Comments (8)
It would be nice if there is some kind of comparitive tests done the devs or people with good knowledge of this stuff against Wireguard and Tinc.
thanks
from nebula.
I get the same result in digitalocean when using the cheapest instance.
The main issue is related to cpu use for syscalls/encryption on smaller instances and DO not supporting jumbo frames.
In the iperf test, it is twice as fast if you use a host with at least 2 cpus, since the encryption tasks can be split among them.
This will also likely improve if/when we do dpdk or XDP, per #5
from nebula.
It would be nice if there is some kind of comparitive tests done the devs or people with good knowledge of this stuff against Wireguard and Tinc.
thanks
I was also looking for something like this. I'll be doing a bunch of testing in the coming weeks and will try to post a writeup of the results. I don't have blog or anything so I'll likely just make a new issue to hold all the information and then mark it closed.
from nebula.
That is very not expected. Can you share your config for each host and the test you are running?
The main setting to be concerned with is tun.mtu
from nebula.
One more note: a slightly more representative test is to do something like scp between nodes as opposed to iperf. I just SCP'd the raspbian iso between them and it maxed out at 500mbit for me, which is just a bit faster than nebula with an unoptimized MTU setting of 1300.
from nebula.
I agree with @rawdigits, if we are talking about a single core box. I launched two of the cheapest instances in DO and did some quick config tuning. Got to a bit above 400Mb/s with iperf3
. Looked like we may be able to squeeze some more out of them as well.
The main config options I played with to get a raw bandwidth test looking better:
tun.mtu
can be higher,1440
in this testtun.tx_queue
was raised to5000
although I didn't see many tx queue drops in that interface beforelisten.read_buffer
andlisten.write_buffer
were raised to10485760
listen.batch
was raised to128
although that didn't make much of a difference for me
from nebula.
Sorry for leaving this and then not answering.
I tested using the default settings from your config.yaml example. The DO servers were the smallest ones.
I tried it again on two i7 Hetzner servers. The result was much better. 895 Mbits/sec with nebula vs 944 Mbit/sec without nebula
from nebula.
Nice! That's more in line with what we would expect to see. One thing to note regarding different CPU types:
AES-NI acceleratrion makes intel cpus very fast when using AES for your nebula network. Most arm/mobile cpus do not include AES instructions, so we offer chachapoly as an alternative. If you use a number of non x86 cpus and see low performance, check out the config option for chachapoly.
NOTE: the entire nebula network has to be either AES or chachapoly. You cannot mix the two, by design.
from nebula.
Related Issues (20)
- 🐛 BUG:How do I get the client virtual ip after the relay? HOT 12
- 🐛 BUG: tun cannot be unset on mac os HOT 4
- lighthouse.dns.host does not accept ::, but listen.host does HOT 2
- 🐛 BUG: Runtime Panic HOT 1
- Feature request: Ability to install multiple instances of nebula-service on Windows
- Thanks for nebula
- example config: commented punchy.respond value should be false HOT 1
- 🐛 BUG: tests fail after 2027-11-11 HOT 1
- 🐛 BUG: Unable to reconnect after server crash HOT 4
- 🐛 BUG: overall poor behavior with "not before" field in host certificate HOT 5
- Feature request: push unsafe routes from lighthouse HOT 1
- 🐛 BUG:Failed to setup adapter (problem code: 0x34) HOT 21
- Feature Request: Relative paths in config HOT 1
- Feature Request: `nebula-service -test -config` should warn about unknown keys and stuff in config yaml
- 🐛 BUG: wintun failed HOT 6
- 🐛 BUG: Event Log spam when handshake timeout fails HOT 10
- 🐛 BUG: "Refusing to handshake with myself" when configuring self as unsafe_routes via
- Windows is not as fast as linux for downloading files
- 🐛 BUG: Nebula nodes cannot ping each other , however they can ping the lighthouse vpn IP HOT 1
- 🐛 BUG: Linux (386) "panic: runtime error: makeslice: len out of range" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nebula.