rVRRPd is an open and standard-compliant VRRPv2 implementation written in Rust, a modern programming language known for its portability, memory-safety and speed.
- Aimed to be Fast, Portable and Secure
- Supports multiple operating systems and processors architectures
- Multi-threaded operation
- Easily configurable using TOML or JSON
- Interoperable with
RFC3768
(VRRPv2) compliant devices- Tested interoperable with Cisco IOS and Cisco IOS-XR
- Authentication Support
- Password Authentication (Type-1) based on
RFC2338
- Proprietary P0 HMAC (SHA256 truncated to 8 bytes)
- Proprietary P1 (SHAKE256 XOF)
- Password Authentication (Type-1) based on
- Supports multiple operation modes:
- Sniffer mode (
-m0
) - Virtual Router in foreground mode (
-m1
) - Virtual Router in daemon mode (
-m2
)
- Sniffer mode (
- Supports MAC-based Virtual LAN interface (
macvlan
) (Linux) - Supports Berkeley Packet Filter (
BPF
) (FreeBSD only)
This project is still in development stage, and at this time, only supports Linux and the FreeBSD operating systems. There is no stable API, configuration or even documentation yet. Please keep in mind that rVRRPd
may not always be fully interoperable with standard-compliant network equipments, especially when using proprietary features.
The development roadmap for the upcoming 0.2.0
release can be found on its project page.
- A Linux or FreeBSD 64-bits operating system.
- An Intel IA-64 (x86_64), or an ARMv8 processor (aarch64).
- Rust's
Cargo
(v1.33.0 or higher), to build the project and all its dependencies. - At least one Ethernet interface, see
conf/rvrrpd.conf
for a basic TOML configuration example. - Root privileges, required to access raw sockets, configure interfaces and to add kernel routes.
- The
libnl-3
andlibnl-route-3
libraries for accessing the netlink interface (Linux only).
To quickly build a development version of rVRRPd
, first make sure you have the latest version of Cargo
installed. The recommended steps are to first install Cargo, then the GNU Compiler Collection (GCC) toolchain and lastly the libnl-3
development packages (including headers files), namely libnl-3-dev
and libnl-route-3-dev
on Linux Debian and derivatives.
To quickly build the daemon executable, use the make
or cargo build --release
command:
$ cargo build --release
[...]
Compiling tokio v0.1.21
Compiling foreign-types-macros v0.1.0
Compiling serde_derive v1.0.92
Compiling foreign-types v0.4.0
Compiling rVRRPd v0.1.2 (/home/e3prom/rVRRPd)
Finished release [optimized] target(s) in 9.62s
Then install the rvrrpd
executable on your system by entering the make install
command.
Before running the VRRP daemon, copy the example configuration file at conf/rvrrpd.conf
to the default configuration file path /etc/rvrrpd/rvrrpd.conf
. Then use your favorite text editor to configure the virtual router(s) to your needs.
See below for an example of a virtual router running on an Ethernet interface with password authentication and preemption enabled:
debug = 5
pid = "/var/tmp/rvrrpd.pid"
working_dir = "/var/tmp"
main_log = "/var/tmp/rvrrpd.log"
error_log = "/var/tmp/rvrrpd-error.log"
[[vrouter]]
group = 1
interface = "ens192.900"
vip = "10.100.100.1"
priority = 254
preemption = true
rfc3768 = true
netdrv = "libnl"
iftype = "macvlan"
vifname = "vrrp0"
auth_type = "rfc2338-simple"
auth_secret = "thissecretnolongeris"
[protocols]
[[protocols.static]]
route = "0.0.0.0"
mask = "0.0.0.0"
nh = "10.240.0.254"
The above configuration do the following:
- Starts the daemon in foreground mode with a debug level of
5
(extensive). - Runs one virtual-router with group id
1
on interfaceens192.900
, with the below parameters:- Uses the virtual IP address
10.100.100.1
. - Is configured with the highest priority of
254
. - Has preemption enabled.
- Has compatibility with
RFC3768
turned on (may be required to fully interoperate with some vendors). - Uses the network driver
libnl
which leverage the netlink protocol. Alternatively, you can use theioctl
driver, which is simpler but will removes the interface's IP addresse(s) for the VIP when in Master state. - Is configured for a
macvlan
type interface, a MAC-based virtual interface. - Name the child virtual interface
vrrp0
, the latter will be used to hold the virtual router IP address. - Set authentication to the [
RFC2338
]'s (https://tools.ietf.org/html/rfc2338)Simple Password
authentication method. - Set the secret key (or password) to be shared between the virtual routers.
- Uses the virtual IP address
- When master, install a static default route with a next-hop of
10.240.0.254
.
Finally run the binary executable you just built using the command-line parameter -m1
, to start the daemon in foreground mode:
$ sudo rvrrpd -m1 -c conf/rvrrpd.conf
Starting rVRRPd
[...]
Your virtual router will now listen for VRRPv2 packets and will take the Master
or Backup
role. If the router owns the virtual IP address, it will automatically take the Master
role with a priority of 255
.
If you are experiencing any stability, security or interoperability problems, feel free to open a new issue.