Support WireGuard for traffic encryption #2204
Labels
kind/design
Categorizes issue or PR as related to design.
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
Describe what you are trying to solve
WireGuard provides better throughput compares with IPsec and it is shipped with Linux kernel version >=5.6. It would be great if Antrea could support using WireGuard for traffic encryption.
Describe the solution you have in mind
Support WireGuard in Antrea.
Describe how your solution impacts user flows
User can set wireguard: enable in Antrea configmap and then all Antrea managed traffic will be encrypted by WireGuard.
Describe the main design/architecture of your solution
Wireguard can be integrated with Antrea noEncap mode without changing any flow entry. Detailed design please refer to https://docs.google.com/document/d/1nZSJPnbHeCxvhWDrAP2l0Zpv-wwg6pacOCgL9kH7Ds0/edit?usp=sharing
Alternative solutions that you considered
N/A
Test plan
Unit tests and e2e tests should be added for WireGuard enabled cases.
Additional context
N/A
The text was updated successfully, but these errors were encountered: