WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: Lonnie Abelbeck <lists@lonnie.abelbeck.com>
To: zrm <zrm@trustiosity.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: idle traffic considerations
Date: Fri, 29 Nov 2019 16:32:48 -0600
Message-ID: <81C63072-2522-4B64-87A6-ACEAEFF6519D@lonnie.abelbeck.com> (raw)
In-Reply-To: <86ffb110-50f2-de38-ec25-698b0232b09b@trustiosity.com>

> On Nov 29, 2019, at 3:18 PM, zrm <zrm@trustiosity.com> wrote:
> On 10/17/19 06:29, Knuth wrote:
>> Hey,
>> we are planning to deploy certain devices with an embedded sim cards in different countries across the globe, for maintenance we need to be able to connect to the devices with ssh.
>> Since the sim cards only provide us with a private IPv4 behind NAT (because apparently IPv6 is still hard...) we need to reverse the connection process to our control system,
>> at the moment we consider doing this with wireguard (we are aware of the "pre" release status), since we had good experiences with it on other similar setups.
>> To calculate some rough estimated costs for the mobile connection traffic volume, i'd love to know if there is a way to calculate the amount of traffic caused by an idle wireguard connection kept alive since we would be charged per MByte transferred.
>> Or do we simply have to setup a few test subjects and monitor it over a longer time, which in itself could be error prone.
>> Thanks for your time
>> Knuth
> Ballpark estimate, round a keepalive packet to about a hundred bytes. You're also going to get a re-keys, call those two hundred bytes. If you have a keepalive every 30 seconds and a re-key every 120 seconds, that's around 18KB per hour per peer in each direction.

I had a similar use case as Knuth described, zrm's estimate is right on target.

Using a Netgear LB1121 as a 4G/LTE Endpoint, native IPv4-only behind NAT to a static IPv4 public server.

## 4G/LTE Endpoint
PersistentKeepalive = 25

## Static Endpoint
PersistentKeepalive = 0

When idle the WireGuard VPN consumes less than 0.5 MB/day of data.


WireGuard mailing list

  reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-17 10:29 Knuth
2019-11-29 21:18 ` zrm
2019-11-29 22:32   ` Lonnie Abelbeck [this message]
2019-11-30  7:33   ` Roman Mamedov

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=81C63072-2522-4B64-87A6-ACEAEFF6519D@lonnie.abelbeck.com \
    --to=lists@lonnie.abelbeck.com \
    --cc=wireguard@lists.zx2c4.com \
    --cc=zrm@trustiosity.com \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git