SD WAN capability with Vyos?

blason16 · November 27, 2023, 12:59pm

Hi Team,

I have approximately 25 locations and a single data centre. I am currently contemplating the acquisition of broadband connections for these locations, followed by the construction of DMVPN infrastructure or a similar solution to attain my objectives.

Link bonding if possible
Smooth failover
Dynamic Routing or something for link failure awareness.

Any thougs are much appreciated. Or something can be done with wireguard?

roedie · December 2, 2023, 7:13pm

Not sure what the question here is, but DMVPN can be done: DMVPN — VyOS 1.3.x (equuleus) documentation

skynw · December 4, 2023, 9:25am

Aloha,
I would definitvly use Wireguard for encrytion!

some questions come into my mind:

What Routing protocol do you want to use?
BGP (together with BFD of course for fast failure detection)
or IGP (OSPF/ISIS)
Im not sure, if ISIS would work over a Wireguard tunnel though, maybe then a GRE tunnel over WG
is needed
Do you need any-2-any connections or just 1-2 Hubs and multiple sites?
What do you mean with SD-WAN term?
For me, that means something different, like to find best path ( f.e. lowest delay) path through differen t WAN links
Link bundling is for me a more a Layer2 feature, so WIreguard will work across them
(But you need to check th bundling hashing algo )

Cheers
Marcel

blason16 · December 5, 2023, 12:48pm

Thanks for the reply - and yes a tunneling from Spoke to Hub is what is needed. Of course with lower latency.
Is there any technology existing with wireguard to form a mesh tunnels? and wondering what dynamic protocol would help me to configure those tunnels?

blex · December 5, 2023, 6:21pm

You can take a look at tailscale. If you do not like the cloud approach you can run the headscale server by your self and use the tailgate client.

echowings · December 7, 2023, 1:58am

wireguard + bgp + bfd + ospf , it works well with vyos.
Also you can install tailscale on vyos , it also can works well.

blex · December 7, 2023, 5:52am

That was what I was thinking. How did you install tailscale on vyos. As deb file with bash? If so then you have to install it every time you change the image if I’m not wrong.

Who do you copy the tailscale config from one image to the next?

echowings · December 7, 2023, 6:13am

tailscale write by go. so it is a single file. just copy it into vyos. and generate a systemd config, it will works.

echowings · December 7, 2023, 6:15am

To tell the truth. tailscale takes lots of system performance. After I successfully deploy tailsale on vyos. I dump it and just back to pure wireguard solution, more lightwight and more suitable for me.

blex · December 7, 2023, 8:18am

Tailscale with headscale was my plan for roadworrier so computer and mobile devices. One tailscale only to the headscale VM.

Site-2-site I think wireguard and bgp or ospf.