Protocol CARP

From Nasqueron Agora
Revision as of 15:33, 14 February 2026 by Yousra (talk | contribs) (Created page with "== Introduction == ''CARP stands for Common Address Redundancy Protocol and its basic functionality is to allow multiple hosts to share a set of IP addresses'' CARP was first introduced in 2003 in OpenBSD as an alternative to Cisco’s VRRP protocol. It was created to avoid patent issues related to VRRP. Later, CARP was added to FreeBSD and NetBSD. A userland version called ucarp was also developed, allowing CARP to be used on Linux systems. == Master and backup CARP...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

CARP stands for Common Address Redundancy Protocol and its basic functionality is to allow multiple hosts to share a set of IP addresses

CARP was first introduced in 2003 in OpenBSD as an alternative to Cisco’s VRRP protocol. It was created to avoid patent issues related to VRRP. Later, CARP was added to FreeBSD and NetBSD. A userland version called ucarp was also developed, allowing CARP to be used on Linux systems.

Master and backup CARP nodes

CARP creates a redundancy group, meaning several hosts are configured to share the same IP address.

However, at any given time, only one host actually uses the shared IP address. This host is called the master host.

If the master host becomes unavailable — for example, if it crashes, is powered off, or loses network connectivity — the other hosts in the same redundancy group detect the failure. One of them is automatically elected as the new master host and takes over the shared IP address.

This switch happens automatically, ensuring service continuity.

(petite image ici : https://wxcafe.net/posts/redondance-routeurs-openbsd-freebsd/)

- The master node periodically sends advertisement packets.

- Standby nodes listen but do not send advertisements.


Each advertisement packet contains:

1. The VHID (Virtual Host ID), which identifies the redundancy group.

2. The CARP version and packet type.


All advertisement packets are cryptographically signed, meaning:

1. All nodes in the redundancy group must share the same secret.

2. The password is never sent in plaintext.


In practice :

a. The MASTER sends an advertisement packet.

b. It calculates a signature (HMAC) using: 

     1. the VHID, packet information and the shared secret.

     2. The BACKUPs receive the packet.

     3. They recalculate the signature using their copy of the                  secret.

     4. If it matches → valid packet.
        If it doesn't match → rejected packet.


If the backup nodes stop receiving CARP advertisement packets for a certain period of time, they assume that the master node has failed. One of the backup nodes then promotes itself to become the new active node and starts sending CARP advertisements. If the original active node later comes back online, it detects that another node is already acting as MASTER and remains in the passive (BACKUP) state.


https://freebsdfoundation.org/wp-content/uploads/2022/11/zaborski_CARP.pdf

All nodes must be configured with exactly the same set of shared IP addresses, since these are used to calculate the cryptographic signature.

As long as the active node continues sending correctly signed advertisements with the correct VHID, the standby nodes remain passive and do nothing

Retrieved from "https://agora.nasqueron.org/index.php?title=Protocol_CARP&oldid=2256"