> On 30 Jan 2023, at 10:23, James Wynn via users > <users@lists.fedoraproject.org> wrote: > > I noticed a massive performance regression for WireGuard in Ubuntu 20.04 & > 22.04, but it also affects Fedora. I don't know since which version. > > Should I report this as a bug or did I mess something up? > > I have fully reproducible steps to demonstrate this issue on a vanilla > DigitalOcean droplet, minimal WireGuard configuration and no firewall rules. > I've also seen this issue on other hosting providers. > > Testing with `iperf3 -c XXX -P 5`: > > - Unencrypted traffic on DigitalOcean's VPC = ~2Gbps > - WireGuard Ubuntu 18.04 = ~1.3Gbps > - WireGuard Fedora 37 = ~400Mbps > > htop reported only 20-30% load on the vCPU core so it isn't CPU-bound. After > doing these tests, I did them all again on a different day to rule out > temporary network congestion. > > Steps to reproduce below. Repeat with each OS version. > > 0. Create a DigitalOcean account. > 1. Create two $6 droplets (eg, LON1 region) with Regular CPU & 1GB RAM each, > called test01 & test02. > 2. `dnf update -y && reboot` > 3. `dnf install -y wireguard-tools iperf3` > > 4. On test01, create `/etc/wireguard/test.conf` with these contents. Replace > `YYY` with the IP address of the eth1 interface (VPC) on test02. > > -------------------- > [Interface] > PrivateKey = wOEa8/RS2v065wgYGQn5k7FqOXuZJ9aC/6NDW569c3g= > Address = 192.168.200.10/24 > ListenPort = 51820 > SaveConfig = false > > [Peer] > PublicKey = wdXOzBptLD/QMZjhG475GErrz95Vpj4S7JPEwzcDMV8= > PresharedKey = j5Oeyhu/qDag2LunpVlFqKycp/9CH+Izjza5aq2cYss= > Endpoint = YYY:51820 > AllowedIPs = 192.168.200.20/32 > -------------------- > > 5. On test02, create `/etc/wireguard/test.conf` with these contents. Replace > `XXX` with the IP address of the eth1 interface (VPC) on test01. > > -------------------- > [Interface] > PrivateKey = kCJ/4rVDTy86HxP9N5wUmgMF1Esqjc051jQPGhrQIGw= > Address = 192.168.200.20/24 > ListenPort = 51820 > SaveConfig = false > > [Peer] > PublicKey = s/GtXkHOtPsqcNDy0BSRoMuxXYb4hK18dsQdkZk20yQ= > PresharedKey = j5Oeyhu/qDag2LunpVlFqKycp/9CH+Izjza5aq2cYss= > Endpoint = XXX:51820 > AllowedIPs = 192.168.200.10/32 > -------------------- > > 6. On both droplets, run `systemctl start wg-quick@test` > 7. On test01, run `iperf3 -s -B XXX`. > 8. On test02, run `iperf3 -c XXX -P 5 -t 30` and observe ~2Gbps. > 9. On test01, run `iperf3 -s -B 192.168.200.10` > 10. On test02, run `iperf3 -c 192.168.200.10 -P 5 -t 30` and observe ~400Mbps. > > In steps 7 and 8, replace XXX with the IP address of the eth1 interface on > test01.
You could raise this on the wireguard mailing list. That is where the maintainers are and expert users. Subscribe here https://lists.zx2c4.com/mailman/listinfo/wireguard Barry > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
