From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 3B8BE3B29D for ; Wed, 26 May 2021 18:44:39 -0400 (EDT) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 3485E3AB018; Wed, 26 May 2021 22:44:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1622069077; bh=sC6Uy2GltDwWkkWYmnxxSTls8Ft7mQdvnF6+ZYrCEHo=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=bOuHfG5jWZKiwAOxRJvoTJloW5f2FaApNn/p3Jqhr6NCqgOrIKW2jOyCz5buSlToS Kl1lJwq54dwqEf9bA6MouBu+vOpAGITjl4uHpe3nN2lWjmWKOZi0QYvv0XTHRce8a8 mN2mEr0YY9PCjvugPPTUKOnb+x06weJHyiumqE1w= Received: from zmx1.isc.org (localhost.localdomain [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 1DAA8160079; Wed, 26 May 2021 22:44:37 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 042BE16007A; Wed, 26 May 2021 22:44:37 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.9.2 zmx1.isc.org 042BE16007A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1622069077; bh=Ps4X/gQ0vkKWj7Xf1W8VvYhPG2TSVN2+ETVqFNuexkA=; h=Content-Type:Mime-Version:Subject:From:Date: Content-Transfer-Encoding:Message-Id:To; b=jdbEb5p6j566DJQGhe6fWE1uvD3KxbS5VKzmpfFuxV57fRs/OQpLTcjuyQ6m/VKUN DB4bPoro6ETwYMnv0hQ1mIBh1WBl0vBRIq/SLWzttrH+ohvXIVkvEIZ/6G9FvcNILt QlVAuF8qt9v4l0+lp44NKa90t/mns9OqfdsRgSMg= Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TWzE5ES3v7e3; Wed, 26 May 2021 22:44:36 +0000 (UTC) Received: from [172.30.42.67] (n49-177-132-25.bla3.nsw.optusnet.com.au [49.177.132.25]) by zmx1.isc.org (Postfix) with ESMTPSA id 3797C160079; Wed, 26 May 2021 22:44:36 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\)) From: Mark Andrews In-Reply-To: Date: Thu, 27 May 2021 08:44:33 +1000 Cc: bloat@lists.bufferbloat.net Content-Transfer-Encoding: quoted-printable Message-Id: References: <7FBA3F6F-CBA1-4B19-B48F-10927EDA17A9@gmail.com> To: Erik Auerswald X-Mailer: Apple Mail (2.3445.9.7) Subject: Re: [Bloat] Educate colleges on tcp vs udp X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 May 2021 22:44:39 -0000 > On 24 May 2021, at 04:47, Erik Auerswald = wrote: >=20 > Hi, >=20 > On 23.05.21 12:23, Jonathan Morton wrote: >>> On 21 May, 2021, at 9:01 am, Taraldsen Erik = wrote: >>>=20 >>> I'm getting some traction with my colleges in the Mobile department = on measurements to to say something about user experience. While they = are coming around to the idea, they have major gaps in tcp/udp/ip = understanding. I don't have the skill or will to try and educate them. >>> [...] >> I don't have a video link to hand, but let's tease out the major = differences between these three protocols: >> [...] >> It's common to use UDP for simple request-response applications = (where both the request and response are small) and where timeliness of = delivery is far more important than reliability (eg. multiplayer games, = voice/video calls). >=20 > As an additional point to consider when pondering whether to > use TCP or UDP: >=20 > To mitigate that simple request-response protocols using UDP > lend themselves to being abused for reflection and amplification > (DDoS) attacks, either the response should be smaller than the > request, or the protocol should require authentication, with > either silent discard of packets that are not correctly > authenticated, or at least a smaller error message (with rate > limit, please) to indicate an authentication failure. >=20 > Especially if the response needs to be larger than the request, > e.g., with DNS, a response rate limit should be applied. DNS supports authentication of clients, be it DNS COOKIE, TSIG or SIG(0). If your DNS clients are not using one of these you should contact the vendor and request a update. > Since basic TCP first establishes a connection using small > packets (SYN, SYN+ACK, ACK), it is less useful for reflection > attacks than UDP. >=20 > Thanks, > Erik > _______________________________________________ > Bloat mailing list > Bloat@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/bloat --=20 Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org