debug.mk for easy testing deployment tricks via
make remote-run, as well as
make test and
make remote-test for local and remote testing in network namespaces. The
contrib/ directory also has various scripts and wrappers for easing testing.
In theory WireGuard should achieve very high performance. There are still a few things to be done for that to happen:
- Support GRO
- Lock free queues
- Core autoscaling
- CPU packet locality
- Integration into qdisc system and/or
These benchmarks are old, crusty, and not super well conducted. In the intervening time, WireGuard and IPsec have both gotten faster, with WireGuard stil edging out IPsec in some cases due to its multi-threading, while OpenVPN remains extremely slow. It is a work in progress to replace the below benchmarks with newer data.
- Intel Core i7-3820QM and Intel Core i7-5200U
- Intel 82579LM and Intel I218LM gigabit ethernet cards
- Linux 4.6.1
- WireGuard configuration: 256-bit ChaCha20 with Poly1305 for MAC
- IPsec configuration 1: 256-bit ChaCha20 with Poly1305 for MAC
- IPsec configuration 2: AES-256-GCM-128 (with AES-NI)
- OpenVPN configuration: equivalently secure cipher suite of 256-bit AES with HMAC-SHA2-256, UDP mode
iperf3was used and the results were averaged over 30 minutes.