What Does Common Address Redundancy Protocol (CARP) Mean?
Common Address Redundancy Protocol (CARP) is an automatic failover and redundancy protocol introduced by OpenBSD in October 2003. CARP is designed to share a common IP address among multiple hosts in same network segment in order to provide failover redundancy to multiple servers or hosts. It is an alternative to Internet Engineering Task Force’s (IETF) Virtual Router Redundancy Protocol (VRRP) and Cisco’s Hot Standby Redundancy Protocol (HSRP).
CARP is designed as a free and open source alternate to VRRP that Cisco claimed had some technical resemblance to their proprietary HSRP. CARP works by allowing a group of hosts on the same network segment to share an IP address. This group of hosts is referred to as a redundancy group. The redundancy group is assigned an IP address and a common virtual host ID (VHID). The VHID allows group members to identify which redundancy group they belong to. Within the group, one host is designated as the master host and the rest as backup hosts. The master host is the owner of the shared IP address. The master host responds to any traffic or ARP requests directed towards it.
Techopedia Explains Common Address Redundancy Protocol (CARP)
Each host may belong to more than one redundancy group at a time through multiple physical interfaces. The master host sends CARP advertisements to the backup hosts.
These CARP advertisements or CARP packets are composed of two values:
- The advertisement base (advbase) of the master host: this can be configured independently on each host in the redundancy group. the advbase can contain values between 1 to 255.
- The advertisement skew (advskew): this specifies how much to skew the advbase when sending CARP advertisements to other hosts. Its values range from 1 to 254.
By manipulating advbase and advskew values on each host, the master CARP host can be designated. The higher the combined value of these two parameters, the less preferred that host will be when choosing a master. In the case of CARP packet arrival failure after a specified time or receiving bigger advbase plus advskew value, a backup host assumes the duties of master host.
CARP has limited abilities for load balancing the incoming connections between hosts in an Ethernet network. For load balancing operations, several CARP interfaces are configured to the same IP address, but to different VHIDs. Once an ARP request is received, the CARP protocol uses a hashing function against the source IP address in the ARP request to determine which VHID this request should belong to. If the corresponding CARP interface is in a master state, the ARP request will receive a reply, otherwise it will be ignored.
In order to prevent a malicious user on the network segment from spoofing CARP advertisements, each group can be configured with a password. Each CARP packet sent to the group is then protected by a secure hash algorithm 1 hash-based message authentication code (SHA1 HMAC). CARP supports both Internet Protocol version 4 (IPV4) and Internet Protocol version 6 (IPV6) addressing. CARP can be used in domain name system (DNS) servers, Firewalls and other packet filtering servers where the client does not need to know and switch all the IP addresses in case of a failover.