Development discussion of WireGuard
 help / color / mirror / Atom feed
* performance: multiple clients on one interface?
@ 2021-10-05  8:39 uxDWzco-wg
  2021-10-08 14:55 ` Aaron Jones
  0 siblings, 1 reply; 2+ messages in thread
From: uxDWzco-wg @ 2021-10-05  8:39 UTC (permalink / raw)
  To: wireguard

hi,

after have various tests run with 1:1 connections we want to expand it
to multiple connects to one system (linux-based).

due the limitations at least in linux wireguard-IFs can't be part of a
bridge-IF, but if we handle all connections with only one
wireguard-interface, we have to use a single udp-port for all connections...

using same port for all connections means, that for receiving encrypted
packets every configured key must be tried, until the right one is
found, or is this wrong?

so: how many connections are reasonable for a single device, without
running in to trouble due to the time trying all the keys?

or is there some internal optimization after have found a match by
filtering possible keys by src-addr/port, so the complete search is only
done at first connection-try?

it would be very helpful, to get some information on it here.

regards

j.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: performance: multiple clients on one interface?
  2021-10-05  8:39 performance: multiple clients on one interface? uxDWzco-wg
@ 2021-10-08 14:55 ` Aaron Jones
  0 siblings, 0 replies; 2+ messages in thread
From: Aaron Jones @ 2021-10-08 14:55 UTC (permalink / raw)
  To: wireguard; +Cc: uxDWzco-wg


[-- Attachment #1.1: Type: text/plain, Size: 711 bytes --]

On 05/10/2021 08:39, uxDWzco-wg@moenia.de wrote:
> using same port for all connections means, that for receiving encrypted
> packets every configured key must be tried, until the right one is
> found, or is this wrong?

Incorrect. The handshake establishes sender and receiver indexes; these
are reproduced in data packets so that the receiver does one hash table
lookup to determine the decryption key.

This is documented on https://www.wireguard.com/protocol/

> so: how many connections are reasonable for a single device, without
> running in to trouble due to the time trying all the keys?

Up to 1,048,576 peers per interface are supported, limited only by
bandwidth and kernel memory.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-10-08 14:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05  8:39 performance: multiple clients on one interface? uxDWzco-wg
2021-10-08 14:55 ` Aaron Jones

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).