After you configure Anti-DDoS Pro or Anti-DDoS Premium, it is slow to establish connections.
This issue is caused by the new Explicit Congestion Notification (ECN) feature introduced in Windows Server 2012.
- Log on to the ECS instance. For more information, see Connect to an ECS instance.
- Run Command Prompt as an administrator and disable ECN.
netsh int tcp set global ecncapability=disabledNote ECN is defined in RFC and aims to reduce the number of packet retransmissions. However, some ISPs in mainland China block ECN-marked SYN packets. In this case, the target server cannot receive these SYN packets. Therefore, if the source Windows-based client does not receive responses after sending ECN-marked packets twice, it sends SYN packets without the ECN-related flags. In this case, the connections are established. The first retransmission requires about 3 seconds, and the second retransmission 6 seconds.
- Cloud security