WG load balancing?

Tim Sedlmeyer tim at sedlmeyer.org
Thu May 10 12:01:14 CEST 2018 

On Thu, May 10, 2018 at 5:22 AM Matthias Urlichs <matthias at urlichs.de>
wrote:

> Hello list,

> Assume a branch office with two uplinks to the Internet that wants to
> use WG to talk to the main office, using both of these uplinks in
> parallel (assuming they're both up) for better uplink speed (and for
> redundancy if they aren't). Now the obvious idea is to create two WG
> interfaces on each side, and add a couple of firewall rules to make sure
> that packets fwmarked 1 go out on the first uplink, and so on.

> That's the easy part. The hard part is how to teach the kernel to load
> balance its default route between the WG interfaces. I tried to use a
> libteam or bonding interface to tie them together, but apparently WG
> isn't Ethernet, so that doesn't work.

> I thought about using a GRE tunnel, but tunnels have fixed endpoint
> addresses – somehow I don't think it'd be a good idea to create two
> wireguard interfaces with the same IP address … and I don't really want
> to do heavy-handed address mangling on every packet. Losing all
> connectivity whenever I happen to flush my firewall tables doesn't
> appeal to me.

> Ideally I would like the kernel's wireguard interfaces to be compatible
> with teaming … any takers?

> --
> -- Matthias Urlichs


> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

If you are in kernel >=4.4 you can use hash-based multipath routing. A hash
by default based upon source and destination address will be calculated and
flows matching the hash will be assigned to a particular path. If need to
better balance traffic you can configure the kernel to use source and
destination ports as part of the hash also. The kernel will assign hashes
to the links in a manner that balances the traffic across them. You can
also assign weights to each path and the kernel will assign traffic
according to the ratio of the weights.

For example to equally balance the traffic between 2 wireguard interfaces
the command would be:

ip route add default nexthop dev wg0 weight 1 nexthop dev wg1 weight 1

If you wanted to send 5 times as much traffic over the 2nd link:

ip route add default nexthop dev wg0 weight 1 nexthop dev wg1 weight 5

More information about the WireGuard mailing list