3.7K keys times 15 domains every 25 seconds
=> 2220 useless handshakes per second, that are destined to fail
The handshakes are not really a problem, but for them we need to call a rather expensive curve-pubkey function.
If we need keepalives, we should have them on the router side.
If we need them from this side, we should dynamically set them for connected peers.
To keep it simple I'd suggest we try it without serverside handshakes first.
To stick with the numbers:
With 3.7K keys on SN09 it hammers itself to a load of 20, where it stays, due to proper scheduling;
Without these handshakes the server sat at a load of 0.44 after a few minutes.
3.7K keys times 15 domains every 25 seconds => 2220 useless handshakes per second, that are destined to fail
The handshakes are not really a problem, but for them we need to call a rather expensive curve-pubkey function.
If we need keepalives, we should have them on the router side. If we need them from this side, we should dynamically set them for connected peers.
To keep it simple I'd suggest we try it without serverside handshakes first.
To stick with the numbers: With 3.7K keys on SN09 it hammers itself to a load of 20, where it stays, due to proper scheduling; Without these handshakes the server sat at a load of 0.44 after a few minutes.