Comment by iscoelho

2 days ago

At this time, there is no commercial offering for hardware/ASIC WireGuard implementations. The standard WireGuard implementation cannot reach 10G.

The fastest I am aware of is VPP (open-source) & Intel QAT [1], which while it is achieves impressive numbers for large packets (70Gbps @ 512 / 200Gbps @ 1420 on a $20k+ MSRP server), is still not comparable with commercial IPsec offerings [2][3][4] that can achieve 800Gbps+ on a single gateway (and come with the added benefit of relying on a commercial product with support).

[1] https://builders.intel.com/docs/networkbuilders/intel-qat-ac...

[2] https://www.juniper.net/content/dam/www/assets/datasheets/us...

[3] https://www.paloaltonetworks.com/apps/pan/public/downloadRes...

[4] https://www.fortinet.com/content/dam/fortinet/assets/data-sh...

2 comments

iscoelho

iscoelho 2 days ago

There are also solutions like Arista TunnelSec [1] that can achieve IPsec and VXLANsec at line-rate performance (21.6Tbps per chassis)! This is fairly new and fancy though.

[1] https://www.arista.com/assets/data/pdf/Whitepapers/EVPN-Data...

mlhpdx 1 day ago

This lack of ASIC is interesting to me. If it existed, that would very much change the game. And, given the simplicity of WG encryption it would be a comparatively small design (lower cost?)