Protocol CARP: Difference between revisions

CARP stands for Common Address Redundancy Protocol and its basic functionality is to allow multiple hosts to share a set of IP addresses

CARP was first introduced in 2003 in OpenBSD as an alternative to Cisco’s VRRP protocol. It was created to avoid patent issues related to VRRP. Later, CARP was added to FreeBSD and NetBSD. A userland implementation of CARP protocol called ucarp was also developed, which allowed CARP to be used on Linux systems.

CARP creates a redundancy group, meaning several hosts are configured to share a virtual IP address. However, at any given time, only one host uses the shared IP address. This host is called the master host and it receives and handles all traffic destined to that virtual IP.

When the master host becomes unavailable (it crashed, turned off, or lost its network connection), the other hosts in the same redundancy group detect the failure. Immediately, one of the backup hosts is elected as the new master host. That means that it will take over the shared IP address.

This switch happens automatically, ensuring service continuity without clients noticing any interruption.

- The master host periodically broadcasts CARP advertisements to the backup hosts.

- Backup hosts listen but do not send any packets.

Each CARP advertisement contains:

1. The VHID (Virtual Host ID), which identifies the redundancy group.

2. The CARP version and packet type.

3. The advertisement parameters (advbase and advskew), which determine the host’s priority.

All CARP advertisements are cryptographically signed :

Steps :

1. The master host creates an advertisement.

2. It calculates a cryptographic signature using:

     - the shared secret,

     - the VHID,

     - the virtual IP addresses,

     - the advertisement parameters (advbase and advskew),

     - and other header fields.

3. It then sends the signed advertisement.

4. The backup hosts receives the signed advertisement.

5. Each backup host recalculates the signature using the same shared secret :

- If the calculated signature matches the received signature → the packet is considered valid.

- If it does not match → the packet is rejected.

It protects against spoofing attacks : without cryptographic authentication, an attacker could send fake CARP advertisements and attempt to become the master host.

Also, all hosts must have the same set of virtual IP addresses configured in order to calculate the signature (because the IP addresses are not send), but only one host actually uses these IP addresses at any given time.

Using multiple VHIDs in CARP allows several virtual IP addresses to be managed separately. This means different hosts can be master for different services. For example, one host can manage the web service, while another manages the DNS service. Thanks to this, the hosts can be used efficiently while still ensuring high availability. It would not be practical to use a machine only when the other machine is not responding.

Normally:

- master

- backups

If the master host stops sending advertisements, the backup nodes know that the master is no longer reachable. However, a problem can occur if the backup nodes stop receiving each other's advertisements because the link between them is broken. In that case, each node may assume it is the master.

When communication is restored, CARP resolves the problem:

1. The masters can see each other
2. They receive advertisements from each other
3. They compare priority
4. The hosts with lower priority automatically switche back to backup

1. All hosts start

  - All hosts begin in BACKUP state.

2. Each host starts a timer

  - The delay depends on the priority (advskew).

  - The lower the advskew, the shorter the delay.

  - The lower the advskew, the higher the priority.

3. The higher-priority host’s timer expires first

  - That host sends CARP advertisements when the timer expires.

  - It assigns the virtual IP (VIP) to its interface.

  - It becomes the MASTER host.

4. The other hosts receive the advertisement

  - They detect that a higher-priority host is active.

  - They remain in BACKUP state.

  - They do not send CARP advertisements.

In CARP, we usually choose the preferred master by giving it a higher priority (lower advskew). If the master fails and two backup hosts have the same priority, they may both try to become master at the same time. This can temporarily create a split-brain situation, where both hosts start sending CARP advertisements. However, they will quickly detect each other’s advertisements. Because of small timing differences in the network, one host will effectively win and remain master, while the other will switch stay in backup mode. To avoid this situation, it is recommended to configure different priorities for each host.

In this example, we consider a topology with two routers: router-003 and router-004. We want router-003 to act as the master, while router-004 should operate as the backup.

1) Enable CARP Support

On the file /boot/loader.conf, you need to add : carp_load="YES"

You are telling FreeBSD:

“Load the CARP kernel module automatically at boot time.”

If you want to load it now, but not permanently : kldload carp

If someone has build a custom FreeBSD kernel, they can include CARP directly by adding this line to the kernel configuration file: device carp

2) Hosts configuration

The hostname, management IP address, subnet mask, shared virtual IP address, and VHID are configured by adding the appropriate entries to the /etc/rc.conf file.

router-002 :

hostname="router-002"

ifconfig_vmx0="inet 172.27.27.11 netmask 255.255.255.240"

ifconfig_vmx0_alias0="inet vhid 1 pass 123piano2026% alias 192.168.1.50/32"

router-003 :

hostname="router-003"

ifconfig_vmx0="inet 172.27.27.12 netmask 255.255.255.240"

ifconfig_vmx0_alias0="inet vhid 1 pass 123piano2026% advskew 100 alias 192.168.1.50/32"

So we gave a lower advskew to the router-002 (default is 0) to become the master router.

In FreeBSD, CARP can be configured either by attaching a virtual IP directly as an alias on a physical interface, or by creating a dedicated virtual interface such as carp0. Using an alias is simpler and sufficient for small or basic setups. However, using a dedicated carp interface is cleaner and more modular, especially when multiple VHIDs or virtual IP addresses are involved. For larger or production environments, the carp interface approach is generally preferred for better clarity and scalability.

commands :

ifconfig carp0 create

ifconfig carp0 vhid 1 pass 123piano2026%

ifconfig carp0 inet 192.168.1.50/24

multply VHID ?

Source :

https://wxcafe.net/posts/redondance-routeurs-openbsd-freebsd/ https://freebsdfoundation.org/wp-content/uploads/2022/11/zaborski_CARP.pdf https://docs-archive.freebsd.org/doc/11.0-RELEASE/usr/local/share/doc/freebsd/en/books/handbook/carp.html