What is Common Address Redundancy Protocol?
Das Common Address Redundancy Protocol (CARP) ist ein automatisches Failover- und Redundanzprotokoll, das von OpenBSD im Oktober 2003 eingeführt wurde. CARP teilt eine gemeinsame IP-Adresse zwischen mehreren Hosts in demselben Netzwerksegment, um eine Failover-Redundanz für mehrere Server oder Hosts bereitzustellen. Es ist eine Alternative zum Virtual Router Redundancy Protocol (VRRP) der Internet Engineering Task Force (IETF) und zum Hot Standby Redundancy Protocol (HSRP) von Cisco.
CARP was designed as a free and open source alternative to VRRP, which Cisco claimed had some technical resemblance to its proprietary HSRP. CARP works by allowing a group of hosts on the same network segment to share an IP address. This group of hosts is known as the redundancy group. The redundancy group is assigned an IP address and a common virtual host ID (VHID). The VHID enables group members to identify which redundancy group they belong to. Within the group, one host is designated as the master host and the rest as the backup host. The master host is the owner of the shared IP address. The master host responds to any traffic or ARP requests directed towards it.
Each host can belong to more than one redundancy group at the same time via several physical interfaces. The master host sends CARP announcements to the backup hosts.
These CARP advertisements or CARP packages are made up of two values:
The master host's advertising base (advbase): This can be configured independently for each host in the redundancy group. advbase can contain values between 1 and 255.
The advert skew (advskew): indicates how much the advbase should be skewed when sending CARP advertisements to other hosts. Its values range from 1 to 254.
The master CARP host can be determined by manipulating advbase and advskew values on each host. The higher the combined value of these two parameters, the less preferred this host is when selecting a master. In the event of a failure of the CARP packet after a certain time or when a larger Advbase plus advskew value is received, a backup host takes over the tasks of the master host.
CARP has limited ability to load balance incoming connections between hosts on an Ethernet network. In load balancing operations, multiple CARP interfaces are configured for the same IP address but for different VHIDs. As soon as an ARP request is received, the CARP protocol uses a hash function against the source IP address in the ARP request to determine which VHID this request should belong to. If the corresponding CARP interface is in a master status, the ARP request receives a response, otherwise it is ignored.
To prevent a malicious user from spoofing CARP advertising in the network segment, each group can be configured with a password. Each CARP packet sent to the group is then protected by a hash-based hash authentication code (SHA1 HMAC) of the secure hash algorithm 1. CARP supports both IPv4 (Internet Protocol Version 4) and IPV6 (Internet Protocol Version 6). CARP can be used in DNS servers (Domain Name System), firewalls and other packet filter servers, where the client does not have to know and switch all IP addresses in the event of a failover.