Performance issue on wag gui #84
Comments
|
Howdy! Unfortunately for some reason changing the ebpf map takes quite a long time. I've tried to do it in a way that changes only individual entries which should be faster, however it's actually slower then this implementation. Could you give me your kernel and distribution please? I can't really promise any improvements as it currently works in under a second for our currently business (<50 users) |
|
If you could give a representative sample of your configuration for rules that would be super useful! |
NHAS
added
the
needs testing (on unstable)
|
Alright, so good news and bad news. Good news, I've made this about 50% faster on my 177 device test deployment. Bad news, the remaining 50% is due to the kernel syscall forcing global syncronisation before giving the EBPF program the new map containing the policies. Which was introduced recently, so it blocks for quite a while even when batching calls. I've made quite a few changes that now live on unstable. So I'd be keen for you to try them out. |
|
Actually I spoke a little soon. I've done an optimization which caches some maps, and now I've gotten it down to ~30ms for 177 users. This is on unstable and you should definitely see if it fixes your problem. |
|
Seems to work well!
Editing groups just takes about 16ms atm Thank you! |
|
Oh! I guess its to late but: PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" sample of our config: |
|
Thanks for that! Really glad I could get significant performance improvement sorted it was quite fun. It's awesome to see that you're using Wag successfully in a professional environment. I'd just like to let you know that I do accept donations on my support page and cryptocurrency wallets listed below, which helps keep this work going, and I tend to expedite issues opened by supporters. Monero (XMR): Bitcoin (BTC): |
|
A note on this, I have just found a security bug that occurs now as the map is not being recreated. Updating routes will fail to remove old routes from a users firewall. Thus leaving them able to hit routes they otherwise should not be able to. As I am currently in the middle of a huge change from moving to sqlite3 to etcd for high availability I cannot go back and fix this right at the second. |
|
Thanks for the info. Do you have any commit which fix it? |
Here i'm back again,
I don't want to badmouth WAG - but is there any possibility to boost GUI performance?
We are probably the exception when it comes to the number of devices and users
Devices: 163
Users: ~ 155
Changing something on groups takes about 4-10 Seconds until its saved.
Maybe any idea or solution for this?
FYI
WAG is very nice!
The text was updated successfully, but these errors were encountered: