[TriLUG] [OT] Firewall recomendations

Magnus magnus at trilug.org
Tue Apr 24 17:34:14 EDT 2007


jason wrote:
> I *think* the openbsd implementation is called CARP?

CARP is OpenBSD's completely unencumbered answer to Cisco's VRRP and HSRP.

More here:
http://www.openbsd.org/faq/pf/carp.html

 From that page:
> CARP is the Common Address Redundancy Protocol. Its primary purpose
> is to allow multiple hosts on the same network segment to share an IP
> address. CARP is a secure, free alternative to the Virtual Router
> Redundancy Protocol (VRRP) and the Hot Standby Router Protocol
> (HSRP).
> 
> CARP works by allowing a group of hosts on the same network segment
> to share an IP address. This group of hosts is referred to as a
> "redundancy group". The redundancy group is assigned an IP address
> that is shared amongst the group members. Within the group, one host
> is designated the "master" and the rest as "backups". The master host
> is the one that currently "holds" the shared IP; it responds to any
> traffic or ARP requests directed towards it. Each host may belong to
> more than one redundancy group at a time.
> 
> One common use for CARP is to create a group of redundant firewalls.
> The virtual IP that is assigned to the redundancy group is configured
> on client machines as the default gateway. In the event that the
> master firewall suffers a failure or is taken offline, the IP will
> move to one of the backup firewalls and service will continue
> unaffected.



-- 
"Showing off is the fool's idea of glory." - Bruce Lee's observations of
people at TriLUG meetings who won't shut up and let the guest speaker talk



More information about the TriLUG mailing list