debug.mk for easy testing deployment tricks via
make remote-run, as well as
make test and
make remote-test for local and remote testing in network namespaces. The
contrib/ directory also has various scripts and wrappers for easing testing.
In theory WireGuard should achieve very high performance. There are still a few things to be done for that to happen:
- Support GRO
- Lock free queues
- Core autoscaling
- CPU packet locality
- Integration into qdisc system and/or
Right now, however, WireGuard is completely unoptimized. But, it already has impressive wins over OpenVPN and IPsec.
- Intel Core i7-3820QM and Intel Core i7-5200U
- Intel 82579LM and Intel I218LM gigabit ethernet cards
- Linux 4.6.1
- WireGuard configuration: 256-bit ChaCha20 with Poly1305 for MAC
- IPsec configuration 1: 256-bit ChaCha20 with Poly1305 for MAC
- IPsec configuration 2: AES-256-GCM-128 (with AES-NI)
- OpenVPN configuration: equivalantly secure cipher suite of 256-bit AES with HMAC-SHA2-256, UDP mode
iperf3was used and the results were averaged over 30 minutes.