Archivio Istituzionale della RicercaDespite widespread adoption, the WireGuard tunneling mechanism available in the Linux kernel is unable to provide high-speed connectivity in a site-to-site setup when routing through a standard single-tunnel configuration. In fact, its capability to scale with the number of available CPU cores is limited, even in the presence of a software architecture that is intrinsically parallel. In this paper we investigate the multi-core scalability properties of WireGuard, identifying current limitations and proposing an improved design that aids effective scaling, reaching a near-linear throughput increase depending on the number of involved CPU cores. Furthermore, we propose a multi-tunnel approach to parallelize stages of the WireGuard pipeline limited to a single core per tunnel and propose a modified architecture tailored to multi-tunnel support. This architecture shows an almost 2x performance improvement over a multi-tunnel deployment of vanilla WireGuard, and supports 18x times the throughput of a single tunnel setup on our machines.
Achieving Linear CPU Scaling in WireGuard with an Efficient Multi-tunnel Architecture / Barone, Mirco; Miola, Davide; Parola, Federico; Risso, Fulvio. - ELETTRONICO. - (2024). (Intervento presentato al convegno Netdev 0x18, THE Technical Conference on Linux Networking tenutosi a Santa Clara, California (USA) nel July 15th-19th 2024).
Achieving Linear CPU Scaling in WireGuard with an Efficient Multi-tunnel Architecture
Barone, Mirco;Miola, Davide;Parola, Federico;RIsso, Fulvio
2024
Abstract
Despite widespread adoption, the WireGuard tunneling mechanism available in the Linux kernel is unable to provide high-speed connectivity in a site-to-site setup when routing through a standard single-tunnel configuration. In fact, its capability to scale with the number of available CPU cores is limited, even in the presence of a software architecture that is intrinsically parallel. In this paper we investigate the multi-core scalability properties of WireGuard, identifying current limitations and proposing an improved design that aids effective scaling, reaching a near-linear throughput increase depending on the number of involved CPU cores. Furthermore, we propose a multi-tunnel approach to parallelize stages of the WireGuard pipeline limited to a single core per tunnel and propose a modified architecture tailored to multi-tunnel support. This architecture shows an almost 2x performance improvement over a multi-tunnel deployment of vanilla WireGuard, and supports 18x times the throughput of a single tunnel setup on our machines.
| File | Dimensione | Formato | |
|---|---|---|---|
|
netdev-0x18-paper23-talk-paper.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
426.66 kB
Formato
Adobe PDF
|
426.66 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2992127