From: zrm <zrm@trustiosity.com>
To: wireguard@lists.zx2c4.com
Subject: Re: idle traffic considerations
Date: Fri, 29 Nov 2019 16:18:52 -0500 [thread overview]
Message-ID: <86ffb110-50f2-de38-ec25-698b0232b09b@trustiosity.com> (raw)
In-Reply-To: <48f2826293c5cf93d123d8789b6afc15@ethergeist.de>
On 10/17/19 06:29, Knuth wrote:
> Hey,
>
> we are planning to deploy certain devices with an embedded sim cards in
> different countries across the globe, for maintenance we need to be able
> to connect to the devices with ssh.
>
> Since the sim cards only provide us with a private IPv4 behind NAT
> (because apparently IPv6 is still hard...) we need to reverse the
> connection process to our control system,
> at the moment we consider doing this with wireguard (we are aware of the
> "pre" release status), since we had good experiences with it on other
> similar setups.
>
> To calculate some rough estimated costs for the mobile connection
> traffic volume, i'd love to know if there is a way to calculate the
> amount of traffic caused by an idle wireguard connection kept alive
> since we would be charged per MByte transferred.
> Or do we simply have to setup a few test subjects and monitor it over a
> longer time, which in itself could be error prone.
>
>
> Thanks for your time
> Knuth
Ballpark estimate, round a keepalive packet to about a hundred bytes.
You're also going to get a re-keys, call those two hundred bytes. If you
have a keepalive every 30 seconds and a re-key every 120 seconds, that's
around 18KB per hour per peer in each direction.
This scales inversely with the keepalive interval, and if it's longer
than 120 seconds then the idle rekeys happen less often too. How short
you can get away with depends on how long your network provider(s)
continue to track idle UDP flows. RFC4787 Section 4.3 recommends five
minutes and requires at least two minutes here, but you may still want
to test and make sure you don't have a crappy network provider that
violates the RFC.
It's also best to test the results empirically in any event. We can
estimate about how big a keepalive packet is but if you've got a bug
sending them every 60ms instead of every 60s you'll be happy to catch it
before the bill comes in across your entire fleet.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-11-29 21:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-17 10:29 idle traffic considerations Knuth
2019-11-29 21:18 ` zrm [this message]
2019-11-29 22:32 ` Lonnie Abelbeck
2019-11-30 7:33 ` Roman Mamedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86ffb110-50f2-de38-ec25-698b0232b09b@trustiosity.com \
--to=zrm@trustiosity.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).