* idle traffic considerations
@ 2019-10-17 10:29 Knuth
2019-11-29 21:18 ` zrm
0 siblings, 1 reply; 4+ messages in thread
From: Knuth @ 2019-10-17 10:29 UTC (permalink / raw)
To: wireguard
Hey,
we are planning to deploy certain devices with an embedded sim cards in
different countries across the globe, for maintenance we need to be able
to connect to the devices with ssh.
Since the sim cards only provide us with a private IPv4 behind NAT
(because apparently IPv6 is still hard...) we need to reverse the
connection process to our control system,
at the moment we consider doing this with wireguard (we are aware of the
"pre" release status), since we had good experiences with it on other
similar setups.
To calculate some rough estimated costs for the mobile connection
traffic volume, i'd love to know if there is a way to calculate the
amount of traffic caused by an idle wireguard connection kept alive
since we would be charged per MByte transferred.
Or do we simply have to setup a few test subjects and monitor it over a
longer time, which in itself could be error prone.
Thanks for your time
Knuth
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: idle traffic considerations
2019-10-17 10:29 idle traffic considerations Knuth
@ 2019-11-29 21:18 ` zrm
2019-11-29 22:32 ` Lonnie Abelbeck
2019-11-30 7:33 ` Roman Mamedov
0 siblings, 2 replies; 4+ messages in thread
From: zrm @ 2019-11-29 21:18 UTC (permalink / raw)
To: wireguard
On 10/17/19 06:29, Knuth wrote:
> Hey,
>
> we are planning to deploy certain devices with an embedded sim cards in
> different countries across the globe, for maintenance we need to be able
> to connect to the devices with ssh.
>
> Since the sim cards only provide us with a private IPv4 behind NAT
> (because apparently IPv6 is still hard...) we need to reverse the
> connection process to our control system,
> at the moment we consider doing this with wireguard (we are aware of the
> "pre" release status), since we had good experiences with it on other
> similar setups.
>
> To calculate some rough estimated costs for the mobile connection
> traffic volume, i'd love to know if there is a way to calculate the
> amount of traffic caused by an idle wireguard connection kept alive
> since we would be charged per MByte transferred.
> Or do we simply have to setup a few test subjects and monitor it over a
> longer time, which in itself could be error prone.
>
>
> Thanks for your time
> Knuth
Ballpark estimate, round a keepalive packet to about a hundred bytes.
You're also going to get a re-keys, call those two hundred bytes. If you
have a keepalive every 30 seconds and a re-key every 120 seconds, that's
around 18KB per hour per peer in each direction.
This scales inversely with the keepalive interval, and if it's longer
than 120 seconds then the idle rekeys happen less often too. How short
you can get away with depends on how long your network provider(s)
continue to track idle UDP flows. RFC4787 Section 4.3 recommends five
minutes and requires at least two minutes here, but you may still want
to test and make sure you don't have a crappy network provider that
violates the RFC.
It's also best to test the results empirically in any event. We can
estimate about how big a keepalive packet is but if you've got a bug
sending them every 60ms instead of every 60s you'll be happy to catch it
before the bill comes in across your entire fleet.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: idle traffic considerations
2019-11-29 21:18 ` zrm
@ 2019-11-29 22:32 ` Lonnie Abelbeck
2019-11-30 7:33 ` Roman Mamedov
1 sibling, 0 replies; 4+ messages in thread
From: Lonnie Abelbeck @ 2019-11-29 22:32 UTC (permalink / raw)
To: zrm; +Cc: WireGuard mailing list
> On Nov 29, 2019, at 3:18 PM, zrm <zrm@trustiosity.com> wrote:
>
> On 10/17/19 06:29, Knuth wrote:
>> Hey,
>> we are planning to deploy certain devices with an embedded sim cards in different countries across the globe, for maintenance we need to be able to connect to the devices with ssh.
>> Since the sim cards only provide us with a private IPv4 behind NAT (because apparently IPv6 is still hard...) we need to reverse the connection process to our control system,
>> at the moment we consider doing this with wireguard (we are aware of the "pre" release status), since we had good experiences with it on other similar setups.
>> To calculate some rough estimated costs for the mobile connection traffic volume, i'd love to know if there is a way to calculate the amount of traffic caused by an idle wireguard connection kept alive since we would be charged per MByte transferred.
>> Or do we simply have to setup a few test subjects and monitor it over a longer time, which in itself could be error prone.
>> Thanks for your time
>> Knuth
>
> Ballpark estimate, round a keepalive packet to about a hundred bytes. You're also going to get a re-keys, call those two hundred bytes. If you have a keepalive every 30 seconds and a re-key every 120 seconds, that's around 18KB per hour per peer in each direction.
I had a similar use case as Knuth described, zrm's estimate is right on target.
Using a Netgear LB1121 as a 4G/LTE Endpoint, native IPv4-only behind NAT to a static IPv4 public server.
## 4G/LTE Endpoint
PersistentKeepalive = 25
## Static Endpoint
PersistentKeepalive = 0
When idle the WireGuard VPN consumes less than 0.5 MB/day of data.
Lonnie
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: idle traffic considerations
2019-11-29 21:18 ` zrm
2019-11-29 22:32 ` Lonnie Abelbeck
@ 2019-11-30 7:33 ` Roman Mamedov
1 sibling, 0 replies; 4+ messages in thread
From: Roman Mamedov @ 2019-11-30 7:33 UTC (permalink / raw)
To: zrm; +Cc: wireguard
On Fri, 29 Nov 2019 16:18:52 -0500
zrm <zrm@trustiosity.com> wrote:
> Ballpark estimate, round a keepalive packet to about a hundred bytes.
> You're also going to get a re-keys, call those two hundred bytes. If you
> have a keepalive every 30 seconds and a re-key every 120 seconds, that's
> around 18KB per hour per peer in each direction.
And read the small-print of mobile carrier plans, at least in our country[1]
they love so much to tally-up the user transferred data every hour, while also
rounding that up to nearest 250 KB, or even 1 MB. So even in the above
scenario they would bill for at least 250 KB/hour.
[1] http://tyumen.megafon.ru/tariffs/all/megafon-online.html
--
With respect,
Roman
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-30 7:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-17 10:29 idle traffic considerations Knuth
2019-11-29 21:18 ` zrm
2019-11-29 22:32 ` Lonnie Abelbeck
2019-11-30 7:33 ` Roman Mamedov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).