Wireguard vs Zerotier throughput performance

Topology

First of all, let’s specify some internet links to make an idea of maximum throughput performance:
Timisoara -> 1000 Mbps down / 500 Mbps up
Arad -> 90 Mbps down / 90 Mbps up
Deva -> 1000 Mbps down / 500 Mbps up
Oradea -> 1000 Mbps down / 500 Mbps up

Timisoara, Oradea and Deva have the same provider and latency between are under 10ms and normally are 5ms.
First tests were done between Timisoara and Deva.
Hardware of Timisoara: VM machine with 4 cpu’s at 3GHz and 1Gb ram. 20Gb SSD Storage. OS: vyos
Hardware of Deva: VM machine with 4 cpu’s at 2.5GHz and 1Gb ram. 20Gb SSD Storage. OS: ubuntu16

Latency from Timisoara to Deva though Wireguard:

[email protected]:~$ ping 10.2.1.2
PING 10.2.1.2 (10.2.1.2) 56(84) bytes of data.
64 bytes from 10.2.1.2: icmp_seq=1 ttl=64 time=5.75 ms
64 bytes from 10.2.1.2: icmp_seq=2 ttl=64 time=5.36 ms
64 bytes from 10.2.1.2: icmp_seq=3 ttl=64 time=5.33 ms
64 bytes from 10.2.1.2: icmp_seq=4 ttl=64 time=5.85 ms
64 bytes from 10.2.1.2: icmp_seq=5 ttl=64 time=5.90 ms

Latency from Timisoara to Deva though Zerotier:

[email protected]:~$ ping 192.168.195.249
PING 192.168.195.249 (192.168.195.249) 56(84) bytes of data.
64 bytes from 192.168.195.249: icmp_seq=1 ttl=64 time=9.81 ms
64 bytes from 192.168.195.249: icmp_seq=2 ttl=64 time=5.98 ms
64 bytes from 192.168.195.249: icmp_seq=3 ttl=64 time=4.78 ms
64 bytes from 192.168.195.249: icmp_seq=4 ttl=64 time=9.25 ms
64 bytes from 192.168.195.249: icmp_seq=5 ttl=64 time=6.40 ms

Latency from Timisoara to Deva though normal internet:

[email protected]:~$ ping 84.232.241.38
PING 84.232.241.38 (84.232.241.38) 56(84) bytes of data.
64 bytes from 84.232.241.38: icmp_seq=1 ttl=60 time=5.26 ms
64 bytes from 84.232.241.38: icmp_seq=2 ttl=60 time=4.86 ms
64 bytes from 84.232.241.38: icmp_seq=3 ttl=60 time=5.03 ms
64 bytes from 84.232.241.38: icmp_seq=4 ttl=60 time=5.16 ms
64 bytes from 84.232.241.38: icmp_seq=5 ttl=60 time=5.21 ms

Iperf from Timisoara to Deva though Wireguard:

[email protected]:~$ iperf3 -c 10.2.1.2 -P 5 -t 15 | grep -i sum
[SUM] 0.00-1.00 sec 64.6 MBytes 542 Mbits/sec 327
[SUM] 1.00-2.00 sec 60.3 MBytes 506 Mbits/sec 0
[SUM] 2.00-3.00 sec 55.5 MBytes 466 Mbits/sec 408
[SUM] 3.00-4.00 sec 54.6 MBytes 458 Mbits/sec 9
[SUM] 4.00-5.00 sec 56.2 MBytes 471 Mbits/sec 232
[SUM] 5.00-6.00 sec 50.1 MBytes 420 Mbits/sec 0
[SUM] 6.00-7.00 sec 56.9 MBytes 478 Mbits/sec 53
[SUM] 7.00-8.00 sec 57.3 MBytes 481 Mbits/sec 55
[SUM] 8.00-9.00 sec 54.9 MBytes 460 Mbits/sec 5
[SUM] 9.00-10.00 sec 53.3 MBytes 447 Mbits/sec 472
[SUM] 10.00-11.00 sec 43.7 MBytes 367 Mbits/sec 11
[SUM] 11.00-12.00 sec 58.4 MBytes 490 Mbits/sec 30
[SUM] 12.00-13.00 sec 50.7 MBytes 425 Mbits/sec 18
[SUM] 13.00-14.00 sec 60.2 MBytes 505 Mbits/sec 0
[SUM] 14.00-15.00 sec 61.9 MBytes 520 Mbits/sec 518
[SUM] 0.00-15.00 sec 839 MBytes 469 Mbits/sec 2138 sender
[SUM] 0.00-15.00 sec 832 MBytes 465 Mbits/sec receiver

Iperf from Deva to Timisoara though Wireguard:

[email protected]:~$ iperf3 -c 10.2.1.2 -P 5 -t 15 -R | grep -i sum
[SUM] 0.00-1.00 sec 53.1 MBytes 445 Mbits/sec
[SUM] 1.00-2.00 sec 52.7 MBytes 442 Mbits/sec
[SUM] 2.00-3.00 sec 53.3 MBytes 447 Mbits/sec
[SUM] 3.00-4.00 sec 53.7 MBytes 451 Mbits/sec
[SUM] 4.00-5.00 sec 53.5 MBytes 449 Mbits/sec
[SUM] 5.00-6.00 sec 47.5 MBytes 398 Mbits/sec
[SUM] 6.00-7.00 sec 46.2 MBytes 388 Mbits/sec
[SUM] 7.00-8.00 sec 48.9 MBytes 410 Mbits/sec
[SUM] 8.00-9.00 sec 53.3 MBytes 447 Mbits/sec
[SUM] 9.00-10.00 sec 52.3 MBytes 439 Mbits/sec
[SUM] 10.00-11.00 sec 52.8 MBytes 443 Mbits/sec
[SUM] 11.00-12.00 sec 53.8 MBytes 451 Mbits/sec
[SUM] 12.00-13.00 sec 49.5 MBytes 415 Mbits/sec
[SUM] 13.00-14.00 sec 51.7 MBytes 434 Mbits/sec
[SUM] 14.00-15.00 sec 50.5 MBytes 424 Mbits/sec
[SUM] 0.00-15.00 sec 781 MBytes 437 Mbits/sec 62526 sender
[SUM] 0.00-15.00 sec 774 MBytes 433 Mbits/sec receiver

Iperf from Timisoara to Deva though Zerotier:

[email protected]:~$ iperf3 -c 192.168.195.249 -P 5 -t 15 | grep -i sum
[SUM] 0.00-1.00 sec 33.5 MBytes 281 Mbits/sec 158
[SUM] 1.00-2.00 sec 31.6 MBytes 265 Mbits/sec 101
[SUM] 2.00-3.00 sec 30.6 MBytes 257 Mbits/sec 218
[SUM] 3.00-4.00 sec 32.5 MBytes 273 Mbits/sec 127
[SUM] 4.00-5.00 sec 28.9 MBytes 243 Mbits/sec 189
[SUM] 5.00-6.00 sec 29.5 MBytes 248 Mbits/sec 97
[SUM] 6.00-7.00 sec 29.9 MBytes 251 Mbits/sec 203
[SUM] 7.00-8.00 sec 33.8 MBytes 283 Mbits/sec 99
[SUM] 8.00-9.00 sec 30.9 MBytes 259 Mbits/sec 163
[SUM] 9.00-10.00 sec 25.6 MBytes 215 Mbits/sec 67
[SUM] 10.00-11.00 sec 31.9 MBytes 268 Mbits/sec 78
[SUM] 11.00-12.00 sec 26.9 MBytes 226 Mbits/sec 87
[SUM] 12.00-13.00 sec 30.7 MBytes 257 Mbits/sec 33
[SUM] 13.00-14.00 sec 31.3 MBytes 262 Mbits/sec 128
[SUM] 14.00-15.00 sec 23.1 MBytes 194 Mbits/sec 234
[SUM] 0.00-15.00 sec 451 MBytes 252 Mbits/sec 1982 sender
[SUM] 0.00-15.00 sec 448 MBytes 251 Mbits/sec receiver

Iperf from Deva to Timisoara though Zerotier:

[email protected]:~$ iperf3 -c 192.168.195.249 -P 5 -t 15 -R | grep -i sum
[SUM] 0.00-1.00 sec 21.7 MBytes 182 Mbits/sec
[SUM] 1.00-2.00 sec 19.4 MBytes 162 Mbits/sec
[SUM] 2.00-3.00 sec 16.3 MBytes 137 Mbits/sec
[SUM] 3.00-4.00 sec 13.8 MBytes 116 Mbits/sec
[SUM] 4.00-5.00 sec 21.3 MBytes 178 Mbits/sec
[SUM] 5.00-6.00 sec 22.4 MBytes 188 Mbits/sec
[SUM] 6.00-7.00 sec 21.0 MBytes 176 Mbits/sec
[SUM] 7.00-8.00 sec 22.9 MBytes 192 Mbits/sec
[SUM] 8.00-9.00 sec 14.2 MBytes 120 Mbits/sec
[SUM] 9.00-10.00 sec 11.0 MBytes 91.9 Mbits/sec
[SUM] 10.00-11.00 sec 19.6 MBytes 165 Mbits/sec
[SUM] 11.00-12.00 sec 22.8 MBytes 191 Mbits/sec
[SUM] 12.00-13.00 sec 21.6 MBytes 181 Mbits/sec
[SUM] 13.00-14.00 sec 23.4 MBytes 196 Mbits/sec
[SUM] 14.00-15.00 sec 23.6 MBytes 198 Mbits/sec
[SUM] 0.00-15.00 sec 298 MBytes 167 Mbits/sec 3501 sender
[SUM] 0.00-15.00 sec 295 MBytes 165 Mbits/sec receiver

Advantages of Wireguard:
1. Wireguard is in the kernel already.
2. Very simple to configure.
3. Because is in the kernel, is actually very fast.

Disadvantages of Wireguard:
1. Still in alpha / beta
2. Not that simple to configure if you have routing (i will explain in the next article why)
3. Not simple through NAT, you need port forwarding to a UDP port configured by you.

Advantages of Zerotier:
1. Simple through NAT
2. No port forwarding but if you have firewall, you need to unblock the Zerotier UDP port.
3. Very cool web portal access with free 100 devices. Also, very cheap a premium account.

Disadvantages of Zerotier:
1. Slower than Wireguard.
2. Sometimes it doesn’t connect well, you are relying on their services.
3. Not easy for troubleshooting as everything is in the cloud.
4. Hurting the CPU comparable with Zerotier.

CPU htop of vyos at iperf from Timisoara to Deva though Wireguard:

CPU htop of vyos at iperf from Timisoara to Deva though Zerotier:

Conclusion: We can definitely see that Wireguard is faster than Zerotier on the same hardware.

Leave a reply:

Your email address will not be published.

Site Footer