EVPN over wireguard

[magicfinger]

The idea of "EVPN over wireguard" was to have all VM traffix between proxmox hosts encrypted. And I have it running like that for 2 years now without issues. So maybe you might find my setup useful, because it was simple to setup. Also I want to ask for external opinion before I switch production traffic to it.

I have a 3 node proxmox cluster setup with a wireguard tunnel between the three hosts.

• All the proxmox services are NOT using the wireguard bridge because I hope they anyway encrypt sensitive traffic using ssh (except ceph traffic maybe?).
• For VM traffic I am using EVPN and had it setup such that the EVPN traffic between proxmox hosts is going through encrypted wireguard tunnels. I did this simply by using the wireguard IP addresses of the proxmox hosts as EVPN peers.

Here are some questions and I would be happy to have some other opinions on these:

1. Does this setup overall make sense?
2. Is there something to worry about the setup with evpn peers using wireguard IPs to encrypt the VM traffic between proxmox hosts?
3. I have read several times that EVPN in proxmox is not yet be stable, but it is running smoothly over 2 years for me. Anything I should be concerned about if I now use EVPN for production workloads?
4. Is it possible that the EVPN implementation in proxmox could automatically create these wireguard bridges by just ticking a checkbox somewhere?