idnits 2.17.1
draft-heist-tsvwg-ecn-deployment-observations-00.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
== There are 511 instances of lines with non-RFC6890-compliant IPv4
addresses in the document. If these are example addresses, they should
be changed.
== There are 1 instance of lines with private range IPv4 addresses in the
document. If these are generic example addresses, they should be changed
to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x,
198.51.100.x or 203.0.113.x.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 526 has weird spacing: '... from from...'
== Line 1157 has weird spacing: '... from from...'
-- The document date (18 February 2021) is 1162 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
-- Looks like a reference, but probably isn't: '81' on line 1169
-- Looks like a reference, but probably isn't: '19' on line 1171
-- Looks like a reference, but probably isn't: '8177' on line 1173
-- Looks like a reference, but probably isn't: '9371' on line 1175
-- Obsolete informational reference (is this intentional?): RFC 1349
(Obsoleted by RFC 2474)
-- Obsolete informational reference (is this intentional?): RFC 2481
(Obsoleted by RFC 3168)
Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 7 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Transport Working Group P. Heist
3 Internet-Draft 18 February 2021
4 Intended status: Informational
5 Expires: 22 August 2021
7 Explicit Congestion Notification (ECN) Deployment Observations
8 draft-heist-tsvwg-ecn-deployment-observations-00
10 Abstract
12 This note presents data gathered at an Internet Service Provider's
13 gateway on the observed deployment and usage of ECN. Relevant IP
14 counter and flow tracking data was collected and analyzed for TCP and
15 other protocols.
17 Status of This Memo
19 This Internet-Draft is submitted in full conformance with the
20 provisions of BCP 78 and BCP 79.
22 Internet-Drafts are working documents of the Internet Engineering
23 Task Force (IETF). Note that other groups may also distribute
24 working documents as Internet-Drafts. The list of current Internet-
25 Drafts is at https://datatracker.ietf.org/drafts/current/.
27 Internet-Drafts are draft documents valid for a maximum of six months
28 and may be updated, replaced, or obsoleted by other documents at any
29 time. It is inappropriate to use Internet-Drafts as reference
30 material or to cite them other than as "work in progress."
32 This Internet-Draft will expire on 22 August 2021.
34 Copyright Notice
36 Copyright (c) 2021 IETF Trust and the persons identified as the
37 document authors. All rights reserved.
39 This document is subject to BCP 78 and the IETF Trust's Legal
40 Provisions Relating to IETF Documents (https://trustee.ietf.org/
41 license-info) in effect on the date of publication of this document.
42 Please review these documents carefully, as they describe your rights
43 and restrictions with respect to this document. Code Components
44 extracted from this document must include Simplified BSD License text
45 as described in Section 4.e of the Trust Legal Provisions and are
46 provided without warranty as described in the Simplified BSD License.
48 Table of Contents
50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
51 2. Collection Details . . . . . . . . . . . . . . . . . . . . . 3
52 3. Observations . . . . . . . . . . . . . . . . . . . . . . . . 3
53 3.1. ECN Endpoint Activity . . . . . . . . . . . . . . . . . . 3
54 3.1.1. Client Initiation . . . . . . . . . . . . . . . . . . 3
55 3.1.2. Server Acceptance . . . . . . . . . . . . . . . . . . 4
56 3.2. RFC3168 AQM Activity . . . . . . . . . . . . . . . . . . 4
57 3.3. ECN Codepoints on Non-TCP Protocols . . . . . . . . . . . 4
58 3.3.1. Tunneled Traffic . . . . . . . . . . . . . . . . . . 5
59 3.3.2. Use of the ECN Field for Historical Reasons . . . . . 6
60 3.3.3. Use of the ECN Field Inadvertently . . . . . . . . . 6
61 3.3.4. Use of the ECN Field Maliciously . . . . . . . . . . 7
62 4. Study Limitations and Recommendations for Future Work . . . . 7
63 4.1. ECN Acceptance Rate . . . . . . . . . . . . . . . . . . . 7
64 4.2. Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . 7
65 4.3. Non-TCP Protocols . . . . . . . . . . . . . . . . . . . . 7
66 4.4. Other Protocols . . . . . . . . . . . . . . . . . . . . . 8
67 4.5. NS Flag . . . . . . . . . . . . . . . . . . . . . . . . . 8
68 5. Abbreviated Output from ecn-stats . . . . . . . . . . . . . . 8
69 5.1. All IP . . . . . . . . . . . . . . . . . . . . . . . . . 8
70 5.2. TCP initiated from LAN to WAN . . . . . . . . . . . . . . 9
71 5.3. Non-TCP conntrack-supported protocols initiated from LAN to
72 WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
73 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 26
75 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26
76 9. Informative References . . . . . . . . . . . . . . . . . . . 26
77 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 27
79 1. Introduction
81 To help guide the evolution of ECN, there is a need for more data on
82 current deployment status, and observed usage of the ECN related
83 bits, including:
85 * the initiation and acceptance of ECN capable TCP flows
87 * marking via CE, and feedback for TCP via the ECE and CWR flags
89 * codepoints set on packets for protocols other than TCP
91 For several weeks, we gathered data on all traffic through an
92 Internet Service Provider's gateway. Though some of the results are
93 informative, we caution that a larger, more widely reviewed and
94 geographically distributed survey would be needed to be
95 authoritative.
97 2. Collection Details
99 From December 28, 2020 to January 20, 2021, data was gathered on all
100 traffic into and out of the Internet gateway at FreeNet Liberec, a
101 cooperative WISP in an urban area of the Czech Republic. A total of
102 122.5 TB of incoming data and 12 TB of outgoing data was seen.
104 Around 660 members belong to the ISP, and 861 member IP addresses on
105 the LAN were considered active during data collection. Most member
106 IPs are used by a household of users, while others are for individual
107 devices and public locations.
109 [IPTABLES-ECN] was used to collect and analyze the data. This
110 consists of a script to gather the data using iptables and ipsets in
111 Linux, and an analysis program that produces textual output. An
112 abbreviated version of the output is included in Section 5. See the
113 referred to source repository for more details and full output.
115 3. Observations
117 Our key observations are summarized as follows, and further expanded
118 upon in the following sections:
120 * 1.44% of TCP flows initiated ECN, across 45% of member IPs.
122 * The acceptance rate for ECN flows was likely >50%.
124 * 24% of member IPs that negotiated TCP ECN flows saw apparent AQM
125 marking via CE or ECE, with more congestion observed on the
126 downstream.
128 * 42% of the member IPs that saw CE or ECE were from subnets that
129 have known AQM instances in the ISP's backhaul, and the remainder
130 appear to be from unknown AQMs.
132 * Nonzero ECN codepoints were observed on 0.053% of non-TCP packets,
133 with possible attribution to tunneled ECN and/or misuse of the ECN
134 field.
136 3.1. ECN Endpoint Activity
138 3.1.1. Client Initiation
140 Of 319.5 million TCP SYNs from LAN to WAN, 1.44% indicated ECN
141 capability. Of 861 active member IP addresses, 390 (45.3%) attempted
142 initiation for at least one ECN flow. A large proportion of the ECN
143 flows are thought to come from Apple devices.
145 3.1.2. Server Acceptance
147 While 4.6 million ECN TCP SYNs were seen from LAN to WAN, 3.3 million
148 ECN SYN-ACKs were seen in return. While it's not possible to get an
149 exact ECN acceptance rate from this, it appears to be reasonably
150 high, likely due to default acceptance on prevailing server operating
151 systems like Linux, FreeBSD and recent versions of Windows Server.
153 3.2. RFC3168 AQM Activity
155 There appears to be evidence of [RFC3168] marking AQMs. Of 861
156 active member IP addresses:
158 * 382 member IPs, or 44%, successfully negotiated any TCP ECN flows
160 * 90 member IPs, or 24% of those that negotiated ECN, saw any CE or
161 ECE marks on negotiated TCP ECN flows
163 Two backhaul links have fq_codel [RFC8290] deployed, serving the
164 10.45.64.0/24 and 10.45.235.0/24 subnets. This accounts for 38 of
165 the 90 member IP addresses that saw CE or ECE, with the source of the
166 remaining CE and ECE marks unknown. These are presumed to be from
167 other [RFC3168] marking AQM instances.
169 Note that depending on the position of the marking AQM relative to
170 the gateway, CE marks may not be seen on some packets, while TCP ECE
171 flags are seen in the opposite direction. For a number of member IP
172 addresses, we saw 0 CE marks downstream, but ECE flags set upstream,
173 suggesting an AQM downstream from the gateway marking downstream
174 traffic.
176 3.3. ECN Codepoints on Non-TCP Protocols
178 Referring to the packet counts in the _All IP_ / _Both Directions_
179 table in the stats output in Section 5, where M indicates megapackets
180 and G, gigapackets:
182 +========+==========+===============+=========+==========+
183 | | TCP | Conntrack (X) | Other | Total |
184 +========+==========+===============+=========+==========+
185 | All | 76.60 G | -> | 43.52 G | 120.14 G |
186 +--------+----------+---------------+---------+----------+
187 | CE | 10031 | 3.38 M | 813951 | 4.20 M |
188 +--------+----------+---------------+---------+----------+
189 | ECT(0) | 523.91 M | 9.66 M | 2.55 M | 536.12 M |
190 +--------+----------+---------------+---------+----------+
191 | ECT(1) | 63 | 6.68 M | 182928 | 6.86 M |
192 +--------+----------+---------------+---------+----------+
194 Table 1
196 (X) UDP, ICMP, DCCP, SCTP, GRE (Conntrack All packets included in
197 Other)
199 We note the following:
201 * TCP accounted for 97.7% of the 536 million ECT(0) marks
203 * 0.68% of all TCP packets were marked with a nonzero ECN codepoint
205 * 0.053% of all non-TCP packets were marked with a nonzero ECN
206 codepoint
208 * Non-TCP accounted for 99.8% of the 4.2 million CE marks
210 * Non-TCP accounted for virtually all of the ECT(1) marks
212 Possible explanations for ECN marks on non-TCP packets are explored
213 further in this section.
215 3.3.1. Tunneled Traffic
217 There are several different encapsulation methods used when handling
218 the ECN field through tunnels, as per [RFC3168] and [RFC6040]:
220 1. copy the ECN field from the inner to the outer packet
222 2. reset the ECN field on the outer packet to ECT(0)
224 3. set Not-ECT on the outer packet
226 When method 3 is used at both ends of a tunnel, we would not expect
227 to see ECN codepoint usage in either direction.
229 When methods 1 or 2 are used at both ends of a tunnel, we would
230 expect to see ECT(0) on both incoming and outgoing packets. We would
231 also expect a bias towards incoming packets, since more data is
232 generally downloaded than uploaded, and pure ACKs do not have ECT(0)
233 marks.
235 When method 3 is used at only one end of the tunnel, we would expect
236 to see ECT(0) on packets in only one direction.
238 We note the following:
240 * Bi-directional ECT(0) marks were observed for two member IP / port
241 pairs, on UDP port 443 and 60001.
243 * Uni-directional ECT(0) marks were observed for:
245 - UDP port 4500 (IPSec NAT traversal [RFC3948]) with 23 member IP
246 addresses downstream, and 1 member IP address upstream.
248 - UDP port 51820 [WIREGUARD] with 2 member IP addresses
249 downstream.
251 - Numerous UDP ports in other ranges, mostly on the downstream.
253 While it's possible that some of the data observed was from tunneled
254 ECN traffic, this can't be established definitively.
256 3.3.2. Use of the ECN Field for Historical Reasons
258 Some applications may still use historical definitions of the former
259 TOS byte. Although RFC791 reserved the ECN field for future use, the
260 now obsolete [RFC1349] defined the TOS field as four bits within the
261 Type of Service octet, one of which overlaps with the ECN field.
262 This may account for some of the observed usage of ECT(0), since the
263 value for "minimize monetary cost" was 0001, shifted to the left one
264 bit, coinciding with ECT(0).
266 3.3.3. Use of the ECN Field Inadvertently
268 Users of operating system's socket APIs wishing to set a DiffServ
269 codepoint may be confused as to whether or not they need to shift the
270 desired value left two bits before passing it in. Additionally, OS
271 header files have been seen with out-of-date definitions for obsolete
272 values in the former Type of Service octet, and obsolete definitions
273 from [RFC2481].
275 Another possible source of confusion is the TOS field values listed
276 in the now obsolete [RFC1349], without having been shifted. A casual
277 reader could see the value 0001 for "minimize monetary cost" and
278 think that they should use this value in the TOS byte, conflicting
279 with ECT(1), not realizing that:
281 * [RFC1349] is obsolete
283 * even if it weren't obsolete, the TOS values must be shifted to the
284 left *by one bit*
286 To reduce incorrect usages of the DS field, OS header files should be
287 sanitized, obsolete RFCs more prominently marked as such, and API
288 documentation brought up to date.
290 3.3.4. Use of the ECN Field Maliciously
292 It's possible that some software is using the ECN field to gain an
293 advantage in Internet queues or for some other nefarious purpose.
294 Further analysis would be needed to determine if this is the case.
296 4. Study Limitations and Recommendations for Future Work
298 4.1. ECN Acceptance Rate
300 While we captured the ratio of ECN SYNs to ECN SYN-ACKs, we do not
301 have an exact count of flows that were accepted or rejected. It may
302 be possible to do this more accurately with additional iptables rules
303 in [IPTABLES-ECN].
305 4.2. Tunnels
307 Tunnel protocols are challenging because of the different
308 encapsulation methods and protocols used. An analysis at the flow
309 level, rather than by IP address and destination port pairs, might be
310 more useful in identifying the usage of ECN over tunnels.
312 4.3. Non-TCP Protocols
314 More research is needed into the reasons for ECN codepoints being set
315 on non-TCP traffic. Given the relatively low volume of this traffic,
316 it might be practical to take packet captures of it for further
317 analysis.
319 Additionally, we are currently not able to differentiate between the
320 total number of packets for conntrack-supported and Other protocols.
321 This could be improved with some changes to [IPTABLES-ECN].
323 4.4. Other Protocols
325 While this study looked at signals by IP address for TCP and IP/port
326 for conntrack-supported protocols, it does not break down signals for
327 Other protocols by IP address. Among those protocols is IPSec ESP
328 packets, using IP protocol 50. The [IPTABLES-ECN] script could be
329 modified to create more ipsets of type hash:ip, parallel to what was
330 done for IP traffic as a whole, to further analyze these protocols
331 for tunnel activity.
333 4.5. NS Flag
335 Since [RFC8311] declared that the NS (Nonce Sum) flag is again
336 Reserved, after its now historical use by [RFC3540], we could collect
337 any observed usages of this flag, to confirm that it's available for
338 use in practice.
340 5. Abbreviated Output from ecn-stats
342 This abbreviated output only includes LAN to WAN flows, and a small
343 subset of the non-TCP conntrack protocols by member IP address. For
344 full output, see the [IPTABLES-ECN] repository.
346 *Note* the IP addresses shown here have been anonymized within the
347 10.0.0.0/8 address space, in a way that retains the subnet structure.
349 5.1. All IP
350 Packets, CE, ECT(0) and ECT(1) are packet counts, and use
351 units of M, G or T for mega, giga, or terapackets.
353 Total (both directions):
355 TCP Conntrack [*] Other Total
356 --- ------------- ----- -----
357 Bytes 101.22 TB -> 33.22 TB 134.46 TB
358 Packets 76.60 G -> 43.52 G 120.14 G
359 |-CE 10031 3.38 M 813951 4.20 M
360 |-ECT(0) 523.91 M 9.66 M 2.55 M 536.12 M
361 |-ECT(1) 63 6.68 M 182928 6.86 M
363 WAN to LAN:
365 TCP Conntrack [*] Other Total
366 --- ------------- ----- -----
367 Bytes 95.79 TB -> 26.65 TB 122.45 TB
368 Packets 41.43 G -> 30.29 G 71.72 G
369 |-CE 9298 3.38 M 721002 4.11 M
370 |-ECT(0) 480.35 M 9.62 M 1.93 M 491.91 M
371 |-ECT(1) 62 6.68 M 65111 6.74 M
373 LAN to WAN:
375 TCP Conntrack [*] Other Total
376 --- ------------- ----- -----
377 Bytes 5.43 TB -> 6.57 TB 12.00 TB
378 Packets 35.17 G -> 13.23 G 48.41 G
379 |-CE 733 60 92949 93742
380 |-ECT(0) 43.56 M 40366 614623 44.21 M
381 |-ECT(1) 1 28 117817 117846
383 [*] Conntrack protocols: UDP, ICMP, DCCP, SCTP, GRE
384 Conntrack total Bytes and Packets included in Other
386 5.2. TCP initiated from LAN to WAN
388 IP address counts with TCP and ECN activity:
390 Active (sent >= 10 SYNs): 861 (of 1195)
391 Initiated any ECN flows: 390 (45.3%)
392 Negotiated any ECN flows: 382 (44.4%)
393 Saw CE or ECE on ECN flow: 90 (23.6% of ECN, 10.5% of all)
394 Saw ECT(1) on ECN flow: 5
396 SYN packet count totals for active IPs:
398 All SYNs: 319560652
399 ECN SYNs: 4601118 (1.44% of all)
400 ECN SYN/ACKs: 3273815 (71.15% of ECN SYNs)
402 ECN packet count totals for active IPs:
404 Direction CE ECE ECT(0) ECT(1)
405 --------- -- --- ------ ------
406 From LAN 733 502985 42903861 1
407 From WAN 9298 19367 479756419 62
409 ECN congestion signals by active IP:
411 IP CE from WAN ECE from LAN CE from LAN ECE from WAN
412 -- ----------- ------------ ----------- ------------
413 10.45.9.88 0 0 0 431
414 10.45.64.3 36 13348 0 45
415 10.45.64.4 0 2192 0 0
416 10.45.64.7 28 4610 0 35
417 10.45.64.11 0 335 0 0
418 10.45.64.12 0 14955 3 0
419 10.45.64.13 0 223 0 0
420 10.45.64.14 13 20863 0 23
421 10.45.64.15 0 9 0 0
422 10.45.64.16 0 1396 0 0
423 10.45.64.17 0 464 0 0
424 10.45.64.31 0 46740 12 0
425 10.45.64.39 0 11019 0 0
426 10.45.64.45 0 363 0 0
427 10.45.64.47 0 15731 321 6041
428 10.45.64.59 0 44 0 0
429 10.45.64.85 0 57 0 0
430 10.45.64.93 0 16530 0 0
431 10.45.64.103 0 10649 0 0
432 10.45.64.105 0 2046 0 0
433 10.45.64.112 0 1135 1 1
434 10.45.64.116 0 1042 0 0
435 10.45.64.118 163 710 0 170
436 10.45.64.123 0 3118 0 0
437 10.45.64.125 0 52960 49 0
438 10.45.64.126 0 12579 122 0
439 10.45.65.7 0 176 0 0
440 10.45.65.16 0 4483 0 0
441 10.45.65.110 0 1530 0 0
442 10.45.65.112 0 2313 0 0
443 10.45.65.124 5 6 0 9
444 10.45.86.39 1 13 0 0
445 10.45.86.41 72 3228 0 0
446 10.45.87.32 0 64 0 0
447 10.45.87.45 1 0 0 0
448 10.45.87.50 3 3 0 0
449 10.45.87.127 17 22 0 39
450 10.45.101.96 155 156 0 151
451 10.45.104.24 55 63 0 77
452 10.45.107.73 400 416 0 430
453 10.45.108.24 0 0 0 36
454 10.45.113.6 168 191 0 174
455 10.45.113.106 34 37 0 40
456 10.45.114.98 1619 1792 0 1739
457 10.45.138.66 43 56 0 47
458 10.45.140.73 510 551 0 520
459 10.45.140.74 39 46 0 38
460 10.45.141.85 39 50 0 85
461 10.45.145.2 10 15 0 25
462 10.45.145.73 1 0 0 0
463 10.45.153.10 6 11 0 0
464 10.45.154.82 22 25 0 44
465 10.45.155.68 1 1 0 0
466 10.45.155.71 144 143 1 152
467 10.45.158.197 493 53 0 0
468 10.45.158.198 13 13 0 25
469 10.45.176.114 32 46 0 62
470 10.45.176.119 38 47 0 68
471 10.45.177.68 22 24 0 27
472 10.45.182.75 6 7 0 13
473 10.45.183.117 131 145 6 152
474 10.45.183.204 8 10 0 0
475 10.45.212.82 18 23 0 48
476 10.45.229.81 268 2104 1 0
477 10.45.230.25 3132 18481 0 0
478 10.45.230.204 1 1 0 0
479 10.45.231.31 16 9 0 30
480 10.45.234.197 188 225 0 153
481 10.45.235.6 0 217 0 0
482 10.45.235.24 0 388 0 0
483 10.45.235.59 16 897 0 30
484 10.45.235.89 56 31899 176 5630
485 10.45.235.90 727 4278 0 709
486 10.45.235.92 151 169965 41 1784
487 10.45.235.94 0 1394 0 0
488 10.45.235.196 0 157 0 0
489 10.45.235.199 0 56 0 0
490 10.45.235.200 0 220 0 0
491 10.45.235.203 0 234 0 0
492 10.45.235.206 0 3484 0 0
493 10.45.235.208 0 378 0 0
494 10.45.238.75 196 262 0 229
495 10.45.241.101 0 740 0 0
496 10.45.242.72 5 5 0 11
497 10.45.242.146 21 25 0 44
498 10.45.243.69 2 3 0 0
499 10.45.249.6 0 2461 0 0
500 10.45.249.34 0 2260 0 0
501 10.45.251.37 39 171 0 0
502 10.45.251.114 134 13794 0 0
504 5.3. Non-TCP conntrack-supported protocols initiated from LAN to WAN
506 Protocols included:
508 UDP, ICMP, DCCP, SCTP, GRE
510 Active IPs:
512 Active IPs with ECN signals: 420
513 Active IP/dstport pairs with ECN signals: 24972
515 ECN packet count totals for active IPs:
517 Direction CE ECT(0) ECT(1)
518 --------- -- ------ ------
519 From LAN 59 26692 28
520 From WAN 2838929 9562002 6632561
522 ECN codepoint packet counts by client IP, with selected ports:
523 (ports with '*' had >100 ECT(0) marks)
525 ECT(0) CE ECT(1) ECT(0) CE ECT(1)
526 from from from from from from
527 IP/Port LAN LAN LAN WAN WAN WAN
528 ------- --- --- --- --- --- ---
529 10.45.10.0 201 0 0 0 0 0
530 10.45.10.4 14 0 0 0 0 0
531 10.45.10.5 20 0 0 0 0 0
532 10.45.10.6 9 0 0 0 0 0
533 10.45.10.7 8 0 0 0 0 0
534 10.45.10.8 39 0 0 0 0 0
535 10.45.10.11 8 0 0 0 0 0
536 10.45.10.12 2 0 0 0 0 0
537 10.45.10.42 6 0 0 0 0 0
538 10.45.10.61 2 0 0 0 0 0
539 10.45.10.70 44 0 0 0 0 0
540 10.45.10.71 5 0 0 0 0 0
541 10.45.10.73 7 0 0 0 0 0
542 10.45.10.77 13 0 0 0 0 0
543 10.45.10.81 10 0 0 0 0 0
544 10.45.10.82 8 0 0 0 0 0
545 10.45.10.83 3 0 0 0 0 0
546 10.45.10.95 59 0 0 0 0 0
547 10.45.10.96 39 0 0 0 0 0
548 10.45.10.129 0 0 0 0 403 1
549 10.45.10.196 80 0 0 0 0 0
550 10.45.10.197 63 0 0 0 0 0
551 10.45.10.201 3 0 0 0 0 0
552 10.45.10.204 25 0 0 0 0 0
553 10.45.10.227 40 0 0 0 0 0
554 10.45.10.228 7 0 0 0 0 0
555 10.45.10.244 14 0 0 0 0 0
556 10.45.10.245 7 0 0 0 0 0
557 10.45.64.3 100 0 0 0 0 0
558 10.45.64.4 31 0 0 0 0 0
559 10.45.64.6 2 0 0 0 0 0
560 10.45.64.7 8 0 0 12 126 20
561 10.45.64.10 29 0 0 0 0 0
562 10.45.64.11 67 0 0 0 0 0
563 10.45.64.12 6 0 0 0 0 0
564 10.45.64.13 35 0 0 0 0 0
565 10.45.64.14 121 0 0 0 0 0
566 10.45.64.15 52 0 0 0 0 0
567 10.45.64.16 18 0 0 0 0 0
568 10.45.64.19 0 0 0 16 0 0
569 udp:4500 (ipsec-na.. 0 0 0 11 0 0
570 10.45.64.31 27 0 0 34129 2468 58304
571 udp:37658 0 0 0 0 0 4346
572 * udp:38129 0 0 0 24957 2468 15281
573 udp:38884 0 0 0 0 0 10409
574 * udp:40871 0 0 0 288 0 2269
575 * udp:41621 0 0 0 3057 0 14609
576 * udp:41744 0 0 0 171 0 61
577 udp:43588 0 0 0 0 0 6746
578 udp:45444 0 0 0 0 0 1292
579 * udp:45465 0 0 0 866 0 0
580 udp:45483 0 0 0 0 0 1838
581 * udp:45522 0 0 0 4764 0 708
582 10.45.64.39 75 0 0 0 0 0
583 10.45.64.45 50 0 0 0 0 0
584 10.45.64.47 11 0 0 0 0 0
585 10.45.64.51 2 0 0 0 0 0
586 10.45.64.59 593 0 0 56 1624 10
587 udp:3478 (stun) 0 0 0 56 1624 10
588 10.45.64.85 4 0 0 0 0 0
589 10.45.64.86 9 0 0 7 434404 3
590 udp:4400 (ds-srv) 0 0 0 0 29065 0
591 udp:14757 0 0 0 0 97175 0
592 udp:24173 0 0 0 0 35437 0
593 udp:29493 0 0 0 0 120959 0
594 udp:44495 0 0 0 0 41547 0
595 udp:53678 0 0 0 0 109978 0
596 10.45.64.89 4 0 0 7 50 0
597 10.45.64.93 75 0 0 598 2971 341
598 * udp:3478 (stun) 0 0 0 598 2971 341
599 10.45.64.98 0 0 0 0 0 32780
600 udp:6008 0 0 0 0 0 9234
601 udp:7008 (afs3-upd.. 0 0 0 0 0 23546
602 10.45.64.99 0 0 0 132 2094 73
603 udp:3478 (stun) 0 0 0 0 3 0
604 10.45.64.103 47 0 0 0 0 0
605 10.45.64.104 1 0 0 70 293 31
606 10.45.64.105 7 0 0 213 33440 0
607 * udp:443 (https) 0 0 0 213 33440 0
608 10.45.64.107 2 0 0 0 0 0
609 10.45.64.108 1 0 0 0 0 0
610 10.45.64.111 0 0 0 1 1 0
611 10.45.64.112 48 0 0 0 421 0
612 10.45.64.116 64 0 8 4 143 8
613 10.45.64.118 77 0 0 0 0 0
614 10.45.64.121 0 0 0 0 2107 0
615 udp:38603 0 0 0 0 2100 0
616 10.45.64.123 13 0 0 0 0 0
617 10.45.64.124 0 0 0 6 0 0
618 udp:443 (https) 0 0 0 6 0 0
619 10.45.64.125 22 0 0 0 0 0
620 10.45.64.126 37 0 0 1 10 0
621 10.45.65.0 42 0 0 0 0 0
622 10.45.65.1 45 0 0 0 0 0
623 10.45.65.5 17 0 0 0 0 0
624 10.45.65.7 30 0 0 0 0 0
625 10.45.65.11 6 0 0 0 0 0
626 10.45.65.16 505 0 0 1686 40141 36888
627 * udp:3478 (stun) 0 0 0 1595 22049 4
628 udp:26808 0 0 0 0 0 36805
629 udp:62348 0 0 0 0 15738 0
630 10.45.65.17 0 0 0 0 4 0
631 10.45.65.66 94 0 0 0 17 0
632 udp:3478 (stun) 0 0 0 0 17 0
633 10.45.65.94 25 0 0 319 0 1
634 udp:3478 (stun) 0 0 0 0 0 1
635 10.45.65.95 8 0 0 0 0 0
636 10.45.65.104 41 0 0 0 0 0
637 10.45.65.107 5 0 0 12 77 2
638 10.45.65.110 38 0 0 0 0 0
639 10.45.65.112 75 0 0 39 1168 18
640 10.45.65.122 0 0 0 2 5 0
641 10.45.65.123 1 0 0 0 0 0
642 10.45.65.124 11 0 0 0 0 0
643 10.45.65.127 5 0 0 0 0 0
644 10.45.75.90 1 0 0 0 0 0
645 10.45.80.28 0 0 0 2 8 1
646 10.45.80.79 2 0 0 4 7 0
647 10.45.80.85 10 0 0 0 0 0
648 10.45.80.99 11 0 0 0 0 0
649 10.45.83.76 3 0 0 0 0 0
650 10.45.83.80 0 0 0 28 51 11
651 10.45.85.127 68 0 0 301 174 30747
652 * udp:599 (acp) 0 0 0 222 174 45
653 udp:6008 0 0 0 0 0 30702
654 * udp:60001 65 0 0 49 0 0
655 10.45.86.16 2 0 0 13 0 0
656 udp:4500 (ipsec-na.. 0 0 0 8 0 0
657 udp:51820 (wiregua.. 0 0 0 5 0 0
658 10.45.86.36 4 0 0 0 0 0
659 10.45.86.39 50 0 0 205 37619 107
660 udp:29492 0 0 0 0 2512 0
661 udp:64733 0 0 0 0 30711 0
662 10.45.86.40 0 0 0 2 0 0
663 udp:443 (https) 0 0 0 2 0 0
664 10.45.86.43 532 0 0 0 11 0
665 10.45.86.68 325 0 0 760 3528 614
666 udp:80 (http) 0 0 0 0 2 0
667 10.45.87.32 14 0 0 12 0 0
668 10.45.87.44 0 0 0 709 4963 623
669 udp:80 (http) 0 0 0 0 1 0
670 udp:6881 0 0 0 3 1313 43
671 10.45.87.45 185 0 0 0 0 0
672 10.45.87.48 82 0 0 0 0 0
673 10.45.87.50 68 0 0 3 0 9
674 udp:4500 (ipsec-na.. 0 0 0 3 0 9
675 10.45.87.103 2 0 0 0 0 0
676 10.45.87.112 0 0 0 0 1 0
677 10.45.87.113 33 0 0 0 0 0
678 10.45.87.127 44 0 0 0 0 0
679 10.45.92.74 2 0 0 31 0 1
680 10.45.93.69 0 0 0 15 122 6
681 10.45.93.75 4 0 0 361 2945 278
682 10.45.93.79 8 0 0 0 0 0
683 10.45.98.71 0 0 0 2 8 0
684 10.45.98.72 40 0 0 0 1 0
685 udp:3478 (stun) 0 0 0 0 1 0
687 10.45.101.96 140 0 0 0 0 0
688 10.45.101.100 12 0 0 0 0 0
689 10.45.101.101 0 0 0 2 10 7
690 10.45.101.103 0 0 0 21 21899 15
691 udp:58479 0 0 0 0 21372 0
692 10.45.101.104 33 0 0 0 0 10
693 10.45.104.24 324 0 0 0 0 0
694 10.45.104.104 60 0 0 16 72 2
695 10.45.107.73 58 0 0 32 0 1
696 udp:4500 (ipsec-na.. 0 0 0 32 0 1
697 10.45.107.79 70 0 0 34 0 0
698 udp:443 (https) 0 0 0 34 0 0
699 10.45.107.81 3 0 0 0 4421 0
700 udp:61094 0 0 0 0 4421 0
701 10.45.108.3 1 0 0 0 0 0
702 10.45.108.4 1 0 0 33 5079 90
703 udp:33027 0 0 0 0 2978 0
704 10.45.108.13 14 0 0 0 0 0
705 10.45.108.24 117 0 0 799 5543 1059
706 * udp:40211 0 0 0 107 0 0
707 10.45.108.25 799 0 0 1 2 1
708 10.45.108.66 0 0 1 0 0 0
709 10.45.108.69 2 0 0 0 0 0
710 10.45.108.71 0 0 0 28 12830 0
711 udp:34665 0 0 0 0 12462 0
712 10.45.108.75 38 0 0 0 0 6395176
713 udp:6008 0 0 0 0 0 1755476
714 udp:7008 (afs3-upd.. 0 0 0 0 0 1827173
715 udp:8008 (http-alt) 0 0 0 0 0 740987
716 udp:9008 0 0 0 0 0 809024
717 udp:10008 (octopus) 0 0 0 0 0 380001
718 udp:11008 0 0 0 0 0 578400
719 udp:12008 (accurac.. 0 0 0 0 0 231619
720 udp:13008 0 0 0 0 0 72496
721 10.45.108.76 2 0 0 0 0 0
722 10.45.108.77 31 0 0 0 0 0
723 10.45.108.80 10 0 0 337 1566 173
724 10.45.108.95 283 0 0 1 5 0
725 10.45.108.126 12 0 0 0 0 0
726 10.45.112.74 371 0 0 9 95 4
727 10.45.112.102 29 0 0 0 0 0
728 10.45.112.139 5 0 0 0 0 0
729 10.45.112.154 4 0 0 0 0 0
730 10.45.112.165 24 0 0 0 0 0
731 10.45.112.172 0 0 0 6333 0 0
732 * udp:443 (https) 0 0 0 6333 0 0
733 10.45.112.216 2 0 0 0 0 0
734 10.45.113.6 136 0 0 147184 0 0
735 * udp:4500 (ipsec-na.. 0 0 0 147184 0 0
736 10.45.113.7 52 0 0 453 0 10
737 * udp:443 (https) 0 0 0 309 0 0
738 * udp:4500 (ipsec-na.. 0 0 0 144 0 10
739 10.45.113.9 60 0 0 0 0 0
740 10.45.113.11 187 0 0 0 0 0
741 10.45.113.27 1 0 0 0 0 0
742 10.45.113.30 4 0 0 0 0 0
743 10.45.113.33 2 0 0 0 0 0
744 10.45.113.34 58 0 0 0 0 0
745 10.45.113.35 6 0 0 0 0 0
746 10.45.113.36 2 0 0 0 0 0
747 10.45.113.66 0 0 0 1 11 0
748 10.45.113.90 163 0 0 0 0 0
749 10.45.113.94 0 0 0 17 62 2
750 10.45.113.97 19 0 0 0 0 0
751 10.45.113.99 15 0 0 11 76 12
752 10.45.113.104 0 0 0 818 0 0
753 * udp:4500 (ipsec-na.. 0 0 0 818 0 0
754 10.45.113.106 10 0 0 0 0 0
755 10.45.113.119 313 0 0 0 178 0
756 udp:3478 (stun) 0 0 0 0 178 0
757 10.45.113.122 0 0 0 36 0 0
758 udp:4500 (ipsec-na.. 0 0 0 36 0 0
759 10.45.113.124 201 0 0 0 0 0
760 10.45.114.8 0 0 0 0 3 0
761 10.45.114.10 3 0 0 0 0 0
762 10.45.114.42 3 0 0 286 12 67
763 * udp:51820 (wiregua.. 0 0 0 286 0 66
764 10.45.114.98 10 0 0 0 0 0
765 10.45.120.25 53 0 0 0 0 0
766 10.45.120.34 12 0 0 0 0 0
767 10.45.120.78 715 0 0 0 0 0
768 10.45.122.51 66 0 0 686 28190 122
769 udp:45622 0 0 0 0 5782 0
770 udp:59437 0 0 0 0 17791 0
771 10.45.124.31 105 0 0 1720 5946 16897
772 udp:3478 (stun) 0 0 0 0 6 0
773 * udp:50451 0 0 0 1720 0 15875
774 udp:50919 0 0 0 0 2428 0
775 udp:50996 0 0 0 0 0 1016
776 udp:57403 0 0 0 0 1944 0
777 10.45.124.43 12 0 0 0 0 0
778 10.45.124.73 0 0 0 37 0 0
779 udp:4500 (ipsec-na.. 0 0 0 37 0 0
780 10.45.124.74 1 0 0 0 0 0
781 10.45.124.89 2 0 0 0 0 0
782 10.45.124.107 0 0 0 142 626895 83
783 udp:24616 0 0 0 0 501142 0
784 udp:51123 0 0 0 0 124060 0
785 10.45.124.111 0 0 0 0 1538 166
786 udp:4748 0 0 0 0 1491 166
787 10.45.124.117 248 0 0 0 0 0
788 10.45.125.97 2 0 0 0 0 0
789 10.45.125.99 1 0 0 130 6235 29
790 udp:8609 (canon-cp.. 0 0 0 0 3002 0
791 10.45.125.104 3 0 0 0 0 0
792 10.45.125.105 7 0 0 0 0 0
793 10.45.136.82 1 0 0 0 0 0
794 10.45.136.198 8 0 0 0 0 0
795 10.45.136.199 0 0 0 68 3210 7
796 udp:22312 0 0 0 0 2452 0
797 10.45.136.200 0 0 0 0 44 1
798 10.45.137.4 1882 0 0 4603 0 0
799 * udp:443 (https) 1882 0 0 4603 0 0
800 10.45.137.21 118 0 0 0 0 0
801 10.45.137.27 63 0 0 4 0 0
802 10.45.137.29 0 0 1 0 0 0
803 10.45.137.46 6 0 0 9 154 0
804 udp:443 (https) 0 0 0 9 0 0
805 10.45.137.53 7 0 0 0 0 0
806 10.45.137.55 37 0 0 0 0 1
807 10.45.137.62 14 0 0 5 29 1
808 udp:443 (https) 0 0 0 2 0 0
809 10.45.137.119 4 0 0 16 203825 12
810 udp:16772 0 0 0 0 55846 0
811 udp:25135 0 0 0 0 24694 0
812 udp:25476 0 0 0 0 66965 0
813 udp:51123 0 0 0 0 54265 0
814 udp:55430 0 0 0 0 1138 0
815 10.45.137.123 1 0 0 2 4190 1
816 udp:29363 0 0 0 0 3283 0
817 10.45.138.52 0 0 0 3093 18938 0
818 * udp:42420 0 0 0 3087 18871 0
819 10.45.138.66 249 0 0 0 0 0
820 10.45.138.88 0 0 0 43 107 10
821 10.45.138.95 20 0 0 0 0 0
822 10.45.140.0 84 0 0 0 0 0
823 10.45.140.5 2 0 0 0 0 0
824 10.45.140.28 1 0 0 0 0 0
825 10.45.140.74 12 0 0 0 0 0
826 10.45.140.81 26 0 0 0 0 0
827 10.45.140.100 0 0 0 143 465 37
828 10.45.140.103 16 0 0 0 0 0
829 10.45.140.104 4 0 0 0 0 0
830 10.45.140.109 2 0 0 0 0 0
831 10.45.140.118 27 0 0 0 0 0
832 10.45.140.121 17 0 0 0 7032 0
833 udp:49710 0 0 0 0 1160 0
834 udp:53984 0 0 0 0 2694 0
835 udp:58704 0 0 0 0 1597 0
836 10.45.140.122 0 0 0 0 3 0
837 10.45.140.123 0 0 0 0 0 4
838 10.45.140.127 15 0 0 0 0 0
839 10.45.140.133 0 1 0 0 0 0
840 10.45.140.169 59 0 0 0 0 0
841 10.45.140.171 14 0 0 0 0 0
842 10.45.141.2 12 0 0 91 0 0
843 udp:443 (https) 0 0 0 91 0 0
844 10.45.141.6 24 0 0 0 0 0
845 10.45.141.14 2 0 0 0 0 0
846 10.45.141.17 17 0 0 2 37 1
847 10.45.141.19 2 0 0 0 0 0
848 10.45.141.82 21 0 0 579 0 0
849 * udp:443 (https) 0 0 0 579 0 0
850 10.45.141.83 14 0 0 0 0 0
851 10.45.141.84 90 0 0 0 0 0
852 10.45.141.85 518 0 0 0 0 0
853 10.45.141.86 6 0 0 0 0 0
854 10.45.141.87 2 0 0 0 0 0
855 10.45.141.103 57 0 0 0 0 0
856 10.45.141.106 1079 0 0 7 190 3947
857 udp:3478 (stun) 0 0 0 0 24 12
858 * udp:5001 (commplex.. 1072 0 0 0 0 0
859 udp:40208 0 0 0 0 0 3932
860 10.45.141.125 2 0 0 0 0 0
861 10.45.144.20 1 0 0 2 6 2
862 10.45.144.43 3 0 0 0 0 0
863 10.45.144.55 2 0 0 0 0 0
864 10.45.144.68 363 0 0 0 0 0
865 10.45.144.73 14 0 0 0 0 0
866 10.45.144.75 51 0 0 0 0 3
867 10.45.144.77 24 0 0 51 289 35
868 10.45.144.105 1 0 0 413 0 11
869 * udp:4500 (ipsec-na.. 0 0 0 413 0 11
870 10.45.144.139 0 0 0 1496 0 0
871 * udp:443 (https) 0 0 0 1496 0 0
872 10.45.144.197 102 0 0 0 0 0
873 10.45.145.2 15 0 0 0 0 0
874 10.45.145.26 44 0 0 0 0 0
875 10.45.145.39 11 0 0 2503039 0 0
876 udp:443 (https) 0 0 0 4 0 0
877 * udp:4500 (ipsec-na.. 0 0 0 2503035 0 0
878 10.45.145.56 3 0 0 0 0 0
879 10.45.145.72 32 0 0 0 0 0
880 10.45.145.75 0 0 0 3024 0 0
881 * udp:443 (https) 0 0 0 3024 0 0
882 10.45.145.81 292 0 0 8691 107114 8245
883 udp:80 (http) 0 0 0 0 2 0
884 * udp:6881 0 0 0 355 8092 672
885 udp:19517 0 0 0 0 1097 0
886 udp:22784 0 0 0 0 3441 0
887 * udp:25223 0 0 0 110 0 0
888 * udp:37526 0 0 0 139 0 0
889 * udp:40631 0 0 0 191 0 0
890 udp:40990 0 0 0 0 33415 0
891 udp:51820 (wiregua.. 0 0 0 0 3 0
892 10.45.145.96 7 0 0 0 0 0
893 10.45.145.98 3 0 0 0 0 0
894 10.45.145.107 0 0 0 0 9 0
895 10.45.145.109 9 35 0 0 0 0
896 10.45.145.115 11 0 0 0 0 0
897 10.45.146.66 26 0 0 52 88 7
898 10.45.146.195 2 0 0 0 0 0
899 10.45.146.200 49 0 0 1471 0 0
900 * udp:4500 (ipsec-na.. 0 0 0 1471 0 0
901 10.45.146.201 9 0 0 0 0 0
902 10.45.153.10 33 0 0 0 0 0
903 10.45.153.194 0 0 0 2 86 2
904 10.45.154.6 9 0 0 0 0 0
905 10.45.154.81 4 0 0 0 0 0
906 10.45.154.82 140 0 0 0 0 0
907 10.45.154.100 14 0 0 0 0 0
908 10.45.154.105 17 0 0 0 0 0
909 10.45.154.112 5 0 0 0 0 0
910 10.45.154.113 3 0 0 1 88 2
911 10.45.154.115 224 0 0 0 0 0
912 10.45.155.12 11 0 0 0 0 0
913 10.45.155.67 1 0 0 0 0 0
914 10.45.155.68 237 0 0 0 0 0
915 10.45.155.69 1 0 0 0 0 0
916 10.45.155.71 246 0 0 0 0 0
917 10.45.155.73 72 0 0 0 0 0
918 10.45.155.74 0 0 0 0 1 0
919 udp:3478 (stun) 0 0 0 0 1 0
920 10.45.155.75 0 0 0 0 4 0
921 10.45.155.76 0 0 0 0 1 0
922 10.45.155.217 15 0 0 0 0 0
923 10.45.155.229 48 0 0 4 42 6
924 10.45.156.94 0 0 0 25 152 8
925 10.45.156.105 19 0 0 0 5362 0
926 udp:58796 0 0 0 0 5362 0
928 10.45.156.127 22 0 0 0 0 0
929 10.45.158.115 402 0 0 0 0 0
930 10.45.158.124 4 0 0 0 0 0
931 10.45.158.127 3 0 0 0 0 0
932 10.45.158.195 25 0 0 0 1630 3
933 udp:6881 0 0 0 0 1610 0
934 10.45.158.197 82 0 0 0 0 0
935 10.45.158.198 204 0 0 0 0 0
936 10.45.158.204 118 0 0 0 0 0
937 10.45.158.206 0 0 0 9 32 2
938 10.45.176.114 68 0 0 0 0 0
939 10.45.176.116 1 0 0 188 1702 191
940 10.45.176.117 35 0 0 0 0 0
941 10.45.176.119 218 0 0 9320 1028270 11302
942 udp:6881 0 0 0 0 91498 83
943 * udp:6900 0 0 0 322 0 0
944 udp:8999 (bctp) 0 0 0 0 405853 3
945 * udp:10556 0 0 0 741 0 0
946 udp:11778 0 0 0 0 311705 0
947 * udp:12111 0 0 0 274 0 0
948 udp:21606 0 0 0 0 5678 0
949 udp:23578 0 0 0 0 4281 0
950 udp:24488 0 0 0 0 2140 0
951 udp:35849 0 0 0 0 2632 0
952 * udp:37758 0 0 0 212 721 0
953 udp:40954 0 0 0 0 27113 0
954 * udp:42012 0 0 0 380 26 101
955 udp:48235 0 0 0 0 3182 0
956 * udp:50321 0 0 0 2066 14226 5982
957 * udp:50838 0 0 0 389 0 0
958 udp:50884 0 0 0 0 0 2743
959 udp:51413 0 0 0 39 1712 0
960 udp:54457 0 0 0 0 3504 0
961 udp:56769 0 0 0 0 23761 0
962 udp:59025 0 0 0 0 3034 0
963 * udp:60050 0 0 0 3000 3961 1478
964 udp:60062 0 0 0 0 13672 0
965 udp:64329 0 0 0 0 75590 0
966 10.45.176.120 73 21 18 0 0 0
967 10.45.176.206 34 0 0 37 689 3
968 udp:3478 (stun) 0 0 0 37 685 3
969 10.45.176.207 5 0 0 8 143 0
970 10.45.176.209 11 0 0 12 88 1
971 10.45.176.210 1 0 0 10 32 4
972 10.45.176.214 18 0 0 25 8900 0
973 udp:6672 (vision-s.. 0 0 0 23 8900 0
974 10.45.176.224 114 0 0 1 0 0
975 10.45.176.225 1 0 0 120 786 137
976 10.45.176.226 4 0 0 0 0 0
977 10.45.176.237 0 0 0 4 0 0
978 udp:443 (https) 0 0 0 4 0 0
979 10.45.177.66 0 0 0 9 213 8349
980 udp:6672 (vision-s.. 0 0 0 0 0 8334
981 10.45.177.68 124 0 0 12 64 8
982 10.45.177.75 66 0 0 0 2 0
983 10.45.177.197 0 0 0 0 2 1
984 10.45.182.75 25 0 0 44 71 17
985 10.45.182.85 0 0 0 41 2612 5024
986 udp:45864 0 0 0 0 0 4985
987 10.45.182.136 8 0 0 0 0 0
988 10.45.183.117 15 0 0 0 0 0
989 10.45.183.199 8 0 0 45 1579 0
990 udp:3478 (stun) 0 0 0 45 1578 0
991 10.45.183.204 731 0 0 0 9478 0
992 * udp:4500 (ipsec-na.. 237 0 0 0 0 0
993 udp:22885 0 0 0 0 9404 0
994 10.45.183.205 3 0 0 0 0 1
995 udp:4500 (ipsec-na.. 0 0 0 0 0 1
996 10.45.183.209 280 0 0 3 1 0
997 10.45.183.219 61 0 0 0 0 0
998 10.45.203.6 2 0 0 0 0 0
999 10.45.212.17 0 0 0 10472 25127 16430
1000 * udp:62503 0 0 0 10452 23528 16423
1001 10.45.212.27 1 0 0 0 0 0
1002 10.45.212.29 30 0 0 0 0 0
1003 10.45.212.51 2 0 0 0 0 0
1004 10.45.212.82 28 0 0 0 1 1
1005 10.45.212.84 2 0 0 0 0 0
1006 10.45.212.199 1 0 0 0 0 0
1007 10.45.212.202 4 0 0 0 0 0
1008 10.45.212.205 299 0 0 0 0 0
1009 10.45.212.207 85 0 0 0 0 0
1010 10.45.229.75 0 0 0 3 0 0
1011 udp:443 (https) 0 0 0 3 0 0
1012 10.45.229.78 113 0 0 6694314 0 0
1013 * udp:4500 (ipsec-na.. 0 0 0 6694314 0 0
1014 10.45.229.79 27 0 0 0 0 0
1015 10.45.229.81 3 0 0 0 0 0
1016 10.45.229.101 69 0 0 0 0 0
1017 10.45.229.104 0 0 0 128 525 128
1018 10.45.229.119 20 0 0 0 0 0
1019 10.45.230.20 1 0 0 0 0 0
1020 10.45.230.25 32 0 0 10 0 72
1021 udp:4500 (ipsec-na.. 0 0 0 10 0 72
1022 10.45.230.89 4 0 0 495 3537 296
1023 10.45.230.99 2 0 0 7 0 5
1024 udp:4500 (ipsec-na.. 0 0 0 7 0 5
1025 10.45.230.204 110 0 0 9 57 18
1026 10.45.230.207 1 0 0 18 33 1
1027 10.45.230.212 2 0 0 0 0 0
1028 10.45.230.223 3 0 0 0 0 0
1029 10.45.230.224 0 0 0 27927 93 13
1030 * udp:50323 0 0 0 322 0 0
1031 * udp:50361 0 0 0 128 0 0
1032 * udp:52065 0 0 0 409 0 0
1033 * udp:55236 0 0 0 257 0 0
1034 * udp:57072 0 0 0 142 0 0
1035 * udp:58494 0 0 0 170 0 0
1036 * udp:59465 0 0 0 160 0 0
1037 * udp:59659 0 0 0 445 0 0
1038 * udp:60874 0 0 0 129 0 0
1039 * udp:60898 0 0 0 102 0 0
1040 * udp:61122 0 0 0 302 0 0
1041 * udp:61312 0 0 0 137 0 0
1042 * udp:61669 0 0 0 124 0 0
1043 * udp:62889 0 0 0 24738 0 0
1044 * udp:63354 0 0 0 122 0 0
1045 * udp:63474 0 0 0 107 0 0
1046 10.45.230.226 3 0 0 0 0 0
1047 10.45.230.228 0 1 0 0 45 0
1048 10.45.230.229 0 0 0 682 21 3
1049 * udp:4500 (ipsec-na.. 0 0 0 682 0 0
1050 10.45.231.16 24 0 0 433 0 0
1051 * udp:4500 (ipsec-na.. 0 0 0 433 0 0
1052 10.45.231.21 0 0 0 40 256 81
1053 10.45.231.31 32 0 0 0 0 0
1054 10.45.231.53 0 0 0 2 46 0
1055 10.45.231.61 13 0 0 4151 0 1
1056 * udp:4500 (ipsec-na.. 0 0 0 4151 0 1
1057 10.45.231.80 6 0 0 0 0 0
1058 10.45.231.99 40 0 0 0 0 0
1059 10.45.231.102 11 0 0 0 0 0
1060 10.45.231.114 47 0 0 0 0 0
1061 10.45.233.16 55 0 0 0 0 0
1062 10.45.233.39 1 0 0 1 13 2
1063 10.45.233.41 4 0 0 0 0 3
1064 10.45.233.42 115 0 0 0 0 0
1065 10.45.233.47 1 0 0 0 0 0
1066 10.45.233.55 3 0 0 0 0 0
1067 10.45.234.197 2 0 0 320 0 11
1068 * udp:4500 (ipsec-na.. 0 0 0 320 0 11
1069 10.45.235.6 6 0 0 107 454 62
1070 10.45.235.11 0 0 0 250 0 0
1071 * udp:443 (https) 0 0 0 249 0 0
1072 10.45.235.13 4 0 0 0 0 0
1073 10.45.235.16 0 0 0 24 56 3
1074 10.45.235.19 3 0 0 0 0 0
1075 10.45.235.24 33 0 0 0 2 0
1076 10.45.235.25 17 0 0 2310 28152 68
1077 * udp:443 (https) 0 0 0 2214 0 0
1078 udp:6881 0 0 0 0 13339 0
1079 udp:31708 0 0 0 0 4595 0
1080 udp:51413 0 0 0 0 5367 0
1081 udp:52372 0 0 0 0 3975 0
1082 10.45.235.49 0 0 0 672 3165 14
1083 * udp:443 (https) 0 0 0 672 79 0
1084 udp:59418 0 0 0 0 3078 0
1085 10.45.235.52 0 0 0 23 0 0
1086 udp:4500 (ipsec-na.. 0 0 0 23 0 0
1087 10.45.235.59 58 0 0 0 0 0
1088 10.45.235.66 4 0 0 0 0 0
1089 10.45.235.89 582 0 0 165 2580 23
1090 * udp:3478 (stun) 0 0 0 165 2580 23
1091 10.45.235.90 332 0 0 0 0 0
1092 10.45.235.92 1007 0 0 0 0 0
1093 10.45.235.93 13 0 0 229 3272 306
1094 10.45.235.94 10 0 0 0 0 0
1095 10.45.238.75 1744 0 0 0 0 0
1096 10.45.238.104 7 0 0 0 2576 0
1097 udp:443 (https) 0 0 0 0 2576 0
1098 10.45.239.66 0 0 0 40 0 5
1099 udp:4500 (ipsec-na.. 0 0 0 40 0 5
1100 10.45.239.219 18 0 0 1 0 0
1101 udp:443 (https) 0 0 0 1 0 0
1102 10.45.240.86 5 0 0 0 0 0
1103 10.45.241.57 0 0 0 216 66079 437
1104 udp:4500 (ipsec-na.. 0 0 0 0 0 21
1105 udp:33522 0 0 0 0 37844 0
1106 udp:37859 0 0 0 0 27536 0
1107 10.45.241.94 44 0 0 0 0 0
1108 10.45.241.98 4 0 0 0 0 0
1109 10.45.241.101 120 0 0 68946 10 2
1110 * udp:4500 (ipsec-na.. 0 0 0 68942 0 0
1111 10.45.241.121 2 0 0 0 0 0
1112 10.45.242.72 4 0 0 0 0 0
1113 10.45.242.81 14 1 0 0 0 0
1114 10.45.242.144 5 0 0 0 0 0
1115 10.45.242.146 30 0 0 0 0 0
1116 10.45.242.161 139 0 0 143 134 2297
1117 * udp:4500 (ipsec-na.. 0 0 0 115 0 4
1118 udp:27032 0 0 0 0 78 2293
1119 10.45.243.13 0 0 0 13877 63 1
1120 * udp:20911 0 0 0 13853 0 0
1121 10.45.243.41 14 0 0 12 0 0
1122 udp:443 (https) 0 0 0 12 0 0
1123 10.45.243.69 66 0 0 0 0 0
1124 10.45.243.71 2 0 0 0 28 0
1125 udp:80 (http) 0 0 0 0 28 0
1126 10.45.243.109 7 0 0 0 2008 0
1127 udp:41697 0 0 0 0 2002 0
1128 10.45.248.33 10 0 0 2 8 0
1129 udp:3478 (stun) 0 0 0 2 8 0
1130 10.45.248.94 11 0 0 0 0 0
1131 10.45.248.118 2 0 0 0 0 0
1132 10.45.249.6 1502 0 0 0 0 0
1133 10.45.249.34 154 0 0 25 0 0
1134 udp:443 (https) 0 0 0 25 0 0
1135 10.45.249.99 0 0 0 68 558 88
1136 10.45.249.104 7 0 0 0 0 0
1137 udp:4500 (ipsec-na.. 6 0 0 0 0 0
1138 10.45.250.89 5 0 0 0 0 0
1139 10.45.251.37 19 0 0 0 0 0
1140 10.45.251.110 0 0 0 9 72 1
1141 10.45.251.119 23 0 0 0 0 0
1142 10.45.253.59 1 0 0 0 0 0
1143 udp:4500 (ipsec-na.. 1 0 0 0 0 0
1144 10.45.253.61 53 0 0 0 0 0
1145 10.45.253.84 16 0 0 121 0 0
1146 * udp:443 (https) 0 0 0 121 0 0
1147 10.45.253.93 4 0 0 0 0 0
1148 10.45.253.100 142 0 0 0 0 0
1149 10.45.253.121 2 0 0 0 0 0
1150 10.45.254.94 12 0 0 0 0 0
1151 10.45.255.90 0 0 0 1 125 0
1152 10.45.255.97 36 0 0 0 0 0
1154 ECN codepoint packet counts for selected ports:
1156 ECT(0) CE ECT(1) ECT(0) CE ECT(1)
1157 from from from from from from
1158 Port LAN LAN LAN WAN WAN WAN
1159 ---- --- --- --- --- --- ---
1160 icmp:port-unreachable 404 0 0 6632 40795 3539
1161 icmp:network-unreach.. 0 0 0 321 4 0
1162 icmp:ttl-zero-during.. 0 0 0 65 2 66
1163 icmp:host-unreachable 22990 0 0 1171 2575 43
1164 ipencap:0 1 0 0 0 0 0
1165 udp:53 (domain) 0 0 0 0 403 1
1166 udp:80 (http) 0 0 0 0 33 0
1167 udp:443 (https) 1882 0 0 20006 36095 0
1168 udp:599 (acp) 0 0 0 238 261 59
1169 udp:1024-3457 [81] 34 59 28 100 618 9
1170 udp:3478 (stun) 0 0 0 2498 31725 394
1171 udp:3553-4492 [19] 0 0 0 1 29449 0
1172 udp:4500 (ipsec-nat-t) 244 0 0 9422229 0 151
1173 udp:4548-51819 [8177] 1072 0 0 62692 2291117 6604184
1174 udp:51820 (wireguard) 0 0 0 291 3 66
1175 udp:51821-65535 [9371] 65 0 0 45758 405849 24049
1177 6. IANA Considerations
1179 This document has no IANA actions.
1181 7. Security Considerations
1183 There are no known security considerations introduced by this note.
1185 8. Acknowledgements
1187 Thanks go to:
1189 * Adam Pribyl, for gathering data at the FreeNet gateway
1191 * Jonathan Morton and Rodney Grimes, for helping to analyze the
1192 results
1194 * FreeNet Liberec, for allowing access for data collection
1196 9. Informative References
1198 [IPTABLES-ECN]
1199 Heist, P.G., "iptables-ecn GitHub Repository",
1200 .
1202 [RFC1349] Almquist, P., "Type of Service in the Internet Protocol
1203 Suite", RFC 1349, DOI 10.17487/RFC1349, July 1992,
1204 .
1206 [RFC2481] Ramakrishnan, K. and S. Floyd, "A Proposal to add Explicit
1207 Congestion Notification (ECN) to IP", RFC 2481,
1208 DOI 10.17487/RFC2481, January 1999,
1209 .
1211 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
1212 of Explicit Congestion Notification (ECN) to IP",
1213 RFC 3168, DOI 10.17487/RFC3168, September 2001,
1214 .
1216 [RFC3540] Spring, N., Wetherall, D., and D. Ely, "Robust Explicit
1217 Congestion Notification (ECN) Signaling with Nonces",
1218 RFC 3540, DOI 10.17487/RFC3540, June 2003,
1219 .
1221 [RFC3948] Huttunen, A., Swander, B., Volpe, V., DiBurro, L., and M.
1222 Stenberg, "UDP Encapsulation of IPsec ESP Packets",
1223 RFC 3948, DOI 10.17487/RFC3948, January 2005,
1224 .
1226 [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion
1227 Notification", RFC 6040, DOI 10.17487/RFC6040, November
1228 2010, .
1230 [RFC8290] Hoeiland-Joergensen, T., McKenney, P., Taht, D., Gettys,
1231 J., and E. Dumazet, "The Flow Queue CoDel Packet Scheduler
1232 and Active Queue Management Algorithm", RFC 8290,
1233 DOI 10.17487/RFC8290, January 2018,
1234 .
1236 [RFC8311] Black, D., "Relaxing Restrictions on Explicit Congestion
1237 Notification (ECN) Experimentation", RFC 8311,
1238 DOI 10.17487/RFC8311, January 2018,
1239 .
1241 [WIREGUARD]
1242 "WireGuard web site", .
1244 Author's Address
1246 Peter G. Heist
1247 463 11 Liberec 30
1248 Czech Republic
1250 Email: pete@heistp.net