Comment by renewiltord
17 hours ago
I meant the comments. Sadly I've linked the wrong permalink and confused everyone.
> > > I see. I'll terminate at the Ryzen 7950 box behind the router and see what I get.
> > That will still be a no. Outside of very specialized solutions this level of the performance is not available. It is rarely needed in real life anyways. Only small amount of traffic neess to be protected this way; for everything else point to point protection with ssh or tls is adequate. I studied different router devices and most (ipsec is dominant) have low encryption truoughput compared to routing capabilities. I guess that matches market requrements.
> It looks like I can get 8 Gbps with low CPU utilization using one of my x86 machines as terminal. This is pretty good. Don't need 10 G precisely. 8G is enough.
I've done precisely this so easily. I just terminate the WG at a gateway node and switch in Linux. It's trivial and throughput can easily max the 10G. I had a 40G network behind that on obsolete hardware providing storage and lots of machines reading from that.
Reading that thread was eye-opening since they should have just told him to terminate on the first machine behind. Which he eventually did and predictably worked.
You are right. It's amusing how this pattern emerges often: an unoptimized tech stack gives mild performance results. This is "good enough" for most people. Over the years everyone seems to assume that's just the way it is and it will always be because the tech is inherently "complex". Then a competitor comes out of the water and their performance blows everyone out of the water, so everyone realized the tech could have been optimized all this way if anyone had just tried to.
Yeah, this is especially true with multi-gigabit networking. It's actually really depressing how hard it is to find performant solutions, be it for file sharing or just HTTP.