Wireguard + anycast

David Cowden dcow at eero.com
Fri Jan 4 04:17:10 CET 2019


If Wireguard let you configure a list of allowed keys for a peer (instead
of a single key) that would be a logical solution without much extra
complexity at all I imagine.

On Thu, Jan 3, 2019 at 2:39 PM Edward Vielmetti <edward.vielmetti at gmail.com>
wrote:

> A little thought experiment which I haven't tried yet.
>
> Using anycast, a single IP address can be routed to multiple machines in a
> data center or around the world.
>
> Is it at all possible that anycast and Wireguard would play together
> nicely? In particular, is it plausible that you could give a client an
> anycast address of a server to use as its endpoint, and that when it picked
> the correct / closest one that it would do the right thing?
>
> The naive approach would be to have all of the anycast devices share the
> same private/public key pair, but that has a bad smell. And I don't know
> what would happen if your routing changed in mid-connection.
>
> (anycast is the technology used to give name servers a single global
> address, like Google's 8.8.8.8 DNS)
>
> --
> Edward Vielmetti +1 734 330 2465
> edward.vielmetti at gmail.com
>
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190103/d860f6fc/attachment.html>


More information about the WireGuard mailing list