From: "Daniel Gröber" <dxld@darkboxed.org>
To: Bernd Naumann <bernd@kr217.de>
Cc: wireguard@lists.zx2c4.com, bird-users@network.cz,
babel-users@alioth-lists.debian.net
Subject: Re: [RFC] Replace WireGuard AllowedIPs with IP route attribute
Date: Sat, 19 Aug 2023 20:17:05 +0200 [thread overview]
Message-ID: <20230819181705.soor7bivakzyndc7@House.clients.dxld.at> (raw)
In-Reply-To: <5112ea1f-0f67-4907-a3c5-b6c7b9e591ca@kr217.de>
Hi Bernd,
On Sat, Aug 19, 2023 at 07:50:38PM +0200, Bernd Naumann wrote:
> Chances are high I do miss something, but I've just set AllowedIPs to
> 0.0.0.0/0 and ::/0 and just used the routing protocol of my choice and
> filters to select which routes got exported and imported... :shrug:
Right, let me expand a bit. You are absolutely right, right now if you want
to use wg with dynamic routing daemons you essentially have to have one wg
tunnel per remote node with AllowedIPs=::/0 and that works just fine at
small scales.
The idea here is that we would like to go back to having just one tunnel
for all nodes involved in this particular network instead, due to general
operations scalability, mine is a mesh network so the number of tunnels
gets rather large quickly :)
Lots of tunnels suck for various reasons, monitoring if they're all up and
configured properly is one example but my understanding from previous
discussions is the performance is probably not ideal either.
--Daniel
next prev parent reply other threads:[~2023-08-19 18:17 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-19 14:02 Daniel Gröber
[not found] ` <5112ea1f-0f67-4907-a3c5-b6c7b9e591ca@kr217.de>
2023-08-19 18:17 ` Daniel Gröber [this message]
2023-08-19 20:00 ` [Babel-users] " Steffen Vogel
2023-08-19 21:23 ` Daniel Gröber
2023-08-28 15:40 ` Kyle Rose
2023-08-28 16:07 ` Daniel Gröber
2023-08-28 17:40 ` Juliusz Chroboczek
2023-08-28 17:55 ` Kyle Rose
2023-08-28 22:13 ` Daniel Gröber
2023-09-03 3:21 ` Ivan Labáth
2023-09-29 13:12 ` Daniel Gröber
2023-09-29 16:19 ` Reto
[not found] ` <804a0c0a-78df-7f4c-1d0d-213e8bdb4120@nic.cz>
2023-11-09 11:57 ` [Babel-users] " Alexander Zubkov
2023-11-18 2:19 ` Daniel Gröber
[not found] ` <918e1d5b-9f11-4f9c-bf9a-94cb0d41ce2b@app.fastmail.com>
2023-11-18 12:22 ` Juliusz Chroboczek
2023-11-20 2:05 ` Daniel Gröber
[not found] ` <CABr+u0b6vrZoYzQcMiCXX7W0XsQRNMzQfZnT5cK1MQoZ4NoqkA@mail.gmail.com>
2023-11-22 7:39 ` Daniel Gröber
2023-08-19 20:05 ` Kyle Rose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230819181705.soor7bivakzyndc7@House.clients.dxld.at \
--to=dxld@darkboxed.org \
--cc=babel-users@alioth-lists.debian.net \
--cc=bernd@kr217.de \
--cc=bird-users@network.cz \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).