From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: steve@erayd.net Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c7e0e731 for ; Thu, 15 Mar 2018 18:45:20 +0000 (UTC) Received: from mail-yw0-f173.google.com (mail-yw0-f173.google.com [209.85.161.173]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id ba4483b9 for ; Thu, 15 Mar 2018 18:45:20 +0000 (UTC) Received: by mail-yw0-f173.google.com with SMTP id x197so5319952ywg.11 for ; Thu, 15 Mar 2018 11:55:52 -0700 (PDT) MIME-Version: 1.0 References: <8debf4cc-572f-2a75-39c6-e109ebb8e73b@sholland.org> In-Reply-To: <8debf4cc-572f-2a75-39c6-e109ebb8e73b@sholland.org> From: Steve Gilberd Date: Thu, 15 Mar 2018 18:55:40 +0000 Message-ID: Subject: Re: Allowed IPs Toggling To: Samuel Holland Content-Type: multipart/alternative; boundary="94eb2c06148e64a3370567780ac3" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --94eb2c06148e64a3370567780ac3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > WireGuard *does* support overlapping ranges of AllowedIPs on different peers. It > doesn't support having *identical* ranges of AllowedIPs on different peers, > which was the situation here. (You're correct, there's no concept of a metric.) Oh good - looks like I just misunderstood your ordinal email then; I thought you were saying that any situation with multiple routes to a single IP was unsupported. Thanks for clarifying :-). Cheers, Steve On Fri, 16 Mar 2018, 07:51 Samuel Holland, wrote: > Hello, > > On 03/15/18 13:39, Steve Gilberd wrote: > >> Allowed IPs is like a routing table; you can't have two routes for the > same > > set of IPs > > > > If this is the case, then wireguard does not have proper routing suppor= t. > > > > Normally, routing tables allow both multiple and overlapping routes > present. > > When making routing decisions, the most-specific route is chosen (e.g. = a > /29 is > > higher priority than a /24 which overlaps with it). If there are two > identical > > routes of the same size, then the one with the lowest routing metric is > used. > > > > I can understand not allowing identical routes of the same size, as > wireguard > > doesn't really have a concept of metric (although it could be useful fo= r > backup > > links). However, it really should allow overlapping routes of different > sizes. > > There's no ambiguity with routing decisions, and it's a standard featur= e > that I > > would normally expect any IP routing stack to have. > > WireGuard *does* support overlapping ranges of AllowedIPs on different > peers. It > doesn't support having *identical* ranges of AllowedIPs on different peer= s, > which was the situation here. (You're correct, there's no concept of a > metric.) > > > Cheers, > > Steve > > Cheers, > Samuel > --=20 Cheers, *Steve Gilberd* Erayd LTD *=C2=B7* Consultant *Phone: +64 4 974-4229 **=C2=B7** Mob: +64 27 565-3237* *PO Box 10019 The Terrace, Wellington 6143, NZ* --94eb2c06148e64a3370567780ac3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =C2=A0>=C2=A0WireGuard *does* support overlapping ranges of AllowedIPs o= n different peers. It
> doesn't support having *identical* ranges= of AllowedIPs on different peers,
> which was the situation here. (Y= ou're correct, there's no concept of a metric.)

= Oh good - looks like I just misunderstood your ordinal email then; I though= t you were saying that any situation with multiple routes to a single IP wa= s unsupported. Thanks for clarifying :-).

Cheers,<= /div>
Steve

O= n Fri, 16 Mar 2018, 07:51 Samuel Holland, <samuel@sholland.org> wrote:
Hello,

On 03/15/18 13:39, Steve Gilberd wrote:
>>=C2=A0Allowed IPs is like a routing table; you can't have two r= outes for the same
> set of=C2=A0IPs
>
> If this is the case, then wireguard does not have proper routing suppo= rt.
>
> Normally, routing tables allow both multiple and overlapping routes pr= esent.
> When making routing decisions, the most-specific route is chosen (e.g.= a /29 is
> higher priority than a /24 which overlaps with it). If there are two i= dentical
> routes of the same size, then the one with the lowest routing metric i= s used.
>
> I can understand not allowing identical routes of the same size, as wi= reguard
> doesn't really have a concept of metric (although it could be usef= ul for backup
> links). However, it really should allow overlapping routes of differen= t sizes.
> There's no ambiguity with routing decisions, and it's a standa= rd feature that I
> would normally expect any IP routing stack to have.

WireGuard *does* support overlapping ranges of AllowedIPs on different peer= s. It
doesn't support having *identical* ranges of AllowedIPs on different pe= ers,
which was the situation here. (You're correct, there's no concept o= f a metric.)

> Cheers,
> Steve

Cheers,
Samuel
--

Cheers,<= /p>

Steve Gilberd
Erayd LTD=C2=A0= =C2=B7=C2=A0Consultant
Phone: +64 4 974-4229=C2=A0=C2=B7=C2=A0M= ob: +64 27 565-3237
PO Box 10019 The Terrace, Wellington 6143, NZ

--94eb2c06148e64a3370567780ac3--