You don't need to try WireGuard to understand it will not be as fast as bump in the wire IPsec implemented in ASIC, which is available today from literally dozens of vendors at 100Gbps+.
It is also possible to recognize without trying WireGuard that it has more protocol overhead, access to fewer ciphers than IPsec, and access to no ciphers that IPsec does not support. This means that IPsec encryption will be as fast or faster in all cases and IPsec framing will be more efficient in all cases, all else being equal.
>You don't need to try WireGuard to understand it will not be as fast as bump in the wire IPsec implemented in ASIC, which is available today from literally dozens of vendors at 100Gbps+.
But what does that have to do with anything? Wireguard certainly doesn't compete with IPsec ASICs.
>all else being equal
Unfortunately we live in the real world where this assumption doesn't hold true.
> But what does that have to do with anything? Wireguard certainly doesn't compete with IPsec ASICs.
I appreciate that you are not making that claim and I'm glad that we agree. However, that "WireGuard is faster than IPsec" is exactly what the authors are claiming without qualification, and supporting with controversial data, on the official website. As such I believe examination of the claim is justified.
> Unfortunately we live in the real world where this assumption doesn't hold true.
Yet we are in a rational discussion of the merits of the two protocols, in which outliers that introduce additional variables should be first discovered, then examined individually, rather than dismissing the first order effects out of hand on the supposition that outliers influenced by additional variables may exist.
>However, that "WireGuard is faster than IPsec" is exactly what the authors are claiming without qualification
The same blog post also extensively discusses OpenVPN, then goes on to state "Is WireGuard faster than other VPN solutions? Simple answer: It isn't."
This question presented in the post wasn't "Is WireGuard faster than all other VPN solutions?"
>Yet we are in a rational discussion of the merits of the two protocols, in which outliers that introduce additional variables should be first discovered, then examined individually, rather than dismissing the first order effects out of hand on the supposition that outliers influenced by additional variables may exist.
Are we discussing protocols or the implementations? One of these seems far more practical to me.
I'd personally love to see this benchmark where a sane IPsec configuration running on regular commodity hardware beats WG throughput.
It is also possible to recognize without trying WireGuard that it has more protocol overhead, access to fewer ciphers than IPsec, and access to no ciphers that IPsec does not support. This means that IPsec encryption will be as fast or faster in all cases and IPsec framing will be more efficient in all cases, all else being equal.