Introduction

rVRRPd is an open and secure VRRPv2 implementation written in Rust, a programming language known for its inherent portability, memory-safety and speed.

Features

• Aimed to be Robust, Fast and Secure (see development section below)
• Multi-threaded operation (1 thread per VRRP group, interface pair)
• Easily configurable using TOML
• Interoperable with RFC3768 compliant devices
• Authentication Support
  • RFC2338 Simple Authentication (Type-1)
  • Proprietary P0 HMAC (provide authentication and integrity protection between rVRRPD instances)
• Support multiple operating modes:
  • Sniffer mode (-m0)
  • Virtual Router in foreground mode (-m1)
  • Virtual Router in daemon mode (-m2)

Development

This project is still in early development stage and only support the Linux operating system at this time. There is no stable API yet, configuration or even documentation. Please keep in mind that at this stage, the implementation may not be fully interoperable with standard-compliant network equipments and may exhibit stability or even security issues.

Roadmap

The current development roadmap can be found here.

Requirements

• A Linux 64-bits kernel (only Linux is currently supported)
• Rust Cargo (required to easily compile this project and all its dependencies)
• One or more Ethernet interface(s) (see conf/rvrrpd.conf for a basic configuration example)
• Root privileges (required to put interfaces in promiscuous mode, access raw sockets and access kernel interfaces)
• libnl - Netlink Library Suite (required for Linux netlink support)

Build and run

To quickly build a development version of rVRRPd, first make sure you have the latest version of Rust's Cargo installed. The easiest way is to install Cargo first, then the GNU Compiler Collection (GCC) toolchain and lastly the development packages (including headers files) of libnl-3 and libnl-route-3 for the Linux netlink support.

To build rVRRPd, use the cargo build --release command:

$ cargo build --release
   Compiling libc v0.2.57
   Compiling autocfg v0.1.4
   Compiling semver-parser v0.7.0
   Compiling rand_core v0.4.0
   Compiling arrayvec v0.4.10
   Compiling byteorder v1.3.1
[...]
   Compiling rVRRPd v0.1.0 (/home/e3prom/rVRRPd)
    Finished release [optimized] target(s) in 14.99s

$ target/release/main
Usage: target/release/main -m0|1|2 [options]

Modes:
    0 = VRRPv2 Sniffer
    1 = VRRPv2 Virtual Router (foreground)
    2 = VRRPv2 Virtual Router (daemon)

Options:
    -h, --help          display help information
    -i, --iface INTERFACE
                        ethernet interface to listen on (sniffer mode)
    -m, --mode MODE     operation modes (see Modes):
                        0(sniffer), 1(foreground), 2(daemon)
    -c, --conf FILE     path to configuration file:
                        (default to /etc/rvrrpd/rvrrpd.conf)
    -d, --debug LEVEL   debugging level:
                        0(none), 1(low), 2(medium), 3(high), 5(extensive)

To run a VRRPv2 virtual router, edit the configuration file in conf/rvrrpd.conf to reflect your environment:

debug = 5
pid = "/var/tmp/rvrrpd.pid"
working_dir = "/var/tmp"
main_log = "/var/tmp/rvrrpd.log"
error_log = "/var/tmp/rvrrpd-error.log"

[[vrouter]]
group = 1
interface = "ens192.900"
vip = "10.100.100.1"
priority = 254
preemption = true
rfc3768 = true
netdrv = "libnl"
auth_type = "rfc2338-simple"
auth_secret = "thissecretnolongeris"

[protocols]
    [[protocols.static]]
    route = "0.0.0.0"
    mask = "0.0.0.0"
    nh = "10.240.0.254"

The above configuration do the following:

• Starts the daemon in foreground mode with a debug level of 5 (extensive).

• Runs one virtual-router with group id 1 on interface ens192.900, with the below parameters:

  • Uses the virtual IP address 10.100.100.1.
  • Is configured with the highest priority of 254.
  • Has preeemption enabled.
  • Has compatibility with RFC3768 turned on (may be required to fully interoperate with some vendor).
  • Uses the network driver libnl which leverage the netlink protocol. Alternatively, ioctls can be used, which removes the primary IP addresses for the VIP when in Master state.
  • Set authentication to the RFC2338 Simple authentication method.
  • Set the secret to be shared between the virtual routers.

• When master, install a static default route with a next-hop of 10.240.0.254.

Finally run the binary executable main you just built using the command-line parameter -m1, to enter the Virtual Router (foreground) operating mode:

$ sudo target/release/main -m1 -c conf/rvrrpd.conf
Starting rVRRPd
[...]

Your virtual router will now listen for VRRPv2 packets and will take the Master or Backup role. If the router owns the virtual IP address, it will automatically take the Master role with a priority of 255.

Support

If you are experiencing any stability, security or interoperability problems, feel free to open a new issue.