as the topic says, I want to try for educational purposes to aggregate 2 or 3 different wireguard interfaces, but as I'm totally newbe on the subject and without knowledge of how things work, I need some directions of where to search and read about it.
Is an aggregation between virtual interfaces like wireguard the same as 2 different ethernet aggregation?
should I just try to aggregate the wireguard interfaces or is it better to add another wan ethernet aggregate these and then run a wireguard connection on top of that?
Is there any tutorial for openwrt about these?
P.S lets assume that wireguard connections are way slower that 1 physical ethernet and its not constrained by CPU resources.
Thanks!
No, as Wireguard is Layer 3 (IP) not Layer 2 (Ethernet).
How do we assume this, are you running on an x86_64?
Lastly, they have to be slower in theory- because thier traffic is conveyed on physical connections.
1 Like
You can use ECMP to some extend. But if the connections have to terminate on the same end point server and even then the experience can be shitty because of different latency.
All in all this is not really the best of all ideas....
Edit. Ok it can be a solution for really crappy uplinks but then each flow should use only one path at a time so no full link aggregation.
As I said, it's just for educational purposes for myself, with this, I tried to avoid conversations that aggregate VPNs may not be useful for bandwidth "upgrading". But nevertheless openwrt is running on a 1.5ghz quad core A53 arm box.
Well, it's just to see if it can be done, measuring the performance and if it useful is a later stage of my research. Lets assume that every VPN IFs will be connected to a different server in a different country.
May not be useful for "bandwidth 'upgrading'"?
What's 'bandwidth upgrading'?
It leads me to believe this educational exercise is veering into world of imagination. I will note your idea may work in theory for protocols that do compression - but they too have technical limitations (e.g., overhead).
Are we to [also] assume this is to somehow improve bandwidth beyond the physical limitations of the network interface chipset?
I do take considaration of hard limitations, that's not the purpose of my exercise.
No, let me explain it better.
Lets say that we have a VPN connection that its limited by the server side at 100mbps, also lets say that the hardware is adequate to serve more than 300mbps tunneled traffic. what I'm trying to find out (except of gaining knowledge of doing things with openwrt) is if I can combine 3x 100mbps VPNs to almost match the hard limit of the router. (and maybe create a some kind of redundancy of a dropped connection?)
If you just want proper failover then establish multiple tunnel and speak ospf. With Linux on both sides you can set various hashing modes on the ECMP links. But simple failover scenario is simple with ospf.
The OP wishes to aggregate VPNs.
In any case, even if the user established some Layer 2 VPN, then they'd experience the same issue as establishing mutiple links as any other Ethernet connection (albeit I'm not sure how one would - or should do something to mitigate any negative result).
Nonetheless, the OP's exercise is irrelevant here, because:
- This will not upgrade the bandwidth of any single connection
- Any solution employed to mitigate multiple Layer 2 links will disable 2 of 3 links - leaving only one operational
Yes, I agree with your response above to the OP regarding this.
But again, with ECMP and the proper selection of hashing and of course for the right connection you can achieve aggregated bandwidth but if for some reason ,the rrt is different on the paths, like different ISP, them latency cripples you hard.
1 Like
Maybe you are right but I do want to learn how to do aggregation first, one thing at a time.
Do you know where I can learn more of how to do it on openwrt?
To be clear:
WAN_A WAN_D
WAN_B ---SITE_A--- <---WG_tunnels 1 2 and 3--> --- SITE_B--- WAN_E
WAN_C WAN_G
Is this the topology you're seeking?
Only via Wireguard?
Just to state it clearly.
This you will never find in the (developed) business or enterprise world.
I say developed world, because the solution for a pipe to small is simply buy a bigger pipe.
Where this is no longer possible because you already use 200 or 400 gigabit like google or meta at Internet exchange points, you aggregate on layer2 but in the Internet nobody does aggregated layer3.
I by myself had to learn that lesson too. You can for sure build a redundant multi uplink router. And if you are clever you spread the load so individual connections do not get faster but you can serve more connections....
Like I said, aggregated layer3 is called ECMP. Equal Coast multi path. And yes it sucks with static routes. Use at leased ospf for some sanity of mind. Bird2 is a good starter to get a plain default ospf2 and ospf3 network running without loosing hair. If you need help with that feel free to mention me in a new thread or reach me via PM.
Ps..I forgot one important point. ECMP is heavily used in a Datacenter network. When you know that each individual cable pair has the same length you can by default iirc use ECMP routes on Linux with 16 paths. ECMP with bgp and low tolerance with Bidirectional Forward Detection you can sub second failover on these aggregated links.... But link aggregation through ECMP in the Internet, the one with an capital I, is not used as far that I'm aware of.
1 Like