lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Jun 2008 18:04:32 +0400 From: Evgeniy Polyakov <johnpol@....mipt.ru> To: netdev@...r.kernel.org Subject: CARP: Common Address Redundancy Protocol for Linux kernel release. Hi. This is not a new project, and it has number of pros and cons to be in kernel, so I post a note about it here in case people are interested to create high-avaliable systems with multiple machines. CARP is an improved version of the Virtual Router Redundancy Protocol (VRRP) standard. The latest protocol to help provide high availability and network redundancy, it was developed because router giant Cisco Systems believes that its Hot Standby Router Protocol (HSRP) patent covers some of the same technical areas as VRRP. CARP is cryptographically secure, since it uses hmac to protect its content. It also does not have replay message attack vector which exists in OpenBSD implementation (its practical application is questionable though). Main advantage over hearbeat-like approaches is ability to scale to whatever you need number of nodes without needs for persitent connection (wired, serial or whatever else) between them, the same media as for data transfer is used (iirc heartbeat 2 does not have it problem?). Advantage over userspace CARP solution (and heartbeat too) is ability to control network device on behalf of which data is broadcasted (like create persistent MAC address between nodes). Aliasing is not a solution in multiple cases. CARP configuation is pretty trivial: $ tar -zxf carp_latest.tar.gz $ cd carp $ make # insmod ip_carp.ko # modprobe cn # insmod carp_conn.ko # ifconfig carp0 up # carp_conn_daemon -m master.sh -b backup.sh And the same on all other machines. Each script as you got from its name is executed when node becomes master or backup one, you can put there firewall rule changes, traffic shaping setup, network daemon start/stop scripts and whatever you like. CARP homepage: http://tservice.net.ru/~s0mbre/old/?section=projects&item=carp -- Evgeniy Polyakov -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists