From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: phil@p1sec.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2c3c1524 for ; Mon, 19 Feb 2018 22:22:41 +0000 (UTC) Received: from mail-qk0-f171.google.com (mail-qk0-f171.google.com [209.85.220.171]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5484ff21 for ; Mon, 19 Feb 2018 22:22:41 +0000 (UTC) Received: by mail-qk0-f171.google.com with SMTP id v124so2798273qkh.11 for ; Mon, 19 Feb 2018 14:30:13 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: <28272814.1271279.1519071494156.JavaMail.zimbra@jave.fr> From: Philippe Langlois Date: Mon, 19 Feb 2018 23:29:42 +0100 Message-ID: Subject: Re: Alternative to UDP To: Steve Gilberd Content-Type: multipart/alternative; boundary="001a11473db0ce75130565983c33" Cc: wireguard@lists.zx2c4.com List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a11473db0ce75130565983c33 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Dear Eric, I strongly second Steve's opinion here: if you want this, make it option-defined, and definitely not the default option. The case study to look at is SCTP: https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol While an interesting and useful protocol, SCTP adoption and support is severely limited by the fact that it is an IP protocol on its own: SCTP gets dropped in 90% of implementations doing IP packet header operations (NAT, PCEF, Firewalls, 6to4 ...) Hope this helps, Best regards, Philippe Langlois. -- http://www.P1security.com Priority One Security This transmission is intended only for the use of the addressee and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately. On Mon, Feb 19, 2018 at 11:15 PM, Steve Gilberd wrote: > Hi, > > This feels like a bad idea to me - switching to a dedicated protocol woul= d > remove a small amount of overhead, but comes with a lot of downsides, whi= ch > in my opinion outweighs the minor benefit of removing some of the overhea= d. > > I have a strong preference for the continued use of UDP, because a large > amount of consumer networking gear can't handle destination NAT for > anything that isn't UDP or TCP. And even wth gear that can, using a > separate IP protocol would limit clients relying on destination NAT to on= e > client machine per public IP. > > Cheers, > Steve > > > On Tue, 20 Feb 2018, 09:20 Eric Dillmann, wrote: > >> Hi, >> >> Today i discovered that OVH is limiting UDP rate to 6Mbit/s, i did a tes= t >> by encapsulating wireguard in an ip/ip tunnel >> and got 90Mbit/S. >> >> Is there a way to make wireguard evolve to use it's own protocol number. >> >> That would prevent the overhead of wireguard over ipip/gre/vxlan ... >> >> Thanks, >> Regards, >> Eric >> _______________________________________________ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard >> > -- > > Cheers, > > *Steve Gilberd* > Erayd LTD *=C2=B7* Consultant > *Phone: +64 4 974-4229 <+64%204-974%204229> **=C2=B7** Mob: +64 27 565-32= 37 > <+64%2027%20565%203237>* > *PO Box 10019 The Terrace, Wellington 6143, NZ* > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > > --001a11473db0ce75130565983c33 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Eric,

I strongly second Steve'= s opinion here: if you want this, make it option-defined, and definitely no= t the default option.=C2=A0
The case study to look at is SCTP:

While an i= nteresting and useful protocol, SCTP adoption and support is severely limit= ed by the fact that it is an IP protocol on its own:=C2=A0
SCTP g= ets dropped in 90% of implementations doing IP packet header operations (NA= T, PCEF, Firewalls, 6to4 ...)

Hope this helps,
Best regards,
<= div>Philippe Langlois.
--
http://www.P1security.com
Priority One Security<= br>

This transmission is intended only for the use of the addressee = and may contain information that is privileged, confidential and exempt fro= m disclosure under applicable law. If you are not the intended recipient, y= ou are hereby notified that any dissemination, distribution or copying of t= his communication is strictly prohibited.
If you have received this com= munication in error, please notify us immediately.

On Mon, Feb 19, 2018 at 11:15 PM, Steve Gilb= erd <steve@erayd.net> wrote:
Hi,

This feels like a bad= idea to me - switching to a dedicated protocol would remove a small amount= of overhead, but comes with a lot of downsides, which in my opinion outwei= ghs the minor benefit of removing some of the overhead.

I have a strong preference for the continued use of UDP, because a large a= mount of consumer networking gear can't handle destination NAT for anyt= hing that isn't UDP or TCP. And even wth gear that can, using a separat= e IP protocol would limit clients relying on destination NAT to one client = machine per public IP.

Cheers,
Steve


=
On Tue, 20 Feb 2018, 09:20 Eric Dillmann, <lists@jave.fr> wrote:
Hi,

Today i discovered that OVH is limiting UDP rate to 6Mbit/s, i did a test b= y encapsulating wireguard in an ip/ip tunnel
and got 90Mbit/S.

Is there a way to make wireguard evolve to use it's own protocol number= .

That would prevent the overhead of wireguard over ipip/gre/vxlan ...

Thanks,
Regards,
Eric
_______________________________________________
WireGuard mailing list
WireGuard@li= sts.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wire= guard
--

Cheers,

Steve Gilberd
Erayd LTD=C2=A0= =C2=B7=C2=A0Consultant
Phone: +64 4 974-4229=C2=A0=C2=B7= =C2=A0Mob: +64 27 565-3237
PO Box 10019 The Terrace, Wellington 6143, NZ


_______________________________________________
WireGuard mailing list
WireGuard@li= sts.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wire= guard


--001a11473db0ce75130565983c33--