Testing Helpers
See debug.mk for easy testing deployment tricks via make remote-run, as well as netns.sh via make test and make remote-test for local and remote testing in network namespaces. The contrib/ directory also has various scripts and wrappers for easing testing.
Performance Roadmap
In theory WireGuard should achieve very high performance. There are still a few things to be done for that to happen:
- Support GRO
- Lock free queues
- Core autoscaling
- CPU packet locality
- Integration into qdisc system and/or
fq_codeland/ordql
Benchmarking
*** These benchmarks are old, crusty, and not super well conducted. In the intervening time, WireGuard and IPsec have both gotten faster, with WireGuard stil edging out IPsec in some cases due to its multi-threading, while OpenVPN remains extremely slow. It is a work in progress to replace the below benchmarks with newer data. ***
Testing configuration
- Intel Core i7-3820QM and Intel Core i7-5200U
- Intel 82579LM and Intel I218LM gigabit ethernet cards
- Linux 4.6.1
- WireGuard configuration: 256-bit ChaCha20 with Poly1305 for MAC
- IPsec configuration 1: 256-bit ChaCha20 with Poly1305 for MAC
- IPsec configuration 2: AES-256-GCM-128 (with AES-NI)
- OpenVPN configuration: equivalently secure cipher suite of 256-bit AES with HMAC-SHA2-256, UDP mode
iperf3was used and the results were averaged over 30 minutes.