vgpd - vgp is a daemon working like Cisco(c) HSRP
Copyright (C) 2003 ELiBuS
aka Marco Tizzoni (elibus@freaknet.org)
Key available on key server.
Key fingerprint: 3A97 6C78 0D07 91FC 0509 0661 DAAE F7B4 FC6F E313
VGP DAEMON README
-----------------
Summary
1. VGP INTRO
1.1 What is VGP?
1.2 Why use VGP?
2. VGP DETAIL
2.1 VGP group
2.2 VGP States
2.3 VGP Election
2.4 How router B recognizes router A is down?
2.5 VGP security
3. VGP alghoritm
4. VGP frames structure
THANKS
LINKS
BUGS
1. VGP INTRO
This section introdues principal use of the vgp daemon.
1.1 What is VGP?
VGP (Virtual Gateway Protocol)is a very simple protocol able to work in
a way similar to Cisco(c) HSRP. It implements the idea of Virtual Gateway
to provide fault tollerance (and load balancing) on your net.
Each client on your net has as its default gateway the virtual gateway
and not the real router.
1.2 Why use VGP?
Do you have a linux router on your net? yes? Well, probably you need VGP!
Suppose your linux default gateway goes down, even if you have another
linux machine can acting as gateway on your net, before you can use it
you have to make some configurations.
Before you can touch the keyboard the phone rings...oooohhh a user who
says: "Why I can't connect to my favorite internet site???".
Installing VGP you can stay connected and the phone will never ring! :)
Take two linux router, configure and install VGP on linux router A and B.
Then when A goes down, B will go up in a few seconds configuring its
interface with the same IP and MAC(!) used by router A, and avoiding
your users to lost their connections.
More in depth...
Suppose you have an ethernet LAN with two (or more) linux
router. In this scenario if one of this router goes down,
you loose your connectivity to the remote networks.
A solution may be to implement mechanism such as proxy-arp.
The major problem of proxy-arp is it can cause long network
down time, because the client arp cache must be updated, by
flushing it manually, rebooting or waiting the entry expires.
Another solution may be implementing a dinamic routing
protocol on the clients side, such as RIP, but this increase
administrative cost, local network traffic (RIP is very
broadcast intensive) and cpu time usage.
VGP is designed to run on your gateways and is totally
transparent to the clients; in addiction it provides very low
downtime (just a few seconds), and a little network overhead.
Downtime will reduced to about 5 seconds with defaults settings.
The real advantage is that VGP is able to configure you interface
changing the hw ethernet address, not only IP address.
This avoid waiting the arp cache expiring or rebooting.
vgp key features:
- low network downtime
- works at layer 2
- works only on ethernet
- easy to use
- Provide L2/L3 fault tollerance
- incompatible with Cisco HSRP
- very low network overhead
- very low system usage
This show our sample net:
/^^^^^^^^^^^^^^^^^\
/ Remote Networks \
\ /
\.......|......../
|
Router A | Router B
/---------------\
/ (eth1) (eth1) \
/ \
---- ----
| | | |
| | | |
| | | |
| | | |
---- .2 (eth0) ---- .3 (eth0)
\ .1 (eth0:1) /
\ /
\---------------/ LAN 1
|
|
|
/---------\
| LAN | 192.168.0.0/255.255.255.0
\_________/ Default gw: 192.168.0.1
- Figure. 1
2. VGP DETAIL
This section goes more in depth in vgp configuration and use.
2.1 VGP group
Every gateway in a LAN running VGP must be in a gateway group. A
gateway group identify the router sharing a Virtual IP and a Virtual
MAC address.
This allow the configuration of multiple groups and provide load
balancing configuring different active gateway on different Virtual IP.
(This actually requires different ethernet interface - see notes for
more information).
The gateway group is identified by a 8 bit field, the gateway group id,
so we can configure 255 different group (group 0 is reserved).
To each group id is associated a unic pair (VMAC, VIP).
For example: you have two linux router on your net A and B.
A and B have two network interfaceis each. eth0 on A and B are
configured on group 1 and eth1 interfaces on group 2.
The virtual IP for group 1 is 192.168.0.1 for group two is 192.168.0.2.
Router A: interface: eth0
virtual interface: eth0:1
virtual IP: 192.168.0.1
group: 1
priority: 255
interface: eth1
virtual interface: eth1:1
virtual IP: 192.168.0.2
group: 2
priority: 1
Router B: interface: eth0
virtual interface: eth0:1
virtual IP: 192.168.0.1
group: 1
priority: 1
interface: eth1
virtual interface: eth1:1
virtual IP: 192.168.0.2
group: 2
priority: 255
Given this configuration Router A is the active router for group 1,
and Router B is the active router for group 2. A part of host on your
net can point to 192.168.0.1 and the rest to 192.168.0.2.
In the case router A goes down, Router B will become active for
192.168.0.1 too, providing connection to remote networks.
2.2 VGP States
ACTIVE : Send/listen Hello frames, has configured alias interface
and the MAC on physical interface
STANDBY: No frames sent, listen Hello.
2.3 VGP Election
You can have as many router as you want but only one active on your net.
Each router in the same group partecipate in the election of the active
router. The router with the higher priority become the ACTIVE router on
the LAN.
The active router is elected with the following algorithm:
1) Each router starts in ACTIVE mode and sends Hellos
2) Every time a router hear a Hello with:
- same group
- better priority
- right key
it turns to STANDBY, deconfigure its interface and stop
sending Hello.
3) Now only the router with the best priority is in ACTIVE state.
Election is always in progress. If the active router on the net goes
down, and the standby router goes up, when the active router returns
active the second router goes in STANDBY mode.
Note: Take care on configuring priority!Two router can't be in the
same group and have the same priority!!!
2.4 How router B recognizes router A is down?
VGP sends periodic frames, called Hello. A Hello is sent every
"Hello time" (default 2 seconds). Every time router B hear a Hello
from A it resets a timer (Hold timer) which default is 3 times
"Hello Time".
If router B doesn't hear a Hello in "Hold Time", it assumes Router A
is down.
2.5 VGP security
A base level of security is provided by a sha1 hash of the header
and a 256 bytes shared-key readed from /etc/vgpd-key.
The first 16 bytes plus the key are passed to a hash function to
have a 20 bytes hash. So for an attacker is more difficult turning
in STANDBY mode all router on the net sending malicious Hello frames.
A known issue is that an attacker can listen frames and use these
to become the ACTIVE router on the net and get down the backup router
if your master router goes down.
Note: You can configure priority to 255 to be sure a router become
the active router on the net.
3. VGP alghoritm
- vgpd starts in STANDBY mode and set the "Hold timer" to 3 sec.
|
|--> a) Router listen a frame within 3 seconds
| |--> a1) vgp check(if anyone fails the frame is discarded):
| | - frame length (must be == 36 bytes (VGP_LEN+ETH_HLEN))
| | - group (must be equal to the router's one)
| | - priority (must be greater than router's one)
| | - vgp key check
| |
| |-> a1.1) All check is ok -> turns to STANDBY
| |-> a1.2) At least one check failed -> no action
|
|
|--> b) Router doesn'nt listen any frame within 3 seconds
|--> b1) turns to ACTIVE, sends/listen for Hellos.
|--> b1.2) Everytime a Hello is listen -> a1
4. VGP frames structure
VGP frames are incapsulated in ethernet frames. VGP frames have the
ethernet frame's protocol field set to ETH_P_802_3.
bytes 1 2 3 4 5 6
--------|--------|--------|--------|--------|--------|
| 6 byte ethernet destination address |
|-------|--------|--------|--------|--------|--------|
| 6 byte ethernet source address |
|-------|--------|--------|--------|--------|--------|
| proto | group |priority| key |
|-------|--------|--------|--------|--------|--------|
| key |
|-------|--------|--------|--------|--------|--------|
| key |
|-------|--------|--------|--------|--------|--------|
| key |
|-------|--------|--------|--------|--------|--------|
in c code:
struct vgp{
unsigned char priority;
unsigned char group;
unsigned char key[20];
};
BUGS
----
- vgpd on some system experienced problems if compiled with gcc version 2.95. After startup
when changing in ACTIVE status vgpd crashes with SIGSEGV. recvfrom() in the main loop
is the function that crash, I have no solution at this moment except you upgrade your
gcc to version 3.00 or newer. Also you can compile vgpd on machine which produces working
object code, and then copy the executable.
Links
