multiple wireguard interface and kworker ressources
prochazka.nicolas at gmail.com
Wed Jun 14 20:08:16 CEST 2017
one interface = one public key
with multiples interfaces we can manage mutliples ip without aliasing,
it's more confortable to bind some specific service .
statisitiques informations ( bp, error) is more easily to manage with
we are talking about ~ 1000 wireguard interfaces with 500 tunnels
(peer) for each .
2017-06-14 16:15 GMT+02:00 Jason A. Donenfeld <Jason at zx2c4.com>:
> On Wed, Jun 14, 2017 at 3:50 PM, nicolas prochazka
> <prochazka.nicolas at gmail.com> wrote:
>> At this moment, we are using 3000 wg tunnel on a single wireguard
>> interface, but now
>> we want divide the tunnels by interface and by group of our client, to
>> manage qos by wireguard interface, and some other tasks.
>> So on in a single interface, it's working well, but test with 3000
>> interface causes some trouble about cpu / load average , performance
>> of vm.
> This seems like a bad idea. Everything will be much better if you
> continue to use one tunnel. If you want to do QoS or any other type of
> management, you can safely do this per-IP, since the allowed IPs
> concept gives strong binding between public key and IP address.
More information about the WireGuard