[retronet] WireGuard and MPLS vs VXLAN…

Grant Taylor gtaylor at tnetconsulting.net
Sun Sep 9 10:37:21 MDT 2018


Hi,

TL;DR:  It's working!!!

I made significant progress on the RetroNet proof of concept / unit 
testing this weekend.

  · WireGuard — Oh my … WireGuard is by far … hands down … the 
*SIMPLEST* VPN that I've ever configured.  —  I actually think it's 
easier than GRE between two Cisco devices.

  · MPLS — MPLS is going to be a non-starter.  Someone mentioned they 
were worried that WireGuard might not pass MPLS traffic (as in WireGuard 
being a Tun / L3 device not a Tap / L2 device) and they were correct. — 
Combined with VPLS not working yet, I decided to try VXLAN.

  · VXLAN — I managed to successfully establish a pair of VXLAN Tunnel 
End Points (a.k.a. VTEPs) through the WireGuard VPN and pass arbitrary 
non-routable NetBEUI traffic between a pair of Windows 98 SE VMs.

  · Open vSwitch — I used OvS to create the VTEP and to bridge it to the 
AB / CD network segment on both ends of the WireGuard VPN.  I am using 
OvS in "Normal" mode, which means standard Layer 2 switching and no SDN 
methodology ~> complexities.

I did my PoC / UT using the following network topology:

    VM(A) --- VM(B) --- (R) --- VM(C) --- VM(D)
                |                 |
                +----WireGuard----+

VMs A & D were able to send NetBEUI (a.k.a. NetBIOS to the non-Microsoft 
world) traffic back and forth without any problems through an encrypted 
VPN across a routed IP only network standing in for the Internet.  :-D

I want to spend some time working with WireGuard and seeing how well 
it's going to scale with multiple users.  Do we need to have multiple 
WireGuard interfaces?  Can we put everybody on one central WireGuard 
interface?  What about people that have multiple RetroNet node?  Do we 
put members on separate VXLAN Network IDs (a.k.a. VNIs)?  In short, how 
do we take this to the next level and make things function at scale.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.chivanet.org/pipermail/retronet/attachments/20180909/871f8f8e/attachment.bin>


More information about the retronet mailing list