[1/2] CARP implementation. HA master's failover.

To:	netdev@xxxxxxxxxxx
Subject:	[1/2] CARP implementation. HA master's failover.
From:	Evgeniy Polyakov <johnpol@xxxxxxxxxxx>
Date:	Thu, 15 Jul 2004 17:36:35 +0400
Cc:	netfilter-failover@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<1089898303.6114.859.camel@uganda>
Organization:	MIPT
References:	<1089898303.6114.859.camel@uganda>
Reply-to:	johnpol@xxxxxxxxxxx
Sender:	netdev-bounce@xxxxxxxxxxx

On Thu, 2004-07-15 at 17:31, Evgeniy Polyakov wrote: 
> Hello, network developers.
> 
> I'm glad to introduce CARP failover mechanism implementation.
> It is based on OpenBSD's CARP protocol but is not compatible with it
> since OpenBSD's implementation does not contain protection against
> repeated message sending.
> 
> The main goal of the project is to implement CARP + firewall sync, but
> second part already implemented by Harald Welte <laforge@xxxxxxxxxxxx> and 
> KOVACS Krisztian <hidden@xxxxxxxxxx> in ct_sync.
> 
> By design each node has it's own advertisement base and skew, node with
> the least timeval constructed from them became a master.
> It begins to advertise it's base and skew until shutdown or other node
> lower it's base+skew pair.
> CARP uses currently only IPv4 multicast, but can be easily changed to
> use IPv6. 
> Each CARP packet contains unique 64bit counter with it's SHA1 hmac
> digest with 20byte secret key. By design this counter is incremented in
> both master and backup before sending and while receiving accordingly.
> If master and backup counters do not coincide with each other while
> receiving backup node drops this packet and thus preventing repeated
> sending attack.
> When after predefined interval master didn't send any packet or it's
> base+skew is bigger than that in the remote node those node becomes a
> master and begins to advertise.
> 
> CARP has 2 work queues for "became_master" and "became_backup" events.
> Such events may be easily registered in runtime by external modules.
> One of such event handlers may send netlink message to ct_sync and/or
> userspace daemon which will flush iptables rules, up/down interfaces and
> so on...
> 
> Please review and comment.
> 
> Code against 2.6 attached 
> in next 2 e-mails since netfilter-failover@xxxxxxxxxxxxxxxxxxx doesn't accept
> e-mail greater than 40kb.
> 
> Code also is available at
> http://www.2ka.mipt.ru/~johnpol/carp_latest.tar.gz

-- 
        Evgeniy Polaykov ( s0mbre )

Crash is better than data corruption. -- Art Grabowski

carp.c
Description: Text Data

carp.h
Description: Text Data

carp_ioctl.h
Description: Text Data

signature.asc
Description: This is a digitally signed message part

<Prev in Thread]	Current Thread	[Next in Thread>
[1/2] CARP implementation. HA master's failover., Evgeniy Polyakov <= Re: [1/2] CARP implementation. HA master's failover., jamal Re: [1/2] CARP implementation. HA master's failover., Evgeniy Polyakov Re: [1/2] CARP implementation. HA master's failover., Evgeniy Polyakov Re: [1/2] CARP implementation. HA master's failover., jamal Re: [1/2] CARP implementation. HA master's failover., Evgeniy Polyakov Re: [1/2] CARP implementation. HA master's failover., jamal Re: [1/2] CARP implementation. HA master's failover., Evgeniy Polyakov Re: [1/2] CARP implementation. HA master's failover., jamal Re: [1/2] CARP implementation. HA master's failover., Evgeniy Polyakov Re: [1/2] CARP implementation. HA master's failover., jamal

Previous by Date:	[PATCH Linux-2.6.8-rc1] prism54 Fix reference to uninitialized pointer, Margit Schubert-While
Next by Date:	Re: [1/2] CARP implementation. HA master's failover., jamal
Previous by Thread:	[PATCH Linux-2.6.8-rc1] prism54 Fix reference to uninitialized pointer, Margit Schubert-While
Next by Thread:	Re: [1/2] CARP implementation. HA master's failover., jamal
Indexes:	[Date] [Thread] [Top] [All Lists]