The Common Address Redundancy Protocol or CARP is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy, especially when used with firewalls and routers. In some configurations CARP can also provide load balancing functionality. It is a free, non patent-encumbered alternative to CISCO’s VRRP, implemented mostly in BSD operating systems.
pfsyncd:
pfsync is a network interface that helps a number of computers running OpenBSD’s pf (packet filter) keep their state tables the same. pfsync can send messages indicating changes, or listen for such changes. pfsync can be configured using ifconfig. pfsync can be used in conjunction with CARP to make sure a backup firewall has the same information as the main firewall.
Example
If there is a single computer running a packet filter, and it goes down, the networks on either side of the packet filter can no longer communicate with each other, or they communicate without any packet filtering. If, however, there are two computers running a packet filter, running CARP, then if one fails, the other will take over, and computers on either side of the packet filter will not be aware of the failure, so operation will continue as normal. In order to make sure the new master operates the same as the old one, pfsyncd is used to synchronize packet filter states.
Principle of redundancy
A group of hosts using CARP is called a “group of redundancy”. The group of redundancy allocates itself an IP address which is shared or divided among the members of the group. Within this group, a host is designated as “Master”. The other members are called “slaves”. The main host is that which “takes” the IP address. It answers any traffic or ARP request brought to the attention of this address. Each host can belong to several groups of redundancy. It should be noted that each host must have a second unique IP address.
A common use of CARP is the creation of a group of redundant firewalls. The virtual IP address allotted to the group of redundancy is indicated as the address of the default router on the computers behind this group of firewalls. If the main firewall breaks down or is disconnected from the network, the virtual IP address will be taken by one of the firewall slaves and the service availability will not be interrupted.