Hi,
I'm evaluating DTLS and DDS Security plugin's performance using the RTI perftest application on several Raspberry Pi 3B+ boards. Each Pi has 4 cores, and the bandwidth is 100Mbps. The below figures show the command I used in each test and the experiment report. As you can see, DTLS throughput is significantly higher than DDS security plugin. I know DDS Security plugin uses the same security algorithms as DTLS, so given the parameters I set, I'm wondering if DDS Security plugin performed not only data encryption but also some other operations, and whether my parameter settings are properly.
Thanks
Hi,
As you suspected, the option you are using is doing way more than what you want it to do: You are specifying the option "-secureEncryptBoth", that was a shortcut to enable both metadata encrypt and data encrypt, which is going to duplicate the work you want to do, therefore results are not comparable with DTLS (which is basically doing a tunnel). That option will lead you to use the following governance file (under ./resouce/secure/)
Thank you. That makes sense. But, should I set the governance file as ./resource/secure/signed_PerftestGovernance_RTPSEncrypt.xml? This will encrypt the whole RTPS message, so it seems more reasonable when comparing with DTLS.
Yes, I agree that would resemble more closely the DTLS behavior.
Using
signed_PerftestGovernance_RTPSEncrypt.xml
would protect only the overall RTPS message. If you usesigned_PerftestGovernance_SignEncryptSubmessage.xml
, then each individual submessage inside the RTPS message is sepalately protected.Thank you. And when I run DTLS tests, I noticed subscriber keep claiming bad DTLS packets as shown below. Could you please help me figure out the potential reason that leads to this problem? In the below example, the top terminal is a publisher that sends 1KB-sized payloads at an unlimited rate. And the bottom is a subscriber. The OpenSSL version is 1.1.1d.
I