|
Hello,
* The CARP protocol is address family independent. The OpenBSD
implementation supports both IPv4 and IPv6, as a transport for the CARP
packets as well as common addresses to be shared.
* CARP has an "arpbalance" feature that allows multiple hosts to
share a single IP address simultaneously; in this configuration, there
is a virtual MAC address for each host, but only one IP address.
Alex, how about using this proxy_arp + Julian's 2.6.x arp patches?
ya, a good solution too would be to mangle traffic pre/post routing that
way we will have lot of VMAC for any number of VIP we may want. I am
working hardly currently on such a things, but I have a post-routing
trouble right now. But will have some things ready soon I hope ! real VMAC
support :) (heu... I am trying to do it so :)).
* CARP uses a cryptographically strong SHA-1 HMAC to protect each
advertisement.
This is pseudo-security but would be extremely easy to implement with the
current crypto-API in the 2.6.x kernels.
VRRP in Keepalived too...
And digging around in the OpenBSD CVS:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.c
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.h
Alex already solved the TODO list from what I can gather :). Looking at it
however it might be a rather big port. The Linux kernel has a different
notion of distinguishing between IPv4/IPv5/IPv6. And the crypto stuff
would actually be callbacks instead of this implementation.
Those two things already render the whole thing a smallish nightmare to
sync with *BSD.
The thing for CARP is to have a short paper SPECS :) Keepalived libs can
offer quite quick implementation of CARP, but we NEED a small specs or
differences between VRRP and CARP. I have been discussing this with Ryan
McBride from openbsd, we exchanged some quick thought, but not find enought
time, need to dig in the CARP FSM to investigate differences. But this can
be trivial port (hmm... if enought time).
Best regards,
Alexandre
|
