Following a discussion with Mark, I made some TCP settings changes to hemlock to use the Wikimedia standard linux network stack tunings. I do not expect any negative impact from this.

I also enabled TCP ECN (http://en.wikipedia.org/wiki/Explicit_Congestion_Notification), which is now also enabled on a number of other non-critical wikimedia services. Just like our use of IPv6 can cause problems for broken clients, the same risk exists for TCP ECN. A number of fairly high profile sites (such as kernel.org) have run TCP ECN, so I also do not expect any problems from this change.

If you find anyone who is suddenly unable to connect to toolserver and is also unable to connect to http://vger.kernel.org/ecn-on.html, then they may need to fix their firewall. I'd love to hear about any such cases. Thanks.