Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performance Study at ANRW
Kevin Borgolte <kevin@iseclab.org> Fri, 19 July 2019 10:10 UTC
Return-Path: <kevin@iseclab.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 516E8120179 for <dnsop@ietfa.amsl.com>; Fri, 19 Jul 2019 03:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iseclab.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hHl3eBwzXGBZ for <dnsop@ietfa.amsl.com>; Fri, 19 Jul 2019 03:10:45 -0700 (PDT)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 560A0120059 for <dnsop@ietf.org>; Fri, 19 Jul 2019 03:10:44 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id y15so13978242pfn.5 for <dnsop@ietf.org>; Fri, 19 Jul 2019 03:10:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iseclab.org; s=mail; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=25ZikMlVCzGtP+Vdf15vRrgcowGxHo6pilCrPOI0FMQ=; b=gRnqM3nlLan5Hw+Q+BnFcJ1At/KV1mFjlzdsKrsduwEDpJL4Q+JBVn7kkbZPr87viG zNAcbcCvIY4cDLh3tBsN8TdkJFXPnlJcDNe7bmc7OCSV2g2Cw50jNGjwxc6V4xccvqQR yaD5TiUFf0798+bykwbULH0EKFQN2fhPjl0Po7ho1HvT//aXPSKnRszExV/ag9keW+nI E3xlsZqm9qTShu8ErfESyY9XHENEu/Pzu+5zmXNIIW+Gn9suXyCbEqpHjKBH1IM4w/9o ZfEyBwbt/ogeyx6NOnuTUiqvgpdWJvF9ThV89hcArMmobEPlEf3QPFHLlGSCEcv9uFbl +A/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=25ZikMlVCzGtP+Vdf15vRrgcowGxHo6pilCrPOI0FMQ=; b=SMSb3+3Fm84wAg/lwMBtVd2gusQEHO5q/7XNR+elRyBk4quX3VP9nW8GPqSRiUrW4G jHMfMkODOTD8FFtHqhgjAdYSvMijgITj1bpUewPa2pEWWlJJY5CvisykH3gZGlwCyaOb fo1so45w/d8G4lshZ8vn3fOyxXAihiuGx3UolyaN0NYpuanGSsRU3WQqNokw6Qdsh3nt RDtawH5uECV6uF3KTqg+H/t2nDVXopvSF+HMmR/PfcX1F64Kb1SGn2VgLH60EhfHMR1h C8BzRJD6vIkctGTY+Evg+wuwCt4YNvghp3t0UZ4iaYUlEeByqLVj0QiShAPtMsdgMAKX O9gg==
X-Gm-Message-State: APjAAAVR3ikkhWz/ld4KI5MItkcuuWVQwrdtWmOKdHQueFw24wFqk0N2 oRLSm3dKharPuGADmKe6ieEvtA==
X-Google-Smtp-Source: APXvYqxvYxO7O3hl0HGaP/T/O0ba69u0aEXFNJuIasAOqVIK6iD4/mUNrwLmqu0qibPqJiCeVbFMLA==
X-Received: by 2002:a63:9e54:: with SMTP id r20mr17748095pgo.64.1563531038479; Fri, 19 Jul 2019 03:10:38 -0700 (PDT)
Received: from [192.168.205.139] ([103.23.203.130]) by smtp.gmail.com with ESMTPSA id q69sm44210052pjb.0.2019.07.19.03.10.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 03:10:38 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Kevin Borgolte <kevin@iseclab.org>
In-Reply-To: <CAChr6SzzkvVkHvfHbO=1tBYqaaMVsdp43+it256f4WQmbCbQFw@mail.gmail.com>
Date: Fri, 19 Jul 2019 18:10:34 +0800
Cc: add@ietf.org, DoH WG <doh@ietf.org>, dnsop WG <dnsop@ietf.org>, jordanah@princeton.edu, pschmitt@cs.princeton.edu, ahounsel@cs.princeton.edu, feamster@uchicago.edu, dns-privacy@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B59D2ED-5B57-4C14-8442-102EEBE5A281@iseclab.org>
References: <402781F4-33D8-4FD4-8087-FDCEFFF2D549@iseclab.org> <CAChr6SwBKOymQjKsN+GEnygn5ogJb6WUMd=jxRrV2eQWwdiBcg@mail.gmail.com> <267CBE74-9DC5-40D8-A61F-7C566644A1CB@iseclab.org> <CAChr6SzzkvVkHvfHbO=1tBYqaaMVsdp43+it256f4WQmbCbQFw@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/itDYu-ZUlKoCBrSAmkg_4sqVpSA>
Subject: Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performance Study at ANRW
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2019 10:10:47 -0000
> But, I think you should add the list and the reason for the range choice to the paper. For example, I can't tell what range you actually used from your description (although that might just be due to a hurried reply). Section 3.2.4 talks about the selection of websites: We collect HARs (and resulting DNS lookups) for the top 1,000 websites on the Tranco top-list to understand browser performance for the average user visiting popular sites. Furthermore, we measure the bottom 1,000 of the top 100,000 websites (ranked 99,000 to 100,000) to understand browser performance for websites that are less popular. We chose to measure the tail of the top 100,000 instead of the tail of the top 1 million because we found through experimentation that many of the websites in the tail of the top 1 million were offline at the time of our measurements. Furthermore, there is significant churn in the tail of top 1 million, which means that we would not be accurately measuring browser performance for the tail across the duration of our experiment. We didn't include the full list in the paper itself for space reasons and because extracting the list from the paper would be cumbersome. It will be part of our future open source release though. > Another issue is that, while your paper might accurately capture the network conditions on your local network, it's probably doesn't capture network variation as well as a large scale test along the lines of what Mozilla did. For example, if the university used a single router brand, this could skew the test. As one data point, I've never seen the various network-throttling apps match a real-user-metrics test very well, although they do catch really problematic situations. It is true that the an experiment from more diverse vantage points could be more useful to capture network variations, however, we already see that the protocols perform differently to the degree that a human could notice (that is, we already show that selecting your DNS protocol based on your network characteristics can have a non-negligible impact). Running a large scale test for page load times like Mozilla did for resolution times is also quite difficult: Simple telemetry data won't answer the questions we want to ask, as websites need to be fetched multiple times (per protocol/recursor combination), and browser caches need to be flushed. These are not things you want to do with your users. Using existing measurement platforms also was not an option, as they are limited in what you can access or do not support the necessary protocols. Meaning, you would need to set up your own measurement clients, which brings questions like "How do you select the vantage points?" (you can't use hosting/cloud providers, as this would lead to little network variation). If you have an idea on how to easily run this on a larger scale, we'd love to look into it. We set link capacity and latency based on best case values from real-world measurements (Section 3.2.3) from OpenSignal, and we use iproute2 for traffic control (tc), which we verified to be accurate through latency (Table 1) and multiple "speedtest" (via Ookla). By tuning the network setup in this way (instead of using a 4G/3G modem for connectivity), we eliminated potential differences in routing that could have otherwise influenced our results and impact comparability. -- Kevin
- [DNSOP] Do53 vs DoT vs DoH Page Load Performance … Kevin Borgolte
- Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performa… Rob Sayre
- Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performa… Kevin Borgolte
- Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performa… Rob Sayre
- Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performa… Kevin Borgolte
- Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performa… Rob Sayre
- Re: [DNSOP] [dns-privacy] Do53 vs DoT vs DoH Page… Puneet Sood
- Re: [DNSOP] [dns-privacy] Do53 vs DoT vs DoH Page… Livingood, Jason
- Re: [DNSOP] [Add] [dns-privacy] Do53 vs DoT vs Do… Andrew Campling
- Re: [DNSOP] [Add] [dns-privacy] Do53 vs DoT vs Do… Paul Vixie
- Re: [DNSOP] [Doh] [Add] [dns-privacy] Do53 vs DoT… Jim Reid
- Re: [DNSOP] [Doh] [Add] [dns-privacy] Do53 vs DoT… Paul Vixie
- Re: [DNSOP] [dns-privacy] Do53 vs DoT vs DoH Page… Willem Toorop
- Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performa… Rob Sayre