Subject: misc/23431: Experimental Support for CARP (Common Address Redundancy Protocol)
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <email@example.com>
Date: 11/14/2003 04:50:39
>Synopsis: Experimental Support for CARP (Common Address Redundancy Protocol)
>Arrival-Date: Fri Nov 14 04:51:00 UTC 2003
>Originator: Michael Hertrick
>Release: -current (1.6ZE)
--A brief history:
CARP was added to OpenBSD-current in mid-October by Michael Shalayeff and Ryan McBride. It was designed to be similar in functionality to VRRP (Virtual Router Redundancy Protocol), but to be more secure, provide some load-balancing capabilities, and also not infringe on Cisco's patent pertaining to VRRP/HSRP.
I began porting CARP to NetBSD, even though I didn't know C nor NetBSD's inner workings (yes, I actually wanted this feature in NetBSD THAT BAD)...
CARP is a practical solution to the problem of automatic failover for my BSD routers and servers. Besides, if you have to ask "why?", you'll never know.
--How CARP works:
Multiple hosts on the same network can share an IP address.
-- The (s)election process
As with VRRP you have masters and backups. All members of the CARP group send advertisements to a multicast IP address, 188.8.131.52 (ironically that's VRRP's address). They contain the vhid (vitrual host id) and password. Whichever CARP member sends advertisements more often will be the master for the specified vhid and as a result will be the only host to actually "listen" on the virtual IP address associated with that vhid. It is possible to assign the same IP address to two different vhids, which makes arpbalance possible -- see below.
-- Predetermining the master
The advskew parameter will slow the rate at which advertisements are sent from the host. While it doesn't work the same way, this parameter has essentially the same effect as VRRP's priority parameter. The higher the advskew, the longer the advertsiment interval, the less likely the host will become master.
-- How the virtual host is addressed at layer 2
A multicast ethernet address is assigned to the virtual IP address with the last octet set to the value of the vhid. 01:00:00:5e:01:0f would be the MAC address for vhid 15. The master will respond to arp requests for the virtual IP address with that multicast address.
-- Load balancing (or ARP balancing)?
CARP provides a form of load balancing, but it's not in the same league as Alteon or Cisco. By having two different MAC addresses for the same IP address, the hope is that some hosts will have one address in their arp cache while other hosts end up with the other MAC address in their cache. Remember, the vhid determines the MAC address.
This is basically how it's done (refer to carp(4) for a little more information).
ifconfig carp0 vhid 10 pass asdfasdf 192.168.90.20
ifconfig carp1 vhid 20 advskew 100 pass asdfasdf 192.168.90.20
ifconfig carp0 vhid 10 advskew 100 pass asdfasdf 192.168.90.20
ifconfig carp1 vhid 20 pass asdfasdf 192.168.90.20
You must also set the arpbalance parameter with sysctl to turn on the arpbalanace portions of ip_carp.
The carp man page can be found here: http://www.openbsd.org/cgi-bin/man.cgi?query=carp&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html
--What does work:
All my dev and testing was done on i386. I am able to configure the carp interface, verfiy that advertisements are being formatted properly and being sent, ping the virtual host, nslookup against named (udp) on the virtual host, and ftp (tcp) to the virtual host.
--What may work:
I do not know whether it will properly receive advertisements or properly change states.... I suspect it will, but a "pciide0 bogus intr" problem prevents me from running a second CARP member, for now, so I'm hoping someone will be so kind as to verify those two things on -current with the patches.
--What doesn't work, yet:
Please keep in mind that some changes that have been made to CARP since I began this project have yet to be incorporated here. Some other features, such as INET6; FDDI; TOKENRING support, I removed intentionally to reduce my headaches along the way. Netstat does not work.
If you have any problems getting this file, e-mail firstname.lastname@example.org and I'll take a look.