CARP

CARP stands for Common Address Redundancy Protocol

OpenBSD CARP realization for Linux kernel 2.6.

CARP is an improved version of the Virtual Router Redundancy Protocol (VRRP) standard. The latest protocol to help provide high availability and network redundancy, it was developed because router giant Cisco Systems believes that its Hot Standby Router Protocol (HSRP) patent covers some of the same technical areas as VRRP.

It is based on OpenBSD CARP protocol but is not compatible with it since OpenBSD implementation does not contain protection against repeated message sending attack.

By design each node has it’s own advertisement base and skew, node with the least timeval constructed from them became a master.
It begins to advertise it’s base and skew until shutdown or other node lower it’s base+skew pair.
CARP uses currently only IPv4 multicast, but can be easily changed to use IPv6.
Each CARP packet contains unique 64bit counter with it’s SHA1 hmac digest with 20byte secret key. By design this counter is incremented in both master and backup before sending and while receiving accordingly. If master and backup counters do not coincide with each other while receiving backup node drops this packet and thus preventing repeated sending attack.
When after predefined interval master didn’t send any packet or it’s base+skew is bigger than that in the remote node those node becomes a master and begins to advertise.

CARP has 2 work queues for “became_master” and “became_backup” events. Such events may be easily registered in runtime by external modules. One of such event handlers may send netlink message to ct_sync and/or userspace daemon which will flush iptables rules, up/down interfaces and so on…

More details on configuration and various parameters as long as step-by-step intruction can be found in README and INSTALL files in the sources.

Latest release is always available in archive.