OpenBSD Journal

High availability and load balancing!

Contributed by jose on from the firewall-land dept.

Jedi/Sector One writes: "Yet another excellent feature has just been committed to -current :
CVSROOT:        /cvs
Module name:    src
Changes by:     mcbride@cvs.openbsd.org 2003/10/17 15:04:59

Modified files:
        etc            : protocols
        lib/libc/gen   : sysctl.3
        sbin/ifconfig  : ifconfig.8 ifconfig.c
        sbin/sysctl    : sysctl.8 sysctl.c
        share/man/man4 : Makefile
        sys/conf       : GENERIC files
        sys/net        : if.c if.h if_ethersubr.c if_fddisubr.c
        sys/netinet    : if_ether.c in.h in_proto.c
        sys/sys        : mbuf.h
        usr.bin/netstat: inet.c main.c netstat.h
Added files:
        share/man/man4 : carp.4
        sys/netinet    : ip_carp.c ip_carp.h

Log message:
Common Address Redundancy Protocol

Allows multiple hosts to share an IP address, providing high availability
and load balancing.

Based on code by mickey@, with additional help from markus@
and Marco_Pfatschbacher@genua.de

ok deraadt@
Wow, pfsync and now CARP ... OpenBSD now adds high availability to security!"

CARP is described in this misc@ post from McBride. Pretty cool stuff I'll have to start playing with. Well done, guys!

(Comments are closed)


Comments
  1. By Philipp () on

    Like the mail says.. VRRP and the IETF may die now ;-)

    Comments
    1. By heckler&koch () on

      And when adds SMP & scalability?

      Comments
      1. By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com

        When you send in your patches.

      2. By Anonymous Coward () on

        when i can buy a g36 here in the states

  2. By Anonymous Coward () on

    I read the post at misc@ and understand how the high availability works (master/backup(s) with advertisements of availability). But, how can this be used to do load balancing? The only way I can see is if you constantly force a master switch every so often. Is this correct? And how costly is a master switch; both in time and resources?

    Comments
    1. By Anonymous Coward () on

      Very interesting question, I just wanted to ask more or less the same.
      /me wait curiously :)
      Regards..

    2. By Ralph Siegler () admail@rsiegler.org on http://www.rsiegler.org

      I was curious too if in practice I could tune the frequency advertisement rate such that as one box gets "slightly" more loaded than the others, another would be get to master....is that the intention here?

  3. By tim () on

    Will ssh freak out when it sees keys and/or mac addresses not matching for the same ip addresss?

    Comments
    1. By jcs () on

      it won't care about the mac address, but it will complain when you try to connect to the same ip address and the secondary server responds with a different key.

      the simple solution is to assign a primary ip to each server, and have a second ip shared between them. ssh to the primary ip's of each server which will not change.

    2. By RC () on

      You share the SSH keys between both hosts, just like every other piece of the system configuration...

    3. By Bojan () bc@nospam.default.co.yu on http://

      I think not if you're not ssh'ed to CARP'ed IP and you're on ssh host behind CARP hosts.

  4. By Dan () on

    2 Weeks late ... :)

    I just ordered one :(

    Comments
    1. By Jan O Karlsson () on

      No, of course not. It's included in -current and in 3.5.

      Another reason for ordering the next CD-set as well.

      The 3.4-set you got contains a very good piece of software.

      Stick with it. And upgrade to -current or 3.5 when it's done.

    2. By RC () on

      I understand the desire to try new features, but would you really want an inital check-in of code to get into a release? I prefer stability myself.

      This is nothing new... Every release has several cool new features, and the next release will have more.

    3. By Anthony () on

      There's no way this would get into a release.

      I read in an interview with Theo that the month after a release is an orgy of adding new features. They basically do a feature freeze for the last few months before a release, so there's a lot of stuff waiting to be let in. We're going to be seeing a lot of this stuff.

    4. By Dan () on

      I think I was not understood well.

      I just wished it came before the CD arrived.
      I buy the CD to support the proj. I'll buy next one even if CARP is not included.

      To OBSD team: Thank you for OBSD.

      Dan

  5. By it_doesn't_really_matter () on

    I just wanted to say...

    For quite a number of releases now I've been following the OBSD release cycle and following misc@. I've watch the flame wars about various topics, W^X, advisorise for SSL, etc...

    I ordered my first cd set a couple weeks back.

    I just wanted to say that there are those of us who appreciate all the work that the whole OBSD crew does to put out releases.

    There _are_ ppl out there who don't give a fuck about what gets said. There is a consistency with the OBSD project that simply can't be beat.

    I said it in the comments when ordered my cd, and I feel the need to say it again.

    Thank you for doing what you do best. You just keep getting the job done. There are those of out there who appreciate it. The flame wars don't make a difference to what we think. Life it to short to get upset with what the trolls say.

    No, we don't all commit patches. No we don't all submit bug reports. But ya know what... it doesn't matter. At the end of the day, we still support the cause by buying CD's.

    Thankyou for the consistency.

    Sincerly,
    1 of many simple end users

    Comments
    1. By Heinz () on

      amen ..

    2. By Anonymous Coward () on

      True dat...

    3. By Anonymous Coward () on

      i think there isn't more to say.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]