Testing Helpers

See debug.mk for easy testing deployment tricks via make remote-run, as well as netns.sh via make test and make remote-test for local and remote testing in network namespaces. The contrib/ directory also has various scripts and wrappers for easing testing.

Performance Roadmap

In theory WireGuard should achieve very high performance. There are still a few things to be done for that to happen:

• Support GRO
• Lock free queues
• Core autoscaling
• CPU packet locality
• Integration into qdisc system and/or fq_codel and/or dql

Right now, however, WireGuard is completely unoptimized. But, it already has impressive wins over OpenVPN and IPsec.

Benchmarking

Testing configuration

• Intel Core i7-3820QM and Intel Core i7-5200U
• Intel 82579LM and Intel I218LM gigabit ethernet cards
• Linux 4.6.1
• WireGuard configuration: 256-bit ChaCha20 with Poly1305 for MAC
• IPsec configuration 1: 256-bit ChaCha20 with Poly1305 for MAC
• IPsec configuration 2: AES-256-GCM-128 (with AES-NI)
• OpenVPN configuration: equivalantly secure cipher suite of 256-bit AES with HMAC-SHA2-256, UDP mode
• iperf3 was used and the results were averaged over 30 minutes.

Results