carp(4)

NAME

carp - Common Address Redundancy Protocol

SYNOPSIS

device carp

DESCRIPTION

The carp interface is a pseudo-device that implements and
controls the
CARP protocol. CARP allows multiple hosts on the same local
network to
share a set of IP addresses. Its primary purpose is to en
sure that these
addresses are always available, but in some configurations
carp can also
provide load balancing functionality.
A carp interface can be created at runtime using the
ifconfig carpN
create command or by configuring it via cloned_interfaces in
the
/etc/rc.conf file.
To use carp, the administrator needs to configure at minimum
a common
virtual host ID and virtual host IP address on each machine
which is to
take part in the virtual group. Additional parameters can
also be set on
a per-interface basis: advbase and advskew, which are used
to control how
frequently the host sends advertisements when it is the mas
ter for a virtual host, and pass which is used to authenticate carp ad
vertisements.
The advbase parameter stands for ``advertisement base''. It
is measured
in seconds and specifies the base of the advertisement in
terval. The
advskew parameter stands for ``advertisement skew''. It is
measured in
1/256 of seconds. It is added to the base advertisement in
terval to make
one host advertise a bit slower that the other does. Both
advbase and
advskew are put inside CARP advertisements. These configu
rations can be
done using ifconfig(8), or through the SIOCSVH ioctl(2).
Additionally, there are a number of global parameters which
can be set
using sysctl(8):
net.inet.carp.allow Accept incoming carp packets.
Enabled by
default.
net.inet.carp.preempt Allow virtual hosts to preempt
each other.
It is also used to failover
carp interfaces
as a group. When the option
is enabled and
one of the carp enabled physi
cal interfaces
goes down, advskew is changed
to 240 on all
carp interfaces. See also the
first example. Disabled by default.
net.inet.carp.log Value of 0 disables any log
ging. Value of
1 enables logging of bad carp
packets.
Values above 1 enable logging
state changes
of carp interfaces. Default
value is 1.
net.inet.carp.arpbalance Balance local traffic using
ARP. Disabled
by default.
net.inet.carp.suppress_preempt
A read only value showing the
status of
preemption suppression. Pre
emption can be
suppressed if link on an in
terface is down
or when pfsync(4) interface is
not synchronized. Value of 0 means that
preemption is
not suppressed, since no prob
lems are
detected. Every problem in
crements suppression counter.

EXAMPLES

For firewalls and routers with multiple interfaces, it is
desirable to
failover all of the carp interfaces together, when one of
the physical
interfaces goes down. This is achieved by the preempt op
tion. Enable it
on both host A and B:

sysctl net.inet.carp.preempt=1
Assume that host A is the preferred master and
192.168.1.x/24 is configured on one physical interface and 192.168.2.y/24 on anoth
er. This is
the setup for host A:

ifconfig carp0 create
ifconfig carp0 vhid 1 pass mekmitasdigoat
192.168.1.1/24
ifconfig carp1 create
ifconfig carp1 vhid 2 pass mekmitasdigoat
192.168.2.1/24
The setup for host B is identical, but it has a higher
advskew:

ifconfig carp0 create
ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat
192.168.1.1/24
ifconfig carp1 create
ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat
192.168.2.1/24
Because of the preempt option, when one of the physical in
terfaces of
host A fails, advskew is adjusted to 240 on all its carp in
terfaces.
This will cause host B to preempt on both interfaces instead
of just the
failed one.
In order to set up an ARP balanced virtual host, it is nec
essary to configure one virtual host for each physical host which would
respond to ARP
requests and thus handle the traffic. In the following ex
ample, two virtual hosts are configured on two hosts to provide balancing
and failover
for the IP address 192.168.1.10.
First the carp interfaces on host A are configured. The
advskew of 100
on the second virtual host means that its advertisements
will be sent out
slightly less frequently.

ifconfig carp0 create
ifconfig carp0 vhid 1 pass mekmitasdigoat
192.168.1.10/24
ifconfig carp1 create
ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat
192.168.1.10/24
The configuration for host B is identical, except the
advskew is on virtual host 1 rather than virtual host 2.

ifconfig carp0 create
ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat
192.168.1.10/24
ifconfig carp1 create
ifconfig carp1 vhid 2 pass mekmitasdigoat
192.168.1.10/24
Finally, the ARP balancing feature must be enabled on both
hosts:

sysctl net.inet.carp.arpbalance=1
When the hosts receive an ARP request for 192.168.1.10, the
source IP
address of the request is used to compute which virtual host
should
answer the request. The host which is master of the select
ed virtual
host will reply to the request, the other(s) will ignore it.
This way, locally connected systems will receive different
ARP replies
and subsequent IP traffic will be balanced among the hosts.
If one of
the hosts fails, the other will take over the virtual MAC
address, and
begin answering ARP requests on its behalf.
Note: ARP balancing only works on the local network segment.
It cannot
balance traffic that crosses a router, because the router
itself will
always be balanced to the same virtual host.

SEE ALSO

inet(4), pfsync(4), rc.conf(5), ifconfig(8), sysctl(8)

HISTORY

The carp device first appeared in OpenBSD 3.5. The carp de
vice was
imported into FreeBSD 5.4.
BSD May 15, 2005
Copyright © 2010-2024 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout