I didn't know you can use names instead of IPs on the WG config, that is pretty cool!
Thanks Laura! -----Original Message----- From: "Laura Smith" <n5d9xq3ti233xiyif...@protonmail.ch> Sent: Wednesday, November 4, 2020 6:11am To: "dx...@xirihosting.com" <dx...@xirihosting.com> Cc: "WireGuard mailing list" <wireguard@lists.zx2c4.com> Subject: Re: Using Wireguard for Geo redundancy Hello Diego, Wireguard is deliberately "dumb". It doesn't have any fancy things like failover built-in, that is an "exercise left to the reader" as the saying goes. So, in answer to your question, the "best" solution would involve BGP. But from your email it would seem you don't run BGP and you don't have an independent allocation of IPs. So that leaves us with "tier 2" options. My suggestions of options to look at would be (in rough order of preference): - If the two datacentres are run by the same company, then talk to them. They might be willing to provide an anycast IP range for you that is visible from both datacentres. - If the two datacentres are run by different companies, but they are "provider independent" and you buy your transit capacity from the same ISP at both locations, then speak to your ISP. They might be willing to provide an anycast IP range for your that is visible from both datacentres. - Use name rather than IP in your Wireguard client config files and then run your DNS with a short TTL so that you can achieve a manual failover in, say 5-10 minutes. - Use an external cloud service such as AWS ELB, Cloudflare etc. to provide the failover layer for you. Good luck ! Laura ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, 3 November 2020 19:05, dx...@xirihosting.com <dx...@xirihosting.com> wrote: > Hi! > > I am looking for information on how to leverage Wireguard in a geo-redundancy > scenario. > > We have a couple management boxes colocated next to each other that provide > HA via a VIP that "jumps" between each of those management boxes depending on > availability. > > Now lets say we want to place management box on datacenter 1 (DC1) and > management box 2 on datacenter2 (DC2). > > Assuming the VIP cannot move between DCs, how could you leverage Wireguard to > provide the same level of redundancy but with geographically dispersed hosts? > > Any information on this topic or documentation that points me in the right > direction would be really appreciated! > > Thanks! > Diego
