wg-ip, a tool to assign automatic ip addresses to wireguard interfaces
Christophe-Marie Duquesne
chmd at chmd.fr
Thu Apr 12 13:42:25 CEST 2018
Weird. Once again, I did not receive this answer and saw it on the
online archive.
from https://lists.zx2c4.com/pipermail/wireguard/2018-April/002598.html:
> > I could add this to the script, but I figured that for the number of
> > peers I have and for the network ranges I am using, it is utterly
> > pointless. How many peers do you intend to have?
>
> It will depend how popular the project will be. Theoretically it could
> be 100'000 or even more peers. And for certain reasons I prefer to use
> ip4.
With this amount of peers, using such a method is a very, very bad
idea. Even in the 10.0.0.0/8 range, so a 24 bits address space,
generating pseudo-random ip addresses will not work. In that space,
the probability of collision for a new peer is about 1-e^(- n^2/ 2^25)
(see https://en.wikipedia.org/wiki/Birthday_problem#Approximations).
- With n=2^12 (4096 peers), that is a 40% chance.
- With n=2^13 (8192 peers), that is 85 %.
- With n=2^14 (16384 peers), that is 99.9%
- At n=2^15... My calculator already approximates this to 100%, and we
are not even close to your target (32768 peers, we need to quadruple
this to reach 100.000 peers).
This means that randomly generating an address which does not collide
with existing peers is increasingly more expensive, for each new peer.
You will re-try more and more before you can generate a key pair that
yields a non colliding ip address. This is simply not doable.
Long story short, you need a proper central server that will find the
next ip address, or you need to stick to ipv6 (and in that case the
address space makes it pointless to do that check).
More information about the WireGuard
mailing list