* Fast failover and handshake renegotiation for multihomed WireGuard servers
@ 2019-07-08 15:10 Justin Kilpatrick
0 siblings, 0 replies; only message in thread
From: Justin Kilpatrick @ 2019-07-08 15:10 UTC (permalink / raw)
To: wireguard
I'm running a small fleet of WireGuard servers and clients, the clients use the Babel routing protocol to detect the latency and packet loss to any of the servers and select the best one accordingly.
The WireGuard servers are multihomed, they share a user list, keys, and an ip address. Babel will insert a route to the same destination ip but a different actual server whenever that server becomes the better option.
Sadly I've had to keep this feature out of production because switching between two servers involves around a minute of zero connectivity and that's simply too disruptive to expose to customers. The client continues to send packets using the handshake data from the previous server, the new server dutifully discards them as incorrect packets and everyone involved waits around for the old handshake to time out and a new one to be renegotiated.
Is there any way to trigger a handshake renegotiation quickly that is also secure? Ideally I would like users to be able to roam between servers without any detectable change, much as they can roam between routes inside of a babel network.
--
Justin Kilpatrick
justin@althea.net
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-07-17 20:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-08 15:10 Fast failover and handshake renegotiation for multihomed WireGuard servers Justin Kilpatrick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).