Development discussion of WireGuard
 help / color / mirror / Atom feed
* Dynamic routes
@ 2021-11-22 17:20 Robert Dahlem
  2021-11-23 22:40 ` Jonathon Fernyhough
  2021-11-24 11:18 ` Chriztoffer Hansen
  0 siblings, 2 replies; 6+ messages in thread
From: Robert Dahlem @ 2021-11-22 17:20 UTC (permalink / raw)
  To: wireguard

Hello,

I'm searching for a way to dynamically add or delete routes when a
tunnel comes up or goes down. I do not mean "interface wg0 comes up",
but explicitly "tunnel comes up" in the sense that both peers see each
other, key exchange has been successful and packets would be transported
through the tunnel.

The idea behind this is to have redundant tunnels. Let's say a Wireguard
client has a preferred server and a secondary server. Packets should be
routed through the preferred router while that tunnel is established and
through the secondary server when the preferred server is not available
for some reason.

I could always install Quagga or Bird and use OSPF. But that might be a
bit of an overkill for a simple active/passive failover.

Is there any way to react on tunnel state events in Wireguard?

Regards,
Robert

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Dynamic routes
  2021-11-22 17:20 Dynamic routes Robert Dahlem
@ 2021-11-23 22:40 ` Jonathon Fernyhough
  2021-11-23 23:03   ` Robert Dahlem
  2021-11-24 11:18 ` Chriztoffer Hansen
  1 sibling, 1 reply; 6+ messages in thread
From: Jonathon Fernyhough @ 2021-11-23 22:40 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 403 bytes --]

On 22/11/2021 17:20, Robert Dahlem wrote:
> The idea behind this is to have redundant tunnels. Let's say a Wireguard
> client has a preferred server and a secondary server. Packets should be
> routed through the preferred router while that tunnel is established and
> through the secondary server when the preferred server is not available
> for some reason.

Would route metrics work for this?

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Dynamic routes
  2021-11-23 22:40 ` Jonathon Fernyhough
@ 2021-11-23 23:03   ` Robert Dahlem
  0 siblings, 0 replies; 6+ messages in thread
From: Robert Dahlem @ 2021-11-23 23:03 UTC (permalink / raw)
  To: Jonathon Fernyhough, wireguard

Hi,

On 23.11.2021 23:40, Jonathon Fernyhough wrote:

>> The idea behind this is to have redundant tunnels. Let's say a Wireguard
>> client has a preferred server and a secondary server. Packets should be
>> routed through the preferred router while that tunnel is established and
>> through the secondary server when the preferred server is not available
>> for some reason.

> Would route metrics work for this?

Yes and no.

Metrics do useful things when there are identical prefixes with
different metrics over *working* paths. So when both tunnels are up
metrics can choose the preferred path.

With Wireguard (as far as I understand it) routes exist independently
from tunnel state. If the path through the preferred server has a better
metric, but doesn't work, the system does not fall back to the path
through the secondary server.

Metrics work fine when routes are installed/uninstalled dynamically. Say
you have a system with LAN connectivity (best metric), Wifi connectivity
(medium metric) and mobile (UMTS/LTE) connectivity (worst metric). All
of them give you a default route. If all of them are actually connected,
the system would use the route through the LAN. As soon as you unplug
the LAN cable, the LAN routes disappear and the Wifi routes are
selected. Plug the cable back in, the LAN routes reappear and the system
uses the LAN route.

Yes, metrics would work for this. But only if the routes don't appear
before a tunnel comes up and disappear when the tunnel goes down.

Regards,
Robert

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Dynamic routes
  2021-11-22 17:20 Dynamic routes Robert Dahlem
  2021-11-23 22:40 ` Jonathon Fernyhough
@ 2021-11-24 11:18 ` Chriztoffer Hansen
  2021-11-24 12:04   ` Mike O'Connor
  1 sibling, 1 reply; 6+ messages in thread
From: Chriztoffer Hansen @ 2021-11-24 11:18 UTC (permalink / raw)
  To: Robert.Dahlem; +Cc: WireGuard List (wireguard@lists.zx2c4.com)

On Mon, 22 Nov 2021 at 18:20, Robert Dahlem <Robert.Dahlem@gmx.net> wrote:
> I could always install Quagga or Bird and use OSPF. But that might be a
> bit of an overkill for a simple active/passive failover.

RIP, OSPF, BGP, EIGRP. Either can work. And would IMO be sufficiently
simple to set up and maintain. Either way, you will need a daemon to
maintain monitoring of the packets being able to flow over the tunnel.
If you select a routing demon or another daemon. ... take a pick.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Dynamic routes
  2021-11-24 11:18 ` Chriztoffer Hansen
@ 2021-11-24 12:04   ` Mike O'Connor
  2021-11-24 15:07     ` Robert Dahlem
  0 siblings, 1 reply; 6+ messages in thread
From: Mike O'Connor @ 2021-11-24 12:04 UTC (permalink / raw)
  To: Chriztoffer Hansen, Robert.Dahlem
  Cc: WireGuard List (wireguard@lists.zx2c4.com)

On 24/11/21 9:48 pm, Chriztoffer Hansen wrote:
> On Mon, 22 Nov 2021 at 18:20, Robert Dahlem <Robert.Dahlem@gmx.net> wrote:
>> I could always install Quagga or Bird and use OSPF. But that might be a
>> bit of an overkill for a simple active/passive failover.
> RIP, OSPF, BGP, EIGRP. Either can work. And would IMO be sufficiently
> simple to set up and maintain. Either way, you will need a daemon to
> maintain monitoring of the packets being able to flow over the tunnel.
> If you select a routing demon or another daemon. ... take a pick.
>
Correct, not the job of Wireguard.


Cheers

Mike


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Dynamic routes
  2021-11-24 12:04   ` Mike O'Connor
@ 2021-11-24 15:07     ` Robert Dahlem
  0 siblings, 0 replies; 6+ messages in thread
From: Robert Dahlem @ 2021-11-24 15:07 UTC (permalink / raw)
  Cc: WireGuard List (wireguard@lists.zx2c4.com)

Hi,

On 24.11.2021 13:04, Mike O'Connor wrote:

> On 24/11/21 9:48 pm, Chriztoffer Hansen wrote:

>>> I could always install Quagga or Bird and use OSPF. But that might be a
>>> bit of an overkill for a simple active/passive failover.

>> RIP, OSPF, BGP, EIGRP. Either can work. And would IMO be sufficiently
>> simple to set up and maintain. Either way, you will need a daemon to
>> maintain monitoring of the packets being able to flow over the tunnel.
>> If you select a routing demon or another daemon. ... take a pick.

> Correct, not the job of Wireguard.

I can live with that. Thanks for clearing up.

Regards,
Robert


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-11-24 15:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-22 17:20 Dynamic routes Robert Dahlem
2021-11-23 22:40 ` Jonathon Fernyhough
2021-11-23 23:03   ` Robert Dahlem
2021-11-24 11:18 ` Chriztoffer Hansen
2021-11-24 12:04   ` Mike O'Connor
2021-11-24 15:07     ` Robert Dahlem

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).