# Failover Runbook

## Primary WAN Failure
1. Dead peer detection triggers on WireGuard handshake timeout
2. If secondary circuit configured, mesh manager fails over
3. Overlay sessions are re-established over secondary path
4. Underlay operations pause — device management requires network path to device

## Verification
```bash
ansible-playbook ansible/playbooks/failover-test.yml
ansible-playbook ansible/playbooks/mesh-health.yml
```

## Recovery
When primary WAN recovers, mesh manager detects restored handshake and fails back.