|
|
routing rules for dmz in debian router.
|
|
VRRPD(8) Vrrpd's Manual VRRPD(8) NAME
vrrpd - Virtual Router Redundancy Protocol Deamon SYNOPSIS
vrrpd -i ifname -v vrid [-f piddir] [-s] [-a auth] [-p prio] [-m ifname] [-c delta] [-nhD] ipaddr DESCRIPTION
vrrpd is an implementation of VRRPv2 as specified in rfc2338. It run in userspace for linux. In short, VRRP is a protocol which elects a master server on a LAN and the master answers to a 'virtual ip address'. If it fails, a backup server takes over the ip address. A longer answer in the rfc2338 abstract : "This memo defines the Virtual Router Redundancy Protocol (VRRP). VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host." Copyright (C) The Internet Society (1998). All Rights Reserved. Monitored interface functionality is useful on high availability router or firewall platforms, where single interface failure can cause asymmetrical routing issues. Ideally, what is required is a method for a vrrpd process to detect a failure of the 'other' network interface, and lower it's own VRRP priority below that of the 'backup' vrrpd process. This allows failover to occur normally. OPTIONS -h display this short inlined help -n Don't handle the virtual mac address -D Go into background mode, daemonize -i ifname the interface name to run on. More than one interface can be monitored by the one vrrpd process, a list like "eth1 eth2 eth3 eth4 eth5" is acceptable. Losing link-beat on any of these will cause the priority of that vrrpd process to be decreased by the specified value, or a default of 100. Note that as MII calls are used, this implementation is limited to Fast and Gigabit Ethernet chipsets only - 10Mbps Ethernet cards will not work. -v vrid the id of the virtual server [1-255] -s iqxSwitch the preemption mode (Enabled by default) -a auth set the authentification type auth=(none|pw/hexkey|ah/hexkey) hexkey=0x[0-9a-fA-F]+ Password is a symbolic security, anybody with a sniffer can break it. AH is a bit stronger. -p prio Set the priority of this host in the virtual server (dfl: 100) -f piddir specify the directory where the pid file is stored (dfl: /var/run) -d delay Set the advertisement interval (in sec) (dfl: 1) -m ifname Interface(s) to monitor for failure. Use " " for multiple interfaces -c delta Set the delta to decrease priority by (dfl: 50) ipaddr the ip address(es) of the virtual server EXAMPLES
vrrpd -i eth0 -v 50 10.0.0.1 run vrrp on the interface eth0 with the virtual id 50 and 10.0.0.1 as virtual ip address AUTHOR
vrrpd was written by Jerome Etienne <jetienne@arobas.net>, it was later improved by Alexandre Cassert <acassen@linux-vs.org> and David Hunter <david.hunter@gen-i.co.nz> BUGS
Suggestions, bugs or questions should be directed to the Sourceforge project at http://sourceforge.net/projects/vrrpd/ Bug reports regarding this package should be submitted to Debian using the reportbug or bug tool. MORE INFO
For more information please read the documents under /usr/share/doc/vrrpd/ : README, README.Debian FAQ and TODO. vrrpd(8) December 2002 VRRPD(8)
