-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfreevrrpd.conf.sample
102 lines (86 loc) · 4.05 KB
/
freevrrpd.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# This is a simple configuration file for freevrrpd
# Please read the documentation before modifying these parameters
# I recommend to not set addr to the unique and real ip of your server because
# if freevrrpd will shutdown, your server will don't have any IP address.
# a good utilization is to set a real IP address not managed by freevrrpd and
# then choosing an alias for the virtual IP address managed by freevrrpd
#
# Each VRID Section must begin with [VRID] keyword
[VRID]
# serverid is needed to specify the number of the VRID, here VRID = 1
serverid = 1
# you must set interface with a real interface name of your system
# this interface is used for sending VRRP announces
interface = rl0
# this option specify a timeout for an interface like bge/em go down and up
# when an ethernet (lladdr) adress is setted on it. em/bge take about 2/3
# secondes before becoming up and running after transiting MASTER/BACKUP states
# the default is 10 seconds and must work with all NICs without problems
carriertimeout = 10
# this option must be set for switches that have spanning tree activated
# because there is a time between the port activation and the first VLANs
# packets received. A value of 40 seconds will be good.
# by default, spanningtreelatency is disabled (=0)
spanningtreelatency = 0
# priority = 255 is a MASTER of the VRID
# priority < 255 is a BACKUP with a priority 0 to 254
# 254 is a higher BACKUP priority
priority = 255
# addr option is need to specify ip address(es) associated with the VRID
# you can specify multiple addresses separated by ','
# netmask is specified with CIDR notation so number after '/' represent the
# number of bits set to 1 for the netmask.
# eg: /24 is 11111111 11111111 11111111 00000000 = 255.255.255.0
# you can specify another (pseudo-)device for setting this(ese) adress(es)
addr = 10.0.0.1/32, vlan100:192.168.1.1/30, vlan101:192.168.10.1/30
# Monitored circuits (test of carrier, interface and duplex) can be enabled
# or disabled. it's enabled by default but you may want to deactivate it for
# old NIC drivers that d'ont support mii bus
monitoredcircuits = yes
# Specify the number of concurrent checks on a NIC by monitored circuits
# before considering to reset the error counter on this NIC. The default value
# is 3600 concurrent checks (about 1 hour)
# if 0 is specified, nberrors wil be never resetted
MCClearErrorsCount = 3600
# now, you can specify a script name to execute when this host became master
# of this VRID
masterscript = /usr/local/bin/master_script.sh
# and you can specify a script name to execute when this host became backup
# too
backupscript = /usr/local/bin/backup_script.sh
# if physical interface attached to VRID 1 fail you can specify one or more
# VRIDs that must go to backup state in the same time. (monitored circuits)
# in this example if rl0 is faulty, xl0 and bge0 go to backup state mode
# This is extremly useful to avoir blackhole with Firewalls with two interfaces
vridsdep = 2, 3
# if you want to authenticate your VRRP packets you can set a password
# associated with this VRID. this is not required but is you don't set a
# password, everybody in your LAN can generate VRRP packets without
# authentification. If you set this, you must set it to BACKUP VRID too, if you
# don't, all BACKUP VRRP packets will be rejected.
password = vrid1
# if you want to authenticate your VRRP packets by AH encryption you must set
# this option to yes and specify a presharedkey parameter or useIKE=yes if you
# want an external key negociation like IKE (racoon)
#AHencryption = no
# if you want to use an external key exchanger IKE, let freevrrpd know it with
# useIKE = yes
#useIKE = no
# if you have set AHencryption = yes and useIKE = no you must specify a pre
# shared key known by VRRP servers that is on the same VRID, you can specify
# the key with this option
#presharedkey = blahblah
[VRID]
# specify a second VRID number 2
serverid = 2
interface = xl0
# priority = 100 so it's a backup
priority = 100
addr = 192.168.1.2/32
password = vrid2
[VRID]
serverid = 3
interface = bge0
priority = 255
addr = 192.168.2.2/32
password = vrid3