On 10/17/19 06:29, Knuth wrote:
Hey,
we are planning to deploy certain devices with an embedded sim cards in
different countries across the globe, for maintenance we need to be able
to connect to the devices with ssh.
Since the sim cards only provide us with a private IPv4 behind NAT
(because apparently IPv6 is still hard...) we need to reverse the
connection process to our control system,
at the moment we consider doing this with wireguard (we are aware of the
"pre" release status), since we had good experiences with it on other
similar setups.
To calculate some rough estimated costs for the mobile connection
traffic volume, i'd love to know if there is a way to calculate the
amount of traffic caused by an idle wireguard connection kept alive
since we would be charged per MByte transferred.
Or do we simply have to setup a few test subjects and monitor it over a
longer time, which in itself could be error prone.
Thanks for your time
Knuth
Ballpark estimate, round a keepalive packet to about a hundred bytes.
You're also going to get a re-keys, call those two hundred bytes. If you
have a keepalive every 30 seconds and a re-key every 120 seconds, that's
around 18KB per hour per peer in each direction.
This scales inversely with the keepalive interval, and if it's longer
than 120 seconds then the idle rekeys happen less often too. How short
you can get away with depends on how long your network provider(s)
continue to track idle UDP flows. RFC4787 Section 4.3 recommends five
minutes and requires at least two minutes here, but you may still want
to test and make sure you don't have a crappy network provider that
violates the RFC.
It's also best to test the results empirically in any event. We can
estimate about how big a keepalive packet is but if you've got a bug
sending them every 60ms instead of every 60s you'll be happy to catch it
before the bill comes in across your entire fleet.
_______________________________________________
WireGuard mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/wireguard
