I have approximately 25 locations and a single data centre. I am currently contemplating the acquisition of broadband connections for these locations, followed by the construction of DMVPN infrastructure or a similar solution to attain my objectives.
Link bonding if possible
Smooth failover
Dynamic Routing or something for link failure awareness.
Any thougs are much appreciated. Or something can be done with wireguard?
Aloha,
I would definitvly use Wireguard for encrytion!
some questions come into my mind:
What Routing protocol do you want to use?
BGP (together with BFD of course for fast failure detection)
or IGP (OSPF/ISIS)
Im not sure, if ISIS would work over a Wireguard tunnel though, maybe then a GRE tunnel over WG
is needed
Do you need any-2-any connections or just 1-2 Hubs and multiple sites?
What do you mean with SD-WAN term?
For me, that means something different, like to find best path ( f.e. lowest delay) path through differen t WAN links
Link bundling is for me a more a Layer2 feature, so WIreguard will work across them
(But you need to check th bundling hashing algo )
Thanks for the reply - and yes a tunneling from Spoke to Hub is what is needed. Of course with lower latency.
Is there any technology existing with wireguard to form a mesh tunnels? and wondering what dynamic protocol would help me to configure those tunnels?
That was what I was thinking. How did you install tailscale on vyos. As deb file with bash? If so then you have to install it every time you change the image if I’m not wrong.
Who do you copy the tailscale config from one image to the next?
To tell the truth. tailscale takes lots of system performance. After I successfully deploy tailsale on vyos. I dump it and just back to pure wireguard solution, more lightwight and more suitable for me.