Virtual Router Redundancy Protocol (VRRP) is an open standard protocol, used to provide redundancy in a network. It is used in many products such as Routers, Switches, WLCs, APs etc., VRRP allows for transparent failover at the first-hop IP router, by configuring a group of routers to share a virtual IP address. VRRP selects a Master router in that group to handle all packets for the virtual IP address. The remaining routers are in standby and take over if the master router fails. Currently there are no mechanism in VRRP to provide any type of authentication although initial version of VRRP has option for authentication. Without any authentication mechanism, the compromised node can behave as Master and causes multiple Masters in the network, which in-turn causes as much disruption as no routers. If any of the virtual router is compromised, i.e., it is no longer a trusted entity, which could cause compromised router to behave as if they are a VRRP Master, creating multiple Masters in the network. Hence trust among VRRP participants must be established before electing the Master i.e., the trust information should be used as one of the criteria for Master election along with other parameters such as priority etc., The techniques presented herein applies attestation method to VRRP for providing Proof of Integrity while selecting the Master out of multiple virtual routers in high availability deployments.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
M M, NIRANJAN, "TRUSTED VIRTUAL ROUTER REDUNDANCY PROTOCOL", Technical Disclosure Commons, (March 28, 2022)