# This is a simple configuration file for freevrrpd # Please read the documentation before modifying these parameters # I recommend to not set addr to the unique and real ip of your server because # if freevrrpd will shutdown, your server will don't have any IP address. # a good utilization is to set a real IP address not managed by freevrrpd and # then choosing an alias for the virtual IP address managed by freevrrpd # # Each VRID Section must begin with [VRID] keyword [VRID] # serverid is needed to specify the number of the VRID, here VRID = 1 serverid = 1 # you must set interface with a real interface name of your system # this interface is used for sending VRRP announces interface = rl0 # this option specify a timeout for an interface like bge/em go down and up # when an ethernet (lladdr) adress is setted on it. em/bge take about 2/3 # secondes before becoming up and running after transiting MASTER/BACKUP states # the default is 10 seconds and must work with all NICs without problems carriertimeout = 10 # this option must be set for switches that have spanning tree activated # because there is a time between the port activation and the first VLANs # packets received. A value of 40 seconds will be good. # by default, spanningtreelatency is disabled (=0) spanningtreelatency = 0 # priority = 255 is a MASTER of the VRID # priority < 255 is a BACKUP with a priority 0 to 254 # 254 is a higher BACKUP priority priority = 255 # addr option is need to specify ip address(es) associated with the VRID # you can specify multiple addresses separated by ',' # netmask is specified with CIDR notation so number after '/' represent the # number of bits set to 1 for the netmask. # eg: /24 is 11111111 11111111 11111111 00000000 = 255.255.255.0 # you can specify another (pseudo-)device for setting this(ese) adress(es) addr = 10.0.0.1/32, vlan100:192.168.1.1/30, vlan101:192.168.10.1/30 # Monitored circuits (test of carrier, interface and duplex) can be enabled # or disabled. it's enabled by default but you may want to deactivate it for # old NIC drivers that d'ont support mii bus monitoredcircuits = yes # Specify the number of concurrent checks on a NIC by monitored circuits # before considering to reset the error counter on this NIC. The default value # is 3600 concurrent checks (about 1 hour) # if 0 is specified, nberrors wil be never resetted MCClearErrorsCount = 3600 # now, you can specify a script name to execute when this host became master # of this VRID masterscript = /usr/local/bin/master_script.sh # and you can specify a script name to execute when this host became backup # too backupscript = /usr/local/bin/backup_script.sh # if physical interface attached to VRID 1 fail you can specify one or more # VRIDs that must go to backup state in the same time. (monitored circuits) # in this example if rl0 is faulty, xl0 and bge0 go to backup state mode # This is extremly useful to avoir blackhole with Firewalls with two interfaces vridsdep = 2, 3 # if you want to authenticate your VRRP packets you can set a password # associated with this VRID. this is not required but is you don't set a # password, everybody in your LAN can generate VRRP packets without # authentification. If you set this, you must set it to BACKUP VRID too, if you # don't, all BACKUP VRRP packets will be rejected. password = vrid1 # if you want to authenticate your VRRP packets by AH encryption you must set # this option to yes and specify a presharedkey parameter or useIKE=yes if you # want an external key negociation like IKE (racoon) #AHencryption = no # if you want to use an external key exchanger IKE, let freevrrpd know it with # useIKE = yes #useIKE = no # if you have set AHencryption = yes and useIKE = no you must specify a pre # shared key known by VRRP servers that is on the same VRID, you can specify # the key with this option #presharedkey = blahblah [VRID] # specify a second VRID number 2 serverid = 2 interface = xl0 # priority = 100 so it's a backup priority = 100 addr = 192.168.1.2/32 password = vrid2 [VRID] serverid = 3 interface = bge0 priority = 255 addr = 192.168.2.2/32 password = vrid3