[RSSAC Caucus] Local Perspective Work Party: TCP vs UDP timeouts

Wessels, Duane dwessels at verisign.com
Mon Apr 19 19:33:07 UTC 2021 

In my opinion it should be the same timeout for TCP and UDP given that the timer does not include connection setup.

On one hand I'm inclined to specify relatively low timeout values, like 1 second since we can demonstrate that queries almost never take longer than that and when they do, it indicates an underserved area, and as Ray said,
we don't need to know how much more underserved they are.

BUT, I also think we want to make sure that the tool runs successfully on all types of networks, even those with very high last mile latencies.  It would be unfortunate if we specified a 1 second timeout and then found that the tool produced no measurements at all for some users, making the results indistinguishable from having no connectivity.  

Perhaps in this document we can specify a lower bound on the timeout?  e.g. must not be less than 1 second, and then a longer timeout can be an implementation or run-time option?

DW



> On Apr 19, 2021, at 11:24 AM, Ken Renard <kdrenard2 at gmail.com> wrote:
> 
> Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. 
> 
> Regarding query timeout values for UDP versus TCP queries:
> 
> I have run several queries with "dig" over TCP and UDP and see very
> little difference in the reported query times between them.
> Inspecting the packet trace, it is clear that the TCP handshake is NOT
> included in the reported query time from "dig".  If we assume that the
> timeout is in relation to this same query timer, then there should be
> no need to differentiate timeout values between TCP and UDP (assuming
> also that UDP and TCP responses aren't significantly different in
> size).
> 
> RSSAC047 does not specify separate timeouts for UDP and TCP queries.
> It does, however, distinguish between TCP and UDP threshold latencies
> since it includes the TCP handshake in the latency measurement.  Both
> UDP and TCP thresholds are below the 1 second (Local Perspective) and
> 4 second (RSSAC047) timeouts.
> 
> With that said, do we still want to have a separate timeout for UDP
> and TCP in the Local Perspective tool dig commands?
> 
> -Ken
> 
> 
> ====================================================
> #!/bin/bash
> 
> ###
> ###  Use these top 2 loops for a quick comparison and summary of UDP
> versus TCP timing
> ###
> 
> # For each of these 'popular' domains, get their set of NS records, and then
> # directly query each of them for an SOA record via UDP.  Average the
> time for each
> # domain, then average those averages.
> 
> echo "UDP"
> for DOMAIN in google.com akamai.net facebook.com microsoft.com
> amazon.com wikipedia.com
> do
>    for NS in `dig +short  NS  $DOMAIN`
>    do
>        echo -n $NS
>        dig +notcp @$NS SOA $DOMAIN | grep "Query time"
>    done | awk '{SUM+=$4} END {print SUM/NR;}'
> done | awk '{sum += $1} END {print sum/NR}'
> 
> # For each of these 'popular' domains, get their set of NS records, and then
> # directly query each of them for an SOA record via TCP.  Average the
> time for each
> # domain, then average those averages.
> 
> echo "TCP"
> for DOMAIN in google.com akamai.net facebook.com microsoft.com
> amazon.com wikipedia.com
> do
>    for NS in `dig +short  NS  $DOMAIN`
>    do
>        echo -n $NS
>        dig +tcp @$NS SOA $DOMAIN | grep "Query time"
>    done | awk '{SUM+=$4} END {print SUM/NR;}'
> done | awk '{sum += $1} END {print sum/NR}'
> 
> ###
> ###  Use these bottom 2 loops to display each query time for
> comparison to packet trace
> ###
> 
> # For each of these 'popular' domains, get their set of NS records, and then
> # directly query each of them for an SOA record via UDP.  Display the
> query time result
> # for each so that they can be compared to a packet dump
> 
> echo "UDP"
> for DOMAIN in google.com akamai.net facebook.com microsoft.com
> amazon.com wikipedia.com
> do
>    for NS in `dig +short  NS  $DOMAIN`
>    do
>        echo -n $NS
>        dig +notcp @$NS SOA $DOMAIN | grep "Query time"
>    done
> done
> 
> # For each of these 'popular' domains, get their set of NS records, and then
> # directly query each of them for an SOA record via TCP.  Display the
> query time result
> # for each so that they can be compared to a packet dump
> 
> echo "TCP"
> for DOMAIN in google.com akamai.net facebook.com microsoft.com
> amazon.com wikipedia.com
> do
>    for NS in `dig +short  NS  $DOMAIN`
>    do
>        echo -n $NS
>        dig +tcp @$NS SOA $DOMAIN | grep "Query time"
>    done
> done
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://secure-web.cisco.com/1k6vgWlhWbsbw7Vl8XOJFbIAeBiIvddQbnsQmkVglE86aA0IEP4cQiBbvbz4xpD95L1jJKR2tlq4kg-2Lu6aulkMWZ0RQKTNmzGEa_4Buv9KYXWlqhzZ4aoozdWT8LO5a6Ywx1ve1r34rV98W3Kx4nf0u_PHYCd_pYrJSnQejIQosikwsUcZq94a1f8eYfC5ObGnmKDDPufF4Arr69OsD_fZcffnKMD-VWPx0gGMAZfQukW33XL8xW7AV7SEYETc0/https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Frssac-caucus
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://secure-web.cisco.com/1_BZVmCKqvcLhvuZp2U3cEM4QVj7XKgmPn-CmwO2FzQ0RlQmABvRWZKeA3dQCUeWLpPmAbYOvWbZuVOPLN3Uygl9ppaMNfgN8aj2efqBqJEzVqM9AtEbI6w3H27A9erGaccsfiM9cnSqahMpkx0JLDsOfeKhVFD398IJWzvn15on9TTOuIev-2_6moPx2ipOEWBkg7yOdN98afZ9BKZ3nbJbdCBHVX7LraT0P_cH1bTgbuOSMZi0-DbLk8NjEQS8v/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy) and the website Terms of Service (https://secure-web.cisco.com/1sfNVf_GCiPjRMD4Ue2UDh7KlRB2NC95L5ShrytQpTcOW2EGCp2mMIdIXQtAfBB2nOXUWu2jAdErUC828Qe66DhbsqSlDvOgPJGDINVWredgOcarPsDbqe2vzpq5pbyXmqtTrQZGIKgAwMiFBqdQvKOJmABiuiwu1_SxN1SdVkJAZ56ToMcC0f9jvfhCaZNbiGFNpJmIpRJuMP-i1_4mbCxYoufdVjg3keTKhW8dDaTLmLuFii2mO8jd7mpvzaQAW/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4695 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20210419/e90d98e6/smime.p7s>

More information about the rssac-caucus mailing list