Ahoy all,
I'm struggling a little to set wireguard as a fallback link
in conjunction with two MPLS links. In my tests BIRD would
not route traffic through wg0 when I took the other two
interfaces down. The setup is rather simple, two DCs, each
side has a gw running BIRD.
---- Config DC1 ----
router id 192.168.184.1;
### Kernel
#####################################################################
protocol kernel {
scan time 15; # Scan kernel routing table every 15 seconds
export all; # Default is export none
}
### Device Monitor
#############################################################
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
### OSPF
#######################################################################
protocol ospf MyOSPF {
tick 2;
ecmp yes;
rfc1583compat yes;
area 0.0.0.0 {
# Advertise DC1 prod net
stubnet 192.168.184.0/24;
# MPLS1 interface
interface "macsec.2335" {
cost 5;
ecmp weight 1;
bfd yes;
authentication cryptographic;
password "testtesttest" {
id 1;
algorithm hmac sha256;
};
};
# MPLS2 interface
interface "macsec.2334" {
cost 5;
ecmp weight 1;
bfd yes;
authentication cryptographic;
password "testtesttest" {
id 2;
algorithm hmac sha256;
};
};
# WireGuard Fallback
interface "wg0" {
cost 10;
bfd yes;
type pointopoint;
authentication cryptographic;
password "testtesttest" {
id 3;
algorithm hmac sha256;
};
};
};
};
### BFD
########################################################################
protocol bfd PCrewBFD {
# BFD on DTAG interface
interface "macsec.2335" {
min rx interval 20 ms;
min tx interval 50 ms;
idle tx interval 300 ms;
};
# BFD on Console-Networks interface
interface "macsec.2334" {
min rx interval 20 ms;
min tx interval 50 ms;
idle tx interval 300 ms;
};
# BFD on WireGuard interface
interface "wg0" {
min rx interval 200 ms;
min tx interval 500 ms;
idle tx interval 3000 ms;
};
# WTF is multihop??
multihop {
interval 200 ms;
multiplier 10;
};
};
---- Config DC2 ----
router id 192.168.148.1;
### Kernel
#####################################################################
protocol kernel {
scan time 15; # Scan kernel routing table every 20 seconds
export all; # Default is export none
}
### Device Monitor
#############################################################
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
### OSPF
#######################################################################
protocol ospf MyOSPF {
tick 2;
ecmp yes;
rfc1583compat yes;
area 0.0.0.0 {
# Advertise MUC prod net
stubnet 192.168.148.0/24;
# MPLS1 interface
interface "macsec.2335" {
cost 5;
ecmp weight 1;
bfd yes;
authentication cryptographic;
password "testtesttest" {
id 1;
algorithm hmac sha256;
};
};
# MPLS2 interface
interface "macsec.2334" {
cost 5;
ecmp weight 1;
bfd yes;
authentication cryptographic;
password "testtesttest" {
id 2;
algorithm hmac sha256;
};
};
# WireGuard Fallback
interface "wg0" {
cost 10;
bfd yes;
type pointopoint;
authentication cryptographic;
password "testtesttest" {
id 3;
algorithm hmac sha256;
};
};
};
};
---- BIRD states ----
bird> show route
172.23.1.0/29 dev macsec.2335 [MyOSPF 09:26:22] * I (150/5)
[192.168.184.1]
172.23.2.0/29 dev macsec.2334 [MyOSPF 09:26:22] * I (150/5)
[192.168.184.1]
192.168.148.0/24 multipath [MyOSPF 09:27:26] * I (150/15)
[192.168.148.1]
via 172.23.1.2 on macsec.2335 weight 1
via 172.23.2.2 on macsec.2334 weight 1
172.23.3.0/29 dev wg0 [MyOSPF 09:26:22] * I (150/10)
[192.168.184.1]
bird> show ospf state all
area 0.0.0.0
router 192.168.148.1
distance 5
network 172.23.2.0/29 metric 5
network 172.23.1.0/29 metric 5
stubnet 172.23.3.0/29 metric 10
stubnet 192.168.148.0/24 metric 10
router 192.168.164.1
distance 0
network 172.23.2.0/29 metric 5
network 172.23.1.0/29 metric 5
stubnet 172.23.3.0/29 metric 10
stubnet 192.168.184.0/24 metric 10
network 172.23.1.0/29
dr 192.168.164.1
distance 5
router 192.168.184.1
router 192.168.148.1
network 172.23.2.0/29
dr 192.168.164.1
distance 5
router 192.168.184.1
router 192.168.148.1
What makes me wonder is why wg0 is coming up as stubnet here,
while the MPLS links come up as network (stubnet 172.23.3.0/29 metric
10)
and 172.23.3.0/29 (wg0 net) not being listed.
Any hints or corrections of my config to get this to work
with wireguard would be very much appreciated.
