| Internet-Draft | Benchmarking of IPv4aaS Technologies | May 2022 |
| Lencse | Expires 3 November 2022 | [Page] |
Several IPv6 transition technologies have been developed to provide customers with IPv4-as-a-Service (IPv4aaS) for ISPs with an IPv6-only access and/or core network. All these technologies have their advantages and disadvantages, and depending on existing topology, skills, strategy and other preferences, one of these technologies may be the most appropriate solution for a network operator.¶
This document examines and compares the performance of some free software implementations of the five most prominent IPv4aaS technologies (464XLAT [RFC6877], Dual Stack Lite [RFC6333], Lightweight 4over6 [RFC7596], MAP-E [RFC7597] and MAP-T [RFC7599]) and DNS64 [RFC6147].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 3 November 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
IETF has standardized several IPv6 transition technologies [LEN2019] and occupied a neutral position trusting the selection of the most appropriate ones to the market. [I-D.ietf-v6ops-transition-comparison] provides a comprehensive comparative analysis of the five most prominent IPv4aaS technologies to assist operators with this problem. This document adds one more detail: performance analysis and comparison of the most important free software implementations of the examined IPv4aaS technologies and DNS64.¶
DNS64 [RFC6147] can be used together with stateful NAT64 [RFC6146] to facilitate the communication of an IPv6-only client with an IPv4-only server. In typical deployments, 464XLAT is used together with DNS64 [RFC6147], see Section 3.1.2 of [RFC8683]. In this case, the stateful NAT64 gateway is granted as the PLAT of 464XLAT. Theoretically, DNS64 could be used together with any of the other IPv4aaS technologies, but then it would require the operation of a stateful NAT64 gateway. So DNS64 performance is important for those, who choose to use 464XLAT.¶
As elaborated in Sections 4.5.2 and 4.5.3 of [I-D.ietf-v6ops-transition-comparison], the usage of DNS64 reduces the amount of the traffic that undergoes double translation at least by an order of magnitude, because the traffic of an IPv6-only client and an IPv4-only server undergoes only a single translation.¶
The benchmarking method for DNS64 servers is defined in Section 9 of [RFC8219]. Further details of the method and its design considerations are elaborated in [LEN2017].¶
In short, the performance of the DNS64 servers is characterized by the number of queries resolved per second, provided that the resolution happens within (one second) timeout time and all the sent queries are resolved. (This is the usual "zero loss" criterion traditionally used in [RFC2544] and its derivatives.)¶
The worst case test, when there is no cache hit and no "AAAA" record exists, thus the DNS64 server needs to send two queries (one query for the "AAAA" record and another one for the "A" record) for each received query is compulsory, and additional tests with varios rates of cache hits and existing "AAAA" records are optional.¶
All the details of the actual measurements are described in [LEN2018], where all the information given in the rest of Section 2 is taken from.¶
As for implementations, we have benchmarked all usable free software DNS64 implementations we were aware of, namely: BIND (9.10.3-P4-Debian), PowerDNS Recursor (4.0.4) and Unbound (1.6.0). Their performance was examined as the function of the number of active CPU cores using 1, 2, 4, 8 and 16 CPU cores. Besides the compulsory and optional tests defined by [RFC8219], we have also examined the computing power relative DNS64 performance, that is the number of processed queries per second divided by the CPU utilization of the computer.¶
The measurements were performed using the resources of NICT StarBED, Japan. The used Dell PowerEdge C6220 servers had two Intel Xeon E5-2650 2GHz CPUs, having 8 cores each, and 16x8GB 1333MHz DDR3 SDRAM. They were interconnected by 1Gbps speed VLANs. Debian GNU/Linux 9.2 operating system with kernel version 4.9.0-4-amd64 was used on all computers.¶
All measurements were executed 20 times, and then median, minimum and maximum of the 20 results were calculated.¶
Only the most important results (median values of the worst case peformance) are summarized here. All the details can be found in [LEN2018].¶
The performance of BIND was 2,425qps (queries per second) at a single core, and it scaled up to 4,788qps and 6,659qps at 2 and 4 cores, respectively. However its performance did not increase at 8 cores and it was practically the same (6,661qps) at 16 cores. Strangely, the minimum and maximum performance was exactly the same as the median at 4, 8 and 16 cores. We have reported this strange issue to the developers of BIND, but we did not receive any reply or bugfix.¶
The performance of PowerDNS was 3,077qps at a single core, and it scaled up quite well up to 26,620qps at 16 cores. The results were consistent: the difference between the maximum and minimum values was acceptable (under 13% of the median) at any number of CPU cores.¶
The performance of Unbound was 8,708qps at a single core with only a low difference between the maximum and minimum values (about 4% of the median). Its median performance showed and acceptable scale-up to 31,502qps at 8 cores, but then it dropped to 17,131qps at 16 cores. And the results were rather inconsistent from 2 to 16 cores. (E.g. the difference of the maximum and minimum values was more than 58% of the median at 16 cores.)¶
All-in-all, PowerDNS has shown the best scale-up and the most consitent and predictable results, therefore we recommend its usage in the case of a modern server with 16 or more CPU cores.¶
In the case of a single core server (e.g. a virtual machine) Unbound can give the highest performance.¶
BIND has shown the lowest single core performance and poor scale-up. It can only be used, if very moderate performance is needed.¶
TBD.¶
This document does not make any request to IANA.¶
Initial version.¶
DNS64 benchmarking was added.¶