wag
wag copied to clipboard
BGP for Route Distribution
Problem
Currently, when running Wag in a cluster, NAT is really the only viable option to ensure traffic is returned to the right node.
NAT isn't an ideal solution a lot of the time, especially if you want visibility of traffic through a central firewall, or auditing access based on source IPs.
Additionally, BGP could be useful in the (much less common) scenario of 2 upstream routers/L3 switches to provide upstream routing redundancy or load balancing.
Proposed Solution
When running in a cluster, Wag nodes should optionally run BGP to allow operation without NAT.
- Each Wag node speaks BGP and advertises the addresses of its connected clients
- Each Wag node peers with the user's router. This allows the user's router to direct traffic to the correct node.
- Each Wag node peers with every other Wag node. This ensures if a packet arrives at Node B, but the client is connected to Node A, it gets directed between nodes. Just in case the user's router is slow at respecting BGP update messages, or its directed to the wrong node.
Additional
- The web UI could show the status of BGP (i.e. what routes each node is advertising, and any connected peers).
- This is neat https://github.com/osrg/gobgp