IETF Logo Mail Archive

Re: [dns-privacy] Call For Adoption: draft-wing-dprive-dnsodtls

"Jørgen Hovland" <jorgen@netclient.no> Tue, 26 May 2015 19:28 UTC

Return-Path: <jorgen@netclient.no>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD3F61A3BA7 for <dns-privacy@ietfa.amsl.com>; Tue, 26 May 2015 12:28:06 -0700 (PDT)
X-Quarantine-ID: <frWLevmNjn_w>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char C3 hex): From: "J\303\270rgen Hovland" [...]
X-Spam-Flag: NO
X-Spam-Score: 2.64
X-Spam-Level: **
X-Spam-Status: No, score=2.64 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_54=0.6, MIME_8BIT_HEADER=0.3, MIME_HEADER_CTYPE_ONLY=0.717, MIME_HTML_ONLY=0.723, RCVD_DOUBLE_IP_LOOSE=1.012, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frWLevmNjn_w for <dns-privacy@ietfa.amsl.com>; Tue, 26 May 2015 12:28:04 -0700 (PDT)
Received: from netclient.no (mail.netclient.no [213.179.58.87]) by ietfa.amsl.com (Postfix) with ESMTP id 5EE731A00B1 for <dns-privacy@ietf.org>; Tue, 26 May 2015 12:28:03 -0700 (PDT)
Received: from 213.179.45.3 by 213.179.58.87 via JMail with sender <jorgen@netclient.no> and account ID 1; 26 May 2015 19:27:48 +0000 (UTC)
To: Paul Hoffman <paul.hoffman@vpnc.org>, Guangqing Deng <dengguangqing@cnnic.cn>
From: Jørgen Hovland <jorgen@netclient.no>
Message-ID: <5564c934a3787fa492ff57006e2a5cb6.jorgen@netclient.no>
Date: Tue, 26 May 2015 19:27:48 +0000
Content-type: text/html; charset="utf-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/v3MU59fqtXKHJ8-nFdiEn1ou8x8>
Cc: dns-privacy <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Call For Adoption: draft-wing-dprive-dnsodtls
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 19:28:07 -0000

At 03:04 26/05/2015 (UTC), Paul Hoffman wrote:
> Is the latency for an established TLS connection any worse than for a DTLS connection? It would be good to see numbers if this is the case.

I did a test. The difference seems to be so small that it doesn't matter.

However,
DTLS handshake seems to be a bit slower than TLS handshake (not including TCP connect or DTLS cookie code).
Additionally, if I use the openssl CLI as DTLS server instead of my code, the DTLS handshake increases to around 34ms.
TCP connect takes around 9.1ms between my test-servers.

If you assume that the openssl CLI correctly implements a normal DTLS handshake while my code doesn't (due to no cookie code), TLS is faster than DTLS by around 2ms (8.4%) when a full connect/handshake with one write+read is done.


Server/client 500km apart from each other with simple echo server/round trip test:

TCP data read: 18, time spent write+read: 9.16038ms. Time spent TLS handshake 23.3289ms.
TCP data read: 18, time spent write+read: 9.07797ms. Time spent TLS handshake 21.4217ms.
TCP data read: 18, time spent write+read: 9.10591ms. Time spent TLS handshake 21.1549ms.
TCP data read: 18, time spent write+read: 9.05283ms. Time spent TLS handshake 21.1289ms.
TCP data read: 18, time spent write+read: 9.02824ms. Time spent TLS handshake 21.2273ms.
TCP data read: 18, time spent write+read: 9.06903ms. Time spent TLS handshake 21.1971ms.
TCP data read: 18, time spent write+read: 9.07378ms. Time spent TLS handshake 21.3058ms.

UDP data read: 18, time spent write+read: 9.02713ms. Time spent DTLS handshake: 23.1482 ms.
UDP data read: 18, time spent write+read: 9.06344ms. Time spent DTLS handshake: 22.3601 ms.
UDP data read: 18, time spent write+read: 8.97628ms. Time spent DTLS handshake: 23.1001 ms.
UDP data read: 18, time spent write+read: 9.14725ms. Time spent DTLS handshake: 22.7562 ms.
UDP data read: 18, time spent write+read: 9.0721ms. Time spent DTLS handshake: 22.0508 ms.
UDP data read: 18, time spent write+read: 9.34728ms. Time spent DTLS handshake: 21.7002 ms.

(disclaimer: I assume my numbers are correct)


At 03:04 26/05/2015 (UTC), Paul Hoffman wrote:

On May 25, 2015, at 6:54 PM, Guangqing Deng <dengguangqing@cnnic.cn> wrote:
> Resolution latency is very crucial for DNS system and the latency of DNS-over-DTLS is relatively low compared with DNS-over-TLS.

Is the latency for an established TLS connection any worse than for a DTLS connection? It would be good to see numbers if this is the case.

--Paul Hoffman
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email