Re: Using Wireguard for Geo redundancy

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: "dxiri@xirihosting.com" <dxiri@xirihosting.com>
To: "Laura Smith" <n5d9xq3ti233xiyif2vp@protonmail.ch>
Cc: "WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: Re: Using Wireguard for Geo redundancy
Date: Wed, 4 Nov 2020 12:36:41 -0500 (EST)	[thread overview]
Message-ID: <1604511401.921917444@webmail.emailsrvr.com> (raw)
In-Reply-To: <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeDiqO xesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>

I didn't know you can use names instead of IPs on the WG config, that is pretty cool!

Thanks Laura! 

-----Original Message-----
From: "Laura Smith" <n5d9xq3ti233xiyif2vp@protonmail.ch>
Sent: Wednesday, November 4, 2020 6:11am
To: "dxiri@xirihosting.com" <dxiri@xirihosting.com>
Cc: "WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: Re: Using Wireguard for Geo redundancy

Hello Diego,

Wireguard is deliberately "dumb". It doesn't have any fancy things like failover built-in, that is an "exercise left to the reader" as the saying goes.

So, in answer to your question, the "best" solution would involve BGP. But from your email it would seem you don't run BGP and you don't have an independent allocation of IPs.

So that leaves us with "tier 2" options.  My suggestions of options to look at would be (in rough order of preference):

- If the two datacentres are run by the same company, then talk to them. They might be willing to provide an anycast IP range for you that is visible from both datacentres.

- If the two datacentres are run by different companies, but they are "provider independent" and you buy your transit capacity from the same ISP at both locations, then speak to your ISP. They might be willing to provide an anycast IP range for your that is visible from both datacentres.

- Use name rather than IP in your Wireguard client config files and then run your DNS with a short TTL so that you can achieve a manual failover in, say 5-10 minutes.

- Use an external cloud service such as AWS ELB, Cloudflare etc. to provide the failover layer for you.

Good luck !

Laura

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, 3 November 2020 19:05, dxiri@xirihosting.com <dxiri@xirihosting.com> wrote:

> Hi!
>
> I am looking for information on how to leverage Wireguard in a geo-redundancy scenario.
>
> We have a couple management boxes colocated next to each other that provide HA via a VIP that "jumps" between each of those management boxes depending on availability.
>
> Now lets say we want to place management box on datacenter 1 (DC1) and management box 2 on datacenter2 (DC2).
>
> Assuming the VIP cannot move between DCs, how could you leverage Wireguard to provide the same level of redundancy but with geographically dispersed hosts?
>
> Any information on this topic or documentation that points me in the right direction would be really appreciated!
>
> Thanks!
> Diego

     prev parent reply	other threads:[~2020-11-04 17:36 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-03 19:05 dxiri
2020-11-04 11:11 ` Laura Smith
2020-11-04 16:53 ` Dashamir Hoxha
     [not found] ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeD iqOxesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
     [not found]   ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeDiqO xesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
2020-11-04 17:36     ` dxiri [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1604511401.921917444@webmail.emailsrvr.com \
    --to=dxiri@xirihosting.com \
    --cc=n5d9xq3ti233xiyif2vp@protonmail.ch \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).