NAME
carp —
Common Address Redundancy
Protocol
SYNOPSIS
pseudo-device carp
DESCRIPTION
The
carp interface is a pseudo-device which implements and
controls the CARP protocol.
carp allows multiple hosts on
the same local network to share a set of IP addresses. Its primary purpose is
to ensure that these addresses are always available, but in some
configurations
carp can also provide load balancing
functionality.
A
carp interface can be created at runtime using the
ifconfig carpN
create command.
To use
carp, the administrator needs to configure at minimum a
common virtual host ID and virtual host IP address on each machine which is to
take part in the virtual group. Additional parameters can also be set on a
per-interface basis:
advbase and
advskew,
which are used to control how frequently the host sends advertisements when it
is the master for a virtual host, and
pass which is used to
authenticate carp advertisements. Finally
carpdev is used to
specify which interface the
carp device attaches to. If
unspecified, the kernel attempts to set carpdev by looking for another
interface with the same subnet. These configurations can be done using
ifconfig(8), or through the
SIOCSVH
ioctl.
Additionally, there are a number of global parameters which can be set using
sysctl(8):
-
-
- net.inet.carp.allow
- Accept incoming carp packets. Enabled by
default.
-
-
- net.inet.carp.preempt
- Allow virtual hosts to preempt each other. It is also used
to failover carp interfaces as a group. When the option
is enabled and one of the carp enabled physical
interfaces goes down, advskew is changed to 240 on all
carp interfaces. See also the first example. Disabled by
default.
-
-
- net.inet.carp.log
- Log bad carp packets. Disabled by
default.
-
-
- net.inet.carp.arpbalance
- Balance local traffic using ARP. Disabled by default.
EXAMPLES
For firewalls and routers with multiple interfaces, it is desirable to failover
all of the
carp interfaces together, when one of the
physical interfaces goes down. This is achieved by the preempt option. Enable
it on both host A and B:
# sysctl -w
net.inet.carp.preempt=1
Assume that host A is the preferred master and 192.168.1.x/24 is configured on
one physical interface and 192.168.2.y/24 on another. This is the setup for
host A:
# ifconfig carp0 create
# ifconfig carp0 vhid 1 pass mekmitasdigoat 192.168.1.1 \
netmask 255.255.255.0
# ifconfig carp1 create
# ifconfig carp1 vhid 2 pass mekmitasdigoat 192.168.2.1/24 \
netmask 255.255.255.0
The setup for host B is identical, but it has a higher advskew:
# ifconfig carp0 create
# ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat \
192.168.1.1 netmask 255.255.255.0
# ifconfig carp1 create
# ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat \
192.168.2.1 netmask 255.255.255.0
Because of the preempt option, when one of the physical interfaces of host A
fails, advskew is adjusted to 240 on all its
carp
interfaces. This will cause host B to preempt on both interfaces instead of
just the failed one.
In order to set up an ARP balanced virtual host, it is necessary to configure
one virtual host for each physical host which would respond to ARP requests
and thus handle the traffic. In the following example, two virtual hosts are
configured on two hosts to provide balancing and failover for the IP address
192.168.1.10.
First the
carp interfaces on Host A are configured. The
advskew of 100 on the second virtual host means that its
advertisements will be sent out slightly less frequently.
# ifconfig carp0 create
# ifconfig carp0 vhid 1 pass mekmitasdigoat 192.168.1.10 \
netmask 255.255.255.0
# ifconfig carp1 create
# ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat \
192.168.1.10 netmask 255.255.255.0
The configuration for host B is identical, except the skew is on virtual host 1
rather than virtual host 2.
# ifconfig carp0 create
# ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat \
192.168.1.10 netmask 255.255.255.0
# ifconfig carp1 create
# ifconfig carp1 vhid 2 pass mekmitasdigoat 192.168.1.10 \
netmask 255.255.255.0
Finally, the ARP balancing feature must be enabled on both hosts:
# sysctl -w
net.inet.carp.arpbalance=1
When the hosts receive an ARP request for 192.168.1.10, the source IP address of
the request is used to compute which virtual host should answer the request.
The host which is master of the selected virtual host will reply to the
request, the other(s) will ignore it.
This way, locally connected systems will receive different ARP replies and
subsequent IP traffic will be balanced among the hosts. If one of the hosts
fails, the other will take over the virtual MAC address, and begin answering
ARP requests on its behalf.
Note: ARP balancing only works on the local network segment. It cannot balance
traffic that crosses a router, because the router itself will always be
balanced to the same virtual host.
SEE ALSO
netstat(1),
sysctl(3),
arp(4),
arp(8),
ifconfig(8),
sysctl(8)
HISTORY
The
carp device first appeared in
OpenBSD
3.5.