IPv4 Address:-
IPv6 Address:-
Service Provider:-
SSL Information:-
HTTP Protocol:-
Database:-
Web:-
Blog Menu


Search articles:
 

Recent articles (showing 1-10 out of 69):

 
11/Nov/2017
Add Google Authenticator Style 2FA (Two Factor Auth) to FreeBSD SSH
04/Dec/2016
IPsec Encryption Between FreeBSD Hosts
05/Jun/2016
CARP (IPv4 and IPv6) in FreeBSD 10+ (for failover IPs)
01/Jun/2016
Add DKIM Signing to FreeBSD Servers
01/Jun/2016
NetFlow v9 Exporting from FreeBSD routers/firewalls
01/Jun/2016
Link Failover in FreeBSD (without requiring switch configuration)
30/May/2016
OpenVPN Setup in FreeBSD (with NAT for IPv4 and IPv6)
30/May/2016
Using FreeBSD as a Hypervisor (using bhyve and vm-bhyve to manage them)
29/May/2016
Zen Broadband with IPv6 using FreeBSD ppp router
29/May/2016
Link Aggregation/Bonding in FreeBSD using LACP
CARP in FreeBSD (HSRP/VRRP alternative) [24/May/2009]   Alternative to null-routing in FreeBSD (using IPFW)     Partitioning/Formatting disks in FreeBSD (manual method)  

WARNING: This post has been marked as obsolete and may be incorrect. It is kept for archival purposes only. CARP can be used for several things, but I'm going to concentrate on a HSRP/VRRP alternative in this post (having a hot standby on a seperate computer).

To enable CARP support, you need to add the following line in your kernel config file (in /usr/src/sys/<arch>/conf/):

device carp Copy

Once you have built and installed your new kernel, you can configure a CARP interface.  To use carp, you need a non-carp IP on your interface on each computer and then a second shared IP.  For this purpose we will use 192.168.0.1 as the shared IP and 192.168.0.2 as the fixed non-carp IP on the fxp0 interface.

Edit your /etc/rc.conf file as follows:

ifconfig_fxp0="inet 192.168.0.2 netmask 255.255.255.0"

cloned_interfaces="carp0"
ifconfig_carp0="vhid 1 advskew 100 pass p4ssw0rd 192.168.0.1/24" Copy

To explain the carp0 line in more detail...

The vhid contains the virtual interface ID.  There seems to be some confusion online whether this should be identical or different on machines.  Personally, I use the same vhid on primary and backup hosts.

The advskew value specifies which should be primary and backup.  A lower figure is a higher priority so the master should be a lower number than the secondary.

The pass value is the authentication value.  This needs to match between primary and backup machines.  The password is sent plaintext over the interface, so is easily snooped unfortunately.

Finally, the shared IP is listed.  This needs to match an existing subnet on the machine or the carp interface will not be configured.

An example of a backup to the above machine (using 192.168.0.3 as its non-carp IP) would have the following config:

ifconfig_fxp0="inet 192.168.0.3 netmask 255.255.255.0"

cloned_interfaces="carp0"
ifconfig_carp0="vhid 1 advskew 200 pass p4ssw0rd 192.168.0.1/24" Copy

As you can see, it is identical except fxp0 has a different IP, and the advskew is higher making the priority lower.

To check on the status, you run ifconfig carp0 – it should look similar to the following:

carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
        inet 192.168.0.1 netmask 0xffffff00
        carp: MASTER vhid 1 advbase 1 advskew 100 Copy

That should be all you need to configure carp on a FreeBSD machine.

  Alternative to null-routing in FreeBSD (using IPFW)     Partitioning/Formatting disks in FreeBSD (manual method)  
Copyright © 2024 Daniel Austin MBCS.
Proudly hosted using the FreeBSD operating system.
 
E-mail me
PGP Key
E-mail me
▼   MENU   ▼
Home / Index
About Dan
Blog (Tech Hints & Tips)
Login
▼   Logged-in Area   ▼
Logout
Account Management
Mail Control Panel
▼   Useful Tools   ▼
BGP Lookup Tool
DNS Blacklists
Filterlist Generator
IP Information Tool
IP Subnet Calculator
Password Tool
TOR Node List
Website Info Tool
▼   Other Pages   ▼
Amateur Radio (2E0NNX)
Domains for Sale
Donations
Picture Gallery
Webmail Access
LOGGED IN
Login
padlock icon
LOGIN ERROR#123: random error here