Hi, we're currently using wg as point-to-point transport between thousands of vms. each peer has a separate interface so we can do BGP with bird. this works extremely well. But due to lack of port-reuse, eventually you run out of udp ports. Now i'm thinking of redesigning it with a single wg interface and using wgs native destination selection which is based on allow-list. that means every topology change results in a netlink call to wg to replace all affected peers with a new peer with a new allowed-list. In a quick test i couldn't see any problems with that. But i'm worried that might change with scale. Replacing a peer config might flush its buffer, possibly resulting in packet loss. Or more likely reset its crypto session, resulting in a latency spike until the handshake finished. anyone has more insight into that? -- +4916093821054