Archivio Istituzionale della RicercaDespite widespread adoption, the WireGuard tunneling mechanism available in the Linux kernel is unable to provide high-speed connectivity in a site-to-site setup when leveraging a standard single-tunnel configuration. In fact, its capability to scale with the number of available CPU cores is limited, even in the presence of a software architecture that is intrinsically parallel.This paper proposes multiple techniques to increase the throughput of the WireGuard technology. We show how greater control over the scheduling of WireGuard tasks enables performance optimizations such as NUMA awareness, in both single- and multi-tunnel setups. Finally, we further improve the scalability when leveraging multiple tunnels by proposing a custom Inline architecture tailored to this configuration. This architecture shows an almost 2x performance improvement over a multi-tunnel deployment of vanilla WireGuard, and supports 18x times the throughput of a single tunnel setup on our machines.
Revisiting WireGuard for Line-rate, Scalable Tunneling / Barone, M.; Miola, D.; Parola, F.; Risso, F.. - ELETTRONICO. - (2025), pp. 1-6. (Intervento presentato al convegno 26th IEEE International Conference on High Performance Switching and Routing, HPSR 2025 tenutosi a Suita, Osaka (JPN) nel 20-22 May 2025) [10.1109/HPSR64165.2025.11038910].
Revisiting WireGuard for Line-rate, Scalable Tunneling
Barone, M.;Miola, D.;Parola, F.;Risso, F.
2025
Abstract
Despite widespread adoption, the WireGuard tunneling mechanism available in the Linux kernel is unable to provide high-speed connectivity in a site-to-site setup when leveraging a standard single-tunnel configuration. In fact, its capability to scale with the number of available CPU cores is limited, even in the presence of a software architecture that is intrinsically parallel.This paper proposes multiple techniques to increase the throughput of the WireGuard technology. We show how greater control over the scheduling of WireGuard tasks enables performance optimizations such as NUMA awareness, in both single- and multi-tunnel setups. Finally, we further improve the scalability when leveraging multiple tunnels by proposing a custom Inline architecture tailored to this configuration. This architecture shows an almost 2x performance improvement over a multi-tunnel deployment of vanilla WireGuard, and supports 18x times the throughput of a single tunnel setup on our machines.
| File | Dimensione | Formato | |
|---|---|---|---|
|
a44-barone final.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
510.64 kB
Formato
Adobe PDF
|
510.64 kB | Adobe PDF | Visualizza/Apri |
|
Revisiting_WireGuard_for_Line-rate_Scalable_Tunneling.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
533.15 kB
Formato
Adobe PDF
|
533.15 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3002749