All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Network Architecture: Using VXLAN Inside WireGuard for Site-to-Site Overlay Networks

By

mlhpdx

4mo ago· 5 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

If you only eat one bagel today, this is the bagel.

Score100TypeanalysisSentimentneutral

Summary

The article discusses network architecture recommendations for site-to-site overlay networks, specifically addressing whether to use VXLAN over WireGuard or WireGuard over VXLAN. The author recommends using WireGuard as the primary transport layer with VXLAN inside it, arguing that WireGuard's purpose is to securely connect networks across untrusted channels. The content emphasizes that WireGuard should form the foundational secure connection, while VXLAN can be used within that secure tunnel for additional network segmentation or functionality when needed.

Key quotes

· 5 pulled
For site-to-site overlay networks, use wireguard, vxlan should be inside of it, if at all.
Your 'network' is connected by wireguard, and it contains details like vxlan.
Even within your network, when crossing security boundaries across untrusted channels, you can use wireguard.
Others mentioned tailscale, it's cool and all but you don't always need it.
You should do so because that's the purpose of wireguard, to connect networks securely across secure channels.
Snippet from the RSS feed
For site-so-site ovelay networks, use wireguard, vxlan should be inside of it, if at all. Your "network" is connected by wireguard, and it contains details like vxlan. Even within your network, when crossing security boundaries across untrusted channels,

You might also wanna read

BGP Lab Project Expanded to Include Full IPv6 Feed

The author extends their BGP lab project to support full IPv6 feeds, following requests from readers who previously received IPv4 BGP feeds.

lukasz.bromirski.net·2d ago

Whosthere: A Go-based LAN discovery tool with interactive TUI for unprivileged network scanning

Whosthere is a Go-based Local Area Network (LAN) discovery tool with an interactive Terminal User Interface (TUI). It performs unprivileged,

Product Hunt·10d ago

Investigating Intermittent ECONNRESET Errors in Local TCP Connections (Part 1)

A technical blog post investigating mysterious ECONNRESET errors occurring between two services communicating over TCP on the same machine.

movq.de·14d ago

IPv8: An Alternative IPv4 Successor with Backward Compatibility and Integrated Network Management

This article introduces IPv8, an alternative successor to IPv4 that differs from IPv6 by focusing on integrated network management and singl

openipv8.org·17d ago

How to get a free *.city.state.us locality domain in the US

This article explains how US residents can obtain a free locality domain name (e.g., somename.city.state.us) for their town. It covers the h

fredchan.org·18d ago

Cloudflare fixes CUBIC congestion control bug in QUIC implementation that permanently pinned performance at minimum

Cloudflare engineers discovered and fixed a bug in the CUBIC congestion control algorithm (RFC 9438) used in their QUIC implementation (quic

blog.cloudflare.com·19d ago