Using Wireguard for Geo redundancy

dxiri at xirihosting.com dxiri at xirihosting.com
Wed Nov 4 18:36:41 CET 2020 

I didn't know you can use names instead of IPs on the WG config, that is pretty cool!

Thanks Laura! 

-----Original Message-----
From: "Laura Smith" <n5d9xq3ti233xiyif2vp at protonmail.ch>
Sent: Wednesday, November 4, 2020 6:11am
To: "dxiri at xirihosting.com" <dxiri at xirihosting.com>
Cc: "WireGuard mailing list" <wireguard at lists.zx2c4.com>
Subject: Re: Using Wireguard for Geo redundancy

Hello Diego,

Wireguard is deliberately "dumb". It doesn't have any fancy things like failover built-in, that is an "exercise left to the reader" as the saying goes.

So, in answer to your question, the "best" solution would involve BGP. But from your email it would seem you don't run BGP and you don't have an independent allocation of IPs.

So that leaves us with "tier 2" options.  My suggestions of options to look at would be (in rough order of preference):

- If the two datacentres are run by the same company, then talk to them. They might be willing to provide an anycast IP range for you that is visible from both datacentres.

- If the two datacentres are run by different companies, but they are "provider independent" and you buy your transit capacity from the same ISP at both locations, then speak to your ISP. They might be willing to provide an anycast IP range for your that is visible from both datacentres.

- Use name rather than IP in your Wireguard client config files and then run your DNS with a short TTL so that you can achieve a manual failover in, say 5-10 minutes.

- Use an external cloud service such as AWS ELB, Cloudflare etc. to provide the failover layer for you.

Good luck !

Laura

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, 3 November 2020 19:05, dxiri at xirihosting.com <dxiri at xirihosting.com> wrote:

> Hi!
>
> I am looking for information on how to leverage Wireguard in a geo-redundancy scenario.
>
> We have a couple management boxes colocated next to each other that provide HA via a VIP that "jumps" between each of those management boxes depending on availability.
>
> Now lets say we want to place management box on datacenter 1 (DC1) and management box 2 on datacenter2 (DC2).
>
> Assuming the VIP cannot move between DCs, how could you leverage Wireguard to provide the same level of redundancy but with geographically dispersed hosts?
>
> Any information on this topic or documentation that points me in the right direction would be really appreciated!
>
> Thanks!
> Diego

More information about the WireGuard mailing list