jedisct1/UCarp jedisct1/UCarp

  • This repository has been archived on 24/Apr/2019
  • Stars
    star
    170
  • Rank 223,357 (Top 5 %)
  • Language M4
  • License
    Other
  • Created almost 14 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
jedisct1/UCarp
github

jedisct1

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

UCARP allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent-free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to the patents-bloated VRRP). 
                                 .:. UCARP .:.
                        Documentation for version 1.5.2


           ------------------------ BLURB ------------------------


UCARP allows a couple of hosts to share common virtual IP addresses in order
to provide automatic failover. It is a portable userland implementation of the
secure and patent-free Common Address Redundancy Protocol (CARP, OpenBSD's
alternative to the patents-bloated VRRP).

Strong points of the CARP protocol are: very low overhead, cryptographically
signed messages, interoperability between different operating systems and no
need for any dedicated extra network link between redundant hosts.


        ------------------------ COMPILATION ------------------------


libpcap (http://www.tcpdump.org/) must be installed on your system, with
development files (headers).

Then, follow the boring traditional procedure:

./configure
make install-strip

For details, have a look at the INSTALL file.

The software has been successfully tested on Linux 2.4, Linux 2.6, MacOS X,
OpenBSD, MirBSD and NetBSD.


        ------------------------ REQUIREMENTS ------------------------


A couple of virtual hosts must be given:

- A shared virtual IP, which will be dynamically answered by one alive host.
Services that need high availability need to be assigned to that virtual IP.

- A real IP address for each host.

- A shared identifier for the virtual IP address, which is a number between 1
and 255.

- For each host : an advertisement interval, comprised of a base and skew value, 
which is the frequency the host will tell the other one that it's still alive. 
By default, base is 1 and skew is 0, which basically means one advertisement a 
second. The protocol is very light, a tiny packet every second won't have any 
noticeable impact on your network.

- A shared password (that will never go plaintext to the network).

- A script to bring the virtual address up when a host becomes the master.

- Another script to bring the virtual address down when a host is no more the
master.


            ------------------------ USAGE ------------------------


The server will usually be installed as : /usr/local/sbin/ucarp
Everything is driven through command-line options.
In order to see the list of available options, try : /usr/local/sbin/ucarp -h

Better than a long technical discussion, here's a real-life setup example.

Your company has an internal mail relay whose IP address is 10.1.1.252. Every
user has configured his mail client with that host or IP address and the
service must always be up and running without having to reconfigure every 
user's mail client in case of a failure.

Instead of assigning 10.1.1.252 to a particular mail server, you decide
to use ucarp to allow two hosts to share this IP address.  Of course,
only one server can answer for this address at a time, while the other
sits idle.  However the other server will automatically become active in
case the first one fails.  Thus you're providing a simple but powerful
IP failover solution.

So you set up two mail servers hosts with an identical configuration.
Their real IP addresses are 10.1.1.1 and 10.1.1.2.

First, we will create a script that brings the virtual IP address up. Let's
save that file as /etc/vip-up.sh :

#! /bin/sh
/sbin/ip addr add 10.1.1.252/24 dev eth0

Now another script to bring it down, /etc/vip-down.sh :

#! /bin/sh
/sbin/ip addr del 10.1.1.252/24 dev eth0

Of course, anything can go in these scripts. For instance, you may want to add
routes, to add something to log files or to send mail. And last, but not
least, you can use a script that will connect to your switches and flush their
ARP cache. Some users reported that transitions were way faster when also
switching MAC addresses.

The called scripts are passed arguments, in this order:

<interface name> <virtual address> <optional extra parameter>

For instance, as the is passed as the first argument to the called scripts,
feel free to replace "eth0" with "$1" and 10.1.1.252 by "$2" in the previous
examples.

Don't forget to make those files executable :

chmod +x /etc/vip-up.sh /etc/vip-down.sh

Right. What we need now is an identifier for the virtual IP. Let's take "42".
And we also need a password. Let's take "love".

Now, on the first host (whoose real IP is 10.1.1.1), run :

/usr/local/sbin/ucarp -v 42 -p love -a 10.1.1.252 -s 10.1.1.1 &

On the second host, whose real IP is 10.1.1.2, run :

/usr/local/sbin/ucarp -v 42 -p love -a 10.1.1.252 -s 10.1.1.2 &

You should see that one of those hosts quickly becomes the master, and the
other one the backup. Related scripts are spawned on change.

Now unplug the master. After a few seconds, the other host becomes the new
master.


------------------------ MULTICAST IP SELECTION -------------------------

The '--vhid' virtual IP identifier field only is only eight bits, providing up
to 255 different virtual IPs on the same multicast group IP. For larger
deployments, and more flexibility in allocation, ucarp can optionally use a
different multicast IP. By default, ucarp will send/listen on 224.0.0.18, which
is the assigned IP for VRRP. If you want to use a different address, use the
'--mcast' option. Consult the available multicast addresses before deciding
which to use.

http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xml
http://tools.ietf.org/html/rfc5771
http://tools.ietf.org/html/rfc2365

Addresses within 239.192.0.0/14 should be most appropriate.

If ucarp isn't working on a different IP, check that your networking gear is
set up to handle it. tcpdump on each host can be handy for diagnosis:

tcpdump -n 'net 224.0.0.0/4'


------------------------ MASTER ELECTION PROCESS ------------------------


When ucarp first runs, it starts as a backup and listens to the network
to determine if it should become the master.  If at any time more than
three times the node's advertising interval (defined as the advertising
base (seconds) plus a fudge factor, the advertising skew) passes without
hearing a peer's CARP advertisement, the node will transition itself to
being a master.

Transitioning from backup to master means:
1. running the specified up script to assign the vip to the local system
2. sending a gratuitous arp to the network to claim the vip
3. continuously sending CARP advertisements to the network every interval.

Transitioning from master to backup means:
1. running the specified down script to remove the vip from the local system

To understand how ucarp works, it's important to note that the
advertisement interval is not only used as the time in between which
each CARP advertisement is sent by the master, but also as a priority
mechanism where shorter (i.e. more frequent) is better.  The interval
base and skew values are stored in the CARP advertisement and are used
by other nodes to make certain decisions.

By default, once a node becomes the master, it will continue on
indefinitely as the master.  If you like/want/need this behavior, or don't
have a preferred master, then choose the same interval on all hosts.
If for whatever reason you were to choose different intervals on the
hosts, then over time the one with the shortest interval would tend to
become the master as machines are rebooted, after failures, etc.

Also of note is a conflict resolution algorithm that in case a master
hears another, equal (in terms of its advertised interval) master, the
one with the lower IP address will remain master and the other will
immediately demote itself.  This is simply to eliminate flapping and
quickly determine who should remain master.  This situation should not
happen very often but it can.

If you want a "preferred" master to always be the master (even if another
host is already the master), add the preempt switch (--preempt or -P) and
assign a shorter interval via the advertisement base (--advbase or -b) and
skew (--advskew or -k).  This will cause the preferred node to ignore a
master who is advertising a longer interval and promote itself to master.
The old master will quickly hear the preferred node advertising a shorter
interval and immediately demote itself.

In summary, a backup will become master if:
- no one else advertises for 3 times its own advertisement interval
- you specified --preempt and it hears a master with a longer interval

and a master will become backup if:
- another master advertises a shorter interval
- another master advertises the same interval, and has a lower IP address


      ------------------------ OTHER NOTES ------------------------


Specify the --neutral (-n) switch for ucarp to not run the downscript
at startup.

--shutdown (-z) will run the downscript at exit, unless ucarp is already in
the backup state. 

The "dead ratio" (--deadratio=...) knob basically changes how long a backup
server will wait for an unresponsive master before considering it as dead, and
becoming the new master. In the original protocol, the ratio is 3. This is
also the default when this command-line switch is missing.

Notices are sent both to stderr/stdout and to the syslog daemon (with the
"daemon" facility) by default. stderr/stdout are bypassed if the daemon is
started in background (--daemonize). Facilities can be changed with the
--syslog switch. Use --syslog=none to disable syslog logging, for instance if
prefer using something like multilog.

You can send the ucarp process a SIGUSR1 to have it log a status line to syslog, 
like:
Jan  7 17:38:22 localhost ucarp[6103]: [INFO] BACKUP on eth0 id 198

You can send the ucarp process a SIGUSR2 to have it demote itself from
master to backup, pause 3 seconds, then proceed as usual to listen for
other masters and promote itself if necessary.  This could be useful if
you wish another node to take over master.

--ignoreifstate (-S) option tells ucarp to ignore unplugged network cable. It 
is useful when you connect ucarp nodes with a crossover patch cord (not via a 
hub or a switch). Without this option the node in MASTER state will switch to
BACKUP state when the other node is powered down, because network interface 
shows that cable is unplugged (NO-CARRIER). Some network interface drivers 
don't support NO-CARRIER feature, and this option is not needed for these 
network cards. The card that definitely supports this feature is Realtek 8139.


        ------------------------ TRANSLATIONS ------------------------


UCARP can speak your native language through gettext / libintl.
If you want to translate the software, have a look at the po/ directory.
Copy the ucarp.pot file to <your locale name>.po and use software like Kbabel
or Emacs to update the file.
Better use use your local charset than UTF-8.

More Repositories

1

libsodium

A modern, portable, easy to use crypto library.
C
12,131
star
2

dsvpn

A Dead Simple VPN.
C
5,068
star
3

piknik

Copy/paste anything over the network.
Go
2,342
star
4

minisign

A dead simple tool to sign files and verify digital signatures.
C
1,856
star
5

libsodium.js

libsodium compiled to Webassembly and pure JavaScript, with convenient wrappers.
HTML
899
star
6

libhydrogen

A lightweight, secure, easy-to-use crypto library suitable for constrained environments.
C
599
star
7

pure-ftpd

Pure FTP server
C
589
star
8

libsodium-php

The PHP extension for libsodium.
C
546
star
9

swift-sodium

Safe and easy to use crypto for iOS and macOS
C
518
star
10

edgedns

A high performance DNS cache designed for Content Delivery Networks
Rust
490
star
11

libpuzzle

A library to quickly find visually similar images
C
262
star
12

iptoasn-webservice

Web service to map IP addresses to AS information, using iptoasn.com
Rust
254
star
13

dnsblast

A simple and stupid load testing tool for DNS resolvers
C
233
star
14

as-wasi

An AssemblyScript API layer for WASI system calls.
TypeScript
232
star
15

rust-jwt-simple

A secure, standard-conformant, easy to use JWT implementation for Rust.
Rust
222
star
16

wasm-crypto

A WebAssembly (via AssemblyScript) set of cryptographic primitives for building authentication and key exchange protocols.
TypeScript
214
star
17

rust-bloom-filter

A fast Bloom filter implementation in Rust
Rust
187
star
18

encpipe

The dum^H^H^Hsimplest encryption tool in the world.
C
182
star
19

Pincaster

A fast persistent nosql database with a HTTP/JSON interface, not only for geographical data.
C
171
star
20

blacknurse

BlackNurse attack PoC
C
170
star
21

libsodium-doc

Gitbook documentation for libsodium
Shell
166
star
22

bitbar-dnscrypt-proxy-switcher

BitBar plugin to control dnscrypt-proxy usage
Shell
148
star
23

charm

A really tiny crypto library.
C
148
star
24

witx-codegen

WITX code and documentation generator for AssemblyScript, Zig, Rust and more.
Rust
134
star
25

siphash-js

A Javascript implementation of SipHash-2-4
JavaScript
122
star
26

rust-ed25519-compact

Small, wasm-friendly, zero-dependencies Ed25519 and X25519 implementation for Rust.
Rust
120
star
27

rsign2

A command-line tool to sign files and verify signatures in pure Rust.
Rust
112
star
28

go-minisign

Minisign verification library for Golang.
Go
103
star
29

rust-nats

A simple NATS client library for Rust
Rust
102
star
30

zigly

The easiest way to write services for Fastly's Compute@Edge in Zig.
Zig
84
star
31

was-not-wasm

A hostile memory allocator to make WebAssembly applications more predictable.
Rust
81
star
32

webassembly-benchmarks

Libsodium WebAssembly benchmarks results.
79
star
33

rust-minisign

A pure Rust implementation of the Minisign signature tool.
Rust
78
star
34

zig-charm

A Zig version of the Charm crypto library.
Zig
74
star
35

rust-ffmpeg-wasi

ffmpeg 7 libraries precompiled for WebAsembly/WASI, as a Rust crate.
Rust
67
star
36

openssl-wasm

OpenSSL 3 compiled for WebAssembly/WASI (up-to-date, maintained)
C
66
star
37

rust-sthash

Very fast cryptographic hashing for large messages.
Rust
65
star
38

vtun

A mirror of VTUN, with some changes
C
63
star
39

iptrap

A simple, but damn fast sinkhole
Rust
62
star
40

boringssl-wasm

BoringSSL for WebAssembly/WASI
Zig
59
star
41

libsodium-signcryption

Signcryption using libsodium.
C
59
star
42

wasmsign

A tool to add and verify digital signatures to/from WASM binaries
Rust
56
star
43

libaegis

Portable C implementations of the AEGIS family of high-performance authenticated encryption algorithms.
C
56
star
44

blobcrypt

Authenticated encryption for streams and arbitrary large files using libsodium
C
54
star
45

rust-coarsetime

Time and duration crate optimized for speed
Rust
52
star
46

zig-minisign

Minisign reimplemented in Zig.
Zig
50
star
47

rust-siphash

SipHash (2-4, 1-3 + 128 bit variant) implementations for Rust
Rust
48
star
48

6Jack

A framework for analyzing/testing/fuzzing network applications.
C
46
star
49

rust-hyperloglog

A HyperLogLog implementation in Rust.
Rust
46
star
50

libchloride

Networking layer for libsodium, based on CurveCP
C
44
star
51

rust-qptrie

A qp-trie implementation in Rust
Rust
42
star
52

minicsv

A tiny, fast, simple, single-file, BSD-licensed CSV parsing library in C.
C
39
star
53

spake2-ee

A SPAKE2+ Elligator Edition implementation for libsodium 1.0.16+
C
36
star
54

massresolver

Mass DNS resolution tool
C
36
star
55

cpace

A CPace PAKE implementation using libsodium.
C
35
star
56

aegis-X

The AEGIS-128X and AEGIS-256X high performance ciphers.
Zig
34
star
57

rust-privdrop

A simple Rust crate to drop privileges
Rust
34
star
58

PureDB

PureDB is a portable and tiny set of libraries for creating and reading constant databases.
C
33
star
59

libclang_rt.builtins-wasm32.a

The missing libclang_rt.builtins-wasm32.a file to compile to WebAssembly.
32
star
60

c-ipcrypt

ipcrypt implementation in C
C
31
star
61

rust-dnsclient

A simple and secure DNS client crate for Rust.
Rust
29
star
62

rust-xoodyak

Xoodyak, a lightweight and versatile cryptographic scheme implemented in Rust.
Rust
29
star
63

fastly-terrarium-examples

Example code you can run in Fastly Terrarium: https://www.fastlylabs.com/
C
28
star
64

libsodium-xchacha20-siv

Deterministic/nonce-reuse resistant authenticated encryption scheme using XChaCha20, implemented on libsodium.
C
28
star
65

rust-geoip

GeoIP bindings for Rust
Rust
28
star
66

rust-minisign-verify

A small Rust crate to verify Minisign signatures.
Rust
27
star
67

whatsmyresolver

A tiny DNS server that returns the client (resolver) IP
Go
26
star
68

libsodium-sys-stable

Sodiumoxide's libsodium-sys crate, but that installs stable versions of libsodium.
Rust
26
star
69

spritz

A C implementation of Spritz, a spongy RC4-like stream cipher and hash function.
C
25
star
70

metrohash-c

C version of the MetroHash function
C
25
star
71

rust-hmac-sha256

A small, self-contained SHA256 and HMAC-SHA256 implementation.
Rust
25
star
72

rust-cpace

A Rust implementation of CPace, a balanced PAKE.
Rust
25
star
73

rust-clockpro-cache

CLOCK-Pro cache replacement algorithm for Rust
Rust
24
star
74

rust-blind-rsa-signatures

RSA blind signatures in Rust
Rust
24
star
75

PHP-OAuth2-Provider

Skyrock OAuth2 server
PHP
23
star
76

rust-aegis

AEGIS high performance ciphers for Rust.
Rust
23
star
77

system-tuning-for-crypto

System tuning recommendations for running cryptographic applications
23
star
78

hashseq

A simple proof of work, mainly designed to mitigate DDoS attacks.
C
23
star
79

dnssector

A DNS library for Rust.
Rust
23
star
80

openssl-family-bench

A quick benchmark of {Open,Libre,Boring}SSL
C
23
star
81

randen-rng

A port of the Google Randen fast backtracking-resistant random generator to the C language.
C
21
star
82

Blogbench

A filesystem benchmark tool that simulates a realistic load
C
21
star
83

vue-dnsstamp

DNS Stamp calculator component for VueJS
Vue
21
star
84

supercop

Always up-to-date mirror of the SUPERCOP cryptographic benchmark.
C
21
star
85

yaifo

YAIFO [remote OpenBSD installer] for OpenBSD-current
Shell
21
star
86

ratelimit

Plug-and-play IP rate limiter in C
C
21
star
87

draft-aegis-aead

The AEGIS cipher family - Draft.
20
star
88

go-hpke-compact

A small and easy to use HPKE implementation in Go.
Go
20
star
89

ipgrep

Extract, defang, resolve names and IPs from text
Python
20
star
90

zig-rocca-s

An implementation of the ROCCA-S encryption scheme.
Zig
19
star
91

Simple-Comet-Server

HTTP long-polling server and javascript client library.
Python
19
star
92

simpira384

An AES-based 384 bit permutation.
C
18
star
93

PHP-WebDAV-extension

The PHP WebDAV extension allows easy access to remote resources with PHP through the DAV protocol.
Shell
18
star
94

nonce-extension

Make AES-GCM safe to use with random nonces, for any practical number of messages.
Rust
17
star
95

rust-sealed_box

Sealed boxes implementation for Rust/WebAssembly.
Rust
16
star
96

zig-eddsa-key-blinding

A Zig implementation of EdDSA signatures with blind keys.
Zig
16
star
97

c-blind-rsa-signatures

Blind RSA signatures for OpenSSL/BoringSSL.
C
16
star
98

aes-torture

A software AES implementation to torture code generators.
C
16
star
99

js-base64-ct

Safe Base64 encoding/decoding in pure JavaScript.
TypeScript
16
star
100

rust-aes-wasm

Fast(er) AES-based constructions for WebAssembly and Rust.
Rust
16
star