WireGuard ve IPSec Protokollerinin Çeşitli Ağ Konfigürasyonlarında Performans Değerlendirmesi

Yıl 2025, Cilt: 8 Sayı: 3, 1353 - 1369, 16.06.2025

Tuğçe Demirdelen , Sefa Kırmızı

https://doi.org/10.47495/okufbed.1660352

Öz

Bu çalışma, farklı ağ konfigürasyonları altında WireGuard ve IPSec VPN protokollerinin performansını değerlendirerek, verimliliklerini, güvenilirliklerini ve kaynak kullanımını belirlemeyi amaçlamaktadır. İncelenen konfigürasyonlar arasında Round Robin, IEEE 802.3ad bağlantı birleştirme, tek arayüz/tek tünel, çift arayüz/çift tünel ve tek arayüz/çift tünel bulunmaktadır. Bu protokollerin ağ performansı üzerindeki etkisini anlamak için veri aktarım hızı (throughput), CPU kullanımı ve Maksimum Aktarım Birimi (MTU) ayarlarının etkileri gibi temel performans metrikleri analiz edilmiştir. Deneysel sonuçlar, WireGuard’ın veri aktarım hızı ve CPU verimliliği açısından IPSec’ten daha iyi performans gösterdiğini, daha düşük ek yük ve daha yüksek hız sunduğunu ortaya koymaktadır. Bu da onu yüksek performans gerektiren ve kaynakların sınırlı olduğu ortamlar için daha uygun bir seçenek haline getirmektedir. Elde edilen bulgular, mevcut literatürle de uyumlu olup, WireGuard’ın modern ağ uygulamalarındaki avantajlarını, özellikle minimum hesaplama yüküyle yüksek hızlı şifreli iletişim gerektiren senaryolar için doğrulamaktadır. Ayrıca, çalışma farklı bağlantı birleştirme ve tünelleme stratejilerinin etkileri hakkında bilgiler sunarak, çeşitli kullanım durumları için VPN dağıtımlarını optimize etmeye yönelik pratik öneriler sağlamaktadır.

Anahtar Kelimeler

VPN , WireGuard , IPSec , Veri Aktarım Hızı , CPU Kullanımı , SD-WAN , Ağ Performansı , Bilgi Sistemleri

Performance Evaluation of WireGuard and IPSec Protocols in Various Network Configurations

Öz

This study evaluates the performance of WireGuard and IPSec VPN protocols under various network configurations to determine their efficiency, reliability, and resource utilization in different scenarios. The configurations examined include Round Robin, IEEE 802.3ad bonding, single interface/single tunnel, dual interfaces/dual tunnels, and single interface/dual tunnels. Key performance metrics such as throughput, CPU utilization, and the effects of Maximum Transmission Unit (MTU) settings were analyzed to understand the impact of these protocols on network performance. The experimental results demonstrate that WireGuard outperforms IPSec in terms of throughput and CPU efficiency, showcasing lower overhead and improved speed, making it a more suitable option for high-performance and resource-constrained environments. These findings align with existing literature, further validating WireGuard’s advantages in modern networking applications, particularly in scenarios requiring high-speed encrypted communication with minimal computational overhead. Additionally, this study provides insights into the implications of different bonding and tunneling strategies, offering practical recommendations for optimizing VPN deployments in various use cases.

Anahtar Kelimeler

VPN , WireGuard , IPSec , Throughput , CPU Utilization , SD-WAN , Network Performance , Information Systems

Kaynakça

• Abbas H., Emmanuel N., Amjad MF., Yaqoob T., Atiquzzaman M., Iqbal Z., Shafqat N., Shahid WB., Tanveer A., Ashfaq U. Security assessment and evaluation of VPNs: a comprehensive survey. ACM Computing Surveys 2023; 55(13): 1-47.
• Balachandran S., Dominic J., Sivankalai S. A comparative analysis of VPN and proxy protocols in library network management. Library of Progress-Library Science, Information Technology & Computer 2024; 44(3).
• Donenfeld JA. WireGuard:next generation kernel network tunnel. NDSS, 2017.
• Dowling B., Paterson KG. A cryptographic analysis of the WireGuard protocol. International Conference on Applied Cryptography and Network Security, 2018.
• Gentile AF., Macrì D., Greco E., Fazio P. IoT IP overlay network security performance analysis with open source infrastructure deployment. Journal of Cybersecurity and Privacy 2024; 4(3): 629-649.
• Gentile AF., Macrì D., De Rango F., Tropea M., Greco EJFI. A VPN performances analysis of constrained hardware open source infrastructure deploy in IoT environment. Future Internet 2022; 14(9): 264.
• Gordeychik S., Kolegov D. SD-WAN Threat Landscape. arXiv preprint 2018.
• Mackey S., Mihov I., Nosenko A., Vega F., Cheng Y. A performance comparison of WireGuard and OpenVPN. Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, 2020, 162-164.
• Mansouri Y., Prokhorenko V., Babar MA. An automated implementation of hybrid cloud for performance evaluation of distributed databases. Journal of Network and Computer Applications 2020; 167: 102740.
• Narayan S., Brooking K., De Vere S. Network performance analysis of vpn protocols: an empirical comparison on different operating systems. International Conference on Networks Security, Wireless Communications and Trusted Computing 2009; 645-668.
• Oluyede MS., Mart J., Olusola A., Olatuja G. Security challenges and solutions in SD-WAN deployments. ScienceOpen Preprints 2024.
• Ostroukh A., Pronin C., Podberezkin A., Podberezkina J., Volkov A. Enhancing corporate network security and performance: a comprehensive evaluation of wireGuard as a next-generation VPN solution. 2024 Systems of Signal Synchronization, Generating and Processing in Telecommunications 2024; 1-5.
• Pries R., Yu W., Graham S., Fu X. On performance bottleneck of anonymous communication networks. 2008 IEEE International Symposium on Parallel and Distributed Processing, 2008, page number:1-11.
• Sharma K., Tahiliani MP., Rathod VJ. Design and development of an emulation model for VPN and VPN bonding. 2024 IEEE International Conference on Electronics, Computing and Communication 2024; 1-6.
• Shen Y., Wu Y., Shen J., Zhang H. WirePlanner: fast, secure and cost-efficient route configuration for SD-WAN. arXiv preprint 2023.
• Shue CA., Gupta M., Myers SA. Ipsec: Performance analysis and enhancements. 2007 IEEE International Conference on Communications 2007; 1527-1532.
• Ullah S., Choi J., Oh H. IPsec for high speed network links: performance analysis and enhancements. Future Generation Computer Systems 2020; 107: 112-125.
• Vilanova JP. Next generation overlay networks: security, trust, and deployment challenges. Universitat Politècnica de Catalunya (UPC), 2021.
• Yang Z., Cui Y., Li B., Liu Y., Xu Y. Software-defined wide area network (SD-WAN): architecture, advances and opportunities. 28th International Conference on Computer Communication and Networks, 2019, 1-9.