From: Mark Andrews <marka@isc.org>
To: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Cc: bloat@lists.bufferbloat.net
Subject: Re: [Bloat] Educate colleges on tcp vs udp
Date: Thu, 27 May 2021 08:44:33 +1000 [thread overview]
Message-ID: <B5EF0223-3285-4695-BCA5-AD7A18D09CC5@isc.org> (raw)
In-Reply-To: <ed15b474-e295-d0db-25db-82b207cede2e@unix-ag.uni-kl.de>
> On 24 May 2021, at 04:47, Erik Auerswald <auerswal@unix-ag.uni-kl.de> wrote:
>
> Hi,
>
> On 23.05.21 12:23, Jonathan Morton wrote:
>>> On 21 May, 2021, at 9:01 am, Taraldsen Erik <erik.taraldsen@telenor.no> wrote:
>>>
>>> I'm getting some traction with my colleges in the Mobile department on measurements to to say something about user experience. While they are coming around to the idea, they have major gaps in tcp/udp/ip understanding. I don't have the skill or will to try and educate them.
>>> [...]
>> I don't have a video link to hand, but let's tease out the major differences between these three protocols:
>> [...]
>> It's common to use UDP for simple request-response applications (where both the request and response are small) and where timeliness of delivery is far more important than reliability (eg. multiplayer games, voice/video calls).
>
> As an additional point to consider when pondering whether to
> use TCP or UDP:
>
> To mitigate that simple request-response protocols using UDP
> lend themselves to being abused for reflection and amplification
> (DDoS) attacks, either the response should be smaller than the
> request, or the protocol should require authentication, with
> either silent discard of packets that are not correctly
> authenticated, or at least a smaller error message (with rate
> limit, please) to indicate an authentication failure.
>
> Especially if the response needs to be larger than the request,
> e.g., with DNS, a response rate limit should be applied.
DNS supports authentication of clients, be it DNS COOKIE, TSIG or
SIG(0). If your DNS clients are not using one of these you should
contact the vendor and request a update.
> Since basic TCP first establishes a connection using small
> packets (SYN, SYN+ACK, ACK), it is less useful for reflection
> attacks than UDP.
>
> Thanks,
> Erik
> _______________________________________________
> Bloat mailing list
> Bloat@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bloat
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
next prev parent reply other threads:[~2021-05-26 22:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 6:01 Taraldsen Erik
2021-05-23 10:23 ` Jonathan Morton
2021-05-23 18:47 ` Erik Auerswald
2021-05-23 21:02 ` Jonathan Morton
2021-05-23 21:42 ` Erik Auerswald
2021-05-26 22:44 ` Mark Andrews [this message]
2021-05-27 3:11 ` Erik Auerswald
2021-05-24 18:51 ` Erik Auerswald
2021-05-25 6:38 ` Taraldsen Erik
2021-05-26 18:09 ` Dave Taht
2021-05-27 6:32 ` Taraldsen Erik
2021-05-27 7:42 Hal Murray
2021-05-27 12:15 ` Jonathan Morton
2021-05-27 22:17 ` Kenneth Porter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/bloat.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B5EF0223-3285-4695-BCA5-AD7A18D09CC5@isc.org \
--to=marka@isc.org \
--cc=auerswal@unix-ag.uni-kl.de \
--cc=bloat@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox