CARP with a single public IP address

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CARP with a single public IP address

Felipe Alfaro Solana
Hi tech,

I've been thinking about this for a while but can't seem to figure out
a proper solution.  Perhaps you have seen an scenario like this before
and have ideas on how to tackle it.

I have two OpenBSD 4.4 boxes configured in active/backup CARP,
connected to an ADSL router. I want to reconfigure the ADSL router an
turn it into a bridge. This way, my public IP address will move from
the ADSL router into the CARP interface and will be shared by both
OpenBSD machines. The ADSL router has a built-in hub where both
OpenBSD machines are plugged into.

While the machine whose CARP interface is in ACTIVE won't have
problems sending and processing traffic, the OpenBSD machine whose
CARP interface is in BACKUP will. The machine whose CARP interface is
in BACKUP will be able to send traffic to the Internet from its public
IP address, but will not be able to process any response, for example
to contact a NTP server: the UDP response from the NTP server will
arrive at both OpenBSD machines (since both are sharing the public IP
address), but the machine whose CARP interface is BACKUP will likely
ignore the NTP response. For TCP is also very similar.

I have no idea how to deploy an scenario like this, while allowing the
machine whose CARP interface is in BACKUP to access the Internet. A
workaround is having the machine whose CARP interface is in BACKUP
have a default route installed pointing to the machine whose CARP
interface is ACTIVE. The problem is the setup is more complex and
requires a way of dynamically adjusting the default route. A possible
solution is using ifstated(8). Is it possible to use OSPF instead?

Thanks in advance!

--
http://www.felipe-alfaro.org/blog/disclaimer/