Great news! There has been some interesting movement on the VRRP front. I have it running at home actually and I am more then willing (and hopefully able) to test any and all VRRP / HA solutions for firewalls from the public domain. I got some Dell Celeron 433's from Ye Olde Used Compooter Shoppe for about 150$ total (with the extra NIC's) and an old hub to share the DSL modem and a small subnet of live IP's to use on this hub.
I'm sure you've seen the HUT project for FreeBSD freevrrpd: http://www.bsdshell.net/hut_fvrrpd.html and it has been ported to OpenBSD by Blake Matheny http://www.backwatcher.com/~matheny/ this is hard to get to compile (you need gmake for it and some other autoconf options) It was translated to an unofficial OpenBSD port by Chris Kuethe: http://archives.neohapsis.com/archives/openbsd/2002-07/1032.html I'm using the source port on one gateway and the "port" on another. The "port" installs easy obviously but you end up with the same thing. That being said, there are problems. The original porter (Blake Matheny) ported FreeVRRPD to OpenBSD (and his web site is down ATM) at version .84. This works great for load balancing and HA for web servers, etc, but doesn't help if just 1 interface in my 8 legged firewall fails. Version .85b from the HUT project added the "killer app" for firewalls: Monitored Circuits! Second, state information is not maintained when it fails over :(. So I would think that there's enough out there in the GPL area and enough work already done so that you wouldn't need to reinvent the wheel, just take the GPL'ed software already out there and finish the port / actively work with Sebastien Petit (the developer of FreeVRRPD) to keep it up to date with OpenBSD. I see that there are some comments on the patent issue that came in after this post. This is very highly misunderstood by either me or them. The heart of the matter was re-hashed 100000000 times with the OpenSSL thread on misc@. It's pretty much the same type of license: "Cisco retains the right to assert patent claims against any party and any subsidiary of a party that asserts a patent it owns or controls, either directly or indirectly, against Cisco or any of its subsidiaries or successors in title, including the right to claim damages for any prior use or sale of VRRP by such a party." http://marc.theaimsgroup.com/?l=openbsd-misc&m=100758029726542&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=102884286900348&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=102902419103247&w=2 1) IANAL :) your mileage may vary, objects in the mirror are closer then they appear. 2) The issue is not that Cisco "owns" vrrp as a concept (they don't actually, they own various other protocols for HA that the open standard was based on). If Cisco "owned" it, how could it be an open protocol with the IETF and how could Checkpoint use it flagrantly? Finally, no one owns "high availability" or "shared IP solutions", since every vendor (even M$!) has some form or this somewhere in their products. 3) Cisco offered up "their" piece of the "open" protocol for free as long as you accept their license. This license was not in the best interest of the OpenBSD project, but it COULD BE IN THE BEST INTEREST of one or more OpenBSD users that care more about HA then suing CISCO (see the last link above). 4) The OpenBSD team even had their own port of VRRPD see the first link in the list above), but wouldn't put it in the code base because it adds some stealth licenses to OpenBSD. (see the first link from the archives above). 5) There is nothing stopping people with no intention of litigation with Cisco from making their own VRRP based on the public open standard, as long as you promise not to sue Cisco. 6) The OpenBSD team could not distribute VRRP without poisoning the entire license for this one use, but independently making the software doesn't hurt anyone except people that are using it. And the "hurt" is that they lose their ability to sue Cisco. So as long as it's not in the "core" distro or distributed by the "core" team, VRRP ports violate no patents and cause no licensing problems for OpenBSD. If I'm wrong, please smacketh me with a clue stick. > -----Original Message----- > From: Luca Perugini [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 03, 2002 10:49 AM > To: [EMAIL PROTECTED] > Subject: R: Load balancing/failover > > > Hi, > I'm working on vrrp implementation on OBSD. > My starting point was Linux vrrp implementation done by > Jerome Etienne and FreeBSD vrrp. I hope in 2 or 3 weeks to > have a "running" version of vrrpd for OBSD 3.1 > > In the meaning time I send a patch around ifconfig and 'if' > files to support MAC showing and MAC setting on ethernet card. > > Luk > > ______________________________________________________________ > > Ing. Luca Perugini o mailto: [EMAIL PROTECTED] > o > Oxys S.r.l. o Mob.: +39 335 7746997 > Via Gaetana Agnesi, 12 o Off.: +39 02 58327300 > 20135 Milano MI (ITALY) o Fax : +39 02 58304654 > ________________________________________________________________ > > > >
