10. Wireguard Rust user space

10.1. WireGuard

WireGuard is an extremely simple yet fast and modern VPN that uses state-of-the-art cryptography. Wireguard Rust is a user space implementation of the wireguard protocol. It’s maintained in GitHub at wireguard-rs.

10.2. WireGuard Rust user space with CNDP

Wireguard Rust user space implementation uses CNDP/AF-XDP to send and receive packets from/to user space CNDP/AF-XDP replaces existing linux networking stack used to send/receive WireGuard UDP packets. Wireguard Rust with CNDP will run on Linux platform. WireGuard CNDP application runs as a background process and by default uses WireGuard kernel TUN interface to read/write packets from TUN interface. It uses CNDP API’s to send and receive UDP packets.

A custom linux application is also implemented on top of Wireguard and CNDP stack which uses Rust channel instead of Kernel TUN interface for data path. Control path still uses Kernel TUN interface to configure local and peer encryption keys, ip addresses, peer end point etc.

../images/WG_CNDP.png
../images/WG_CNDP_Custom_app.png

10.3. WireGuard Rust High level flow

High level flow of Wireguard Rust is shown in below diagram. Here UDP reader and writer uses CNDP APIs to receive and send WireGuard UDP packets.

../images/WG_RUST_HighLevelFlow.png

10.4. Wireguard CNDP performance measurement setup using DPDK PktGen

Flow traffic configuration setup which is used to measure Wireguard CNDP performance is shown in below diagram. This uses custom Wireguard CNDP application described in Custom Wireguard

../images/WG_CNDP_Traffic_Flow.png

10.5. Setup WireGuard Rust with CNDP

Clone the Wireguard Rust repo and checkout the commit on which the patches are based:

git clone https://github.com/WireGuard/wireguard-rs.git
cd wireguard-rs
git checkout 7d84ef9

Apply the Wireguard CNDP patches in lang/rs/wireguard/patch. Ignore the whitespace warning errors.

git am *.patch

Build Wireguard with CNDP

cargo build --release

In Wireguard repo, refer to src/platform/linux/cndp/README.md file under usage section to configure and start Wireguard with CNDP.

10.6. Future work

Currently network I/O performance in WireGuard Rust is optimized by using CNDP/AF-XDP. There are other opportunities for performance optimization like chacha20-poly1305 encryption/decryption, using lockless queue implementation (using DLB or lockless ring).