Re: [atlas] DNS RTT over TCP: twice as long than UDP?
Just to confirm I verified what exactly dig measures. For example, this dig takes 8ms (which is always rounded): [gponikie@krk-mptoy atlas_day68_step1]$ dig +tcp example.com @1.1.1.1 ; <<>> DiG 9.14.3 <<>> +tcp example.com @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14416 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1452 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 5212 IN A 93.184.216.34 ;; Query time: 8 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Tue Jul 09 13:17:55 CEST 2019 ;; MSG SIZE rcvd: 56 If you check it with wireshark it looks like this: No. Time Source Destination Protocol Length Window size value Shift count Info 1 13:17:55.014898 192.168.1.83 1.1.1.1 TCP 78 65535 6 53593 → 53 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=676915370 TSecr=0 SACK_PERM=1 2 13:17:55.029784 1.1.1.1 192.168.1.83 TCP 74 29200 10 53 → 53593 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1412 SACK_PERM=1 WS=1024 3 13:17:55.029883 192.168.1.83 1.1.1.1 TCP 54 4096 53593 → 53 [ACK] Seq=1 Ack=1 Win=262144 Len=0 4 13:17:55.030041 192.168.1.83 1.1.1.1 DNS 108 4096 Standard query 0x3850 A example.com OPT 5 13:17:55.038351 1.1.1.1 192.168.1.83 TCP 68 29 53 → 53593 [ACK] Seq=1 Ack=55 Win=29696 Len=0 6 13:17:55.038572 1.1.1.1 192.168.1.83 DNS 120 29 Standard query response 0x3850 A example.com A 93.184.216.34 OPT 7 13:17:55.038624 192.168.1.83 1.1.1.1 TCP 54 4095 53593 → 53 [ACK] Seq=55 Ack=59 Win=262080 Len=0 8 13:17:55.039580 192.168.1.83 1.1.1.1 TCP 54 4096 53593 → 53 [FIN, ACK] Seq=55 Ack=59 Win=262144 Len=0 9 13:17:55.047201 1.1.1.1 192.168.1.83 TCP 68 29 53 → 53593 [FIN, ACK] Seq=59 Ack=56 Win=29696 Len=0 10 13:17:55.047273 192.168.1.83 1.1.1.1 TCP 54 4096 53593 → 53 [ACK] Seq=56 Ack=60 Win=262144 Len=0 From this traffic looks like dig measures time between packets 4 (DNS query) and 6 (DNS response) which is precisely 8.5ms and matches what dig shows. Including TCP handshake it takes 23.7ms, 2.8x longer which is expected . RTT can be measured on different layers for the same communication stream. In case of DNS over UDP we just ignores UDP overhead because it doesn't add any packets. With TCP additional packets are added which significantly increase time that end-user have to wait from first packet to get information that he/she needs. IMO RTT should always be measured from 1st packet to packet which has information that you have actual data. If we want to measure raw DNS performance without overhead then it must be explicitly market it measurement description. Regards, Grzegorz From: Giovane Moura <giovane.moura@sidn.nl> Date: Friday 2019-07-05 at 14:34 To: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net> Subject: [atlas] DNS RTT over TCP: twice as long than UDP? Folks, This page at Atlas provides a great visualization on the RTT of DNS queries over TCP/UDP to the Root DNS servers: https://atlas.ripe.net/results/maps/root-server-performance/ We can see that the RTT of TCP queries is at least twice as long than UDP ones (which, according to the page " TCP is expected to be 2-3 times " longer. I cannot replicate these results in my setup, even in large scale from various vantage points: I always get very similar results for either TCP or UDP. Example: UDP: * $ dig example.nl @ns1.dns.nl Query time: 8 msec TCP: * $dig +tcp example.nl @ns1.dns.nl Query time: 9 msec I think there might be something with the definition of RTT. My hypothesis is that the field *rtt* on DNS queries on Atlas[1], for TCP, is, in fact, measuring 2 RTTs: the RTT of the TCP handshake, and the RTT of query/response itself. By definition, however, RTT is "the length of time it takes for a signal to be sent plus the length of time it takes for an acknowledgement of that signal to be received."[2]. So if DNS TCP measurements starts measuring from the SYN packet, that', in fact, be two RTTs. Is this the case with Atlas? I know it may sound a bit like nitpicking, but I just want to be sure of what's exactly being measured. thanks a lot, /giovane [1] https://atlas.ripe.net/docs/data_struct/#v4750_dns [2] https://en.wikipedia.org/wiki/Round-trip_delay_time
On 09. 07. 19 13:51, Ponikierski, Grzegorz wrote:
From this traffic looks like dig measures time between packets 4 (DNS query) and 6 (DNS response) which is precisely 8.5ms and matches what dig shows. Including TCP handshake it takes 23.7ms, 2.8x longer which is expected .
RTT can be measured on different layers for the same communication stream. In case of DNS over UDP we just ignores UDP overhead because it doesn't add any packets. With TCP additional packets are added which significantly increase time that end-user have to wait from first packet to get information that he/she needs. IMO RTT should always be measured from 1^st packet to packet which has information that you have actual data. If we want to measure raw DNS performance without overhead then it must be explicitly market it measurement description.
If I could get a ponny, I would like to get both numbers: a) Time measured from moment of sending the very first packet (TCP SYN or UDP query) to arrival of DNS answer (not counting TCP FIN etc.). b) Time measured from moment of sending the DNS query (also think of TCP fast open!) to arrival of DNS answer (not counting TCP FIN etc.). Having both numbers would allow to calculate latency of connection vs. DNS query separately, which gets even more important when we consider DNS-over-TLS etc. -- Petr Špaček @ CZ.NIC
Count me in for second pony :D Regards, Grzegorz From: Petr Špaček <petr.spacek@nic.cz> Organization: CZ.NIC Date: Wednesday 2019-07-10 at 09:14 To: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net> Subject: Re: [atlas] DNS RTT over TCP: twice as long than UDP? On 09. 07. 19 13:51, Ponikierski, Grzegorz wrote: From this traffic looks like dig measures time between packets 4 (DNS query) and 6 (DNS response) which is precisely 8.5ms and matches what dig shows. Including TCP handshake it takes 23.7ms, 2.8x longer which is expected . RTT can be measured on different layers for the same communication stream. In case of DNS over UDP we just ignores UDP overhead because it doesn't add any packets. With TCP additional packets are added which significantly increase time that end-user have to wait from first packet to get information that he/she needs. IMO RTT should always be measured from 1^st packet to packet which has information that you have actual data. If we want to measure raw DNS performance without overhead then it must be explicitly market it measurement description. If I could get a ponny, I would like to get both numbers: a) Time measured from moment of sending the very first packet (TCP SYN or UDP query) to arrival of DNS answer (not counting TCP FIN etc.). b) Time measured from moment of sending the DNS query (also think of TCP fast open!) to arrival of DNS answer (not counting TCP FIN etc.). Having both numbers would allow to calculate latency of connection vs. DNS query separately, which gets even more important when we consider DNS-over-TLS etc. -- Petr Špaček @ CZ.NIC
participants (2)
-
Petr Špaček
-
Ponikierski, Grzegorz