Protocol CARP

From Nasqueron Agora
Revision as of 17:14, 14 February 2026 by Yousra (talk | contribs)

Introduction

CARP stands for Common Address Redundancy Protocol and its basic functionality is to allow multiple hosts to share a set of IP addresses

CARP was first introduced in 2003 in OpenBSD as an alternative to Cisco’s VRRP protocol. It was created to avoid patent issues related to VRRP. Later, CARP was added to FreeBSD and NetBSD. A userland implementation of CARP protocol called ucarp was also developed, which allowed CARP to be used on Linux systems.

Master host and backup hosts

CARP creates a redundancy group, meaning several hosts are configured to share a set of IP address. However, at any given time, only one host uses the shared IP address. This host is called the master host.

When the master host becomes unavailable (it crashed, turned off, or lost its network connection), the other hosts in the same redundancy group detect the failure. Immediately, one of the backup hosts is elected as the new master host. That means that it will take over the shared IP address.

This switch happens automatically, ensuring service continuity without clients noticing any interruption.

(petite image ici : https://wxcafe.net/posts/redondance-routeurs-openbsd-freebsd/)

- The master node periodically sends advertisement packets.

- Standby nodes listen but do not send advertisements.


Each advertisement packet contains:

1. The VHID (Virtual Host ID), which identifies the redundancy group.

2. The CARP version and packet type.


All advertisement packets are cryptographically signed, meaning:

1. All nodes in the redundancy group must share the same secret.

2. The password is never sent in plaintext.


In practice :

a. The MASTER sends an advertisement packet.

b. It calculates a signature (HMAC) using: 

     1. the VHID, packet information and the shared secret.

     2. The BACKUPs receive the packet.

     3. They recalculate the signature using their copy of the                  secret.

     4. If it matches → valid packet.
        If it doesn't match → rejected packet.


If the backup nodes stop receiving CARP advertisement packets for a certain period of time, they assume that the master node has failed. One of the backup nodes then promotes itself to become the new active node and starts sending CARP advertisements. If the original active node later comes back online, it detects that another node is already acting as MASTER and remains in the passive (BACKUP) state.


https://freebsdfoundation.org/wp-content/uploads/2022/11/zaborski_CARP.pdf

All nodes must be configured with exactly the same set of shared IP addresses, since these are used to calculate the cryptographic signature.

As long as the active node continues sending correctly signed advertisements with the correct VHID, the standby nodes remain passive and do nothing

Retrieved from "https://agora.nasqueron.org/index.php?title=Protocol_CARP&oldid=2257"