WG load balancing?
Matthias Urlichs
matthias at urlichs.de
Thu May 10 11:21:44 CEST 2018
Hello list,
Assume a branch office with two uplinks to the Internet that wants to
use WG to talk to the main office, using both of these uplinks in
parallel (assuming they're both up) for better uplink speed (and for
redundancy if they aren't). Now the obvious idea is to create two WG
interfaces on each side, and add a couple of firewall rules to make sure
that packets fwmarked 1 go out on the first uplink, and so on.
That's the easy part. The hard part is how to teach the kernel to load
balance its default route between the WG interfaces. I tried to use a
libteam or bonding interface to tie them together, but apparently WG
isn't Ethernet, so that doesn't work.
I thought about using a GRE tunnel, but tunnels have fixed endpoint
addresses – somehow I don't think it'd be a good idea to create two
wireguard interfaces with the same IP address … and I don't really want
to do heavy-handed address mangling on every packet. Losing all
connectivity whenever I happen to flush my firewall tables doesn't
appeal to me.
Ideally I would like the kernel's wireguard interfaces to be compatible
with teaming … any takers?
--
-- Matthias Urlichs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180510/4d6c8091/attachment.asc>
More information about the WireGuard
mailing list