Hi all

we have 4 branch offices that establish Wireguard tunnels to a central router that routes traffic in the each peers with a series of custom static routes allowing each branch offices to communicate with each other.

The weak point is clear here: the central router. Ideally we would create another router, with a different link, that needs to take the ownership of routing the traffic when the other (central) router goes down.

Can you please suggest an approach to address this context?

Many thanks!

Hi,

Do you have a network design?

Will the second central (backup) node be on LAN with the primary central node?

Regards,

Will the second central (backup) node be on LAN with the primary central node?

No it's a totally different site: another location, another provider, another connectivity.

For the scheme, apologies I don't have a precise diagram but actually is something like that: https://ibb.co/ccPxxkR

@ kartone

The weak point is clear here: the central router. Ideally we would create another router, with a different link, that needs to take the ownership of routing the traffic when the other (central) router goes down.

that's a good point.

so there are 5 sites : hq and 4 branches.

take one of the most feasible branch as backup point. and start making a partial mesh topology heading to those 2 route server (hq and that new backup point).

after that - try to use dynamic routing protocol such as rip or ospf on those 5 sites (adjust which protocol suits your requirements).

hope this helps.

take one of the most feasible branch as backup point. and start making a partial mesh topology heading to those 2 route server (hq and that new backup point).
after that - try to use dynamic routing protocol such as rip or ospf on those 5 sites (adjust which protocol suits your requirements).

Thanks for help!

What do you mean by partial mesh topology? Every single node should have a wireguard tunnel to every other and then on every single node configure a dynamic routing protocol that choose the best route from endpointX to endpointY?

yes.

hq to a (backup), b, c, d.
a (backup) to hq, b, c, d.

partial meshed.

the dynamic routing protocol is used only for hq failure take over. hq and backup router path priority can be adjusted to your needs.

I'm afraid I can't because the branches are using 4g/5g connectivity behind a double(maybe triple) nat from the telco provider and not even with public IP addresses. I can't implement a wireguard endpoint listening for connections.

I was thinking of configuring new wireguard tunnels from branches to the backup site. Then, I don't know how, find a method of telling branches to use the backup site when the actual central node goes down.The backup site should have all the routes to redirect traffic from branches appropriately.

try to rent a vps on cloud.

install a chr on it. make it a secondary backup route server to overcome those cgnat.

but note those bandwidth traversing that router.

if your branches only use for online transactions - i think the vps bandwidth should suffice.

as long as you aren't huge files.

Apologies, I should have made it clear: the backup router has a public address. I can't mesh the branches between each other. Am I understanding correctly?

Problem is not the backup router but a method to automatically switch the routes when the primary router goes down. I'm completely ignorant of dynamic routing protocols thus I'm asking which is the correct one. If any, obviously.

the backup router has a public address. I can't mesh the branches between each other. Am I understanding correctly?

let's make it simple...

you can have either another wan for hq as backup link to connect those branches. high availability in single router with redundant wan.

example:
mt wan1 main link : wg a, b, c, d
wan2 backup link : wg a2, b2, c2, d2

still uses dynamic routing protocols - but be aware of that routing loops.

or

you can get another router with wan link. redundant router and wan.

example:
mt1 : wg a, b, c, d
mt2 : wh a2, b2, c2, d2.

uses dynamic routing protocol between mt1 and mt2.

these links actually driven by how your central application designed and communicate.

so... try to draw your topology first. These links will follow your design .

hope this helps.

It certainly helps, thank you!

Network topology, now, is simply a star network diagram where all the nodes rely on a central router that routes traffic between branches.

The purpose of this network is to exchange little txt files between nodes mainly for automation purposes.

If I got it correctly: need to create the same wireguard tunnels from each branch to the new backup router.

Still don’t understand what routing protocol i’d need to implement in the case main router goes down and backup router should take ownership of traffic routing.

Lately I thought of configuring same routes on every single branch to the backup router, as the main one, but with higher weight.

For education purposes, i’d prefer to invest time and implement a dynamic routing protocol though.

Suggestions? Thanks!

if I got it correctly: need to create the same wireguard tunnels from each branch to the new backup router.

yes. so there would be 2*4 = 8 tunnels to both primary and backup.

Still don’t understand what routing protocol i’d need to implement in the case main router goes down and backup router should take ownership of traffic routing.

don't worry about it. i think rip would suffice.

Lately I thought of configuring same routes on every single branch to the backup router, as the main one, but with higher weight.

dynamic routing protocol was designed to overcome administration limit. if you have more than 5 routers plus multiple links to manage (especially with automatic fail over switching requirements) - you should start to learn to use it. it's a nice tool to have.

good luck with your journey

Hi,

For such a simple scenario, you could, as indicated, prioritize with static routes and better AD.

If you want to use routing protocols, see scheme:



Each office will receive the routes from the other locations via OSPF or BGP. To prioritize the routes of the primary link/router, you will need to configure the different "priorities" in each routing protocol.

OSPF (cost, priority, ect)
BGP (weight, local-preference, etc)

Regards,

Amazing guys, thanks for you help and responsiveness!

I've looked at RIPv2 as protocol, is it worth the time?

Hi,

Of course. RIPv2 is the routing protocol for "small networks".

It's not as scalable as BGP or OSPF and its convergence times aren't as good, but it will work in your scenario.

Regards,

Thanks a lot! Appreciate your help guys