Testing WireGuard performance on AWS, DigitalOcean & Linode from Brazil
WireGuard is a general purpose open source VPN software that holds speed records on many online benchmarks¹². It's a well-balanced VPN to use, specially if you'll be hosting your own nodes as not all VPN providers supports it yet.
A customer with 2 WireGuard nodes mentioned that one of their employees was having "speed issues" when using VPN, despite the nodes being in different data centers. We all know that speed is not the technical term, but bear with me.
This is quite strange cause WireGuard provides one of the best performance measurement out there, so it was time to test a few providers I'm used to work with: AWS, DigitalOcean and Linode.
All the nodes were set up with AlmaLinux 8 and WireGuard installed with the help of WireGuard Road Warrior installer. The speed test was performed using Speedtest.net iOS app 3x and the best result used. The destinations were:
- Hivelocity Tampa, FL (USA)
- FDCservers São Paulo, SP (BR)
The client and I are based in Brazil, so I decided to use Tampa, FL as the first destination cause DigitalOcean and Linode locations are NY and Newark respectively, so it's sort of midway from connections from and to Brazil.
The iPhone was right next to an ASUS BlueCave WiFi router, as I wanted to reproduce the user's configuration as much as possible. Remember, I did this series of tests just to eliminate the provider as the root cause of the speed issue.
Someone might find this benchmark helpful, so I decided to share it here, although you should be aware THIS IS NOT A PROFESSIONAL BENCHMARK in any way.
No VPN
The first tests were completed without the VPN to have a baseline. The network speed on the test connection is 100 Mbps.
AWS São Paulo (c5n.large instance)
AWS São Paulo was next. Honestly I had high hopes that it would outperform the others providers by a long shot.
A c5n.large instance was used, that provides up to 25 Gbps of network bandwidth according to AWS with ENA enabled. It was the only provider in Brazil so at least to the Brazilian destination it should perform great.
Linode Newark (1G RAM/1vCPU/25GB SSD - $5/mo instance)
Linode is a cloud provider that advertises their network in and out rates directly on the price list, which gives the impression that they are proud of the network they own and I generally use their services for proxies and VPN nodes.
DigitalOcean New York (1G RAM/1vCPU/25GB SSD - $5/mo instance)
DigitalOcean takes a developer-friendly approach, they don't advertise their network speed and generally don't get much into the technical side of the hardware.
Conclusion
To be fair, Linode and DigitalOcean offers different locations that might have provided different results just like I could have used AWS North Virginia, but honestly, in theory all locations should have the same hardware capacity, so if they don't care about doing that right, why should I?
The final result comes to the following table:
Tampa, FL | São Paulo, SP | |
No VPN | 95,7 // 35,5 | 95,9 // 41,8 |
AWS São Paulo | 54,8 // 16,4 | 59,0 // 21,1 |
Linode Newark | 49,1 // 9,77 | 44,2 // 9,89 |
DigitalOcean New York | 61,1 // 14,0 | 60,1 // 9,52 |
WireGuard did knock 36%~49% of the "speed", probably due to the encryption and additional hops. A small price to pay given the security benefit of having a VPN enabled.
Surprisingly, DigitalOcean even with its easy-to-use approach, trumps AWS and Linode when it comes to download throughput. AWS won the gold medal only in upload throughput, closely followed by DigitalOcean.
Given that DigitalOcean offers 1TB of bandwidth right on the $5 plan, it's the way to go if you want to host a WireGuard node.
If you're curious to know what the customer has decided, well, they've chosen to update the employee's connection so that the loss of speed doesn't compromise day-to-day.
On a final note, this benchmark did match the results published by Gold Fire Studios in 2018. 3 years have passed but the results remained the same. DigitalOcean FTW!
Comments