rVRRPd is an open and secure VRRPv2 implementation written in Rust, a programming language known for its inherent portability, memory-safety and speed.
- Aimed to be Robust, Fast and Secure (see development section below)
- Multi-threaded operation (1 thread per VRRP group, interface pair)
- Easily configurable using TOML
- Interoperable with RFC3768 compliant devices
- Authentication Support
- RFC2338 Simple Authentication (Type-1)
- Proprietary P0 HMAC (provide authentication and integrity protection between rVRRPD instances)
- Support multiple operating modes:
- Sniffer mode (-m0)
- Virtual Router in foreground mode (-m1)
- Virtual Router in daemon mode (-m2)
This project is still in early development stage and only support the Linux operating system at this time. There is no stable API yet, configuration or even documentation. Please keep in mind that at this stage, the implementation may not be fully interoperable with standard-compliant network equipments and may exhibit stability or even security issues.
The current development roadmap can be found here.
- A Linux 64-bits kernel (only Linux is currently supported)
- Rust Cargo (required to easily compile this project and all its dependencies)
- One or more Ethernet interface(s) (see conf/rvrrpd.conf for a basic configuration example)
- Root privileges (required to put interfaces in promiscuous mode, access raw sockets and access kernel interfaces)
- libnl - Netlink Library Suite (required for Linux netlink support)
To quickly build a development version of rVRRPd, first make sure you have the latest version of Rust's Cargo installed. The easiest way is to install Cargo first, then the GNU Compiler Collection (GCC) toolchain and lastly the development packages (including headers files) of libnl-3
and libnl-route-3
for the Linux netlink support.
To build rVRRPd, use the cargo build --release
command:
$ cargo build --release
Compiling libc v0.2.57
Compiling autocfg v0.1.4
Compiling semver-parser v0.7.0
Compiling rand_core v0.4.0
Compiling arrayvec v0.4.10
Compiling byteorder v1.3.1
[...]
Compiling rVRRPd v0.1.0 (/home/e3prom/rVRRPd)
Finished release [optimized] target(s) in 14.99s
$ target/release/main
Usage: target/release/main -m0|1|2 [options]
Modes:
0 = VRRPv2 Sniffer
1 = VRRPv2 Virtual Router (foreground)
2 = VRRPv2 Virtual Router (daemon)
Options:
-h, --help display help information
-i, --iface INTERFACE
ethernet interface to listen on (sniffer mode)
-m, --mode MODE operation modes (see Modes):
0(sniffer), 1(foreground), 2(daemon)
-c, --conf FILE path to configuration file:
(default to /etc/rvrrpd/rvrrpd.conf)
-d, --debug LEVEL debugging level:
0(none), 1(low), 2(medium), 3(high), 5(extensive)
To run a VRRPv2 virtual router, edit the configuration file in conf/rvrrpd.conf
to reflect your environment:
debug = 5
pid = "/var/tmp/rvrrpd.pid"
working_dir = "/var/tmp"
main_log = "/var/tmp/rvrrpd.log"
error_log = "/var/tmp/rvrrpd-error.log"
[[vrouter]]
group = 1
interface = "ens192.900"
vip = "10.100.100.1"
priority = 254
preemption = true
rfc3768 = true
netdrv = "libnl"
auth_type = "rfc2338-simple"
auth_secret = "thissecretnolongeris"
[protocols]
[[protocols.static]]
route = "0.0.0.0"
mask = "0.0.0.0"
nh = "10.240.0.254"
The above configuration do the following:
-
Starts the daemon in foreground mode with a debug level of 5 (extensive).
-
Runs one virtual-router with group id
1
on interfaceens192.900
, with the below parameters:- Uses the virtual IP address
10.100.100.1
. - Is configured with the highest priority of
254
. - Has preeemption enabled.
- Has compatibility with RFC3768 turned on (may be required to fully interoperate with some vendor).
- Uses the network driver
libnl
which leverage the netlink protocol. Alternatively,ioctls
can be used, which removes the primary IP addresses for the VIP when in Master state. - Set authentication to the RFC2338 Simple authentication method.
- Set the secret to be shared between the virtual routers.
- Uses the virtual IP address
-
When master, install a
static default
route with a next-hop of10.240.0.254
.
Finally run the binary executable main
you just built using the command-line parameter -m1
, to enter the Virtual Router (foreground)
operating mode:
$ sudo target/release/main -m1 -c conf/rvrrpd.conf
Starting rVRRPd
[...]
Your virtual router will now listen for VRRPv2 packets and will take the Master or Backup role. If the router owns the virtual IP address, it will automatically take the Master role with a priority of 255.
If you are experiencing any stability, security or interoperability problems, feel free to open a new issue.