Luis/clan-master-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Results.tex for baseline profile

Browse Source
This commit is contained in:
Qubasa
2026-03-17 18:44:49 +01:00
parent 910a7b2a81
commit 6b32967f32
33 changed files with 892 additions and 772 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
main.tex
View File

@@ -232,20 +232,27 @@ and Management}} % Your department's name and URL, this is used in
\begin{abstract}
\addchaptertocentry{\abstractname} % Add the abstract to the table of contents
This thesis benchmarks peer-to-peer mesh VPNs using a reproducible,
Nix-based framework built with a deployment system called Clan. We
evaluate ten VPN implementations; including Tailscale (via
Headscale), Hyprspace, Nebula, Tinc, and ZeroTier; under four
network impairment profiles varying packet loss, reordering,
latency, and jitter, yielding over 300 unique measurements across
seven benchmarks.
This thesis evaluates ten peer-to-peer mesh VPN implementations
under controlled network conditions using a reproducible, Nix-based
benchmarking framework built on a deployment system called Clan.
The implementations range from kernel-level protocols (WireGuard,
used as a reference baseline) to userspace overlays (Tinc,
Yggdrasil, Nebula, Hyprspace, and others). We test each against
four impairment profiles that vary packet loss, reordering, latency,
and jitter, producing over 300 measurements across seven benchmarks
from raw TCP and UDP throughput to video streaming and
application-level downloads.
Our analysis reveals that Tailscale outperforms the Linux kernel's
default networking stack under degraded conditions, owing to its
userspace IP stack with tuned parameters. We confirm this by
re-running benchmarks with matching kernel-side tuning and observe
comparable throughput gains. The investigation also uncovered a
critical security vulnerability in one of the evaluated VPNs.
A central finding is that no single metric captures VPN performance:
the rankings shift depending on whether one measures throughput,
latency, retransmit behavior, or application-level transfer time.
Under network impairment, Tailscale (via Headscale) outperforms the
Linux kernel's default networking stack, an anomaly we trace to its
userspace IP stack's tuned congestion-control and buffer parameters.
Re-running the internal baseline with matching kernel-side tuning
closes the gap, confirming the explanation. The accompanying source
code analysis uncovered a critical security vulnerability in one of
the evaluated implementations.
\end{abstract}