Re: WireGuard recipes for OpenEmbedded
Hi Jason, On 2017-04-04 06:28, Jason A. Donenfeld wrote: > Hey Stefan, > > Very cool! Thanks for posting it. Let me know when it gets accepted, > and we can add official instructions for the package on > wireguard.io/install/ . The recipes are now in the OpenEmbedded pyro and master branch. The pyro branch should end up in the next Yocto release soon (Yocto 2.3). As for the "installation instructions", since this is meta distribution people will have to build from source... Not sure what you would like to add there. Adding IMAGE_INSTALL_append = " wireguard-tools" to conf/local.conf and building using "bitbake core-image-minimal" is probably the shortest path to build a complete image with wireguard. -- Stefan ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Installation instructions for Debian
On Sun 2017-05-14 10:44:56 +0200, Baptiste Jonglez wrote: > Note that the previous installation instructions (basically, just "sudo > apt install wireguard-tools wireguard-dkms") were valid for Debian sid. > > The new installation instructions are only valid for Debian jessie and > Debian stretch (admittedly, probably the largest fraction of Debian > users). But I still think you should reflect this in the instructions. > > Debian wheezy is not supported (with its old 3.2 kernel), although it > could be possible to use wireguard with the wheezy-backports kernel > (3.16). I don't think it's worth mentioning it anyway, Wheezy is > old-stable and will soon be old-old-stable. As the debian maintainer for wireguard, I agree with Baptiste on all these points, and on his earlier recommendations. Thanks, Baptiste, for the clear and concise documentation. --dkg signature.asc Description: PGP signature ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: TX counters not updated on wireguard interface
Hey again, I've committed a fix [1] for this which will be out in the next snapshot. I've also added a test [2] for this to the automated test suite on https://build.wireguard.io/ so that if the bug ever resurfaces, it will be caught. Before reading [1], be sure to wear protective eyewear, as your pupils are likely to start bleeding at the sight of horrendous compatibility ifdef hackery. Jason [1] https://git.zx2c4.com/WireGuard/commit/?id=4c294b7ec676105abc3abb3a3dd65a63a3466eb2 [2] https://git.zx2c4.com/WireGuard/commit/?id=5437b87afcfed371b31eff25f15663f3d43ca065 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Performance of Wireguard on Infiniband 40G
Hey Greg, On Sun, May 14, 2017 at 12:48 PM, Greg KH wrote: > 4.9 is 6 months old, I'd be curious if 4.11 is any faster given the rate > of change in the network stack :) I imagine it might be. I think the biggest bottle neck, in any case, is still the poor algorithm in padata. Hopefully we'll get this sorted with the help of Samuel's research this summer! Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Performance of Wireguard on Infiniband 40G
On Sun, May 14, 2017 at 11:55:52AM +0200, Baptiste Jonglez wrote: > On Sun, May 14, 2017 at 12:52:11AM +0200, Jason A. Donenfeld wrote: > > One small and unfortunate thought just occurred to me: the backporting > > to really old kernels I'm pretty sure is way less efficient than newer > > kernels on the RX, due to some missing core fast-path APIs in the old > > kernels. In particular, I had to wrap the UDP layer with some nasty > > hacks to get packets out, whereas newer kernels have an elegant API > > for that which integrates in the right place. Just a thought... I > > haven't actually done concrete measurements though. > > Good idea, I have redone the same setup with kernel 4.9.18 from > jessie-backports. > > TL;DR: when switching from kernel 3.16 to 4.9, wireguard has a 50% > performance gain in the most favourable case (large MTU). Also, iperf > seems generally faster than iperf3, most likely because iperf3 has no > multi-threading. 4.9 is 6 months old, I'd be curious if 4.11 is any faster given the rate of change in the network stack :) thanks, greg k-h ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Performance of Wireguard on Infiniband 40G
On Sun, May 14, 2017 at 12:52:11AM +0200, Jason A. Donenfeld wrote: > One small and unfortunate thought just occurred to me: the backporting > to really old kernels I'm pretty sure is way less efficient than newer > kernels on the RX, due to some missing core fast-path APIs in the old > kernels. In particular, I had to wrap the UDP layer with some nasty > hacks to get packets out, whereas newer kernels have an elegant API > for that which integrates in the right place. Just a thought... I > haven't actually done concrete measurements though. Good idea, I have redone the same setup with kernel 4.9.18 from jessie-backports. TL;DR: when switching from kernel 3.16 to 4.9, wireguard has a 50% performance gain in the most favourable case (large MTU). Also, iperf seems generally faster than iperf3, most likely because iperf3 has no multi-threading. The full results, still over Infiniand 40G, are: - unidirectional iperf[1 thread] with 1420 MTU: 2.1 Gbit/s (instead of 1.6 Gbit/s with kernel 3.16) - bidirectional iperf[1 thread] with 1420 MTU: 780 Mbit/s + 1.0 Gbit/s (instead of 700 Mbit/s + 800 Mbit/s with kernel 3.16) - unidirectional iperf[8 threads] with 65450 MTU: 11.4 Gbit/s (instead of 7.6 Gbit/s with kernel 3.16) Without wireguard, as a baseline: - unidirectional iperf[8 threads] with 65450 MTU: 23.3 Gbit/s (instead of 21.7 Gbit/s with kernel 3.16) So, the new kernel definitely improved performance: by 7% for iperf, and by up to 50% for wireguard + iperf. > > - iperf 2.0.5 > > iperf2 has the -b bidirectional mode which is nice, but it seems like > most people are using iperf3 now. Out of curiosity, is there a reason > for preferring iperf2, beyond the -b switch? As I said, it was just a quick test (to see if it worked fine with Jessie's 3.16 kernel). Iperf was already installed but Iperf3 was not. It turns out that iperf3 is slower in this setup, most likely because iperf is multi-threaded but iperf3 is not. For the baseline test (without wireguard): - iperf[1 thread]: 13.7 Gbit/s - iperf[8 threads]: 23.4 Gbit/s - iperf3[1 stream]: 16.8 Gbit/s - iperf3[8 streams]: 13.6 Gbit/s This was with iperf 2.0.5 and iperf3 3.0.7 (jessie). Just to be sure, with more recent versions (iperf 2.0.9, iperf3 3.1.3): - iperf[1 thread]: 13.6 Gbit/s - iperf[8 threads]: 23.3 Gbit/s - iperf3[1 stream]: 16.8 Gbit/s - iperf3[8 streams]: 13.6 Gbit/s So, the behaviour is the same: iperf is faster than iperf3 thanks to multi-threading. I also tested through wireguard: - unidirectional iperf3[1 stream] with 65450 MTU: 6.47 Gbit/s (instead of 6.42 Gbit/s with iperf[1 thread]) - unidirectional iperf3[8 streams] with 65450 MTU: 10.9 Gbit/s (instead of 11.4 Gbit/s with iperf[8 threads]) > > - Xeon E5520 @2.27GHz (2 CPUs, 4 cores each) > > - Mellanox ConnectX IB 4X QDR MT26428 > > *drools* That's some awesome hardware! Well, it's not my hardware :) But it's not exactly new, it dates back from 2009. signature.asc Description: PGP signature ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Installation instructions for Debian
On Sun, May 14, 2017 at 12:58:37AM +0200, Jason A. Donenfeld wrote: > Hey Baptiste, > > Spectacular, thanks a bunch. I think I had asked about this same thing > a while back, but somehow I got confused in the ensuing mailing list > thread and eventually I forgot about it. So I'm glad you've brought > this back up. I updated the install page with verbatim what you sent. Thanks! Note that the previous installation instructions (basically, just "sudo apt install wireguard-tools wireguard-dkms") were valid for Debian sid. The new installation instructions are only valid for Debian jessie and Debian stretch (admittedly, probably the largest fraction of Debian users). But I still think you should reflect this in the instructions. Debian wheezy is not supported (with its old 3.2 kernel), although it could be possible to use wireguard with the wheezy-backports kernel (3.16). I don't think it's worth mentioning it anyway, Wheezy is old-stable and will soon be old-old-stable. > Jason > > On Sat, May 13, 2017 at 9:05 AM, Baptiste Jonglez > wrote: > > Hi Jason, > > > > Could you update the installation instructions for Debian [1]? > > > > Based on the discussion from a few months ago, and given that Wireguard > > now supports Jessie's 3.16 kernel, these instructions should be added: > > > > For Debian jessie or stretch: > > # echo "deb http://deb.debian.org/debian/ unstable main" > > > /etc/apt/sources.list.d/unstable-wireguard.list > > # cat < /etc/apt/preferences.d/limit-unstable > > Package: * > > Pin: release a=unstable > > Pin-Priority: 200 > > EOF > > # apt update > > # apt install wireguard-dkms wireguard-tools > > > > I have verified that the resulting setup is functional (with 0.0.20170421-2 > > on jessie). > > > > Thanks, > > Baptiste > > > > [1] https://www.wireguard.io/install/ signature.asc Description: PGP signature ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
