From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,MAILING_LIST_MULTI,MIME_QP_LONG_LINE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66951C3B1BF for ; Fri, 14 Feb 2020 23:42:12 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 168F0222C4 for ; Fri, 14 Feb 2020 23:42:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 168F0222C4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=pallas.us Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: from krantz.zx2c4.com (localhost [IPv6:::1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 8c0b4c94; Fri, 14 Feb 2020 23:40:01 +0000 (UTC) Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6945443e for ; Fri, 14 Feb 2020 23:39:57 +0000 (UTC) Received: from telperion.info (telperion.info [66.160.141.240]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cae57891 for ; Fri, 14 Feb 2020 23:39:57 +0000 (UTC) Received: from [192.168.127.216] (184-23-8-77.dsl.static.fusionbroadband.com [::ffff:184.23.8.77]) (AUTH: LOGIN pallas, TLS: TLS1.3,128bits,ECDHE_RSA_AES_128_GCM_SHA256) by telperion.info with ESMTPSA id 0000000000044094.000000005E47302E.0000686B; Fri, 14 Feb 2020 15:41:33 -0800 From: Derrick Lyndon Pallas Mime-Version: 1.0 (1.0) Subject: Re: CryptoKey Routing Management for Peers Date: Fri, 14 Feb 2020 15:40:33 -0800 Message-Id: <1FB426DC-C314-4DBE-BEF9-2A35D49094C4@pallas.us> References: In-Reply-To: To: Barrett Strausser X-Mailer: iPhone Mail (17D50) Cc: WireGuard mailing list X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3915432865485896128==" Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" --===============3915432865485896128== Content-Type: multipart/alternative; boundary=Apple-Mail-1D2561C2-CC40-4EF3-9097-D8A8B3480A45 Content-Transfer-Encoding: 7bit --Apple-Mail-1D2561C2-CC40-4EF3-9097-D8A8B3480A45 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable You might also want to check out https://pypi.org/project/wgnlpy/ which is a= Wireguard configuration library for python. ~Derrick =E2=80=A2 iPhone > On Feb 14, 2020, at 3:02 AM, Barrett Strausser wro= te: >=20 > =EF=BB=BF > I don't doubt that it can handle 1M peers.=20 >=20 > My question was more concerned with can an Organization perform the config= uration management to handle 1M peers if all configuration is through a stat= ic IP. >=20 > If I have 1M peers and .9999 have no change per day, that still leaves 100= changes or ~4 per hour. I'd argue it is a good practice to have to restart s= ervices to pick up those changes. >=20 > I'll have a look at those links. Thank you very much >=20 > -b >=20 >=20 >=20 >> On Sat, Feb 8, 2020 at 4:29 PM Jason A. Donenfeld wrote= : >> WireGuard has an API, via Netlink. This might help you: >>=20 >> https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library >> https://git.zx2c4.com/wireguard-tools/tree/src/uapi/linux/wireguard.h >>=20 >> It can handle 1M peers, yes. > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard --Apple-Mail-1D2561C2-CC40-4EF3-9097-D8A8B3480A45 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable You might also want to check out https://pypi.org/project/wgnlpy/=  which is a Wireguard configuration library for python.

~Derrick =E2=80=A2 iPhone

On Feb 14, 2020, at 3:02 AM, Barrett Strausser <barrett@b= ossanova.com> wrote:

=
=EF=BB=BF
I don't doubt that it can handle 1= M peers. 

My question was more concerned with can an= Organization perform the configuration management to handle 1M peers= if all configuration is through a static IP.

If I h= ave 1M peers and .9999 have no change per day, that still leaves 100 changes= or ~4 per hour. I'd argue it is a good practice to have to restart services= to pick up those changes.

I'll have a look at thos= e links. Thank you very much

-b



On Sat, Feb 8, 2020 at 4:29 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
WireGuard has an API, via Netlink. Thi= s might help you:

https://git.zx2c4.com/wireguar= d-tools/tree/contrib/embeddable-wg-library
https://git.zx2c4.com/wireguard-t= ools/tree/src/uapi/linux/wireguard.h

It can handle 1M peers, yes.
_______________________________________________
WireGu= ard mailing list
WireGuard@lists.zx2c4.com
h= ttps://lists.zx2c4.com/mailman/listinfo/wireguard
= --Apple-Mail-1D2561C2-CC40-4EF3-9097-D8A8B3480A45-- --===============3915432865485896128== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard --===============3915432865485896128==--