Re: VRRPD (rfc2338)

[sabat <sabat@xxxxxxxxx>]

The daemon at http://www.keepalived.org/ is the VRRPd implementation 
that's supposed to be the best. It's actually part of the Linux Virtual 
Server project (layer 4 load balancer), but the author claims you should 
be able to use it as a pure VRRP daemon -- although when I've read the 
doc, I couldn't figure out how. (But don't be discouraged by my 
impatience. :) It's supposed to be the most mature and ready-for-production.

There's also Jerome Etienne's reference implementation (don't have a 
URL, but it's easy to Google). However, I've heard from more than place 
that this is too proof-of-concept and perhaps not production-worthy. 
Here's a link to a paper about running VRRPd as the hotspare protocol 
for linux firewalls (uses Jerome Etienne's implementation): 
http://www.gnusec.com/resource/security/docs/HAFirewallLinux-VRRP.pdf.

BTW, keep in mind that if you intend to use VRRP in an environment with 
Cisco routers, you'll need to do some work on them too. Cisco routers do 
not accept multicast MAC addresses as legit ARP replies by default. 
Unfortunately, the VRRP RFC and all implementations use multicast MACs. 
What that means is that you'll need to either 1) turn the switch on the 
Cisco routers that makes them accept multicast MAC ARP replies (good), 
or 2) put a static ARP entry in the Cisco routers for the VRRP multicast 
MACs (better).

Hope that helps.

-S


Anton Tinchev wrote:

> Can someone point me for good VRRPD (rfc2338) implementation on linux.
> Some stable and live project
> Thanks
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>  
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/