Development discussion of WireGuard
 help / color / mirror / Atom feed
* Using Wireguard for Geo redundancy
@ 2020-11-03 19:05 dxiri
  2020-11-04 11:11 ` Laura Smith
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: dxiri @ 2020-11-03 19:05 UTC (permalink / raw)
  To: WireGuard mailing list

Hi!

I am looking for information on how to leverage Wireguard in a geo-redundancy scenario.

We have a couple management boxes colocated next to each other that provide HA via a VIP that "jumps" between each of those management boxes depending on availability.

Now lets say we want to place management box on datacenter 1 (DC1) and management box 2 on datacenter2 (DC2).

Assuming the VIP cannot move between DCs, how could you leverage Wireguard to provide the same level of redundancy but with geographically dispersed hosts?

Any information on this topic or documentation that points me in the right direction would be really appreciated!

Thanks!
Diego


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Using Wireguard for Geo redundancy
  2020-11-03 19:05 Using Wireguard for Geo redundancy dxiri
@ 2020-11-04 11:11 ` Laura Smith
  2020-11-04 16:53 ` Dashamir Hoxha
       [not found] ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeD iqOxesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
  2 siblings, 0 replies; 4+ messages in thread
From: Laura Smith @ 2020-11-04 11:11 UTC (permalink / raw)
  To: dxiri; +Cc: WireGuard mailing list

Hello Diego,

Wireguard is deliberately "dumb". It doesn't have any fancy things like failover built-in, that is an "exercise left to the reader" as the saying goes.

So, in answer to your question, the "best" solution would involve BGP. But from your email it would seem you don't run BGP and you don't have an independent allocation of IPs.

So that leaves us with "tier 2" options.  My suggestions of options to look at would be (in rough order of preference):

- If the two datacentres are run by the same company, then talk to them. They might be willing to provide an anycast IP range for you that is visible from both datacentres.

- If the two datacentres are run by different companies, but they are "provider independent" and you buy your transit capacity from the same ISP at both locations, then speak to your ISP. They might be willing to provide an anycast IP range for your that is visible from both datacentres.

- Use name rather than IP in your Wireguard client config files and then run your DNS with a short TTL so that you can achieve a manual failover in, say 5-10 minutes.

- Use an external cloud service such as AWS ELB, Cloudflare etc. to provide the failover layer for you.

Good luck !

Laura

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, 3 November 2020 19:05, dxiri@xirihosting.com <dxiri@xirihosting.com> wrote:

> Hi!
>
> I am looking for information on how to leverage Wireguard in a geo-redundancy scenario.
>
> We have a couple management boxes colocated next to each other that provide HA via a VIP that "jumps" between each of those management boxes depending on availability.
>
> Now lets say we want to place management box on datacenter 1 (DC1) and management box 2 on datacenter2 (DC2).
>
> Assuming the VIP cannot move between DCs, how could you leverage Wireguard to provide the same level of redundancy but with geographically dispersed hosts?
>
> Any information on this topic or documentation that points me in the right direction would be really appreciated!
>
> Thanks!
> Diego



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Using Wireguard for Geo redundancy
  2020-11-03 19:05 Using Wireguard for Geo redundancy dxiri
  2020-11-04 11:11 ` Laura Smith
@ 2020-11-04 16:53 ` Dashamir Hoxha
       [not found] ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeD iqOxesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
  2 siblings, 0 replies; 4+ messages in thread
From: Dashamir Hoxha @ 2020-11-04 16:53 UTC (permalink / raw)
  Cc: WireGuard mailing list

On Tue, Nov 3, 2020 at 8:07 PM dxiri@xirihosting.com
<dxiri@xirihosting.com> wrote:
>
> Hi!
>
> I am looking for information on how to leverage Wireguard in a geo-redundancy scenario.
>
> We have a couple management boxes colocated next to each other that provide HA via a VIP that "jumps" between each of those management boxes depending on availability.

How is HA implemented in this case? If it is based on ARP, then I am
afraid that WireGuard cannot do the same thing.

>
> Now lets say we want to place management box on datacenter 1 (DC1) and management box 2 on datacenter2 (DC2).
>
> Assuming the VIP cannot move between DCs, how could you leverage Wireguard to provide the same level of redundancy but with geographically dispersed hosts?
>
> Any information on this topic or documentation that points me in the right direction would be really appreciated!

Here are some of the cases where WG can be useful:
https://gitlab.com/docker-scripts/wireguard/-/blob/master/docs/wg-usecases.md

None of them solves your problem, but maybe this can help you to
understand better how WG works.

>
> Thanks!
> Diego
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Using Wireguard for Geo redundancy
       [not found]   ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeDiqO xesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
@ 2020-11-04 17:36     ` dxiri
  0 siblings, 0 replies; 4+ messages in thread
From: dxiri @ 2020-11-04 17:36 UTC (permalink / raw)
  To: Laura Smith; +Cc: WireGuard mailing list

I didn't know you can use names instead of IPs on the WG config, that is pretty cool!

Thanks Laura! 

-----Original Message-----
From: "Laura Smith" <n5d9xq3ti233xiyif2vp@protonmail.ch>
Sent: Wednesday, November 4, 2020 6:11am
To: "dxiri@xirihosting.com" <dxiri@xirihosting.com>
Cc: "WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: Re: Using Wireguard for Geo redundancy

Hello Diego,

Wireguard is deliberately "dumb". It doesn't have any fancy things like failover built-in, that is an "exercise left to the reader" as the saying goes.

So, in answer to your question, the "best" solution would involve BGP. But from your email it would seem you don't run BGP and you don't have an independent allocation of IPs.

So that leaves us with "tier 2" options.  My suggestions of options to look at would be (in rough order of preference):

- If the two datacentres are run by the same company, then talk to them. They might be willing to provide an anycast IP range for you that is visible from both datacentres.

- If the two datacentres are run by different companies, but they are "provider independent" and you buy your transit capacity from the same ISP at both locations, then speak to your ISP. They might be willing to provide an anycast IP range for your that is visible from both datacentres.

- Use name rather than IP in your Wireguard client config files and then run your DNS with a short TTL so that you can achieve a manual failover in, say 5-10 minutes.

- Use an external cloud service such as AWS ELB, Cloudflare etc. to provide the failover layer for you.

Good luck !

Laura

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, 3 November 2020 19:05, dxiri@xirihosting.com <dxiri@xirihosting.com> wrote:

> Hi!
>
> I am looking for information on how to leverage Wireguard in a geo-redundancy scenario.
>
> We have a couple management boxes colocated next to each other that provide HA via a VIP that "jumps" between each of those management boxes depending on availability.
>
> Now lets say we want to place management box on datacenter 1 (DC1) and management box 2 on datacenter2 (DC2).
>
> Assuming the VIP cannot move between DCs, how could you leverage Wireguard to provide the same level of redundancy but with geographically dispersed hosts?
>
> Any information on this topic or documentation that points me in the right direction would be really appreciated!
>
> Thanks!
> Diego





^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-11-09 23:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-03 19:05 Using Wireguard for Geo redundancy dxiri
2020-11-04 11:11 ` Laura Smith
2020-11-04 16:53 ` Dashamir Hoxha
     [not found] ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeD iqOxesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
     [not found]   ` <gBLFnYn1ENCoAu8pZXEVAFF88CT1DSPAOnmcV47vBrvQlLpA1jg2Yp6iZb9RotAOGDJPrqgeDiqO xesYB09WPXEtWsqR5R5rvx-udouR9-w=@protonmail.ch>
2020-11-04 17:36     ` dxiri

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git