search

cloudflare / boringtun

Userspace WireGuard® Implementation in Rust
BSD 3-Clause "New" or "Revised" License
5.93k stars 397 forks source link

Add benchmarks comparing boringtun with wireguard-go and official kernel-space impl #102

Open onevelik opened 4 years ago

onevelik commented 4 years ago

It would be great if you could add some performance stats for boringtun. I would be also interested in comparison with the kernel-space implementation and wireguard-go.

vkrasnov commented 4 years ago

I would love to see benchmarks myself :)

AmirAliSobhGol commented 4 years ago

Here is my own benchmark result: two g10 servers with 10G interface. Peer A Server: Ubuntu 18.04.2 CPU: Intel(R) Xeon(R) Gold 6238 CPU @ 2.10GHz RAM: 512 GB wg0.conf

[Interface]
PrivateKey = <key>
Address = 10.0.0.2/32

[Peer]
PublicKey = <key>
Endpoint = 10.10.0.2:51820
AllowedIPs = 10.0.0.0/24

Peer B Server: Ubuntu 16.04.6 CPU: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz RAM: 384 GB wg0.conf

[Interface]
Address = 10.0.0.1/32
ListenPort = 51820
PrivateKey = <key>

[Peer]
PublicKey = <key>
AllowedIPs = 10.0.0.0/24

BoringTun:

iperf -c 10.0.0.1 -t 300 -P 8
------------------------------------------------------------
Client connecting to 10.0.0.1, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[ 10] local 10.0.0.2 port 48990 connected with 10.0.0.1 port 5001
[  8] local 10.0.0.2 port 48984 connected with 10.0.0.1 port 5001
[  6] local 10.0.0.2 port 48980 connected with 10.0.0.1 port 5001
[  9] local 10.0.0.2 port 48988 connected with 10.0.0.1 port 5001
[  5] local 10.0.0.2 port 48986 connected with 10.0.0.1 port 5001
[  3] local 10.0.0.2 port 48976 connected with 10.0.0.1 port 5001
[  7] local 10.0.0.2 port 48982 connected with 10.0.0.1 port 5001
[  4] local 10.0.0.2 port 48978 connected with 10.0.0.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[ 10]  0.0-300.0 sec  11.7 GBytes   336 Mbits/sec
[  6]  0.0-300.0 sec  11.8 GBytes   339 Mbits/sec
[  5]  0.0-300.0 sec  11.5 GBytes   329 Mbits/sec
[  3]  0.0-300.0 sec  12.0 GBytes   343 Mbits/sec
[  8]  0.0-300.0 sec  11.5 GBytes   330 Mbits/sec
[  9]  0.0-300.0 sec  11.8 GBytes   337 Mbits/sec
[  7]  0.0-300.0 sec  11.7 GBytes   335 Mbits/sec
[  4]  0.0-300.0 sec  11.9 GBytes   340 Mbits/sec
[SUM]  0.0-300.0 sec  93.9 GBytes  2.69 Gbits/sec

Wireguard kernel:

iperf -c 10.0.0.1 -t 300 -P 8
------------------------------------------------------------
Client connecting to 10.0.0.1, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[  9] local 10.0.0.2 port 49054 connected with 10.0.0.1 port 5001
[  8] local 10.0.0.2 port 49048 connected with 10.0.0.1 port 5001
[  7] local 10.0.0.2 port 49050 connected with 10.0.0.1 port 5001
[  4] local 10.0.0.2 port 49046 connected with 10.0.0.1 port 5001
[  3] local 10.0.0.2 port 49040 connected with 10.0.0.1 port 5001
[  6] local 10.0.0.2 port 49044 connected with 10.0.0.1 port 5001
[  5] local 10.0.0.2 port 49042 connected with 10.0.0.1 port 5001
[ 10] local 10.0.0.2 port 49052 connected with 10.0.0.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  9]  0.0-300.0 sec  12.5 GBytes   357 Mbits/sec
[  7]  0.0-300.0 sec  12.6 GBytes   361 Mbits/sec
[  3]  0.0-300.0 sec  12.2 GBytes   351 Mbits/sec
[  6]  0.0-300.0 sec  12.2 GBytes   350 Mbits/sec
[  5]  0.0-300.0 sec  12.2 GBytes   351 Mbits/sec
[ 10]  0.0-300.0 sec  12.1 GBytes   347 Mbits/sec
[  8]  0.0-300.0 sec  12.2 GBytes   350 Mbits/sec
[  4]  0.0-300.0 sec  12.0 GBytes   342 Mbits/sec
[SUM]  0.0-300.0 sec  98.1 GBytes  2.81 Gbits/sec
vkrasnov commented 4 years ago

@AmirAliSobhGol thank you very much, in your benchmark both peers run WireGuard and then both peers run BoringTun?

AmirAliSobhGol commented 4 years ago

@vkrasnov Peer B (10.0.0.1) is wireguard in both scenario. only Peer A changes to boringtun implementation

indeyets commented 1 year ago

Tailscale improved wireguard-go throughput (on linux) by the factor of 2 https://tailscale.com/blog/throughput-improvements/

https://github.com/WireGuard/wireguard-go/pull/64

bompus commented 1 year ago

Tailscale has now improved performance even further. It would be nice to have some official performance comparisons.

RE: https://tailscale.com/blog/more-throughput/

PinkD commented 10 months ago

I use wgbench to benchmark linux kernel wireguard and wireguard-go and boringtun.

I modified the following line in the script to support wg-go and boringtun:

ip netns exec wgbench$i ip link add wgbench$i type wireguard
# ip netns exec wgbench$i wireguard-go wgbench$i
# ip netns exec wgbench$i boringtun-cli --disable-drop-privileges wgbench$i

But the result is really strange. Here's the result:

linux: image

wireguard-go: image

boringtun: image

Here is my server spec: image

Does anyone know why?

PinkD commented 10 months ago

I try to use -t 32 to change the thread number but the result is still the same.

Noah-Kennedy commented 10 months ago

@PinkD I'll try and repro when I get home.