this post was submitted on 04 Jan 2024
1 points (100.0% liked)

WireGuard

3 readers
1 users here now

WireGuard - a fast, modern, secure VPN Tunnel.

founded 1 year ago
MODERATORS
[email protected]
1
Slow download and reasonable upload to LAN machines through WG (zerobytes.monster)
submitted 10 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
This is an automated archive.

The original was posted on /r/wireguard by /u/batrick on 2024-01-04 14:34:21+00:00.

Hello,

I have a baremetal desktop connecting to a VM on another server. There is a WG link between the two. I'm encountering slow download performance when pulling data from the internet or another LAN machine (ignoring internet performance hereafter to keep things simple). The baremetal desktop is 192.168.20.1 (wireguard) / 192.168.200.201 (w/o wireguard) and the VM is 192.168.20.2 (wireguard) / 192.168.230.103 (w/o wireguard). The local router is 192.168.200.1 which is accessible via wireguard or without.

$ sudo ip netns exec foo iperf3 -c 192.168.20.2 -p 1111
Connecting to host 192.168.20.2, port 1111
[  5] local 192.168.20.1 port 41940 connected to 192.168.20.2 port 1111
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  28.8 MBytes   241 Mbits/sec   59    941 KBytes       
[  5]   1.00-2.00   sec  29.5 MBytes   247 Mbits/sec    0   1.03 MBytes       
[  5]   2.00-3.00   sec  26.8 MBytes   224 Mbits/sec    0   1.12 MBytes       
[  5]   3.00-4.00   sec  28.5 MBytes   239 Mbits/sec    0   1.19 MBytes       
[  5]   4.00-5.00   sec  28.6 MBytes   240 Mbits/sec    0   1.24 MBytes       
[  5]   5.00-6.00   sec  27.8 MBytes   233 Mbits/sec    2    945 KBytes       
[  5]   6.00-7.00   sec  27.2 MBytes   229 Mbits/sec    0    998 KBytes       
[  5]   7.00-8.00   sec  27.5 MBytes   231 Mbits/sec    0   1.01 MBytes       
[  5]   8.00-9.00   sec  28.2 MBytes   237 Mbits/sec    0   1.04 MBytes       
[  5]   9.00-10.00  sec  28.2 MBytes   237 Mbits/sec    0   1.05 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   281 MBytes   236 Mbits/sec   61             sender
[  5]   0.00-10.08  sec   279 MBytes   232 Mbits/sec                  receiver

iperf Done.
$ sudo ip netns exec foo iperf3 -c 192.168.20.2 -p 1111 --reverse
Connecting to host 192.168.20.2, port 1111
Reverse mode, remote host 192.168.20.2 is sending
[  5] local 192.168.20.1 port 50328 connected to 192.168.20.2 port 1111
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  38.9 MBytes   326 Mbits/sec                  
[  5]   1.00-2.00   sec  32.6 MBytes   273 Mbits/sec                  
[  5]   2.00-3.00   sec  27.4 MBytes   230 Mbits/sec                  
[  5]   3.00-4.00   sec  27.6 MBytes   232 Mbits/sec                  
[  5]   4.00-5.00   sec  27.1 MBytes   228 Mbits/sec                  
[  5]   5.00-6.00   sec  27.5 MBytes   231 Mbits/sec                  
[  5]   6.00-7.00   sec  27.2 MBytes   229 Mbits/sec                  
[  5]   7.00-8.00   sec  29.8 MBytes   250 Mbits/sec                  
[  5]   8.00-9.00   sec  26.9 MBytes   225 Mbits/sec                  
[  5]   9.00-10.00  sec  26.8 MBytes   224 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.04  sec   295 MBytes   246 Mbits/sec    0             sender
[  5]   0.00-10.00  sec   292 MBytes   245 Mbits/sec                  receiver

iperf Done.
$ sudo ip netns exec foo iperf3 -c 192.168.200.1 -p 1111 
Connecting to host 192.168.200.1, port 1111
[  5] local 192.168.20.1 port 56218 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  18.9 MBytes   158 Mbits/sec    2    159 KBytes       
[  5]   1.00-2.00   sec  18.5 MBytes   155 Mbits/sec    0    223 KBytes       
[  5]   2.00-3.00   sec  17.9 MBytes   150 Mbits/sec    0    272 KBytes       
[  5]   3.00-4.00   sec  18.1 MBytes   152 Mbits/sec    0    313 KBytes       
[  5]   4.00-5.00   sec  17.5 MBytes   147 Mbits/sec    0    349 KBytes       
[  5]   5.00-6.00   sec  18.2 MBytes   153 Mbits/sec    0    383 KBytes       
[  5]   6.00-7.00   sec  19.0 MBytes   159 Mbits/sec    0    416 KBytes       
[  5]   7.00-8.00   sec  18.4 MBytes   154 Mbits/sec    1    443 KBytes       
[  5]   8.00-9.00   sec  18.5 MBytes   155 Mbits/sec    0    469 KBytes       
[  5]   9.00-10.00  sec  18.5 MBytes   155 Mbits/sec    0    495 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   184 MBytes   154 Mbits/sec    3             sender
[  5]   0.00-10.07  sec   181 MBytes   151 Mbits/sec                  receiver

iperf Done.
$ sudo ip netns exec foo iperf3 -c 192.168.200.1 -p 1111 --reverse
Connecting to host 192.168.200.1, port 1111
Reverse mode, remote host 192.168.200.1 is sending
[  5] local 192.168.20.1 port 42220 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  0.00 Bytes  0.00 bits/sec                  
[  5]   1.00-2.00   sec   384 KBytes  3.15 Mbits/sec                  
[  5]   2.00-3.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   3.00-4.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   4.00-5.00   sec   896 KBytes  7.34 Mbits/sec                  
[  5]   5.00-6.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   6.00-7.00   sec   896 KBytes  7.34 Mbits/sec                  
[  5]   7.00-8.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   8.00-9.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   9.00-10.00  sec   768 KBytes  6.29 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.05  sec  6.76 MBytes  5.65 Mbits/sec  2150             sender
[  5]   0.00-10.00  sec  6.62 MBytes  5.56 Mbits/sec                  receiver

iperf Done.
$ iperf3 -c 192.168.200.1 -p 1111 
Connecting to host 192.168.200.1, port 1111
[  5] local 192.168.200.201 port 34218 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   114 MBytes   952 Mbits/sec    3    335 KBytes       
[  5]   1.00-2.00   sec   113 MBytes   945 Mbits/sec    0    337 KBytes       
[  5]   2.00-3.00   sec   112 MBytes   941 Mbits/sec    0    339 KBytes       
[  5]   3.00-4.00   sec   112 MBytes   944 Mbits/sec    0    342 KBytes       
[  5]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0    342 KBytes       
[  5]   5.00-6.00   sec   112 MBytes   943 Mbits/sec    0    342 KBytes       
[  5]   6.00-7.00   sec   112 MBytes   938 Mbits/sec    0    342 KBytes       
[  5]   7.00-8.00   sec   113 MBytes   945 Mbits/sec    0    342 KBytes       
[  5]   8.00-9.00   sec   112 MBytes   939 Mbits/sec    0    342 KBytes       
[  5]   9.00-10.00  sec   113 MBytes   944 Mbits/sec    0    342 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.10 GBytes   943 Mbits/sec    3             sender
[  5]   0.00-10.04  sec  1.10 GBytes   938 Mbits/sec                  receiver

iperf Done.
$ iperf3 -c 192.168.200.1 -p 1111 --reverse
Connecting to host 192.168.200.1, port 1111
Reverse mode, remote host 192.168.200.1 is sending
[  5] local 192.168.200.201 port 44104 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   112 MBytes   941 Mbits/sec                  
[  5]   1.00-2.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   2.00-3.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   3.00-4.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   4.00-5.00   sec   112 MBytes   941 Mbits/sec                  
[  5]   5.00-6.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   6.00-7.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   7.00-8.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   8.00-9.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   9.00-10.00  sec   112 MBytes   942 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.04  sec  1.10 GBytes   938 Mbits/sec  159             sender
[  5]   0.00-10.00  sec  1.10 GBytes   941 Mbits/sec                  receiver

iperf Done.

The results indicate to me that there is a significant performance loss due to NAT routing on the VM (192.168.20.1 <- 192.168.200.1). I'm also not sure if ~220 Mbps symmetric is reasonable for wireguard over a LAN (192.168.20.1 <-> 192.168.20.2). I've tried playing with the MTU of the links on both sides without any beneficial effect (usually poorer performance).

Any ideas for investigation? Thanks in advance!

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here