Hight Network Availability – VRRP || HSRP || CARP ?

Hellow fellow geeks,

Today I ran across this small article titled Using VRRP on Linux improves network availability. It got me curious! The last time I remember hearing about it was around 2002 when I was looking for a way to keep my firewall/router failure-proof.

Briefly VRRP [Virtual Router Redundacy Protocol], HSRP [Hot Standby Router Protocol] and CARP [Common Address Redundancy Protocol] are meant, individually to enable a failover redundancy for firewalls and routers by mainly sharing some kind of virtual MAC address and an IP address between then. This way when your primary firewall/router fails, some other firewall/router (slave) pre-configured will take its place almost transparently.

Not wanting to get into more details on the protocols themselves, I would like to point some stuff to all you sysadmins out there.

VRRPd is compatible, as any standard implementation should be, with other VRRP implementations (i.e. Cisco, Juniper) but as you can see, it has been some time now (4 1/2 years) since the last commit. Is it good? Guess not..

CARP on the other hand is not a standard but an impressive implementation to have in mind. Citing Wikipedia/OpenBSD.org:

As a final note of course, when we petitioned IANA, the IETF body regulating “official” internet protocol numbers, to give us numbers for CARP and pfsync our request was denied. Apparently we had failed to go through an official standards organization. Consequently we were forced to choose a protocol number which would not conflict with anything else of value, and decided to place CARP at IP protocol 112. We also placed pfsync at an open and unused number. We informed IANA of these decisions, but they declined to reply.

The reason for this is that no specification for CARP has ever been written. The closest thing to specifications is the implementation in OpenBSD.

Note that VRRP also uses IP protocol 112, having been assigned it by IANA.

Quick notes:

1) HSRP is a proprietary protocol patented by Cisco;

2) VRRP is the result of an IETF effort that solved some HSRP issues. Still Cisco claims it as its own;

3) CARP is the result of OpenBSD developers effort to implement a protocol like described above, while avoiding problems with Cisco patents. IMHO they are doing a great job!

What matters to me the most is that OpenBSD offers something more than CARP which happens to be packet filtering rules and connection state sharing between CARP’ed machines. More on that on the next post😉

3 thoughts on “Hight Network Availability – VRRP || HSRP || CARP ?

  1. because VRPP is a standard it doesnt need to be updated.

    It does work quite nicly as part of my CCNA semester 4 case study i id a test using HRSP and multiply redunat swicthes

    I could hae used vrpp as its almost identical to HSRP

    Worked nicley though i didn’t work out all the bugs when I simulated a master bridge failure there where some STP issues i didnt have time to work out ( i think it was a case of some options not being turned on by default.

  2. Hi Maurice, thanks for stopping by!
    I disagree with you partially when you say that “because VRRP is a standard it doesn’t need to be updated”. Generally speaking any standard, as any human making is prone to errors and misconceptions.
    Anyway, I just wanted to focus in VRRPd open-source implementation I pointed out. And most of all I wanted to introduce this kind of network concepts so I can get deeper on OpenBSD + CARP + pf (pfsync) in future posts!

    Cheers and once again tks,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s