* will frequently changing allowed-list result in latency spikes?
@ 2022-04-20 8:05 Arvid Picciani
0 siblings, 0 replies; only message in thread
From: Arvid Picciani @ 2022-04-20 8:05 UTC (permalink / raw)
To: WireGuard mailing list
Hi,
we're currently using wg as point-to-point transport between thousands of vms.
each peer has a separate interface so we can do BGP with bird.
this works extremely well. But due to lack of port-reuse, eventually
you run out of udp ports.
Now i'm thinking of redesigning it with a single wg interface and
using wgs native destination selection which is based on allow-list.
that means every topology change results in a netlink call to wg to
replace all affected peers with a new peer with a new allowed-list.
In a quick test i couldn't see any problems with that. But i'm
worried that might change with scale. Replacing a peer config might
flush its buffer, possibly resulting in packet loss. Or more likely
reset its crypto session, resulting in a latency spike until the
handshake finished.
anyone has more insight into that?
--
+4916093821054
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-04-20 8:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-20 8:05 will frequently changing allowed-list result in latency spikes? Arvid Picciani
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.