DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th December 2017
Lexus45 Lexus45 is offline
Port Guard
 
Join Date: May 2010
Location: Kurgan, Russia
Posts: 39
Default CARP

Hello all.

I'm reading the documentation about CARP and can not understand why the theory and the examples differ.

Here is written about the shared virtual IP addres:
Quote:
... This address does not have to be in the same subnet as the IP address on the physical interface (if present)...
But here in the examples we see that carp devices have the IP addresses from the same subnets as corresponding physical devices.
Reply With Quote
  #2   (View Single Post)  
Old 12th December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Each individual NIC in the group can have two addresses: the shared address of the devices in the group, assigned to the carpN device, plus an individual address for the backing device.

In my carp(4) deployments, I've only ever used addresses in the same subnet, primarily to avoid confusing myself. But as stated, this is not a necessity. Their unique "home" addresses do not need to be in the same subnet as their shared address. And they do not even require a unique address on their NICs. For example, they do not need unique addresses if they can be reached individually via a different NIC.

-----

Edited to add:

Having a carpN device and a backing NIC on the same subnet is one of the few cases where two NICs can share the same subnet.

Yes, both the carpN device and the backing device can also have their own IPv4 alias addresses, and each can have its own flight of IPv6 addresses.

Last edited by jggimi; 12th December 2017 at 02:54 PM.
Reply With Quote
  #3   (View Single Post)  
Old 13th December 2017
Lexus45 Lexus45 is offline
Port Guard
 
Join Date: May 2010
Location: Kurgan, Russia
Posts: 39
Default

As usual, thank you for the comprehensive answer.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD CARP/PF nekron99 OpenBSD Security 16 8th November 2011 11:08 PM
CARP Abbass OpenBSD Security 3 13th April 2011 07:22 PM
Clustering with CARP revzalot OpenBSD General 10 17th September 2009 04:44 AM
carp configuration ohhcarp OpenBSD General 3 16th April 2009 10:50 PM


All times are GMT. The time now is 05:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick