Hi Nicolas, 1000 interfaces with 500 peers each. That's a very impressive quantity of 500001 wireguard deployments! Please do let me know how that goes. I'd be interested to learn what the name of this project/company is.
With regards to your problem, I've fixed it by completely rewriting ratelimiter.c to not use xt_hashtable, a piece of decaying Linux code from the 1990s, and instead using my own token bucket implementation. The result performs much better, is easier on RAM usage, and requires far fewer lines of code. Most importantly for you, all interfaces will now be able to share the same netns-keyed hashtable, so that the cleanup routines are always fast, no matter how many interfaces you have. I'll likely sit on it for a bit longer while I verify it and make sure it works, but if you'd like to try it now, it's sitting in the git master. Please let me know how it goes. Regards, Jason _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
