Comments (3)
This is a report on the performance of the AMP cache arithmetic demo. Also posted at https://www.bamsoftware.com/sec/ampcache-arith-performance/.
- ampcache-arith-performance.zip, source and data for this analysis
The demo can run with or without an AMP cache. With an AMP cache, it can run with or without domain fronting. All tests are divided across 5 conditions:
- Direct to the server at https://www.bamsoftware.com/amp/arith/
- Through the AMP cache https://cdn.ampproject.org/
- Through the AMP cache https://cdn.ampproject.org/, fronted with www.google.com
- Through the AMP cache https://amp.cloudflare.com/
- Through the AMP cache https://amp.cloudflare.com/, fronted with amp.cloudflare.com
The server was a Linode in Dallas, TX. The client was a Linode in Fremont, CA. The round-trip time between them as measured by ping was about 36 ms.
Latency
The chart below shows the distribution of time needed for 1 round-trip with the arithmetic server. Each round-trip was "cold" in that it used a separate client process and therefore did not reuse any previous TCP, TLS, or HTTP session.
The useful upstream payload in this test is 5 bytes 1 + 1
and the useful downstream payload is 12 bytes {"result":2}
. There is massive overhead in both directions due to AMP armor encoding.
The mean time for a direct connection is around 300 ms. The connection through the cdn.ampproject.org cache is on the average faster, but more variable. The amp.cloudflare.com cache is slower and still more variable. Fronted connections are perhaps slightly slower than non-fronted, but just barely.
Distribution of times for 1 round-trip with the arithmetic server. There are 200 trials in each condition.
Bandwidth
To test bandwidth, I used trials of n = {1, 10, 100, 1000} consecutive round-trips over a "hot" connection that uses the same TCP, TLS, and HTTP connection. Each individual roundtrip is still isolated within one HTTP request–response pair.
As before, the useful upstream payload in this test is 5 bytes 1 + 1
and the useful downstream payload is 12 bytes {"result":2}
.
A direct connection is about twice as fast as the cdn.ampproject.org cache, and about five times as fast as the amp.cloudflare.com cache.
Dividing the total number of bytes transferred by the time taken gives the bandwidth. (Actually goodput, because the useful bytes are a small fraction of the total bytes transmitted.)
Upload bandwidth is 5 n divided by total time.
Upload bandwidth is 12 n divided by total time.
from bbs.
Does it work this way in the program
Yes, that's what it means. The Host header is www-bamsoftware-com.amp.cloudflare.com
and the SNI is amp.cloudflare.com
.
Unlike the cdn.ampproject.org server, the amp.cloudflare.com server does not support general domain fronting. It only supports fronting with SNI names that are in the certificate. The amp.cloudflare.com certificate supports:
- *.cloudflare.com
- cloudflare.com
- *.dns.cloudflare.com
- *.amp.cloudflare.com
- *.staging.cloudflare.com
from bbs.
Through the AMP cache https://amp.cloudflare.com/, fronted with amp.cloudflare.com
trial "$n" "$expr" "$SERVER" https://amp.cloudflare.com/ amp.cloudflare.com
I don't understand what "fronted" means in here. The address is the same.
Does it work this way in the program :
curl -H "Host: www-bamsoftware-com.amp.cloudflare.com" https://amp.cloudflare.com/
?
from bbs.
Related Issues (20)
- Some IP addresses used for DNS censorship in India HOT 3
- Defense against AI-guided Traffic Analysis (DAITA)
- Blocking of fully encrypted protocols (Shadowsocks, VMess) in Russia, targeting HTTPS traffic fingerprints HOT 12
- Blocking of *.pages.dev in Russia HOT 4
- I have my own VPN application, and I published it in the app markets. What is the difference between LTE and Home internet? HOT 3
- Snowflake, a censorship circumvention system using temporary WebRTC proxies (USENIX Security 2024) HOT 1
- Bleeding Wall: A Hematologic Examination on the Great Firewall (FOCI 2024)
- Assistance Needed to Bypass Restrictions on Irancell Network HOT 5
- VPN blocking in Myanmar since 2024-05-30 reportedly implemented by a Chinese company, Geedge Networks HOT 6
- Is TLS fragment available in China? HOT 1
- Firefox Add-ons blocks access to some proxy extensions from Russia HOT 6
- vmess://
- Is it possible to implement a man-in-the-middle (MITM) tool to bypass censorship? HOT 11
- ss://
- Issues with Trading & Banking Apps and Google Services HOT 6
- Free livestream of FOCI, PETS, and HotPETs, 2024-07-15 to 2024-07-19 HOT 4
- Russia forces Apple to remove dozens of VPN apps from App Store HOT 5
- Turkmenistan:"Internet amnesty? 3 billion IP addresses, hosting and CDNs unblocked" (2024-07-17)
- Looking at the Clouds: Leveraging Pub/Sub Cloud Services for Censorship-Resistant Rendezvous Channels (Update)
- 使用Google新部署的W开头的中间证书签发的网站在TLS 1.2下100%阻断 / Sites issued with Google's newly deployed intermediate certificates starting with W are 100% blocked under TLS 1.2 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbs.