carp Services: CARP (failover) CARP (failover) CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead, and/or allowing a degree of load sharing between systems. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent.
Services
carp.xml
CARP Settings /pkg_edit.php?xml=carp.xml CARP Status carp_status.php http://www.pfsense.com/packages/config/carp.tgz ['installedpackages']['carp']['config'] VHID Group vhid Virtual IP Address ipaddress Advertising Frequency advskew Synchronize State pfsync checkbox Load Balancing balancing checkbox Preemption premption checkbox Virtual IP Address ipaddress Enter the IP Address that you would like to share on both machines input Virtual IP Netmask netmask Enter the IP Address's netmask that you would like to share on both machines select 24 Virtual IP Password password Enter the VHID group password. password VHID Group vhid Enter the VHID group that the machines will share select 1 Advertising Frequency advskew The frequency that this machine will advertise select 0 Synchrnoize State pfsync PFSync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table. checkbox Synchronize Interface synciface interfaces_selection If Synchronize State is enabled, it will utilize this interface for communication. Load Balancing balancing If this feature is enabled, CARP source-hashes the originating IP of a request. The hash is then used to select a virtual host from the available pool to handle the request. This is disabled by default. checkbox Preemption premption When preemption is enabled, each CARP host will look at the advskew (Advertising Frequency) parameter in the advertisements it receives from the master, to try to determine whether it can advertise more frequently. If so, it will begin advertising, and the current master, seeing that there is another host with a lower advskew, will bow out. checkbox function sync_package() { /* * XXX: find out how many carp and pfsync interfaces are established * and destroy/down them before sweeping through the list */ $fout = fopen("/usr/local/etc/rc.d/carp.sh","w"); fwrite($fout, "#!/bin/sh \n"); global $config; $using_arp_balance = 0; $using_preempt = 0; $carp_instances_counter = 0; $pfsync_instances_counter = 0; if($config['installedpackages']['carp']['config'] != "") { foreach($config['installedpackages']['carp']['config'] as $carp) { $pfsync = 0; /* * create the carp interface */ fwrite($fout, "/sbin/ifconfig carp" . $carp_instances_counter . " create\n"); $broadcast_address = gen_subnet_max($carp['ipaddress'], $carp['netmask']); if($carp['password'] != "") { $password = " pass " . $carp['password']; } $carp_command = "/sbin/ifconfig carp" . $carp_instances_counter . " " . $carp['ipaddress'] . "/" . $carp['netmask']; $carp_command .= " broadcast " . $broadcast_address . " vhid " . $carp['vhid'] . $carp['advskew '] . $password; if($carp['balancing'] == "true") $using_arp_balance = 1; if($carp['preempt'] == "true") $using_preempt = 1; fwrite($fout, $carp_command . "\n"); if($carp['pfsync'] != "") $pfsync = 1; if($pfsync != 0) { /* * user has selected pfsync, bring it up. */ fwrite($fout, "/sbin/ifconfig pfsync" . $pfsync_instances_counter . " create \n"); fwrite($fout, "/sbin/ifconfig pfsync" . $pfsync_instances_counter . " up syncif " . $carp['synciface'] . "\n"); $pfsync_instances_counter++; } $carp_instances_counter++; } } fclose($fout); system("chmod a+x /usr/local/etc/rc.d/carp.sh"); system("/usr/local/etc/rc.d/carp.sh"); if($using_arp_balance == 1) system("sysctl net.inet.arpbalance=1"); if($preempt == 1) system("sysctl net.inet.carp.preempt=1"); } sync_package(); sync_package(); sync_package();