|
|
|
|
@@ -72,7 +72,6 @@ and reordering. These impairments are applied symmetrically on all
|
|
|
|
|
machines, meaning effective round-trip impairment is approximately
|
|
|
|
|
double the per-machine values.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\subsection{Configuration Methodology}
|
|
|
|
|
|
|
|
|
|
Each VPN is built from source within the Nix flake, ensuring that all
|
|
|
|
|
@@ -82,7 +81,7 @@ under \texttt{pkgs/} in the flake.
|
|
|
|
|
|
|
|
|
|
Cryptographic material (WireGuard keys, Nebula certificates, ZeroTier
|
|
|
|
|
identities) is generated deterministically via Clan's vars generator
|
|
|
|
|
system.
|
|
|
|
|
system.
|
|
|
|
|
|
|
|
|
|
Generated keys are stored in version control under
|
|
|
|
|
\texttt{vars/per-machine/\{name\}/} and read at NixOS evaluation time,
|
|
|
|
|
@@ -101,7 +100,8 @@ Table~\ref{tab:benchmark_suite} summarises each benchmark.
|
|
|
|
|
\label{tab:benchmark_suite}
|
|
|
|
|
\begin{tabular}{llll}
|
|
|
|
|
\hline
|
|
|
|
|
\textbf{Benchmark} & \textbf{Protocol} & \textbf{Duration} & \textbf{Key Metrics} \\
|
|
|
|
|
\textbf{Benchmark} & \textbf{Protocol} & \textbf{Duration} &
|
|
|
|
|
\textbf{Key Metrics} \\
|
|
|
|
|
\hline
|
|
|
|
|
Ping & ICMP & 3 runs $\times$ 100 pkts & RTT, packet loss \\
|
|
|
|
|
TCP iPerf3 & TCP & 30 s & Throughput, retransmits, CPU \\
|
|
|
|
|
@@ -348,8 +348,6 @@ typical observations, while min and max capture outlier behavior.
|
|
|
|
|
The nix-cache benchmark additionally reports standard deviation via
|
|
|
|
|
hyperfine's built-in statistical output.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\section{Source Code Analysis}
|
|
|
|
|
|
|
|
|
|
To complement the performance benchmarks with architectural
|
|
|
|
|
@@ -517,8 +515,6 @@ wall-clock duration, number of attempts, VPN restart count and
|
|
|
|
|
duration, connectivity wait time, source and target machine names,
|
|
|
|
|
and on failure, the relevant service logs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\section{VPNs Under Test}
|
|
|
|
|
|
|
|
|
|
VPNs were selected based on:
|
|
|
|
|
@@ -532,7 +528,6 @@ VPNs were selected based on:
|
|
|
|
|
\bitem{Linux support:} All VPNs must run on Linux.
|
|
|
|
|
\end{itemize}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ten VPN implementations were selected for evaluation, spanning a range
|
|
|
|
|
of architectures from centralized coordination to fully decentralized
|
|
|
|
|
mesh topologies. Table~\ref{tab:vpn_selection} summarizes the selection.
|
|
|
|
|
|
