210 lines
6.7 KiB
Groff
210 lines
6.7 KiB
Groff
.\" $NetBSD: carp.4,v 1.5 2013/12/01 00:17:14 christos Exp $
|
|
.\" $OpenBSD: carp.4,v 1.19 2005/08/09 09:52:12 jmc Exp $
|
|
.\"
|
|
.\" Copyright (c) 2003, Ryan McBride. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.Dd November 30, 2013
|
|
.Dt CARP 4
|
|
.Os
|
|
.Sh NAME
|
|
.Nm carp
|
|
.Nd Common Address Redundancy Protocol
|
|
.Sh SYNOPSIS
|
|
.Cd pseudo-device carp
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
interface is a pseudo-device which implements and controls the
|
|
CARP protocol.
|
|
.Nm
|
|
allows multiple hosts on the same local network to share a set of IP addresses.
|
|
Its primary purpose is to ensure that these
|
|
addresses are always available, but in some configurations
|
|
.Nm
|
|
can also provide load balancing functionality.
|
|
.Pp
|
|
A
|
|
.Nm
|
|
interface can be created at runtime using the
|
|
.Ic ifconfig carp Ns Ar N Ic create
|
|
command.
|
|
.Pp
|
|
To use
|
|
.Nm ,
|
|
the administrator needs to configure at minimum a common virtual host ID and
|
|
virtual host IP address on each machine which is to take part in the virtual
|
|
group.
|
|
Additional parameters can also be set on a per-interface basis:
|
|
.Cm advbase
|
|
and
|
|
.Cm advskew ,
|
|
which are used to control how frequently the host sends advertisements when it
|
|
is the master for a virtual host, and
|
|
.Cm pass
|
|
which is used to authenticate carp advertisements.
|
|
Finally
|
|
.Cm carpdev
|
|
is used to specify which interface the
|
|
.Nm
|
|
device attaches to.
|
|
If unspecified, the kernel attempts to set carpdev by looking for
|
|
another interface with the same subnet.
|
|
These configurations can be done using
|
|
.Xr ifconfig 8 ,
|
|
or through the
|
|
.Dv SIOCSVH
|
|
ioctl.
|
|
.Pp
|
|
Additionally, there are a number of global parameters which can be set using
|
|
.Xr sysctl 8 :
|
|
.Bl -tag -width xxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
.It net.inet.carp.allow
|
|
Accept incoming
|
|
.Nm
|
|
packets.
|
|
Enabled by default.
|
|
.It net.inet.carp.preempt
|
|
Allow virtual hosts to preempt each other.
|
|
It is also used to failover
|
|
.Nm
|
|
interfaces as a group.
|
|
When the option is enabled and one of the
|
|
.Nm
|
|
enabled physical interfaces
|
|
goes down, advskew is changed to 240 on all
|
|
.Nm
|
|
interfaces.
|
|
See also the first example.
|
|
Disabled by default.
|
|
.It net.inet.carp.log
|
|
Log bad
|
|
.Nm
|
|
packets.
|
|
Disabled by default.
|
|
.It net.inet.carp.arpbalance
|
|
Balance local traffic using ARP.
|
|
Disabled by default.
|
|
.El
|
|
.Sh EXAMPLES
|
|
For firewalls and routers with multiple interfaces, it is desirable to
|
|
failover all of the
|
|
.Nm
|
|
interfaces together, when one of the physical interfaces goes down.
|
|
This is achieved by the preempt option.
|
|
Enable it on both host A and B:
|
|
.Pp
|
|
.Dl # sysctl -w net.inet.carp.preempt=1
|
|
.Pp
|
|
Assume that host A is the preferred master and 192.168.1.x/24 is
|
|
configured on one physical interface and 192.168.2.y/24 on another.
|
|
This is the setup for host A:
|
|
.Bd -literal -offset indent
|
|
# ifconfig carp0 create
|
|
# ifconfig carp0 vhid 1 pass mekmitasdigoat 192.168.1.1 \e
|
|
netmask 255.255.255.0
|
|
# ifconfig carp1 create
|
|
# ifconfig carp1 vhid 2 pass mekmitasdigoat 192.168.2.1/24 \e
|
|
netmask 255.255.255.0
|
|
.Ed
|
|
.Pp
|
|
The setup for host B is identical, but it has a higher advskew:
|
|
.Bd -literal -offset indent
|
|
# ifconfig carp0 create
|
|
# ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat \e
|
|
192.168.1.1 netmask 255.255.255.0
|
|
# ifconfig carp1 create
|
|
# ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat \e
|
|
192.168.2.1 netmask 255.255.255.0
|
|
.Ed
|
|
.Pp
|
|
Because of the preempt option, when one of the physical interfaces of
|
|
host A fails, advskew is adjusted to 240 on all its
|
|
.Nm
|
|
interfaces.
|
|
This will cause host B to preempt on both interfaces instead of
|
|
just the failed one.
|
|
.Pp
|
|
In order to set up an ARP balanced virtual host, it is necessary to configure
|
|
one virtual host for each physical host which would respond to ARP requests
|
|
and thus handle the traffic.
|
|
In the following example, two virtual hosts are configured on two hosts to
|
|
provide balancing and failover for the IP address 192.168.1.10.
|
|
.Pp
|
|
First the
|
|
.Nm
|
|
interfaces on Host A are configured.
|
|
The
|
|
.Cm advskew
|
|
of 100 on the second virtual host means that its advertisements will be sent
|
|
out slightly less frequently.
|
|
.Bd -literal -offset indent
|
|
# ifconfig carp0 create
|
|
# ifconfig carp0 vhid 1 pass mekmitasdigoat 192.168.1.10 \e
|
|
netmask 255.255.255.0
|
|
# ifconfig carp1 create
|
|
# ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat \e
|
|
192.168.1.10 netmask 255.255.255.0
|
|
.Ed
|
|
.Pp
|
|
The configuration for host B is identical, except the skew is on
|
|
virtual host 1 rather than virtual host 2.
|
|
.Bd -literal -offset indent
|
|
# ifconfig carp0 create
|
|
# ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat \e
|
|
192.168.1.10 netmask 255.255.255.0
|
|
# ifconfig carp1 create
|
|
# ifconfig carp1 vhid 2 pass mekmitasdigoat 192.168.1.10 \e
|
|
netmask 255.255.255.0
|
|
.Ed
|
|
.Pp
|
|
Finally, the ARP balancing feature must be enabled on both hosts:
|
|
.Pp
|
|
.Dl # sysctl -w net.inet.carp.arpbalance=1
|
|
.Pp
|
|
When the hosts receive an ARP request for 192.168.1.10, the source IP address
|
|
of the request is used to compute which virtual host should answer the request.
|
|
The host which is master of the selected virtual host will reply to the
|
|
request, the other(s) will ignore it.
|
|
.Pp
|
|
This way, locally connected systems will receive different ARP replies and
|
|
subsequent IP traffic will be balanced among the hosts.
|
|
If one of the hosts fails, the other will take over the virtual MAC address,
|
|
and begin answering ARP requests on its behalf.
|
|
.Pp
|
|
Note: ARP balancing only works on the local network segment.
|
|
It cannot balance traffic that crosses a router, because the router
|
|
itself will always be balanced to the same virtual host.
|
|
.Sh SEE ALSO
|
|
.Xr netstat 1 ,
|
|
.Xr sysctl 3 ,
|
|
.Xr arp 4 ,
|
|
.Xr arp 8 ,
|
|
.Xr ifconfig 8 ,
|
|
.Xr sysctl 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
device first appeared in
|
|
.Ox 3.5 .
|