netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[2/2] CARP implementation. HA master's failover.

from [Evgeniy Polyakov] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx
Subject: [2/2] CARP implementation. HA master's failover.
From: Evgeniy Polyakov <johnpol@xxxxxxxxxxx>
Date: Thu, 15 Jul 2004 17:37:10 +0400
Cc: netfilter-failover@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1089898339.6114.860.camel@uganda>
Organization: MIPT
References: <1089898339.6114.860.camel@uganda>
Reply-to: johnpol@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx 
On Thu, 2004-07-15 at 17:32, Evgeniy Polyakov wrote:
> Hello, network developers.
> 
> I'm glad to introduce CARP failover mechanism implementation.
> It is based on OpenBSD's CARP protocol but is not compatible with it
> since OpenBSD's implementation does not contain protection against
> repeated message sending.
> 
> The main goal of the project is to implement CARP + firewall sync, but
> second part already implemented by Harald Welte <laforge@xxxxxxxxxxxx> and 
> KOVACS Krisztian <hidden@xxxxxxxxxx> in ct_sync.
> 
> By design each node has it's own advertisement base and skew, node with
> the least timeval constructed from them became a master.
> It begins to advertise it's base and skew until shutdown or other node
> lower it's base+skew pair.
> CARP uses currently only IPv4 multicast, but can be easily changed to
> use IPv6. 
> Each CARP packet contains unique 64bit counter with it's SHA1 hmac
> digest with 20byte secret key. By design this counter is incremented in
> both master and backup before sending and while receiving accordingly.
> If master and backup counters do not coincide with each other while
> receiving backup node drops this packet and thus preventing repeated
> sending attack.
> When after predefined interval master didn't send any packet or it's
> base+skew is bigger than that in the remote node those node becomes a
> master and begins to advertise.
> 
> CARP has 2 work queues for "became_master" and "became_backup" events.
> Such events may be easily registered in runtime by external modules.
> One of such event handlers may send netlink message to ct_sync and/or
> userspace daemon which will flush iptables rules, up/down interfaces and
> so on...
> 
> Please review and comment.
> 
> Code against 2.6 attached 
> in next 2 e-mails since netfilter-failover@xxxxxxxxxxxxxxxxxxx doesn't accept
> e-mail greater than 40kb.
> 
> Code also is available at
> http://www.2ka.mipt.ru/~johnpol/carp_latest.tar.gz
-- 
        Evgeniy Polaykov ( s0mbre )

Crash is better than data corruption. -- Art Grabowski

Attachment: carpctl.c
Description: Text Data

Attachment: carp_queue.c
Description: Text Data

Attachment: carp_queue.h
Description: Text Data

Attachment: carp_log.c
Description: Text Data

Attachment: carp_log.h
Description: Text Data

Attachment: Makefile
Description: Text Data

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [2/2] CARP implementation. HA master's failover., Evgeniy Polyakov <=
Previous by Date:  [0/2] CARP implementation. HA master's failover., Evgeniy Polyakov
Next by Date:  Re: kernel-manpage inconsistency, Alexey Toptygin
Previous by Thread:  [0/2] CARP implementation. HA master's failover., Evgeniy Polyakov
Next by Thread:  [PATCH Linux-2.6.8-rc1] prism54 Fix reference to uninitialized pointer, Margit Schubert-While
Indexes:  [Date] [Thread] [Top] [All Lists]