Development discussion of WireGuard
 help / color / mirror / Atom feed
* Wireguard GCP Performance Fix
@ 2019-02-04 14:33 Anton Osmond
  0 siblings, 0 replies; only message in thread
From: Anton Osmond @ 2019-02-04 14:33 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 2145 bytes --]

Hi

I want to share some problems I had in getting wireguard setup and the
solutions I found.
It might be good to have a "common problems & solutions" section in the
wireguard documentation where things like this can be added to help users
in the future.

We decided to try wireguard and compare it to OpenVPN, well aware that
wireguard's still considered alpha/experimental.
Our use case was to have a VPN for access to a kubernetes cluster in a
private network in Google Cloud.

After getting everything setup, I noticed the performance of wireguard was
MUCH slower than a connection to the same cluster over OpenVPN.
To give an example, a request to list the nodes in the cluster over OpenVPN
was taking around half a second or less. The same request over wireguard
was taking between 4 and 6 seconds.
Eventually I tracked down the issue and it turned out to be the MTU on the
wireguard interface.
GCP have a lower default MTU for network interfaces "due to additional
header space required inside Google's network".
The network interface set up on my Mac was using the default (for most
unix-like systems) of 1500.
But the MTU on the network interface on the Google instance was only 1460
which meant the packets being sent from my Mac were too big for the network
interface on the Google instance, resulting in packet splitting and
increased latency. I reduced the MTU on the network interface on my mac and
immediately the latency had gone away and wireguard was probably faster
than OpenVPN.

To be honest, the linux network stack is not something I've really messed
about with in any great detail so most of this is new to me and I learnt a
lot from this old but useful article:
https://www.linuxjournal.com/content/queueing-linux-network-stack.

I couldn't find much documentation on the values that you're able to put
into the wireguard configs (used by wg-quick) so i tried adding MTU in
there and to my surprise it worked!

Hopefully my learnings here can help others and it'd be great to see a
common problems & solutions section in the docs and also improve the docs
around the wg-quick tool and associated configs.

Thanks

Anton

[-- Attachment #1.2: Type: text/html, Size: 2566 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2019-02-17  1:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-04 14:33 Wireguard GCP Performance Fix Anton Osmond

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).