Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [carp]

an open protocol that allows multiple hosts to share a virtual IP address (VIP). The CARP protocol was originally designed and implemented by the OpenBSD developers. There are several other free implementations of it, including UCARP on Linux.

The Common Address Redundancy Protocol allows multiple hosts on the same network segment to share a set of IP addresses. CARP is a secure, free alternative to the Virtual Router Redundancy Protocol (VRRP) and the Hot Standby Router Protocol (HSRP).

A group of hosts sharing one or more CARP VIPs is referred to as a "redundancy group." Within the group, one host is designated the "master" and the rest as "backups." The master host is the one that currently "holds" the shared IP; it responds to any traffic or ARP requests directed towards it. Each host may belong to more than one redundancy group at a time.

Kernel driver based implementations of CARP are available on FreeBSD, NetBSD and OpenBSD. UCARP is a portable userland implementation available for Linux.

Sources: OpenBSD Project, Wikipedia

30 questions
6
votes
2 answers

UCARP: prevent the original master from taking over the VIP when it comes back after failure?

Keepalived can do this by combining the nopreempt option and the BACKUP state on the both nodes: Prevent VRRP Master from becoming Master once it has failed Prevent master to fall back to master after failure How about the UCARP? Name :…
quanta
  • 50,327
  • 19
  • 152
  • 213
5
votes
3 answers

*nix CARP or VMWare Fault Tolerance?

We're experimenting with what VMWare called a "Fully Collapsed DMZ" on blade centre. Basically our DMZ goes straight into a vSwitch and all the security appliances are virtualised. I've spent days reading up about why this is a good idea and why…
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
4
votes
1 answer

Changing PF rules on the fly to mitigate damage of DDoS (OpenBSD 6.4)

This is a two part question, really. Keep in mind that I am a developer not a system admin, but being the only employee in the company, I wear ALL the hats. I have deployed my server with two firewalls running on CARP for load balancing/redundancy…
Miguel
  • 171
  • 4
4
votes
4 answers

Does two pfsense + CARP necessarily require two WAN IP?

I am looking to setup CARP following this guide across two pfSense firewalls. I have setup CARP before on a WAN link with a big IP space, so allocating a distinct WAN IP per each device (as shown in the guide) was palatable. Now, I am trying to do…
tacos_tacos_tacos
  • 3,220
  • 16
  • 58
  • 97
4
votes
2 answers

redundant openvpn configuration

I have two openbsd nat/firewall boxes with carp for failover / high availability purposes. What would be the best possible practice to ensure that OpenVPN, which I plan on running on these boxes, fails over gracefully as well?
imaginative
  • 1,941
  • 9
  • 32
  • 48
3
votes
1 answer

How do I configure ZFS to panic on da (SCSI) disk failure?

Situation: two redundant FreeBSD machines using CARP to share a primary IP, running a frontend proxy (E.G. HAproxy or nginx) Primary machine experiences a loss of SCSI disk (E.G. disk failure, SAN storage failure, etc) and services fail (L7 timeouts…
Josh
  • 9,001
  • 27
  • 78
  • 124
3
votes
0 answers

Redundant Firewalls And Switches HSRP and CARP

I currently have planned 2 x uplinks (HSRP Active/Standby) 2 x pfsense firewalls (Carp Enabled) 2 x layer2 switches Please criticize or offer help on the correct way to do this. I have a feeling im missing a valid point of simple networking. The…
Arenstar
  • 3,592
  • 2
  • 24
  • 34
3
votes
1 answer

Heartbeat compared to CARP?

Provided I only require virtual IP (migrated between servers), is there any sense in using heartbeat, or CARP is enough?
SyRenity
  • 3,159
  • 11
  • 55
  • 79
3
votes
2 answers

CARP: two machines think they're the master, but only on one interface

I have two machines, each configured identically as a firewall/load balancer for a busy website. I have set them up with CARP and pfsync on both the internal and external interfaces. The internal interface is behaving as expected (primary listed as…
Conor McDermottroe
  • 938
  • 1
  • 7
  • 17
2
votes
2 answers

Active CARP network loop

I have to setup, no matter what, a cluster of 3 active OpenBSD 5.5 with CARP on 3 separate ESXi 5.5 hosts. I think I'm close to the end but I have this message in /var/log/messages : carp0: replay or network loop detected Here is my configuration…
Ouioui
  • 21
  • 2
2
votes
0 answers

Configure SSH while using UCARP for failover

I have SSH installed, and UCARP configured to fail over a virtual IP when one of the two boxes goes down. The problem that I'm having is when a VM is running, and the ucarp interface is active (eth0:ucarp), I cannnot ssh to the VM using the eth0…
EGr
  • 575
  • 3
  • 12
  • 29
2
votes
1 answer

Physical network setup for pfsense w/ CARP for redundant firewalls

So I'm looking at this diagram: http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP) Does this assume that the "DSL Router" at the top of the drawing has two physical RJ45 jacks, or a single one that you're splitting via a…
Keith Palmer Jr.
  • 1,151
  • 4
  • 16
  • 28
2
votes
1 answer

IPTables INPUT and ucarp

What rule(s) are needed to allow ucarp traffic on IPTables?
Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
1
vote
1 answer

CARP: VIP on different interface and network

I'd like to use CARP between two systems with a VIP address, the VIP belonging to the master. The second system acts as a stand-by system which takes over the VIP in case the first system goes offline. Both systems have two interfaces, a public and…
watain
  • 141
  • 3
  • 14
1
vote
1 answer

FreeBSD CARP doesn't work in VirtualBox with bridged adapter

I have two identical VirtualBox machines running FreeBSD. Their networking is set up using "Bridged Adapter" option. I've followed FreeBSD Handbook instructions step-to-step, but I still not able to access CARP'ed IP from host system. What's wrong…
arrowd
  • 319
  • 1
  • 8
1
2