WG load balancing?

[Toke Høiland-Jørgensen]

Tim Weippert <weiti at weiti.org> writes:

> Hi Matthias, 
>
>
> On Thu, May 10, 2018 at 11:21:44AM +0200, Matthias Urlichs wrote:
>> Hello list,
>> 
>> Assume a branch office with two uplinks to the Internet that wants to
>> use WG to talk to the main office, using both of these uplinks in
>> parallel (assuming they're both up) for better uplink speed (and for
>> redundancy if they aren't). Now the obvious idea is to create two WG
>> interfaces on each side, and add a couple of firewall rules to make sure
>> that packets fwmarked 1 go out on the first uplink, and so on.
>> 
>> That's the easy part. The hard part is how to teach the kernel to load
>> balance its default route between the WG interfaces. I tried to use a
>> libteam or bonding interface to tie them together, but apparently WG
>> isn't Ethernet, so that doesn't work.
>> 
>> I thought about using a GRE tunnel, but tunnels have fixed endpoint
>> addresses – somehow I don't think it'd be a good idea to create two
>> wireguard interfaces with the same IP address … and I don't really want
>> to do heavy-handed address mangling on every packet. Losing all
>> connectivity whenever I happen to flush my firewall tables doesn't
>> appeal to me.
>
> Maybe you can use some kind of dynamic routing approach here. Use FRR,
> Quagga or Bird with e.g. OSPF and ECMP ( Equal Cost Multipath) to utilize
> both links. (practically you can also have two default routes with the
> same metric and this should do a round robin fashioned loadbalancing)

You can add ECMP routes with 'ip route' via the 'nexthop' parameter. See
'man ip-route'.

-Toke