Absolute values for comparability

[aparcar]

Hi, this project looks fun, however I'm a bit unsure about the use-case. It gives a nice relative idea how how much faster/slower devices are within this specific test setup, however unlikely to represent real data since it does not incorporate NAT performance but adds the overhead of running two iPerf instances.

Since the benchmark shows that i.e. a network runs fine around 10Gbit/s, wouldn't it be a nice (additional) test-setup to test for real data, too? My idea would be to use network namespaces and two network cards (i.e. USB) on a strong device (i.e. Laptop) to route through a router and then compare the results. Since most laptops and USB ethernet adapters easily push 1Gbit/s and routers hardly ever, it would be rather simple to have valid results even with slightly different hardware.

Would that be of interested? I think the OpenWrt community could profit from something like that and even vendors should run their tests on a reproducible set.

[cyyself]

It gives a nice relative idea how how much faster/slower devices are within this specific test setup, however unlikely to represent real data since it does not incorporate NAT performance but adds the overhead of running two iPerf instances.

Yeah. I also mentioned this here: https://forum.openwrt.org/t/a-wireguard-comparison-db/187586/110?u=cyyself

My idea would be to use network namespaces and two network cards (i.e. USB) on a strong device (i.e. Laptop) to route through a router and then compare the results.

Yeah. But this requires a complex setup. We can't collect as many results as we do now. We can have a separate result board for this benchmark in a real environment if you can do it.

Also, there is a more straightforward way to use Cloudflare Warp, which provides public wireguard tunnels to reach the internet: we can override the reserved bytes on the wg packet to use kernel wireguard instead of Cloudflare's userspace client. As the largest CDN provider in the world, it might be capable of providing enough speed to reach your WAN ISP limit in most countries. The point is that I don't know if an ISP with a 1Gbps download speed subscription is common in the world.

[aparcar]

I don't know if an ISP with a 1Gbps download speed subscription is common in the world.

Living in Germany, the government considers 50Mbit/s as good enough...

I'll think about it and may come up with something which would be working locally. Thanks for your time.

[cyyself]

I don't know if an ISP with a 1Gbps download speed subscription is common in the world.

Living in Germany, the government considers 50Mbit/s as good enough...

Oh.... In China, 10G PON-based fiber connection is very common. About 23.0% of home broadband users have Download Speed >= 1000Mbps in 2023. However, we can reach Cloudflare at just about 100Mbps since they have no servers in mainland China. The nearest servers might be Hong Kong or Japan, or even route the traffic to Los Angeles on some ISPs. The latency also ranges from 15-200ms, depending on different ISPs.

I'll think about it and may come up with something that would be working locally. Thanks for your time.

Another suggestion is assuming the server and the client on the router have no significant performance impact. Still, ethernet MAC hardware and driver will influence the performance; we can set up switch configuration on the router hardware and split two LAN ports to separate VLAN to bridge to different netns and then set up the topology like this:

+-----------+              +-----------+
|  netns 1  |              |  netns 2  |
|    LAN1-----(RJ45 Cable)------LAN2   |
|           |              |           |
| wireguard |              | wireguard |
| iperf3    |              | iperf3    |
+-----------+              +-----------+

In this case, a single RJ45 cable connected to 2 unused LAN ports would be enough. Since many routers supported by OpenWRT have a switch driver that supports DSA (Distributed Switch Architecture), writing a script to find unused LAN ports and setting up a VLAN like this might be easy.

[mcuee]

The point is that I don't know if an ISP with a 1Gbps download speed subscription is common in the world.

1Gbps should be quite common now. In fact, there are quite some places with 5Gbps/8Gbps/10Gbps connection now.

Singapore is one such lucky place where the price of 10Gbps plans have dropped a lot in year 2024. Only one ISP still offers consumer 1Gbps Fibre internet service now. The rest are mostly offer 2Gbps/2.5Gbps/3Gbps/5Gbps/10Gbps services The government's goal is to have 50% of the household using 10Gbps plan in 2028.

[mcuee]

Testing Wireguard perfromance using the router behind a main router (Double NAT) is one good idea. iperf3 can be used. In that case, internet service speed does not matter, only the internal network speed matters.

Main router --> router to be tested for wireguard VPN server performance --> LAN client of the router to be tested as iperf3 server
Main router --> LAN client of main router as iperf3 client

iperf3 client needs to go to the Wireguard VPN tunnel to access the iperf3 server.

Example: I have used this idea to test wireguard VPN server performance of Asus RT-AX86U and TUF-BE6500. I will try to test this with OpenWRT virtual router as well.
https://forums.hardwarezone.com.sg/threads/wifi-7-routers-with-high-vpn-server-speed.7087782/

[mcuee]

BTW, here is one LxC container result for wg-bench.

Proxmox PVE 8.2.7, Intel N100 Mini PC, 8GB RAM. The LxC container runs Ubuntu 22.04 and I assign 1GB RAM to it and with two virtual CPU cores.

root@ubuntu2204ct12:~/wg-bench# ./setup-netns.sh 

root@ubuntu2204ct12:~/wg-bench# ./benchmark.sh 
Connecting to host 169.254.200.2, port 5201
[  5] local 169.254.200.1 port 40328 connected to 169.254.200.2 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   410 MBytes  3.44 Gbits/sec    0   2.82 MBytes       
[  5]   1.00-2.00   sec   404 MBytes  3.39 Gbits/sec    0   2.82 MBytes       
[  5]   2.00-3.00   sec   406 MBytes  3.41 Gbits/sec    0   2.82 MBytes       
[  5]   3.00-4.00   sec   410 MBytes  3.44 Gbits/sec    0   2.98 MBytes       
[  5]   4.00-5.00   sec   405 MBytes  3.40 Gbits/sec    0   2.98 MBytes       
[  5]   5.00-6.00   sec   412 MBytes  3.46 Gbits/sec    0   2.98 MBytes       
[  5]   6.00-7.00   sec   402 MBytes  3.37 Gbits/sec    0   2.98 MBytes       
[  5]   7.00-8.00   sec   408 MBytes  3.42 Gbits/sec    0   2.98 MBytes       
[  5]   8.00-9.00   sec   408 MBytes  3.42 Gbits/sec    0   2.98 MBytes       
[  5]   9.00-10.00  sec   402 MBytes  3.38 Gbits/sec    0   2.98 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  3.97 GBytes  3.41 Gbits/sec    0             sender
[  5]   0.00-10.04  sec  3.97 GBytes  3.40 Gbits/sec                  receiver

iperf Done.

root@ubuntu2204ct12:~/wg-bench# ./benchmark.sh -R
Connecting to host 169.254.200.2, port 5201
Reverse mode, remote host 169.254.200.2 is sending
[  5] local 169.254.200.1 port 60648 connected to 169.254.200.2 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   300 MBytes  2.52 Gbits/sec                  
[  5]   1.00-2.00   sec   294 MBytes  2.47 Gbits/sec                  
[  5]   2.00-3.00   sec   293 MBytes  2.46 Gbits/sec                  
[  5]   3.00-4.00   sec   292 MBytes  2.45 Gbits/sec                  
[  5]   4.00-5.00   sec   294 MBytes  2.46 Gbits/sec                  
[  5]   5.00-6.00   sec   293 MBytes  2.46 Gbits/sec                  
[  5]   6.00-7.00   sec   291 MBytes  2.44 Gbits/sec                  
[  5]   7.00-8.00   sec   291 MBytes  2.44 Gbits/sec                  
[  5]   8.00-9.00   sec   293 MBytes  2.46 Gbits/sec                  
[  5]   9.00-10.00  sec   292 MBytes  2.45 Gbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.04  sec  2.87 GBytes  2.45 Gbits/sec    0             sender
[  5]   0.00-10.00  sec  2.86 GBytes  2.46 Gbits/sec                  receiver

iperf Done.
root@ubuntu2204ct12:~/wg-bench# ./clean-up.sh    

root@ubuntu2204ct12:~/wg-bench# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.5 LTS
Release:        22.04
Codename:       jammy

[mcuee]

This is vitual OpenWRT router data, Proxmox PVE 8.2.7. I assign 4GB RAM and two virtual CPU core to the virtual OpenWRT Virtual Machine.

root@OpenWrt:~# sh <(wget -O - https://raw.githubusercontent.com/cyyself/wg-bench/master/openwrt-benchmark.sh)
Downloading 'https://raw.githubusercontent.com/cyyself/wg-bench/master/openwrt-benchmark.sh'
Connecting to 2606:50c0:8002::154:443
Writing to stdout
-                    100% |*******************************|  2908   0:00:00 ETA
Download completed (2908 bytes)

Packages:
WireGuard already installed
Iperf3 already installed
Installed ip-full...
Installing ip-full (6.3.0-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/base/ip-full_6.3.0-1_x86_64.ipk
Installing libelf1 (0.189-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/base/libelf1_0.189-1_x86_64.ipk
Installing libbpf1 (1.2.2-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/base/libbpf1_1.2.2-1_x86_64.ipk
Configuring libelf1.
Configuring libbpf1.
Configuring ip-full.
Installed kmod-veth...
Installing kmod-veth (5.15.167-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/kmod-veth_5.15.167-1_x86_64.ipk
Configuring kmod-veth.
Installed psmisc...
Installing psmisc (23.4-2) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/packages/psmisc_23.4-2_x86_64.ipk
Configuring psmisc.

Router details:
{
        "kernel": "5.15.167",
        "hostname": "OpenWrt",
        "system": "QEMU Virtual CPU version 2.5+",
        "model": "QEMU Standard PC (i440FX + PIIX, 1996)",
        "board_name": "qemu-standard-pc-i440fx-piix-1996",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "x86/64",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}
Connecting to host 169.254.200.2, port 4242
[  5] local 169.254.200.1 port 57418 connected to 169.254.200.2 port 4242
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   268 MBytes  2.25 Gbits/sec   72   1.13 MBytes
[  5]   1.00-2.00   sec   271 MBytes  2.28 Gbits/sec    0   1.26 MBytes
[  5]   2.00-3.00   sec   273 MBytes  2.29 Gbits/sec    4   1006 KBytes
[  5]   3.00-4.00   sec   272 MBytes  2.29 Gbits/sec    0   1.13 MBytes
[  5]   4.00-5.00   sec   270 MBytes  2.27 Gbits/sec    0   1.26 MBytes
[  5]   5.00-6.00   sec   274 MBytes  2.30 Gbits/sec   11   1011 KBytes
[  5]   6.00-7.00   sec   274 MBytes  2.30 Gbits/sec    0   1.12 MBytes
[  5]   7.00-8.00   sec   274 MBytes  2.30 Gbits/sec    0   1.25 MBytes
[  5]   8.00-9.00   sec   273 MBytes  2.29 Gbits/sec    9    982 KBytes
[  5]   9.00-10.00  sec   276 MBytes  2.31 Gbits/sec    0   1.09 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  2.66 GBytes  2.29 Gbits/sec   96             sender
[  5]   0.00-10.01  sec  2.66 GBytes  2.28 Gbits/sec                  receiver

iperf Done.
4242/tcp:            24172

[mcuee]

I will try to test this with OpenWRT virtual router as well.

OpenWRT virtual router, Intel N100 mini PC running Proxmox PVE 8.2.7. I assign 4GB RAM and two virtual CPU core to the OpenWRT virtual machine.

OpenWRT WAN: 192.168.50.138
OpenWRT LAN: 192.168.48.1
OpenWRT LAN client, LxC contatiner: 192.168.48.111
Laptop with 2.5Gbe USB Ethernet adapter (192.168.50.157) as iperf3 client

When the Laptop Wireguard client is not ON, then we can not ping the iperf3 server. OOkla Speedtest will be able to saturate the 2.5Gbe connection (using Singtel 5Gbps Fibre Internet service here in Singapore).

PS C:\work\speedtest\iperf-3.16-win64> ping 192.168.48.111

Pinging 192.168.48.111 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.48.111:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PS C:\work\speedtest\ookla-speedtest-1.2.0-win64> .\speedtest.exe -s 13623

   Speedtest by Ookla

      Server: Singtel - Singapore (id: 13623)
         ISP: Singtel Fibre
Idle Latency:     2.39 ms   (jitter: 0.26ms, low: 1.81ms, high: 2.62ms)
    Download:  2346.39 Mbps (data used: 1.2 GB)
                 14.99 ms   (jitter: 39.34ms, low: 1.77ms, high: 224.86ms)
      Upload:  2327.54 Mbps (data used: 1.1 GB)
                 12.26 ms   (jitter: 0.96ms, low: 1.47ms, high: 13.35ms)
 Packet Loss:     0.0%
  Result URL: https://www.speedtest.net/result/c/af6132a2-4a88-4e21-b81a-75c17323d890

When the Laptop Wireguard client is ON, then we can ping the iperf3 server from the laptop. OOkla SpeedTest results will be reduced but not much.

From iperf3 results (NAT involved), we can say the virtual OpenWRT Wireguard VPN server performance is about 1.99Gbps download and 2.09Gbps upload.

From OOkla SpeedTest results (no NAT involved), we can say the OpenWRT Wireguard VPN server performance is 1.999Gbps download and 2.226Gbps.

PS C:\work\speedtest\iperf-3.16-win64> ping 192.168.48.111

Pinging 192.168.48.111 with 32 bytes of data:
Reply from 192.168.48.111: bytes=32 time=2ms TTL=63
Reply from 192.168.48.111: bytes=32 time=5ms TTL=63
Reply from 192.168.48.111: bytes=32 time=5ms TTL=63
Reply from 192.168.48.111: bytes=32 time=3ms TTL=63

Ping statistics for 192.168.48.111:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 5ms, Average = 3ms

PS C:\work\speedtest\iperf-3.16-win64> .\iperf3.exe -c  192.168.48.111 -R
Connecting to host 192.168.48.111, port 5201
Reverse mode, remote host 192.168.48.111 is sending
[  5] local 10.0.8.2 port 3073 connected to 192.168.48.111 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.01   sec   238 MBytes  1.98 Gbits/sec
[  5]   1.01-2.01   sec   239 MBytes  2.01 Gbits/sec
[  5]   2.01-3.01   sec   242 MBytes  2.03 Gbits/sec
[  5]   3.01-4.01   sec   246 MBytes  2.05 Gbits/sec
[  5]   4.01-5.01   sec   238 MBytes  2.00 Gbits/sec
[  5]   5.01-6.01   sec   237 MBytes  1.99 Gbits/sec
[  5]   6.01-7.01   sec   244 MBytes  2.05 Gbits/sec
[  5]   7.01-8.01   sec   236 MBytes  1.98 Gbits/sec
[  5]   8.01-9.01   sec   223 MBytes  1.87 Gbits/sec
[  5]   9.01-10.01  sec   237 MBytes  1.99 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.01  sec  2.33 GBytes  2.00 Gbits/sec    0             sender
[  5]   0.00-10.01  sec  2.32 GBytes  1.99 Gbits/sec                  receiver

iperf Done.
PS C:\work\speedtest\iperf-3.16-win64> .\iperf3.exe -c  192.168.48.111
Connecting to host 192.168.48.111, port 5201
[  5] local 10.0.8.2 port 3173 connected to 192.168.48.111 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.01   sec   236 MBytes  1.95 Gbits/sec
[  5]   1.01-2.01   sec   247 MBytes  2.08 Gbits/sec
[  5]   2.01-3.01   sec   248 MBytes  2.07 Gbits/sec
[  5]   3.01-4.01   sec   240 MBytes  2.02 Gbits/sec
[  5]   4.01-5.00   sec   239 MBytes  2.02 Gbits/sec
[  5]   5.00-6.00   sec   262 MBytes  2.20 Gbits/sec
[  5]   6.00-7.01   sec   256 MBytes  2.12 Gbits/sec
[  5]   7.01-8.00   sec   251 MBytes  2.12 Gbits/sec
[  5]   8.00-9.00   sec   251 MBytes  2.12 Gbits/sec
[  5]   9.00-10.02  sec   263 MBytes  2.18 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.02  sec  2.43 GBytes  2.09 Gbits/sec                  sender
[  5]   0.00-10.02  sec  2.43 GBytes  2.08 Gbits/sec                  receiver

iperf Done.

PS C:\work\speedtest\ookla-speedtest-1.2.0-win64> .\speedtest.exe -s 13623

   Speedtest by Ookla

      Server: Singtel - Singapore (id: 13623)
         ISP: Singtel Fibre
Idle Latency:     3.50 ms   (jitter: 2.35ms, low: 2.86ms, high: 11.08ms)
    Download:  1999.41 Mbps (data used: 1.2 GB)
                 11.02 ms   (jitter: 8.59ms, low: 3.78ms, high: 244.23ms)
      Upload:  2226.21 Mbps (data used: 2.8 GB)
                 13.59 ms   (jitter: 1.43ms, low: 2.62ms, high: 30.32ms)
 Packet Loss:     1.3%
  Result URL: https://www.speedtest.net/result/c/8ca986b9-878e-4c70-87cf-180fe7636c93

[mcuee]

Other than iperf3, Crusader may be used to check the performance -- both speed and latency.
https://github.com/Zoxc/crusader