boringtun icon indicating copy to clipboard operation
boringtun copied to clipboard
verified publisher icon cloudflare

Add benchmarks comparing boringtun with wireguard-go and official kernel-space impl

Open onevelik opened this issue 6 years ago • 10 comments

It would be great if you could add some performance stats for boringtun. I would be also interested in comparison with the kernel-space implementation and wireguard-go.

onevelik avatar Sep 10 '19 17:09 onevelik

I would love to see benchmarks myself :)

vkrasnov avatar Sep 19 '19 23:09 vkrasnov

Here is my own benchmark result: two g10 servers with 10G interface. Peer A Server: Ubuntu 18.04.2 CPU: Intel(R) Xeon(R) Gold 6238 CPU @ 2.10GHz RAM: 512 GB wg0.conf

[Interface]
PrivateKey = <key>
Address = 10.0.0.2/32

[Peer]
PublicKey = <key>
Endpoint = 10.10.0.2:51820
AllowedIPs = 10.0.0.0/24

Peer B Server: Ubuntu 16.04.6 CPU: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz RAM: 384 GB wg0.conf

[Interface]
Address = 10.0.0.1/32
ListenPort = 51820
PrivateKey = <key>

[Peer]
PublicKey = <key>
AllowedIPs = 10.0.0.0/24

BoringTun:

iperf -c 10.0.0.1 -t 300 -P 8
------------------------------------------------------------
Client connecting to 10.0.0.1, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[ 10] local 10.0.0.2 port 48990 connected with 10.0.0.1 port 5001
[  8] local 10.0.0.2 port 48984 connected with 10.0.0.1 port 5001
[  6] local 10.0.0.2 port 48980 connected with 10.0.0.1 port 5001
[  9] local 10.0.0.2 port 48988 connected with 10.0.0.1 port 5001
[  5] local 10.0.0.2 port 48986 connected with 10.0.0.1 port 5001
[  3] local 10.0.0.2 port 48976 connected with 10.0.0.1 port 5001
[  7] local 10.0.0.2 port 48982 connected with 10.0.0.1 port 5001
[  4] local 10.0.0.2 port 48978 connected with 10.0.0.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[ 10]  0.0-300.0 sec  11.7 GBytes   336 Mbits/sec
[  6]  0.0-300.0 sec  11.8 GBytes   339 Mbits/sec
[  5]  0.0-300.0 sec  11.5 GBytes   329 Mbits/sec
[  3]  0.0-300.0 sec  12.0 GBytes   343 Mbits/sec
[  8]  0.0-300.0 sec  11.5 GBytes   330 Mbits/sec
[  9]  0.0-300.0 sec  11.8 GBytes   337 Mbits/sec
[  7]  0.0-300.0 sec  11.7 GBytes   335 Mbits/sec
[  4]  0.0-300.0 sec  11.9 GBytes   340 Mbits/sec
[SUM]  0.0-300.0 sec  93.9 GBytes  2.69 Gbits/sec

Wireguard kernel:

iperf -c 10.0.0.1 -t 300 -P 8
------------------------------------------------------------
Client connecting to 10.0.0.1, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[  9] local 10.0.0.2 port 49054 connected with 10.0.0.1 port 5001
[  8] local 10.0.0.2 port 49048 connected with 10.0.0.1 port 5001
[  7] local 10.0.0.2 port 49050 connected with 10.0.0.1 port 5001
[  4] local 10.0.0.2 port 49046 connected with 10.0.0.1 port 5001
[  3] local 10.0.0.2 port 49040 connected with 10.0.0.1 port 5001
[  6] local 10.0.0.2 port 49044 connected with 10.0.0.1 port 5001
[  5] local 10.0.0.2 port 49042 connected with 10.0.0.1 port 5001
[ 10] local 10.0.0.2 port 49052 connected with 10.0.0.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  9]  0.0-300.0 sec  12.5 GBytes   357 Mbits/sec
[  7]  0.0-300.0 sec  12.6 GBytes   361 Mbits/sec
[  3]  0.0-300.0 sec  12.2 GBytes   351 Mbits/sec
[  6]  0.0-300.0 sec  12.2 GBytes   350 Mbits/sec
[  5]  0.0-300.0 sec  12.2 GBytes   351 Mbits/sec
[ 10]  0.0-300.0 sec  12.1 GBytes   347 Mbits/sec
[  8]  0.0-300.0 sec  12.2 GBytes   350 Mbits/sec
[  4]  0.0-300.0 sec  12.0 GBytes   342 Mbits/sec
[SUM]  0.0-300.0 sec  98.1 GBytes  2.81 Gbits/sec

AmirAliSobhGol avatar Apr 07 '20 15:04 AmirAliSobhGol

@AmirAliSobhGol thank you very much, in your benchmark both peers run WireGuard and then both peers run BoringTun?

vkrasnov avatar Apr 09 '20 12:04 vkrasnov

@vkrasnov Peer B (10.0.0.1) is wireguard in both scenario. only Peer A changes to boringtun implementation

AmirAliSobhGol avatar Apr 09 '20 12:04 AmirAliSobhGol

Tailscale improved wireguard-go throughput (on linux) by the factor of 2 https://tailscale.com/blog/throughput-improvements/

https://github.com/WireGuard/wireguard-go/pull/64

indeyets avatar Dec 13 '22 18:12 indeyets

Tailscale has now improved performance even further. It would be nice to have some official performance comparisons.

RE: https://tailscale.com/blog/more-throughput/

bompus avatar Apr 13 '23 19:04 bompus

I use wgbench to benchmark linux kernel wireguard and wireguard-go and boringtun.

I modified the following line in the script to support wg-go and boringtun:

ip netns exec wgbench$i ip link add wgbench$i type wireguard
# ip netns exec wgbench$i wireguard-go wgbench$i
# ip netns exec wgbench$i boringtun-cli --disable-drop-privileges wgbench$i

But the result is really strange. Here's the result:

linux: image

wireguard-go: image

boringtun: image

Here is my server spec: image

Does anyone know why?

PinkD avatar Aug 17 '23 17:08 PinkD

I try to use -t 32 to change the thread number but the result is still the same.

PinkD avatar Aug 17 '23 17:08 PinkD

@PinkD I'll try and repro when I get home.

Noah-Kennedy avatar Aug 17 '23 20:08 Noah-Kennedy