[kercker]

Update: According to ktta (https://news.ycombinator.com/item?id=15912467), there is mistake in my calculation too.

"138KB * 24 * 3600 / 5" should be 2.3287GB per day. And it's 2.3287GB * 30 per month.

Update 2: "For comparison, a 5-minute check would be considered a pretty aggressive checking interval, and would only consume 1,37 MB per month. Instead, TP-Link goes through the same amount of data in just 82 minutes."

This assertion from the article has multiple errors too.

-----------------------------------------------------

The whole argument of the author is built on a flawed calculation by the author and the author exaggerated the number by a factor of 10.

715MB/month in the title and the article should be 71.5MB/month according to other information provided by the author.

According to the author, "TP-Link product is using about 138 KB every 5 seconds — or 23,85 MBs per day — on timekeeping."

23,85 MBs per day is not right, because 138KB * 24*3600/5 is about 2.328 MBs not 23,85 MBs.

[ktta]

Also I think it is 138 B, not kilobytes since that would be 2.3GB/day.

Whoops. Made it to the front page of HN with so many mistakes.

EDIT:

Since there seems to be interest in this let's do the test:

5 DNS requests + 1 NTP update according to the article (seems weird that it would resolve all the the NTP servers, but lets roll with it)

DNS: dig <domain> (mean for request is 43.8 B and reply is 84.6 B)

NTP: busybox_NTPD -n -q -p time.nist.gov

---------------------

Egress:

Single DNS request : 20 (IP) + 8 (UDP) + 44 (DNS) = 72 B

NTP request (2 packets): 20 (IP) + 8 (UDP) + 48 (NTP client) = 76 B

Total egress: 72x6 + 76x2 = 584 B

----------------------

Ingress:

Single DNS reply: 20 (IP) + 8 (UDP) + 85 (DNS) = 113 B

NTP reply (2 packets): 20 (IP) + 8 (UDP) + 48 (NTP server) = 76 B

Total Ingress: 113x6 + 76x2 = 830 B

----------------------

The total bandwidth used according to my calc is 1414 B. So their number of 138 KB is actually 1.38 KB (which is 1380 B, and that's closer to my number. I rounded up if you look at my numbers)

So their number of 715 MB is actually right. Just an error with 138 KB -> 1.38 KB

[jlgaddis]

Basically, every 5 seconds:

  (6 * (75 + 125)) + (90 + 90) == 1380

There's 86,400 seconds/day and an average of 276 bytes/second (1380/5), so per day this is:

  276 * 86400 == 23,846,400  -or-  1380 * (86400/5) == 23,846,400

Monthly:

  23,846,400 * 30 == 715,392,000

Or, "a total of 715,4 MB per month", as the article states.

[bravo22]

There are 86,400 seconds in a day. 138KB x 86400/5 = 238640KB /day = ~2328 MB/day = 69,840 MB/month = 67 GB/month.

I'm going to go on a limb and say his 138KB is more like 1.38KB which would bring us closer to his 0.71 GB/month

[cthalupa]

Yet I don't think the author has a real takeaway: It's not 138KB.

Looking at DNS requests to those domains, I'm averaging about 30 bytes for the request and 70 bytes for the response.

Significantly larger and more complicated DNS requests returning a ton of DNSSEC records are coming around 4KB with eight separate UDP packets required for the response.

There is no way that 6 DNS queries for simple records and 1 NTP query comes in at 138 KB.

Edit: A dig on the 6 domains listed + a NTP query to one of them, for me, is sitting at less than 1KB total. Where are these numbers coming from?

Take a look at the response sizes in this CloudFlare post - https://blog.cloudflare.com/a-deep-dive-into-dns-packet-size... - they are talking about how they get DNSSEC responses under the 512 byte limit. The "unoptimized" ones are 4KB in response size. Even assuming that these domains turned on an unoptimized DNSSEC setup, that's still 24KB for those and less than 1KB for the NTP portion. The 138KB seems to be completely fabricated.

Edit2: Assuming the author meant 138 bytes as ktta pointed out, 86,400/5 = 17,280 sets of requests per day. That's 2,384,640 bytes, or ~2.3 megabytes a day. On a 31 day month, we're at ~71 megabytes. 1/10th of the amount the author is claiming.

Edit3: Though, 138 bytes seems low to me for 6 DNS queries and 1 NTP. Going by the numbers I get from a dig to the addresses it's closer to 600 bytes, which puts it at around ~309 megabytes per month. Without seeing what types of queries the repeaters are making it's hard for me to have any idea what the real numbers are, but it doesn't seem like the article's numbers add up regardless.

[metafunctor]

Seems to me like 715 MB is about right, at least it's not off by a factor of 10.

There's no way you could fit six DNS queries and a couple of NTP queries into 138 bytes.

As pointed out by jlgaddis, based on the numbers in the article given for the size of DNS & NTP requests and responses, seems like the author meant 1380 bytes.

That gets you about 715 MB (or about 682 MiB).

[cthalupa]

My third edit included a bit more on this - I'm closer to 600 bytes total than 1380. A few of them are sitting at closer to 80 bytes for a request+response for DNS, etc. With a quick while loop and tcpdump, I'm seeing the number as being off by about 2x from my testing.

My DNS numbers are all basically half his - all of my requests are sub 40 bytes, responses are all sub 80, some are sub 60. My NTP query and response packets are pretty close, though - sitting around 80 bytes for request and response.

[ktta]

Your DNS numbers are off because you aren't counting IP and UDP headers

See my edit - https://news.ycombinator.com/item?id=15912467

[cthalupa]

Even using -e and looking at length I'm still significantly under 1380 bytes.

dig/ntpq on osx.

[ktta]

Can you take a look at the edit and comment on where your numbers differ exactly? I tried to be as accurate as possible. I used the busybox_NTPD from https://busybox.net/downloads/binaries/