Added information for Warp to Warp with MWAN #22883
Conversation
We have it documented that MWAN and Warp connectors are unsupported, but theres also specific considerations needed for using Warp to Warp when MWAN is in use. Added a note to expand on this.
|
Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment. We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally. PR Change SummaryExpanded documentation regarding the use of Warp to Warp connections in conjunction with MWAN, highlighting specific considerations and recommendations.
Modified Files
How can I customize these reviews?Check out the Hyperlint AI Reviewer docs for more information on how to customize the review. If you just want to ignore it on this PR, you can add the Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add |
![windsurf-bot[bot]](https://avatars.githubusercontent.com/in/1066231?s=60&v=4){kind=small}
|
|
||
| It's recommended to not connect Warp when a device is in a location behind MWAN, and instead connect to their LAN IP from remote devices connected to Warp instead of using Warp to Warp, as the MWAN onramp will route to remote locations private network, but if you do wish to use Warp inside a MWAN connected location, and directly connect to the devices Warp IP (in the 100.96.0.0/12 range) using Warp to Warp from either remote devices or devices in another location you will need to exclude the 100.96.0.0/12 subnet from you on premises Warp profile and include it in your off premises profile. | ||
|
|
||
| This will allow remote devices to route the 100.96.0.0/12 subnet over Warp > Cloudflare Edge > MWAN > Warp connected device on premises, then the return traffic will follow the same flow but in reverse. If 100.96.0.0/12 is included in the Warp tunnel on both ends the traffic flow will be remote Warp > Cloudflare Edge > MWAN > Warp device on premises, but the return traffic will be on premises device Warp tunnel > Cloudflare Edge > Remote device Warp tunnel, which in turn is asymmetric from the remote > on premises flow and will cause the connection to fail. |
There was a problem hiding this comment.
The flow description uses '>' characters which might be interpreted as HTML tags in MDX. Consider using '->' instead for better clarity and to avoid potential rendering issues.
| This will allow remote devices to route the 100.96.0.0/12 subnet over Warp > Cloudflare Edge > MWAN > Warp connected device on premises, then the return traffic will follow the same flow but in reverse. If 100.96.0.0/12 is included in the Warp tunnel on both ends the traffic flow will be remote Warp > Cloudflare Edge > MWAN > Warp device on premises, but the return traffic will be on premises device Warp tunnel > Cloudflare Edge > Remote device Warp tunnel, which in turn is asymmetric from the remote > on premises flow and will cause the connection to fail. | |
| This will allow remote devices to route the 100.96.0.0/12 subnet over Warp -> Cloudflare Edge -> MWAN -> Warp connected device on premises, then the return traffic will follow the same flow but in reverse. If 100.96.0.0/12 is included in the Warp tunnel on both ends the traffic flow will be remote Warp -> Cloudflare Edge -> MWAN -> Warp device on premises, but the return traffic will be on premises device Warp tunnel -> Cloudflare Edge -> Remote device Warp tunnel, which in turn is asymmetric from the remote -> on premises flow and will cause the connection to fail. |
There was a problem hiding this comment.
I will connect to my warp tunnel now because I have a permanent connection, and if that does not work, I will utilize the tile scale. I will be looking out for an implicit notice from my partner, Nathaniel bass
| :::note | ||
| By default direct Warp to Warp connections are not supported for machines behind MWAN with Warp connected due to double encapsulation and asymmetric routing. | ||
|
|
||
| It's recommended to not connect Warp when a device is in a location behind MWAN, and instead connect to their LAN IP from remote devices connected to Warp instead of using Warp to Warp, as the MWAN onramp will route to remote locations private network, but if you do wish to use Warp inside a MWAN connected location, and directly connect to the devices Warp IP (in the 100.96.0.0/12 range) using Warp to Warp from either remote devices or devices in another location you will need to exclude the 100.96.0.0/12 subnet from you on premises Warp profile and include it in your off premises profile. |
There was a problem hiding this comment.
The second paragraph in the note is a very long run-on sentence (over 100 words) that's difficult to follow. Consider breaking it into multiple shorter sentences for better readability and comprehension.
| :::note | ||
| By default direct Warp to Warp connections are not supported for machines behind MWAN with Warp connected due to double encapsulation and asymmetric routing. | ||
|
|
||
| It's recommended to not connect Warp when a device is in a location behind MWAN, and instead connect to their LAN IP from remote devices connected to Warp instead of using Warp to Warp, as the MWAN onramp will route to remote locations private network, but if you do wish to use Warp inside a MWAN connected location, and directly connect to the devices Warp IP (in the 100.96.0.0/12 range) using Warp to Warp from either remote devices or devices in another location you will need to exclude the 100.96.0.0/12 subnet from you on premises Warp profile and include it in your off premises profile. |
There was a problem hiding this comment.
There's a typo in this sentence: 'exclude the 100.96.0.0/12 subnet from you on premises Warp profile' should be 'exclude the 100.96.0.0/12 subnet from your on premises Warp profile'.
| It's recommended to not connect Warp when a device is in a location behind MWAN, and instead connect to their LAN IP from remote devices connected to Warp instead of using Warp to Warp, as the MWAN onramp will route to remote locations private network, but if you do wish to use Warp inside a MWAN connected location, and directly connect to the devices Warp IP (in the 100.96.0.0/12 range) using Warp to Warp from either remote devices or devices in another location you will need to exclude the 100.96.0.0/12 subnet from you on premises Warp profile and include it in your off premises profile. | |
| It's recommended to not connect Warp when a device is in a location behind MWAN, and instead connect to their LAN IP from remote devices connected to Warp instead of using Warp to Warp, as the MWAN onramp will route to remote locations private network, but if you do wish to use Warp inside a MWAN connected location, and directly connect to the devices Warp IP (in the 100.96.0.0/12 range) using Warp to Warp from either remote devices or devices in another location you will need to exclude the 100.96.0.0/12 subnet from your on premises Warp profile and include it in your off premises profile. |
Cleaned up note and removed the more technical reasons on how the change works and why its needed.
This comment was marked as off-topic.
This comment was marked as off-topic.
workers-devprod
added
the
contribution
|
Congratulations @dledfordcf, the maintainer of this repository has issued you a holobyte! Here it is: https://holopin.io/holobyte/cmbzbjke6499607kwb67powud This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account. |
* Added information for Warp to Warp with MWAN We have it documented that MWAN and Warp connectors are unsupported, but theres also specific considerations needed for using Warp to Warp when MWAN is in use. Added a note to expand on this. * Update warp.mdx Cleaned up note and removed the more technical reasons on how the change works and why its needed. * Update src/content/docs/magic-wan/zero-trust/warp.mdx --------- Co-authored-by: marciocloudflare <[email protected]>
4 participants
We have it documented that MWAN and Warp connectors are unsupported, but theres also specific considerations needed for using Warp to Warp when MWAN is in use. Added a note to expand on this.
Summary
Screenshots (optional)
Documentation checklist