Great question! I wrote a new userspace network proxy/stack in Go, similar to Docker's VPNKit and built it with performance in mind at all levels.
What makes it fast is support for modern NIC features that improve performance significantly, similar to those supported by Apple's in-kernel NAT (vmnet) but implemented in userspace. I've made changes to the guest kernel to implement these while working around limitations in Apple's Virtualization.framework. I'm not actually sure why it's slightly faster than vmnet in the host-to-guest direction (30 vs. 25 Gbps), but I'll take it.
Some snapshots of my journey working on the network stack:
What makes it fast is support for modern NIC features that improve performance significantly, similar to those supported by Apple's in-kernel NAT (vmnet) but implemented in userspace. I've made changes to the guest kernel to implement these while working around limitations in Apple's Virtualization.framework. I'm not actually sure why it's slightly faster than vmnet in the host-to-guest direction (30 vs. 25 Gbps), but I'll take it.
Some snapshots of my journey working on the network stack:
https://twitter.com/kdrag0n/status/1606461436863352832
https://twitter.com/kdrag0n/status/1604288427306160128
https://twitter.com/kdrag0n/status/1607236475715989506
https://twitter.com/kdrag0n/status/1609013653214474240