On Fri, Mar 20, 2020 at 1:15 AM Ralf Weber <[email protected]> wrote: > Moin! > > On 20 Mar 2020, at 8:51, Christian Huitema wrote: > > And common sense may or may not be right. For many implementations of > > Quic, encryptions is not the bottleneck. You can run AES GCM at 20 > > Gbps or more on a single CPU thread. The actual bottleneck is the cost > > of UDP socket operations. > That is probably more kernel (socket) vs user space (encryption) and the > needed context switches for that.
Yes, at which point one can switch to user space networking if really necessary. I've never studied DNS server implementations closely (I was talking about protocol performance), but I have seen web servers that do this. > If you do all things identically not > encrypting will save you CPU cycles so always will be faster. Now I’m > not saying that we should not encrypt, we certainly should, and I’m > also not saying that it is impossible for a good implementation of an > encrypted protocol to be faster then a bad implementation of an > unencrypted protocol. > > However regular DNS over UDP has been around so long and optimised so > heavily, that I think it is safe to say that we need more capacity > (hardware, network, etc) to achieve the same throughput/performance via > DoT or DoH. > What level of throughput would that be? Web server benchmarks have to be designed to avoid saturating a 10gE NIC. (e.g. https://www.techempower.com/benchmarks/#section=data-r18&hw=ph&test=json). thanks, Rob
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
