# CARP and clustering (new concept to me)



## 8bitGlitch (Jan 29, 2021)

So I am looking at building a cluster server solution, and I found CARP. I am not sure if this meets my requirmeents, but I need an idential server, which can fail-over to if the one server goes down. CARP looks like it can do they, but I am not sure. How does it work, does it sync the full (everything) over? does it need like hardware? I am very new and just found it, and not sure what I need to review to understand it more.

Thank you


----------



## SirDice (Jan 30, 2021)

8bitGlitch said:


> How does it work, does it sync the full (everything) over?


CARP doesn't sync anything. It's only IP and has more in common with VRRP. 






						Common Address Redundancy Protocol - Wikipedia
					






					en.wikipedia.org
				











						Chapter 33. Advanced Networking
					

Advanced networking in FreeBSD:  basics of gateways and routes, CARP, how to configure multiple VLANs on FreeBSD, etc




					docs.freebsd.org


----------



## Jose (Jan 30, 2021)

8bitGlitch said:


> So I am looking at building a cluster server solution, and I found CARP. I am not sure if this meets my requirmeents, but I need an idential server, which can fail-over to if the one server goes down. CARP looks like it can do they, but I am not sure. How does it work, does it sync the full (everything) over? does it need like hardware? I am very new and just found it, and not sure what I need to review to understand it more.
> 
> Thank you


CARP is a fiendish hack that both awes with its brilliance and appalls with its utter crockishness. It works by sending gratuitous arp messages to overwrite the record for a host that has failed in clients' ARP caches.

"Similar to other HA protocols, when a CARP node becomes a master it informs the neighboring routers and switches that it has a new MAC* address. It does this by issuing what’s called a gratuitous ARP reply informing all of its “link up” event. This causes the neighbors to update their local arp tables and IP addresses that would originally be sent out the switch port associated with the old master will now exit the switch port for the new master (where the IP address has hopefully been assigned)."








						High Availability VIP Management With ucarp - Rapscallion
					

Learn how to effectively maintain maximum availability during unexpected outages and perform seamless updates on production systems with absolutely no user downtime. All using a secure and well understood protocol.



					rascaldev.io
				




Machines in a CARP redundancy group will broadcast CARP messages at some set intervals. Backup machines will advertise less often than the master. They will become the master if they are advertising the most frequently i.e., the master has stopped advertising.
"When carp first runs, it starts as a backup and listens to the network to determine if it should become the primary. If at any time more than three times the node's advertising interval (defined as the advertising base (seconds) plus a fudge factor, the advertising skew) passes without hearing a peer's CARP advertisement, the node will transition itself to being a primary."








						GitHub - hjr3/carp-rs: carp-rs allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent-free Common Address Redundancy Protocol (CARP, Open
					

carp-rs allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent-free Common Address R...




					github.com
				




One of the limitations of CARP in modern cloud environments is that all the participating hosts must be in the same ARP broadcast domain. The virtualized networking that most cloud providers use doesn't emulate the ARP layer at all. I believe this is the case even for Vmware virtualization.

* The source says "IP address", but that's wrong. ARP maps MAC (hardware addresses) to IP addresses. The whole point of the exercise is to move an IP address from one machine to another. This means the IP address doesn't change, but the MAC address does.


----------



## 8bitGlitch (Jan 30, 2021)

I know VRRP from Routing/switching; however, guess I was a little confused. I thought CARP was more then just VRRP and it allowed for one to build a cluster of machines that synced like a clone copy of a master/primary machine. Thank you all for clarifying.

Yes - even VMware is having that issue with ARP broadcasts that you speak of, and needing more routed connections. I was on a team the other day, which was deploying some new feature in VMWARE (forget what is was maybe NSX... not sure), and VMWARE engineer thought I was joking with him that I have access to a physical Layer 2 connection into my data center to extend layer2 adjacency.

I guess PROXY ARP could sort of get around the ARP issue, but not sure.

You got my MOS6502 @1Mhz distracted with shiny things ++laugh++, sorry I will get back on track.

So CARP is only for VRRP, what solution or concept would I need to review to take a full clone of a Server A to Server B and keep it in sync. Use CARP for the VRRP/HSRP feature for when one interface goes down.

Thank you


----------



## Jose (Jan 30, 2021)

Hey you're welcome! Glad I could help.


8bitGlitch said:


> I guess PROXY ARP could sort of get around the ARP issue, but not sure.


Doubtful. Software-defined networking is the new rage nowadays and the cool kids have no time to worry about crufty old things like ARP.


----------



## 8bitGlitch (Jan 30, 2021)

Jose said:


> Hey you're welcome! Glad I could help.
> 
> Doubtful. Software-defined networking is the new rage nowadays and the cool kids have no time to worry about crufty old things like ARP.


++laugh++ That is true, and all the cool kids want SDN-WAN, but to me it is more of a WEB 2.0 concept (yeah we all know where that went). Policy routes, Qos and ACL have been doing similar concepts for years, but not at a software layer unless you coded hooks into a self-rolled API in C/Tcl depending on vendor; firewalls could do it easier.

But back to proxy arp/nat, the concept would still allow for layer 2 to communication to something beyond the subnet/broadcast domain combined with a NAT, it just gets real messy. I  know in Juniper and Fortigate, the VRRP IP address is bound to a logical MAC address, that is shared between the two units.

I have not played with SDN or SDN-WAN, I want to.... Since I want to be a cool-kid!!! I am half there with my original C64 and C128 still have the original purchase slip from Montgomery WARDS; however, that 50% extra will be reached once i get SDN(WAN) and maybe a Raspberry pi.


Anyway - back to my original question - What would I need or concept wise? Would RSYNC work to just sync data, and not worry about the os? Just use CARP to get the VRRP going? I been running into a lot of BlueHat deployments recently that are use KeepAlived; however I am trying to leave the GPL license for my own item (yuck... poooo poooo).


----------



## Jose (Feb 3, 2021)

Never used keepalived or HA-Proxy. I am suspicious of both of them. Can you use shared storage instead of trying to sync disk blocks? NFS? SAN?


----------



## SirDice (Feb 3, 2021)

HAProxy is great for load-balancing and failover of web based applications. CARP plus two HAProxy hosts and a bunch of web server backends does the job for us. The webservers are maintained with Puppet to make them all the same (and easily reinstalled and configured from the ground up). Data is mostly locked in databases so there's very little file data to share. The websites themselves are deployed from a master server to each server individually, there are various tools you could use for that (Jenkins is quite common for example). 

It really depends on what your definition of a "cluster" is and what it's supposed to do. In the strictest sense our setup isn't a cluster. It's just a collection of servers carefully orchestrated to provide high availability for a bunch of websites. 



8bitGlitch said:


> You got my MOS6502 @1Mhz distracted with shiny things





8bitGlitch said:


> I am half there with my original C64 and C128 still have the original purchase slip from Montgomery WARDS;


Totally off-topic but you might like to know I have 2 C64's (old bread bin model and newer C model), a C128D, an SX-64 (missing keyboard unfortunately), an Amiga 500, 1200 and 4000. I'm currently building my own SBC based on a W65C02 and one based on the W65C816, Western Design Center still manufactures them. Including the 6551 ACIA and 6522 VIA.


----------

