From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: jens@viisauksena.de Received: from viisauksena.de (v32412.1blu.de [178.254.39.111]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b8cb9fdc for ; Tue, 26 Jul 2016 19:43:15 +0000 (UTC) Received: from [10.60.12.138] (unknown [185.66.194.30]) by openfreiburg.de (Postfix) with ESMTPSA id 6C79410F23C38 for ; Tue, 26 Jul 2016 21:45:49 +0200 (CEST) To: wireguard@lists.zx2c4.com From: jens Message-ID: <62f0dc7c-4eb4-523a-c548-ee2b2a6ec038@viisauksena.de> Date: Tue, 26 Jul 2016 21:42:41 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------66D1E712E391DEEF34EB5B2B" Subject: [WireGuard] Header / MTU sizes for Wireguard List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , This is a multi-part message in MIME format. --------------66D1E712E391DEEF34EB5B2B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable hi, we are succesfully built an alternative for our tincd backbone with wireguard (and on top l2tpv3/batv15). with iperf we get up to 500Mbs on l2tpv3 level.. (upto 700 on pure wireguard) for optimization we need to know more and better about the used header, the possible data-size per packet-header to increase throuhput with all the other layers. Do you know your headersize, or some more easy details in headersize/packetsize... where does the default mtu of 1423 come from thx jens --=20 make the world nicer, please use PGP encryption=09 --------------66D1E712E391DEEF34EB5B2B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

hi,

we are succesfully built an alternative for our tincd backbone with wireguard (and on top l2tpv3/batv15).

with iperf we get up to 500Mbs on l2tpv3 level.. (upto 700 on pure wireguard)

for optimization we need to know more and better about the used header, the possible data-size per packet-header to increase throuhput with all the other layers.

Do you know your headersize, or some more easy details in headersize/packetsize...

where does the default mtu of 1423 come from

thx jens

-- 
make the world nicer, please use PGP encryption

--------------66D1E712E391DEEF34EB5B2B-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2dfe3ed7 for ; Tue, 26 Jul 2016 23:39:15 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4bba6c07 for ; Tue, 26 Jul 2016 23:39:15 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 5d1f24c8 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Tue, 26 Jul 2016 23:39:15 +0000 (UTC) Received: by mail-lf0-f52.google.com with SMTP id l69so15752833lfg.1 for ; Tue, 26 Jul 2016 16:41:50 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <62f0dc7c-4eb4-523a-c548-ee2b2a6ec038@viisauksena.de> References: <62f0dc7c-4eb4-523a-c548-ee2b2a6ec038@viisauksena.de> From: "Jason A. Donenfeld" Date: Wed, 27 Jul 2016 01:41:48 +0200 Message-ID: To: jens Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list Subject: Re: [WireGuard] Header / MTU sizes for Wireguard List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi Jens, I assume it was you asking in the IRC channel about this same thing before signing out? Sorry I wasn't there when you were; I only just now arrived home. There actually is some optimization potential for you with regards to the MTU. The overhead of WireGuard breaks down as follows: - 20 byte IPv4 header or 40 byte IPv6 header - 8 byte UDP header - 1 byte type - 4 byte key index - 8 byte nonce - N byte encrypted data - 16 byte poly1305 authentication tag So, if you assume 1500 byte ethernet frames, the worst case (IPv6) winds up being 1500-(40+8+1+4+8+16), leaving N=1423 bytes. However, if you know ahead of time that you're going to be using IPv4 exclusively, then you could get away with 1443 bytes. Hope that helps, Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id de3d2a4d for ; Mon, 11 Dec 2017 01:29:01 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id efdbb616 for ; Mon, 11 Dec 2017 01:29:01 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 08aa4284 for ; Mon, 11 Dec 2017 01:29:00 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f04939e3 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Mon, 11 Dec 2017 01:29:00 +0000 (UTC) Received: by mail-ot0-f181.google.com with SMTP id d5so13481045oti.3 for ; Sun, 10 Dec 2017 17:36:29 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: <62f0dc7c-4eb4-523a-c548-ee2b2a6ec038@viisauksena.de> From: "Jason A. Donenfeld" Date: Mon, 11 Dec 2017 02:36:27 +0100 Message-ID: Subject: Re: [WireGuard] Header / MTU sizes for Wireguard To: WireGuard mailing list Content-Type: text/plain; charset="UTF-8" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Many people ask about the packet breakdown of WireGuard, and though this is explained in [1] and [2], many find this ancient mailing list thread, which now contains out of date information. So this email is to bring the thread up to date, for folks who stumble upon it. The overhead of WireGuard breaks down as follows: - 20-byte IPv4 header or 40 byte IPv6 header - 8-byte UDP header - 4-byte type - 4-byte key index - 8-byte nonce - N-byte encrypted data - 16-byte authentication tag So, if you assume 1500 byte ethernet frames, the worst case (IPv6) winds up being 1500-(40+8+4+4+8+16), leaving N=1420 bytes. However, if you know ahead of time that you're going to be using IPv4 exclusively, then you could get away with N=1440 bytes. [1] https://www.wireguard.com/protocol/ [2] https://www.wireguard.com/papers/wireguard.pdf From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.zx2c4.com (lists.zx2c4.com [165.227.139.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 40A36EE4993 for ; Wed, 23 Aug 2023 16:19:58 +0000 (UTC) Received: by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 0eca4422; Wed, 23 Aug 2023 16:07:17 +0000 (UTC) Received: from mail-200166.simplelogin.co (mail-200166.simplelogin.co [176.119.200.166]) by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 428d7590 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Thu, 17 Aug 2023 20:15:13 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=simplelogin.co; s=arc-20230626; t=1692303313; cv=none; b=0rS2CERjL+wM09WY/+fbv7se7i16DkshhJXVgF5V/CKUE9FXhzWYxZa8oV+9HkJTg1wYUxF+6m6Uya7zbywZeGnhZfCu8yZyRmwRZenR1LzKEhM6p4xOaJE/ClN7HnAnURPwaMgxnx4hptHG6fYFaAKm+okHK3/OtSNdBH9GsI73t4OuMG8jbDY45tdhctCTVCkKFfGtegmHWXbJjA9Vx0sTzZldlObUV40wzbb1Dw+7TGnmsgTdq2GrJxnjdRasamR72aPBJx/3QP2lQTntTaXA6H3BmX0XgJY1z/yycGZl3ASsy8N8GZtKqjYQGFErfgGSi8kIx8/SUiobuOXEJQ== ARC-Message-Signature: i=1; a=rsa-sha256; d=simplelogin.co; s=arc-20230626; t=1692303313; c=relaxed/simple; bh=ZmrjpcF94IqYv5MJfqd3+Q2lVNCsOsSHL5J9w64Y0N4=; h=DKIM-Signature:Date:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding:From:To:Message-ID:X-SimpleLogin-Type: X-SimpleLogin-EmailLog-ID:X-SimpleLogin-Want-Signing; b=3L3tyX2CtJm73nWSWYghOk/qA6Ueu8ys1uLUJnnvvBqlASyOxUd+2yYvrsqH3VkL2vZrtlZ9TjfEjlGGmYRVrWr16KZJUavjarjF3h2UE5SYzCAPQcfMnKiAUvvmDnGAOkCpQqex6llccgrAuwkm9Y3qgWxbnjcc11FNa9dafbM0pd2suQkocb+cVYBlcT8vXToml6B8JwsLW8ZiLkMoRItnifCw2mKECUkdMhxnJoglvFSEKii/xXDBzrt1X4Xs8US06B23ZayTv7XsWdC76ST7mLavOY9vTAaqeu47qeBctBbH0Ru21/IJa+A4YvUJv2/QM7XPnRki/2kW3/RwBA== ARC-Authentication-Results: i=1; mail.protonmail.ch DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=simplelogin.com; s=dkim; t=1692303312; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZmrjpcF94IqYv5MJfqd3+Q2lVNCsOsSHL5J9w64Y0N4=; b=f93P2FpkjLSCaiDIZsNu93poWccel9xYU63vytgqNBnxgeZFJ51siSXOsFDPLAjFpcWUZ7 dyivCkWq1LIHD8FFIAdB9NVxUROlniaFdArLjR8zH7Y0Q+9gUwlf+jRKdmmagQAKdR9iOP 1BFFALIe1xmoP1YvTeu+PluWybd0+wY= Date: Thu, 17 Aug 2023 20:14:52 +0000 Subject: Re: [WireGuard] Header / MTU sizes for Wireguard MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: blurt_overkill882@simplelogin.com To: wireguard@lists.zx2c4.com Message-ID: <169230331253.7.2936868369217934671.167170975@simplelogin.com> X-SimpleLogin-Type: Reply X-SimpleLogin-EmailLog-ID: 167170975 X-SimpleLogin-Want-Signing: yes X-Mailman-Approved-At: Wed, 23 Aug 2023 16:07:07 +0000 X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" Hello, I hope this is the right place. I see here[1] that if you're using IPv4 exclusively, you can get away with = an MTU of 1440. If my client only has IPv4 internet, however the server iss= ues an IPv6 address for use by the client, can the client still use 1440 wi= thout fragmentation, or must the client use 1420, because even though their= connection is IPv4, they are issued an IPv6 address within the tunnel? [1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html Thanks in advance! From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.zx2c4.com (lists.zx2c4.com [165.227.139.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E5DBAEE49B3 for ; Wed, 23 Aug 2023 16:20:01 +0000 (UTC) Received: by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 45d67ef2; Wed, 23 Aug 2023 16:15:47 +0000 (UTC) Received: from len.romanrm.net (len.romanrm.net [91.121.86.59]) by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 2c27ad12 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Wed, 23 Aug 2023 16:15:45 +0000 (UTC) Received: from nvm (nvm2.home.romanrm.net [IPv6:fd39::4a:3cff:fe57:d6b5]) by len.romanrm.net (Postfix) with SMTP id 1ED2D40118; Wed, 23 Aug 2023 16:15:45 +0000 (UTC) Date: Wed, 23 Aug 2023 21:15:44 +0500 From: Roman Mamedov To: blurt_overkill882@simplelogin.com Cc: wireguard@lists.zx2c4.com Subject: Re: [WireGuard] Header / MTU sizes for Wireguard Message-ID: <20230823211544.7f3252ec@nvm> In-Reply-To: <169230331253.7.2936868369217934671.167170975@simplelogin.com> References: <169230331253.7.2936868369217934671.167170975@simplelogin.com> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" On Thu, 17 Aug 2023 20:14:52 +0000 blurt_overkill882@simplelogin.com wrote: > I see here[1] that if you're using IPv4 exclusively, you can get away with > an MTU of 1440. If my client only has IPv4 internet, however the server > issues an IPv6 address for use by the client, can the client still use 1440 > without fragmentation, or must the client use 1420, because even though > their connection is IPv4, they are issued an IPv6 address within the tunnel? > > [1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html Yes they can. This is only affected by whether or not WG itself runs over v4/v6, not whether you use v4 or v6 inside WG. Be aware though that some residential Internet connections use MTU-reducing tunnels for ISP authentication. The most popular one would be PPPoE with 8 bytes that you need to substract, but there also can be L2TP or PPTP with larger overheads. -- With respect, Roman From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.zx2c4.com (lists.zx2c4.com [165.227.139.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7242EC6FA8F for ; Thu, 24 Aug 2023 13:23:33 +0000 (UTC) Received: by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 3f59b329; Thu, 24 Aug 2023 13:21:15 +0000 (UTC) Received: from len.romanrm.net (len.romanrm.net [2001:41d0:1:8b3b::1]) by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 40631ede (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Thu, 24 Aug 2023 13:21:13 +0000 (UTC) Received: from nvm (nvm2.home.romanrm.net [IPv6:fd39::4a:3cff:fe57:d6b5]) by len.romanrm.net (Postfix) with SMTP id 353F2401AD; Thu, 24 Aug 2023 13:21:12 +0000 (UTC) Date: Thu, 24 Aug 2023 18:21:11 +0500 From: Roman Mamedov To: Saint Michael Cc: blurt_overkill882@simplelogin.com, wireguard@lists.zx2c4.com Subject: Re: [WireGuard] Header / MTU sizes for Wireguard Message-ID: <20230824182111.4f92fdca@nvm> In-Reply-To: References: <169230331253.7.2936868369217934671.167170975@simplelogin.com> <20230823211544.7f3252ec@nvm> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" On Thu, 24 Aug 2023 08:50:20 -0400 Saint Michael wrote: > This is the Achiles' heel of Wireguard. It reduces the MTU too much. Other > tunneling techniques use a much larger MTU. I use Mikotik routers and one > of the supported tunnels goes up to 1472. Some apps requiere a large MTU. > Why Wireguard requieres so much space, so to speak? Because it uses encryption, and each packet is also cryptographically signed. I believe the other tunnels you have in mind will transfer data in plaintext (unencrypted). -- With respect, Roman