in Other)¶
We note the following:¶
Possible explanations for ECN marks on non-TCP packets are explored further in this section.¶
There are several different encapsulation methods used when handling the ECN field through tunnels, as per [RFC3168] and [RFC6040]:¶
When method 3 is used at both ends of a tunnel, we would not expect to see ECN codepoint usage in either direction.¶
When methods 1 or 2 are used at both ends of a tunnel, we would expect to see ECT(0) on both incoming and outgoing packets. We would also expect a bias towards incoming packets, since more data is generally downloaded than uploaded, and pure ACKs do not have ECT(0) marks.¶
When method 3 is used at only one end of the tunnel, we would expect to see ECT(0) on packets in only one direction.¶
We note the following:¶
Uni-directional ECT(0) marks were observed for:¶
While it's possible that some of the data observed was from tunneled ECN traffic, this can't be established definitively.¶
Some applications may still use historical definitions of the former TOS byte. Although RFC791 reserved the ECN field for future use, the now obsolete [RFC1349] defined the TOS field as four bits within the Type of Service octet, one of which overlaps with the ECN field. This may account for some of the observed usage of ECT(0), since the value for "minimize monetary cost" was 0001, shifted to the left one bit, coinciding with ECT(0).¶
Users of operating system's socket APIs wishing to set a DiffServ codepoint may be confused as to whether or not they need to shift the desired value left two bits before passing it in. Additionally, OS header files have been seen with out-of-date definitions for obsolete values in the former Type of Service octet, and obsolete definitions from [RFC2481].¶
Another possible source of confusion is the TOS field values listed in the now obsolete [RFC1349], without having been shifted. A casual reader could see the value 0001 for "minimize monetary cost" and think that they should use this value in the TOS byte, conflicting with ECT(1), not realizing that:¶
To reduce incorrect usages of the DS field, OS header files should be sanitized, obsolete RFCs more prominently marked as such, and API documentation brought up to date.¶
It's possible that some software is using the ECN field to gain an advantage in Internet queues or for some other nefarious purpose. Further analysis would be needed to determine if this is the case.¶
While we captured the ratio of ECN SYNs to ECN SYN-ACKs, we do not have an exact count of flows that were accepted or rejected. It may be possible to do this more accurately with additional iptables rules in [IPTABLES-ECN].¶
Tunnel protocols are challenging because of the different encapsulation methods and protocols used. An analysis at the flow level, rather than by IP address and destination port pairs, might be more useful in identifying the usage of ECN over tunnels.¶
More research is needed into the reasons for ECN codepoints being set on non-TCP traffic. Given the relatively low volume of this traffic, it might be practical to take packet captures of it for further analysis.¶
Additionally, we are currently not able to differentiate between the total number of packets for conntrack-supported and Other protocols. This could be improved with some changes to [IPTABLES-ECN].¶
While this study looked at signals by IP address for TCP and IP/port for conntrack-supported protocols, it does not break down signals for Other protocols by IP address. Among those protocols is IPSec ESP packets, using IP protocol 50. The [IPTABLES-ECN] script could be modified to create more ipsets of type hash:ip, parallel to what was done for IP traffic as a whole, to further analyze these protocols for tunnel activity.¶
This abbreviated output only includes LAN to WAN flows, and a small subset of the non-TCP conntrack protocols by member IP address. For full output, see the [IPTABLES-ECN] repository.¶
Note the IP addresses shown here have been anonymized within the 10.0.0.0/8 address space, in a way that retains the subnet structure.¶
Packets, CE, ECT(0) and ECT(1) are packet counts, and use units of M, G or T for mega, giga, or terapackets. Total (both directions): TCP Conntrack [*] Other Total --- ------------- ----- ----- Bytes 101.22 TB -> 33.22 TB 134.46 TB Packets 76.60 G -> 43.52 G 120.14 G |-CE 10031 3.38 M 813951 4.20 M |-ECT(0) 523.91 M 9.66 M 2.55 M 536.12 M |-ECT(1) 63 6.68 M 182928 6.86 M WAN to LAN: TCP Conntrack [*] Other Total --- ------------- ----- ----- Bytes 95.79 TB -> 26.65 TB 122.45 TB Packets 41.43 G -> 30.29 G 71.72 G |-CE 9298 3.38 M 721002 4.11 M |-ECT(0) 480.35 M 9.62 M 1.93 M 491.91 M |-ECT(1) 62 6.68 M 65111 6.74 M LAN to WAN: TCP Conntrack [*] Other Total --- ------------- ----- ----- Bytes 5.43 TB -> 6.57 TB 12.00 TB Packets 35.17 G -> 13.23 G 48.41 G |-CE 733 60 92949 93742 |-ECT(0) 43.56 M 40366 614623 44.21 M |-ECT(1) 1 28 117817 117846 [*] Conntrack protocols: UDP, ICMP, DCCP, SCTP, GRE Conntrack total Bytes and Packets included in Other¶
IP address counts with TCP and ECN activity: Active (sent >= 10 SYNs): 861 (of 1195) Initiated any ECN flows: 390 (45.3%) Negotiated any ECN flows: 382 (44.4%) Saw CE or ECE on ECN flow: 90 (23.6% of ECN, 10.5% of all) Saw ECT(1) on ECN flow: 5 SYN packet count totals for active IPs: All SYNs: 319560652 ECN SYNs: 4601118 (1.44% of all) ECN SYN/ACKs: 3273815 (71.15% of ECN SYNs) ECN packet count totals for active IPs: Direction CE ECE ECT(0) ECT(1) --------- -- --- ------ ------ From LAN 733 502985 42903861 1 From WAN 9298 19367 479756419 62 ECN congestion signals by active IP: IP CE from WAN ECE from LAN CE from LAN ECE from WAN -- ----------- ------------ ----------- ------------ 10.45.9.88 0 0 0 431 10.45.64.3 36 13348 0 45 10.45.64.4 0 2192 0 0 10.45.64.7 28 4610 0 35 10.45.64.11 0 335 0 0 10.45.64.12 0 14955 3 0 10.45.64.13 0 223 0 0 10.45.64.14 13 20863 0 23 10.45.64.15 0 9 0 0 10.45.64.16 0 1396 0 0 10.45.64.17 0 464 0 0 10.45.64.31 0 46740 12 0 10.45.64.39 0 11019 0 0 10.45.64.45 0 363 0 0 10.45.64.47 0 15731 321 6041 10.45.64.59 0 44 0 0 10.45.64.85 0 57 0 0 10.45.64.93 0 16530 0 0 10.45.64.103 0 10649 0 0 10.45.64.105 0 2046 0 0 10.45.64.112 0 1135 1 1 10.45.64.116 0 1042 0 0 10.45.64.118 163 710 0 170 10.45.64.123 0 3118 0 0 10.45.64.125 0 52960 49 0 10.45.64.126 0 12579 122 0 10.45.65.7 0 176 0 0 10.45.65.16 0 4483 0 0 10.45.65.110 0 1530 0 0 10.45.65.112 0 2313 0 0 10.45.65.124 5 6 0 9 10.45.86.39 1 13 0 0 10.45.86.41 72 3228 0 0 10.45.87.32 0 64 0 0 10.45.87.45 1 0 0 0 10.45.87.50 3 3 0 0 10.45.87.127 17 22 0 39 10.45.101.96 155 156 0 151 10.45.104.24 55 63 0 77 10.45.107.73 400 416 0 430 10.45.108.24 0 0 0 36 10.45.113.6 168 191 0 174 10.45.113.106 34 37 0 40 10.45.114.98 1619 1792 0 1739 10.45.138.66 43 56 0 47 10.45.140.73 510 551 0 520 10.45.140.74 39 46 0 38 10.45.141.85 39 50 0 85 10.45.145.2 10 15 0 25 10.45.145.73 1 0 0 0 10.45.153.10 6 11 0 0 10.45.154.82 22 25 0 44 10.45.155.68 1 1 0 0 10.45.155.71 144 143 1 152 10.45.158.197 493 53 0 0 10.45.158.198 13 13 0 25 10.45.176.114 32 46 0 62 10.45.176.119 38 47 0 68 10.45.177.68 22 24 0 27 10.45.182.75 6 7 0 13 10.45.183.117 131 145 6 152 10.45.183.204 8 10 0 0 10.45.212.82 18 23 0 48 10.45.229.81 268 2104 1 0 10.45.230.25 3132 18481 0 0 10.45.230.204 1 1 0 0 10.45.231.31 16 9 0 30 10.45.234.197 188 225 0 153 10.45.235.6 0 217 0 0 10.45.235.24 0 388 0 0 10.45.235.59 16 897 0 30 10.45.235.89 56 31899 176 5630 10.45.235.90 727 4278 0 709 10.45.235.92 151 169965 41 1784 10.45.235.94 0 1394 0 0 10.45.235.196 0 157 0 0 10.45.235.199 0 56 0 0 10.45.235.200 0 220 0 0 10.45.235.203 0 234 0 0 10.45.235.206 0 3484 0 0 10.45.235.208 0 378 0 0 10.45.238.75 196 262 0 229 10.45.241.101 0 740 0 0 10.45.242.72 5 5 0 11 10.45.242.146 21 25 0 44 10.45.243.69 2 3 0 0 10.45.249.6 0 2461 0 0 10.45.249.34 0 2260 0 0 10.45.251.37 39 171 0 0 10.45.251.114 134 13794 0 0¶
Protocols included: UDP, ICMP, DCCP, SCTP, GRE Active IPs: Active IPs with ECN signals: 420 Active IP/dstport pairs with ECN signals: 24972 ECN packet count totals for active IPs: Direction CE ECT(0) ECT(1) --------- -- ------ ------ From LAN 59 26692 28 From WAN 2838929 9562002 6632561 ECN codepoint packet counts by client IP, with selected ports: (ports with '*' had >100 ECT(0) marks) ECT(0) CE ECT(1) ECT(0) CE ECT(1) from from from from from from IP/Port LAN LAN LAN WAN WAN WAN ------- --- --- --- --- --- --- 10.45.10.0 201 0 0 0 0 0 10.45.10.4 14 0 0 0 0 0 10.45.10.5 20 0 0 0 0 0 10.45.10.6 9 0 0 0 0 0 10.45.10.7 8 0 0 0 0 0 10.45.10.8 39 0 0 0 0 0 10.45.10.11 8 0 0 0 0 0 10.45.10.12 2 0 0 0 0 0 10.45.10.42 6 0 0 0 0 0 10.45.10.61 2 0 0 0 0 0 10.45.10.70 44 0 0 0 0 0 10.45.10.71 5 0 0 0 0 0 10.45.10.73 7 0 0 0 0 0 10.45.10.77 13 0 0 0 0 0 10.45.10.81 10 0 0 0 0 0 10.45.10.82 8 0 0 0 0 0 10.45.10.83 3 0 0 0 0 0 10.45.10.95 59 0 0 0 0 0 10.45.10.96 39 0 0 0 0 0 10.45.10.129 0 0 0 0 403 1 10.45.10.196 80 0 0 0 0 0 10.45.10.197 63 0 0 0 0 0 10.45.10.201 3 0 0 0 0 0 10.45.10.204 25 0 0 0 0 0 10.45.10.227 40 0 0 0 0 0 10.45.10.228 7 0 0 0 0 0 10.45.10.244 14 0 0 0 0 0 10.45.10.245 7 0 0 0 0 0 10.45.64.3 100 0 0 0 0 0 10.45.64.4 31 0 0 0 0 0 10.45.64.6 2 0 0 0 0 0 10.45.64.7 8 0 0 12 126 20 10.45.64.10 29 0 0 0 0 0 10.45.64.11 67 0 0 0 0 0 10.45.64.12 6 0 0 0 0 0 10.45.64.13 35 0 0 0 0 0 10.45.64.14 121 0 0 0 0 0 10.45.64.15 52 0 0 0 0 0 10.45.64.16 18 0 0 0 0 0 10.45.64.19 0 0 0 16 0 0 udp:4500 (ipsec-na.. 0 0 0 11 0 0 10.45.64.31 27 0 0 34129 2468 58304 udp:37658 0 0 0 0 0 4346 * udp:38129 0 0 0 24957 2468 15281 udp:38884 0 0 0 0 0 10409 * udp:40871 0 0 0 288 0 2269 * udp:41621 0 0 0 3057 0 14609 * udp:41744 0 0 0 171 0 61 udp:43588 0 0 0 0 0 6746 udp:45444 0 0 0 0 0 1292 * udp:45465 0 0 0 866 0 0 udp:45483 0 0 0 0 0 1838 * udp:45522 0 0 0 4764 0 708 10.45.64.39 75 0 0 0 0 0 10.45.64.45 50 0 0 0 0 0 10.45.64.47 11 0 0 0 0 0 10.45.64.51 2 0 0 0 0 0 10.45.64.59 593 0 0 56 1624 10 udp:3478 (stun) 0 0 0 56 1624 10 10.45.64.85 4 0 0 0 0 0 10.45.64.86 9 0 0 7 434404 3 udp:4400 (ds-srv) 0 0 0 0 29065 0 udp:14757 0 0 0 0 97175 0 udp:24173 0 0 0 0 35437 0 udp:29493 0 0 0 0 120959 0 udp:44495 0 0 0 0 41547 0 udp:53678 0 0 0 0 109978 0 10.45.64.89 4 0 0 7 50 0 10.45.64.93 75 0 0 598 2971 341 * udp:3478 (stun) 0 0 0 598 2971 341 10.45.64.98 0 0 0 0 0 32780 udp:6008 0 0 0 0 0 9234 udp:7008 (afs3-upd.. 0 0 0 0 0 23546 10.45.64.99 0 0 0 132 2094 73 udp:3478 (stun) 0 0 0 0 3 0 10.45.64.103 47 0 0 0 0 0 10.45.64.104 1 0 0 70 293 31 10.45.64.105 7 0 0 213 33440 0 * udp:443 (https) 0 0 0 213 33440 0 10.45.64.107 2 0 0 0 0 0 10.45.64.108 1 0 0 0 0 0 10.45.64.111 0 0 0 1 1 0 10.45.64.112 48 0 0 0 421 0 10.45.64.116 64 0 8 4 143 8 10.45.64.118 77 0 0 0 0 0 10.45.64.121 0 0 0 0 2107 0 udp:38603 0 0 0 0 2100 0 10.45.64.123 13 0 0 0 0 0 10.45.64.124 0 0 0 6 0 0 udp:443 (https) 0 0 0 6 0 0 10.45.64.125 22 0 0 0 0 0 10.45.64.126 37 0 0 1 10 0 10.45.65.0 42 0 0 0 0 0 10.45.65.1 45 0 0 0 0 0 10.45.65.5 17 0 0 0 0 0 10.45.65.7 30 0 0 0 0 0 10.45.65.11 6 0 0 0 0 0 10.45.65.16 505 0 0 1686 40141 36888 * udp:3478 (stun) 0 0 0 1595 22049 4 udp:26808 0 0 0 0 0 36805 udp:62348 0 0 0 0 15738 0 10.45.65.17 0 0 0 0 4 0 10.45.65.66 94 0 0 0 17 0 udp:3478 (stun) 0 0 0 0 17 0 10.45.65.94 25 0 0 319 0 1 udp:3478 (stun) 0 0 0 0 0 1 10.45.65.95 8 0 0 0 0 0 10.45.65.104 41 0 0 0 0 0 10.45.65.107 5 0 0 12 77 2 10.45.65.110 38 0 0 0 0 0 10.45.65.112 75 0 0 39 1168 18 10.45.65.122 0 0 0 2 5 0 10.45.65.123 1 0 0 0 0 0 10.45.65.124 11 0 0 0 0 0 10.45.65.127 5 0 0 0 0 0 10.45.75.90 1 0 0 0 0 0 10.45.80.28 0 0 0 2 8 1 10.45.80.79 2 0 0 4 7 0 10.45.80.85 10 0 0 0 0 0 10.45.80.99 11 0 0 0 0 0 10.45.83.76 3 0 0 0 0 0 10.45.83.80 0 0 0 28 51 11 10.45.85.127 68 0 0 301 174 30747 * udp:599 (acp) 0 0 0 222 174 45 udp:6008 0 0 0 0 0 30702 * udp:60001 65 0 0 49 0 0 10.45.86.16 2 0 0 13 0 0 udp:4500 (ipsec-na.. 0 0 0 8 0 0 udp:51820 (wiregua.. 0 0 0 5 0 0 10.45.86.36 4 0 0 0 0 0 10.45.86.39 50 0 0 205 37619 107 udp:29492 0 0 0 0 2512 0 udp:64733 0 0 0 0 30711 0 10.45.86.40 0 0 0 2 0 0 udp:443 (https) 0 0 0 2 0 0 10.45.86.43 532 0 0 0 11 0 10.45.86.68 325 0 0 760 3528 614 udp:80 (http) 0 0 0 0 2 0 10.45.87.32 14 0 0 12 0 0 10.45.87.44 0 0 0 709 4963 623 udp:80 (http) 0 0 0 0 1 0 udp:6881 0 0 0 3 1313 43 10.45.87.45 185 0 0 0 0 0 10.45.87.48 82 0 0 0 0 0 10.45.87.50 68 0 0 3 0 9 udp:4500 (ipsec-na.. 0 0 0 3 0 9 10.45.87.103 2 0 0 0 0 0 10.45.87.112 0 0 0 0 1 0 10.45.87.113 33 0 0 0 0 0 10.45.87.127 44 0 0 0 0 0 10.45.92.74 2 0 0 31 0 1 10.45.93.69 0 0 0 15 122 6 10.45.93.75 4 0 0 361 2945 278 10.45.93.79 8 0 0 0 0 0 10.45.98.71 0 0 0 2 8 0 10.45.98.72 40 0 0 0 1 0 udp:3478 (stun) 0 0 0 0 1 0 10.45.101.96 140 0 0 0 0 0 10.45.101.100 12 0 0 0 0 0 10.45.101.101 0 0 0 2 10 7 10.45.101.103 0 0 0 21 21899 15 udp:58479 0 0 0 0 21372 0 10.45.101.104 33 0 0 0 0 10 10.45.104.24 324 0 0 0 0 0 10.45.104.104 60 0 0 16 72 2 10.45.107.73 58 0 0 32 0 1 udp:4500 (ipsec-na.. 0 0 0 32 0 1 10.45.107.79 70 0 0 34 0 0 udp:443 (https) 0 0 0 34 0 0 10.45.107.81 3 0 0 0 4421 0 udp:61094 0 0 0 0 4421 0 10.45.108.3 1 0 0 0 0 0 10.45.108.4 1 0 0 33 5079 90 udp:33027 0 0 0 0 2978 0 10.45.108.13 14 0 0 0 0 0 10.45.108.24 117 0 0 799 5543 1059 * udp:40211 0 0 0 107 0 0 10.45.108.25 799 0 0 1 2 1 10.45.108.66 0 0 1 0 0 0 10.45.108.69 2 0 0 0 0 0 10.45.108.71 0 0 0 28 12830 0 udp:34665 0 0 0 0 12462 0 10.45.108.75 38 0 0 0 0 6395176 udp:6008 0 0 0 0 0 1755476 udp:7008 (afs3-upd.. 0 0 0 0 0 1827173 udp:8008 (http-alt) 0 0 0 0 0 740987 udp:9008 0 0 0 0 0 809024 udp:10008 (octopus) 0 0 0 0 0 380001 udp:11008 0 0 0 0 0 578400 udp:12008 (accurac.. 0 0 0 0 0 231619 udp:13008 0 0 0 0 0 72496 10.45.108.76 2 0 0 0 0 0 10.45.108.77 31 0 0 0 0 0 10.45.108.80 10 0 0 337 1566 173 10.45.108.95 283 0 0 1 5 0 10.45.108.126 12 0 0 0 0 0 10.45.112.74 371 0 0 9 95 4 10.45.112.102 29 0 0 0 0 0 10.45.112.139 5 0 0 0 0 0 10.45.112.154 4 0 0 0 0 0 10.45.112.165 24 0 0 0 0 0 10.45.112.172 0 0 0 6333 0 0 * udp:443 (https) 0 0 0 6333 0 0 10.45.112.216 2 0 0 0 0 0 10.45.113.6 136 0 0 147184 0 0 * udp:4500 (ipsec-na.. 0 0 0 147184 0 0 10.45.113.7 52 0 0 453 0 10 * udp:443 (https) 0 0 0 309 0 0 * udp:4500 (ipsec-na.. 0 0 0 144 0 10 10.45.113.9 60 0 0 0 0 0 10.45.113.11 187 0 0 0 0 0 10.45.113.27 1 0 0 0 0 0 10.45.113.30 4 0 0 0 0 0 10.45.113.33 2 0 0 0 0 0 10.45.113.34 58 0 0 0 0 0 10.45.113.35 6 0 0 0 0 0 10.45.113.36 2 0 0 0 0 0 10.45.113.66 0 0 0 1 11 0 10.45.113.90 163 0 0 0 0 0 10.45.113.94 0 0 0 17 62 2 10.45.113.97 19 0 0 0 0 0 10.45.113.99 15 0 0 11 76 12 10.45.113.104 0 0 0 818 0 0 * udp:4500 (ipsec-na.. 0 0 0 818 0 0 10.45.113.106 10 0 0 0 0 0 10.45.113.119 313 0 0 0 178 0 udp:3478 (stun) 0 0 0 0 178 0 10.45.113.122 0 0 0 36 0 0 udp:4500 (ipsec-na.. 0 0 0 36 0 0 10.45.113.124 201 0 0 0 0 0 10.45.114.8 0 0 0 0 3 0 10.45.114.10 3 0 0 0 0 0 10.45.114.42 3 0 0 286 12 67 * udp:51820 (wiregua.. 0 0 0 286 0 66 10.45.114.98 10 0 0 0 0 0 10.45.120.25 53 0 0 0 0 0 10.45.120.34 12 0 0 0 0 0 10.45.120.78 715 0 0 0 0 0 10.45.122.51 66 0 0 686 28190 122 udp:45622 0 0 0 0 5782 0 udp:59437 0 0 0 0 17791 0 10.45.124.31 105 0 0 1720 5946 16897 udp:3478 (stun) 0 0 0 0 6 0 * udp:50451 0 0 0 1720 0 15875 udp:50919 0 0 0 0 2428 0 udp:50996 0 0 0 0 0 1016 udp:57403 0 0 0 0 1944 0 10.45.124.43 12 0 0 0 0 0 10.45.124.73 0 0 0 37 0 0 udp:4500 (ipsec-na.. 0 0 0 37 0 0 10.45.124.74 1 0 0 0 0 0 10.45.124.89 2 0 0 0 0 0 10.45.124.107 0 0 0 142 626895 83 udp:24616 0 0 0 0 501142 0 udp:51123 0 0 0 0 124060 0 10.45.124.111 0 0 0 0 1538 166 udp:4748 0 0 0 0 1491 166 10.45.124.117 248 0 0 0 0 0 10.45.125.97 2 0 0 0 0 0 10.45.125.99 1 0 0 130 6235 29 udp:8609 (canon-cp.. 0 0 0 0 3002 0 10.45.125.104 3 0 0 0 0 0 10.45.125.105 7 0 0 0 0 0 10.45.136.82 1 0 0 0 0 0 10.45.136.198 8 0 0 0 0 0 10.45.136.199 0 0 0 68 3210 7 udp:22312 0 0 0 0 2452 0 10.45.136.200 0 0 0 0 44 1 10.45.137.4 1882 0 0 4603 0 0 * udp:443 (https) 1882 0 0 4603 0 0 10.45.137.21 118 0 0 0 0 0 10.45.137.27 63 0 0 4 0 0 10.45.137.29 0 0 1 0 0 0 10.45.137.46 6 0 0 9 154 0 udp:443 (https) 0 0 0 9 0 0 10.45.137.53 7 0 0 0 0 0 10.45.137.55 37 0 0 0 0 1 10.45.137.62 14 0 0 5 29 1 udp:443 (https) 0 0 0 2 0 0 10.45.137.119 4 0 0 16 203825 12 udp:16772 0 0 0 0 55846 0 udp:25135 0 0 0 0 24694 0 udp:25476 0 0 0 0 66965 0 udp:51123 0 0 0 0 54265 0 udp:55430 0 0 0 0 1138 0 10.45.137.123 1 0 0 2 4190 1 udp:29363 0 0 0 0 3283 0 10.45.138.52 0 0 0 3093 18938 0 * udp:42420 0 0 0 3087 18871 0 10.45.138.66 249 0 0 0 0 0 10.45.138.88 0 0 0 43 107 10 10.45.138.95 20 0 0 0 0 0 10.45.140.0 84 0 0 0 0 0 10.45.140.5 2 0 0 0 0 0 10.45.140.28 1 0 0 0 0 0 10.45.140.74 12 0 0 0 0 0 10.45.140.81 26 0 0 0 0 0 10.45.140.100 0 0 0 143 465 37 10.45.140.103 16 0 0 0 0 0 10.45.140.104 4 0 0 0 0 0 10.45.140.109 2 0 0 0 0 0 10.45.140.118 27 0 0 0 0 0 10.45.140.121 17 0 0 0 7032 0 udp:49710 0 0 0 0 1160 0 udp:53984 0 0 0 0 2694 0 udp:58704 0 0 0 0 1597 0 10.45.140.122 0 0 0 0 3 0 10.45.140.123 0 0 0 0 0 4 10.45.140.127 15 0 0 0 0 0 10.45.140.133 0 1 0 0 0 0 10.45.140.169 59 0 0 0 0 0 10.45.140.171 14 0 0 0 0 0 10.45.141.2 12 0 0 91 0 0 udp:443 (https) 0 0 0 91 0 0 10.45.141.6 24 0 0 0 0 0 10.45.141.14 2 0 0 0 0 0 10.45.141.17 17 0 0 2 37 1 10.45.141.19 2 0 0 0 0 0 10.45.141.82 21 0 0 579 0 0 * udp:443 (https) 0 0 0 579 0 0 10.45.141.83 14 0 0 0 0 0 10.45.141.84 90 0 0 0 0 0 10.45.141.85 518 0 0 0 0 0 10.45.141.86 6 0 0 0 0 0 10.45.141.87 2 0 0 0 0 0 10.45.141.103 57 0 0 0 0 0 10.45.141.106 1079 0 0 7 190 3947 udp:3478 (stun) 0 0 0 0 24 12 * udp:5001 (commplex.. 1072 0 0 0 0 0 udp:40208 0 0 0 0 0 3932 10.45.141.125 2 0 0 0 0 0 10.45.144.20 1 0 0 2 6 2 10.45.144.43 3 0 0 0 0 0 10.45.144.55 2 0 0 0 0 0 10.45.144.68 363 0 0 0 0 0 10.45.144.73 14 0 0 0 0 0 10.45.144.75 51 0 0 0 0 3 10.45.144.77 24 0 0 51 289 35 10.45.144.105 1 0 0 413 0 11 * udp:4500 (ipsec-na.. 0 0 0 413 0 11 10.45.144.139 0 0 0 1496 0 0 * udp:443 (https) 0 0 0 1496 0 0 10.45.144.197 102 0 0 0 0 0 10.45.145.2 15 0 0 0 0 0 10.45.145.26 44 0 0 0 0 0 10.45.145.39 11 0 0 2503039 0 0 udp:443 (https) 0 0 0 4 0 0 * udp:4500 (ipsec-na.. 0 0 0 2503035 0 0 10.45.145.56 3 0 0 0 0 0 10.45.145.72 32 0 0 0 0 0 10.45.145.75 0 0 0 3024 0 0 * udp:443 (https) 0 0 0 3024 0 0 10.45.145.81 292 0 0 8691 107114 8245 udp:80 (http) 0 0 0 0 2 0 * udp:6881 0 0 0 355 8092 672 udp:19517 0 0 0 0 1097 0 udp:22784 0 0 0 0 3441 0 * udp:25223 0 0 0 110 0 0 * udp:37526 0 0 0 139 0 0 * udp:40631 0 0 0 191 0 0 udp:40990 0 0 0 0 33415 0 udp:51820 (wiregua.. 0 0 0 0 3 0 10.45.145.96 7 0 0 0 0 0 10.45.145.98 3 0 0 0 0 0 10.45.145.107 0 0 0 0 9 0 10.45.145.109 9 35 0 0 0 0 10.45.145.115 11 0 0 0 0 0 10.45.146.66 26 0 0 52 88 7 10.45.146.195 2 0 0 0 0 0 10.45.146.200 49 0 0 1471 0 0 * udp:4500 (ipsec-na.. 0 0 0 1471 0 0 10.45.146.201 9 0 0 0 0 0 10.45.153.10 33 0 0 0 0 0 10.45.153.194 0 0 0 2 86 2 10.45.154.6 9 0 0 0 0 0 10.45.154.81 4 0 0 0 0 0 10.45.154.82 140 0 0 0 0 0 10.45.154.100 14 0 0 0 0 0 10.45.154.105 17 0 0 0 0 0 10.45.154.112 5 0 0 0 0 0 10.45.154.113 3 0 0 1 88 2 10.45.154.115 224 0 0 0 0 0 10.45.155.12 11 0 0 0 0 0 10.45.155.67 1 0 0 0 0 0 10.45.155.68 237 0 0 0 0 0 10.45.155.69 1 0 0 0 0 0 10.45.155.71 246 0 0 0 0 0 10.45.155.73 72 0 0 0 0 0 10.45.155.74 0 0 0 0 1 0 udp:3478 (stun) 0 0 0 0 1 0 10.45.155.75 0 0 0 0 4 0 10.45.155.76 0 0 0 0 1 0 10.45.155.217 15 0 0 0 0 0 10.45.155.229 48 0 0 4 42 6 10.45.156.94 0 0 0 25 152 8 10.45.156.105 19 0 0 0 5362 0 udp:58796 0 0 0 0 5362 0 10.45.156.127 22 0 0 0 0 0 10.45.158.115 402 0 0 0 0 0 10.45.158.124 4 0 0 0 0 0 10.45.158.127 3 0 0 0 0 0 10.45.158.195 25 0 0 0 1630 3 udp:6881 0 0 0 0 1610 0 10.45.158.197 82 0 0 0 0 0 10.45.158.198 204 0 0 0 0 0 10.45.158.204 118 0 0 0 0 0 10.45.158.206 0 0 0 9 32 2 10.45.176.114 68 0 0 0 0 0 10.45.176.116 1 0 0 188 1702 191 10.45.176.117 35 0 0 0 0 0 10.45.176.119 218 0 0 9320 1028270 11302 udp:6881 0 0 0 0 91498 83 * udp:6900 0 0 0 322 0 0 udp:8999 (bctp) 0 0 0 0 405853 3 * udp:10556 0 0 0 741 0 0 udp:11778 0 0 0 0 311705 0 * udp:12111 0 0 0 274 0 0 udp:21606 0 0 0 0 5678 0 udp:23578 0 0 0 0 4281 0 udp:24488 0 0 0 0 2140 0 udp:35849 0 0 0 0 2632 0 * udp:37758 0 0 0 212 721 0 udp:40954 0 0 0 0 27113 0 * udp:42012 0 0 0 380 26 101 udp:48235 0 0 0 0 3182 0 * udp:50321 0 0 0 2066 14226 5982 * udp:50838 0 0 0 389 0 0 udp:50884 0 0 0 0 0 2743 udp:51413 0 0 0 39 1712 0 udp:54457 0 0 0 0 3504 0 udp:56769 0 0 0 0 23761 0 udp:59025 0 0 0 0 3034 0 * udp:60050 0 0 0 3000 3961 1478 udp:60062 0 0 0 0 13672 0 udp:64329 0 0 0 0 75590 0 10.45.176.120 73 21 18 0 0 0 10.45.176.206 34 0 0 37 689 3 udp:3478 (stun) 0 0 0 37 685 3 10.45.176.207 5 0 0 8 143 0 10.45.176.209 11 0 0 12 88 1 10.45.176.210 1 0 0 10 32 4 10.45.176.214 18 0 0 25 8900 0 udp:6672 (vision-s.. 0 0 0 23 8900 0 10.45.176.224 114 0 0 1 0 0 10.45.176.225 1 0 0 120 786 137 10.45.176.226 4 0 0 0 0 0 10.45.176.237 0 0 0 4 0 0 udp:443 (https) 0 0 0 4 0 0 10.45.177.66 0 0 0 9 213 8349 udp:6672 (vision-s.. 0 0 0 0 0 8334 10.45.177.68 124 0 0 12 64 8 10.45.177.75 66 0 0 0 2 0 10.45.177.197 0 0 0 0 2 1 10.45.182.75 25 0 0 44 71 17 10.45.182.85 0 0 0 41 2612 5024 udp:45864 0 0 0 0 0 4985 10.45.182.136 8 0 0 0 0 0 10.45.183.117 15 0 0 0 0 0 10.45.183.199 8 0 0 45 1579 0 udp:3478 (stun) 0 0 0 45 1578 0 10.45.183.204 731 0 0 0 9478 0 * udp:4500 (ipsec-na.. 237 0 0 0 0 0 udp:22885 0 0 0 0 9404 0 10.45.183.205 3 0 0 0 0 1 udp:4500 (ipsec-na.. 0 0 0 0 0 1 10.45.183.209 280 0 0 3 1 0 10.45.183.219 61 0 0 0 0 0 10.45.203.6 2 0 0 0 0 0 10.45.212.17 0 0 0 10472 25127 16430 * udp:62503 0 0 0 10452 23528 16423 10.45.212.27 1 0 0 0 0 0 10.45.212.29 30 0 0 0 0 0 10.45.212.51 2 0 0 0 0 0 10.45.212.82 28 0 0 0 1 1 10.45.212.84 2 0 0 0 0 0 10.45.212.199 1 0 0 0 0 0 10.45.212.202 4 0 0 0 0 0 10.45.212.205 299 0 0 0 0 0 10.45.212.207 85 0 0 0 0 0 10.45.229.75 0 0 0 3 0 0 udp:443 (https) 0 0 0 3 0 0 10.45.229.78 113 0 0 6694314 0 0 * udp:4500 (ipsec-na.. 0 0 0 6694314 0 0 10.45.229.79 27 0 0 0 0 0 10.45.229.81 3 0 0 0 0 0 10.45.229.101 69 0 0 0 0 0 10.45.229.104 0 0 0 128 525 128 10.45.229.119 20 0 0 0 0 0 10.45.230.20 1 0 0 0 0 0 10.45.230.25 32 0 0 10 0 72 udp:4500 (ipsec-na.. 0 0 0 10 0 72 10.45.230.89 4 0 0 495 3537 296 10.45.230.99 2 0 0 7 0 5 udp:4500 (ipsec-na.. 0 0 0 7 0 5 10.45.230.204 110 0 0 9 57 18 10.45.230.207 1 0 0 18 33 1 10.45.230.212 2 0 0 0 0 0 10.45.230.223 3 0 0 0 0 0 10.45.230.224 0 0 0 27927 93 13 * udp:50323 0 0 0 322 0 0 * udp:50361 0 0 0 128 0 0 * udp:52065 0 0 0 409 0 0 * udp:55236 0 0 0 257 0 0 * udp:57072 0 0 0 142 0 0 * udp:58494 0 0 0 170 0 0 * udp:59465 0 0 0 160 0 0 * udp:59659 0 0 0 445 0 0 * udp:60874 0 0 0 129 0 0 * udp:60898 0 0 0 102 0 0 * udp:61122 0 0 0 302 0 0 * udp:61312 0 0 0 137 0 0 * udp:61669 0 0 0 124 0 0 * udp:62889 0 0 0 24738 0 0 * udp:63354 0 0 0 122 0 0 * udp:63474 0 0 0 107 0 0 10.45.230.226 3 0 0 0 0 0 10.45.230.228 0 1 0 0 45 0 10.45.230.229 0 0 0 682 21 3 * udp:4500 (ipsec-na.. 0 0 0 682 0 0 10.45.231.16 24 0 0 433 0 0 * udp:4500 (ipsec-na.. 0 0 0 433 0 0 10.45.231.21 0 0 0 40 256 81 10.45.231.31 32 0 0 0 0 0 10.45.231.53 0 0 0 2 46 0 10.45.231.61 13 0 0 4151 0 1 * udp:4500 (ipsec-na.. 0 0 0 4151 0 1 10.45.231.80 6 0 0 0 0 0 10.45.231.99 40 0 0 0 0 0 10.45.231.102 11 0 0 0 0 0 10.45.231.114 47 0 0 0 0 0 10.45.233.16 55 0 0 0 0 0 10.45.233.39 1 0 0 1 13 2 10.45.233.41 4 0 0 0 0 3 10.45.233.42 115 0 0 0 0 0 10.45.233.47 1 0 0 0 0 0 10.45.233.55 3 0 0 0 0 0 10.45.234.197 2 0 0 320 0 11 * udp:4500 (ipsec-na.. 0 0 0 320 0 11 10.45.235.6 6 0 0 107 454 62 10.45.235.11 0 0 0 250 0 0 * udp:443 (https) 0 0 0 249 0 0 10.45.235.13 4 0 0 0 0 0 10.45.235.16 0 0 0 24 56 3 10.45.235.19 3 0 0 0 0 0 10.45.235.24 33 0 0 0 2 0 10.45.235.25 17 0 0 2310 28152 68 * udp:443 (https) 0 0 0 2214 0 0 udp:6881 0 0 0 0 13339 0 udp:31708 0 0 0 0 4595 0 udp:51413 0 0 0 0 5367 0 udp:52372 0 0 0 0 3975 0 10.45.235.49 0 0 0 672 3165 14 * udp:443 (https) 0 0 0 672 79 0 udp:59418 0 0 0 0 3078 0 10.45.235.52 0 0 0 23 0 0 udp:4500 (ipsec-na.. 0 0 0 23 0 0 10.45.235.59 58 0 0 0 0 0 10.45.235.66 4 0 0 0 0 0 10.45.235.89 582 0 0 165 2580 23 * udp:3478 (stun) 0 0 0 165 2580 23 10.45.235.90 332 0 0 0 0 0 10.45.235.92 1007 0 0 0 0 0 10.45.235.93 13 0 0 229 3272 306 10.45.235.94 10 0 0 0 0 0 10.45.238.75 1744 0 0 0 0 0 10.45.238.104 7 0 0 0 2576 0 udp:443 (https) 0 0 0 0 2576 0 10.45.239.66 0 0 0 40 0 5 udp:4500 (ipsec-na.. 0 0 0 40 0 5 10.45.239.219 18 0 0 1 0 0 udp:443 (https) 0 0 0 1 0 0 10.45.240.86 5 0 0 0 0 0 10.45.241.57 0 0 0 216 66079 437 udp:4500 (ipsec-na.. 0 0 0 0 0 21 udp:33522 0 0 0 0 37844 0 udp:37859 0 0 0 0 27536 0 10.45.241.94 44 0 0 0 0 0 10.45.241.98 4 0 0 0 0 0 10.45.241.101 120 0 0 68946 10 2 * udp:4500 (ipsec-na.. 0 0 0 68942 0 0 10.45.241.121 2 0 0 0 0 0 10.45.242.72 4 0 0 0 0 0 10.45.242.81 14 1 0 0 0 0 10.45.242.144 5 0 0 0 0 0 10.45.242.146 30 0 0 0 0 0 10.45.242.161 139 0 0 143 134 2297 * udp:4500 (ipsec-na.. 0 0 0 115 0 4 udp:27032 0 0 0 0 78 2293 10.45.243.13 0 0 0 13877 63 1 * udp:20911 0 0 0 13853 0 0 10.45.243.41 14 0 0 12 0 0 udp:443 (https) 0 0 0 12 0 0 10.45.243.69 66 0 0 0 0 0 10.45.243.71 2 0 0 0 28 0 udp:80 (http) 0 0 0 0 28 0 10.45.243.109 7 0 0 0 2008 0 udp:41697 0 0 0 0 2002 0 10.45.248.33 10 0 0 2 8 0 udp:3478 (stun) 0 0 0 2 8 0 10.45.248.94 11 0 0 0 0 0 10.45.248.118 2 0 0 0 0 0 10.45.249.6 1502 0 0 0 0 0 10.45.249.34 154 0 0 25 0 0 udp:443 (https) 0 0 0 25 0 0 10.45.249.99 0 0 0 68 558 88 10.45.249.104 7 0 0 0 0 0 udp:4500 (ipsec-na.. 6 0 0 0 0 0 10.45.250.89 5 0 0 0 0 0 10.45.251.37 19 0 0 0 0 0 10.45.251.110 0 0 0 9 72 1 10.45.251.119 23 0 0 0 0 0 10.45.253.59 1 0 0 0 0 0 udp:4500 (ipsec-na.. 1 0 0 0 0 0 10.45.253.61 53 0 0 0 0 0 10.45.253.84 16 0 0 121 0 0 * udp:443 (https) 0 0 0 121 0 0 10.45.253.93 4 0 0 0 0 0 10.45.253.100 142 0 0 0 0 0 10.45.253.121 2 0 0 0 0 0 10.45.254.94 12 0 0 0 0 0 10.45.255.90 0 0 0 1 125 0 10.45.255.97 36 0 0 0 0 0 ECN codepoint packet counts for selected ports: ECT(0) CE ECT(1) ECT(0) CE ECT(1) from from from from from from Port LAN LAN LAN WAN WAN WAN ---- --- --- --- --- --- --- icmp:port-unreachable 404 0 0 6632 40795 3539 icmp:network-unreach.. 0 0 0 321 4 0 icmp:ttl-zero-during.. 0 0 0 65 2 66 icmp:host-unreachable 22990 0 0 1171 2575 43 ipencap:0 1 0 0 0 0 0 udp:53 (domain) 0 0 0 0 403 1 udp:80 (http) 0 0 0 0 33 0 udp:443 (https) 1882 0 0 20006 36095 0 udp:599 (acp) 0 0 0 238 261 59 udp:1024-3457 [81] 34 59 28 100 618 9 udp:3478 (stun) 0 0 0 2498 31725 394 udp:3553-4492 [19] 0 0 0 1 29449 0 udp:4500 (ipsec-nat-t) 244 0 0 9422229 0 151 udp:4548-51819 [8177] 1072 0 0 62692 2291117 6604184 udp:51820 (wireguard) 0 0 0 291 3 66 udp:51821-65535 [9371] 65 0 0 45758 405849 24049¶
This document has no IANA actions.¶
There are no known security considerations introduced by this note.¶
Thanks go to:¶