Provided by: freebsd-manpages_9.2+1-1_all 
NAME
carp — Common Address Redundancy Protocol
SYNOPSIS
device carp
DESCRIPTION
The carp interface is a pseudo-device that implements and controls the CARP protocol. CARP allows
multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to
ensure that these addresses are always available, but in some configurations carp can also provide load
balancing functionality.
A carp interface can be created at runtime using the ifconfig carpN create command or by configuring it
via cloned_interfaces in the /etc/rc.conf file.
To use carp, the administrator needs to configure at minimum a common virtual host ID (VHID) and virtual
host IP address on each machine which is to take part in the virtual group. Additional parameters can
also be set on a per-interface basis: advbase and advskew, which are used to control how frequently the
host sends advertisements when it is the master for a virtual host, and pass which is used to
authenticate carp advertisements. The advbase parameter stands for “advertisement base”. It is measured
in seconds and specifies the base of the advertisement interval. The advskew parameter stands for
“advertisement skew”. It is measured in 1/256 of seconds. It is added to the base advertisement
interval to make one host advertise a bit slower that the other does. Both advbase and advskew are put
inside CARP advertisements. These configurations can be done using ifconfig(8), or through the SIOCSVH
ioctl(2).
Additionally, there are a number of global parameters which can be set using sysctl(8):
net.inet.carp.allow Accept incoming carp packets. Enabled by default.
net.inet.carp.preempt Allow virtual hosts to preempt each other. It is also used to failover carp
interfaces as a group. When the option is enabled and one of the carp enabled
physical interfaces goes down, advskew is changed to 240 on all carp
interfaces. See also the first example. Disabled by default.
net.inet.carp.log Value of 0 disables any logging. Value of 1 enables logging state changes of
carp interfaces. Values above 1 enable logging of bad carp packets. Default
value is 1.
net.inet.carp.arpbalance Balance local traffic using ARP (see below). Disabled by default.
net.inet.carp.suppress_preempt
A read only value showing the status of preemption suppression. Preemption can
be suppressed if link on an interface is down or when pfsync(4) interface is
not synchronized. Value of 0 means that preemption is not suppressed, since no
problems are detected. Every problem increments suppression counter.
ARP level load balancing
The carp has limited abilities for load balancing the incoming connections between hosts in Ethernet
network. For load balancing operation, one needs several CARP interfaces that are configured to the same
IP address, but to a different VHIDs. Once an ARP request is received, the CARP protocol will use a
hashing function against the source IP address in the ARP request to determine which VHID should this
request belong to. If the corresponding CARP interface is in master state, the ARP request will be
replied, otherwise it will be ignored. See the “EXAMPLES” section for a practical example of load
balancing.
The ARP load balancing has some limitations. First, ARP balancing only works on the local network
segment. It cannot balance traffic that crosses a router, because the router itself will always be
balanced to the same virtual host. Second, ARP load balancing can lead to asymmetric routing of incoming
and outgoing traffic, and thus combining it with pfsync(4) is dangerous, because this creates a race
condition between balanced routers and a host they are serving. Imagine an incoming packet creating
state on the first router, being forwarded to its destination, and destination replying faster than the
state information is packed and synced with the second router. If the reply would be load balanced to
second router, it will be dropped due to no state.
STATE CHANGE NOTIFICATIONS
Sometimes it is useful to get notified about carp status change events. This can be accomplished by
using devd(8) hooks. Master/slave events are signalled as carp interface LINK_UP or LINK_DOWN event.
Please see devd.conf(5) and “EXAMPLES” section for more information.
EXAMPLES
For firewalls and routers with multiple interfaces, it is desirable to failover all of the carp
interfaces together, when one of the physical interfaces goes down. This is achieved by the preempt
option. Enable it on both host A and B:
sysctl net.inet.carp.preempt=1
Assume that host A is the preferred master and 192.168.1.x/24 is configured on one physical interface and
192.168.2.y/24 on another. This is the setup for host A:
ifconfig carp0 create
ifconfig carp0 vhid 1 pass mekmitasdigoat 192.168.1.1/24
ifconfig carp1 create
ifconfig carp1 vhid 2 pass mekmitasdigoat 192.168.2.1/24
The setup for host B is identical, but it has a higher advskew:
ifconfig carp0 create
ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat 192.168.1.1/24
ifconfig carp1 create
ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat 192.168.2.1/24
Because of the preempt option, when one of the physical interfaces of host A fails, advskew is adjusted
to 240 on all its carp interfaces. This will cause host B to preempt on both interfaces instead of just
the failed one.
In order to set up an ARP balanced virtual host, it is necessary to configure one virtual host for each
physical host which would respond to ARP requests and thus handle the traffic. In the following example,
two virtual hosts are configured on two hosts to provide balancing and failover for the IP address
192.168.1.10.
First the carp interfaces on host A are configured. The advskew of 100 on the second virtual host means
that its advertisements will be sent out slightly less frequently.
ifconfig carp0 create
ifconfig carp0 vhid 1 pass mekmitasdigoat 192.168.1.10/24
ifconfig carp1 create
ifconfig carp1 vhid 2 advskew 100 pass mekmitasdigoat 192.168.1.10/24
The configuration for host B is identical, except the advskew is on virtual host 1 rather than virtual
host 2.
ifconfig carp0 create
ifconfig carp0 vhid 1 advskew 100 pass mekmitasdigoat 192.168.1.10/24
ifconfig carp1 create
ifconfig carp1 vhid 2 pass mekmitasdigoat 192.168.1.10/24
Finally, the ARP balancing feature must be enabled on both hosts:
sysctl net.inet.carp.arpbalance=1
When the hosts receive an ARP request for 192.168.1.10, the source IP address of the request is used to
compute which virtual host should answer the request. The host which is master of the selected virtual
host will reply to the request, the other(s) will ignore it.
This way, locally connected systems will receive different ARP replies and subsequent IP traffic will be
balanced among the hosts. If one of the hosts fails, the other will take over the virtual MAC address,
and begin answering ARP requests on its behalf.
Processing of carp status change events can be set up by using the following devd.conf rules:
notify 0 {
match "system" "IFNET";
match "type" "LINK_UP";
match "subsystem" "carp*";
action "/root/carpcontrol.sh $type $subsystem";
};
notify 0 {
match "system" "IFNET";
match "type" "LINK_DOWN";
match "subsystem" "carp*";
action "/root/carpcontrol.sh $type $subsystem";
};
SEE ALSO
inet(4), pfsync(4), rc.conf(5), devd.conf(5), ifconfig(8), sysctl(8)
HISTORY
The carp device first appeared in OpenBSD 3.5. The carp device was imported into FreeBSD 5.4.
Debian August 15, 2011 CARP(4)