Common Address Redundancy Protocol
From Wikipedia, the free encyclopedia
The Common Address Redundancy Protocol or CARP is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy. For example, if there is a single computer running a packet filter, and it goes down, then either the networks on either side of the packet filter can no longer communicate with each other, or they communicate without any packet filtering. If, however, there are two computers running a packet filter, running CARP, then if one fails, the other will take over, and computers on either side of the packet filter will not be aware of the failure, so operation will continue as normal. In order to make sure the new master operates the same as the old one, pfsyncd is used. In some configurations CARP can also provide load balancing functionality.
Contents |
[edit] Principle of redundancy
A group of hosts using CARP is called a "group of redundancy". The group of redundancy allocates itself an IP address which is shared or divided between the members of the group. Within this group, a host is designated as "Master". The other members are called "slaves". The main host is that which "takes" the IP address. It answers any traffic or ARP request brought to the attention of this address. Each host can belong to several groups of redundancy. It should be noted that each host must have a second single IP address.
A common use of CARP is the creation of a group of redundant firewalls. The virtual IP address allotted to the group of redundancy is indicated as the address of the default router on the computers behind this group of firewalls. If the main firewall breaks down or is disconnected from the network, the virtual IP address will be taken by one of firewall slaves and the service availability will not be interrupted.
[edit] History
In the late 90s IETF began working on a solution to the problem. In 1997, Cisco informed them that this was already covered by Cisco patents. In 1998, Cisco told them it was covered by their patent of HSRP (Hot Standby Router Protocol). Nonetheless, IETF continued work on VRRP (Virtual Router Redundancy Protocol). After some debate, people decided it was alright to allow patented material in a standard, as long as it was licensed under RAND (Reasonable and Non-Discrimatory) terms. Because VRRP fixed problems with the HSRP protocol, Cisco began using VRRP instead, while still claiming it as its own.
Cisco informed the OpenBSD developers they would enforce their patent of HSRP. This may have been related to their lawsuit with Alcatel. Thus, a free implementation of VRRP could not be made. OpenBSD developers started CARP as an alternative to the patented VRRP, as to them, RAND did not seem to be reasonable and non-discriminatory. To avoid the HSRP patent, they ensured their idea for CARP was fundamentally different. Because of OpenBSD's focus on security, CARP was designed with security in mind, and is designed to use cryptography. It became available, completely for free, in October 2003. It has since been integrated into FreeBSD and NetBSD.
[edit] No official internet protocol number
From OpenBSD.org:
As a final note of course, when we petitioned IANA, the IETF body regulating "official" internet protocol numbers, to give us numbers for CARP and pfsync our request was denied. Apparently we had failed to go through an official standards organization. Consequently we were forced to choose a protocol number which would not conflict with anything else of value, and decided to place CARP at IP protocol 112. We also placed pfsync at an open and unused number. We informed IANA of these decisions, but they declined to reply.
The reason for this is that no specification for CARP has ever been written. The closest thing to specifications is the implementation in OpenBSD.
Note that VRRP also uses IP protocol 112, having been assigned it by IANA.