HOWTO_Setup_IP_failover_with_UCARP

What is UCARP

"UCARP allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent-free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to the VRRP).

Strong points of the CARP protocol are : very low overhead, cryptographically signed messages, interoperability between different operating systems and no need for any dedicated extra network link between redundant hosts."

Quoted from http://www.ucarp.org/.

UCARP is developed and maintained by Frank Denis.

UCARP (and VRRP) uses a multi-cast address to advertise its availability on the network. This is effectively a heartbeat for other hosts to monitor and when they detect that the active host has died, the passive host will bring up the redundant services.

What's Covered

This HowTo will show you the step to setup a gentoo box with ucarp. For it to be worthwhile you'll need to do these steps on a second box as well! :-)

With a little work UCARP can be setup with DRBD so that you have failover of drive data as well.

UCARP may be used to provide a redundant VPN endpoint by using a virtual interface. For example, given a branch office connected to the main office with an IPsec tunnel where the tunnel is terminated on the branch office's router and unencrypted packets are forwarded to a single IP address, we can bring up that IP address on a redundant host to ensure availability. This is very cool for laptop users: when we plug the laptop in, the VPN terminates on the laptop; remove the laptop and UCARP restores the virtual interface so the VPN terminates on the workstation.

Emerge UCARP

Begin by emerging ucarp

$ emerge ucarp

Create the directory /etc/ucarp

$ mkdir /etc/ucarp

Create Virtual Ip Up Script

Then create the file /etc/ucarp/vip-up.sh

This script is run by ucarp when it determines that the local machine should become the ACTIVE Server. You add additional commands and start services that you may need by adding them to this file.

 
#!/bin/bash
# Copyright 2005 Mike Glenn & Homechicken Software
# Distributed under the terms of the GNU General Public License v2
 
# read in the configuration file
source /etc/conf.d/ucarp 
 
# bring up the virtual interface
$IFCONFIG $INTERFACE $VIRTUAL_ADDRESS netmask $VIRTUAL_NETMASK broadcast $VIRTUAL_BROADCAST

Change the permissions of the file to allow execution

$ chmod 744 /etc/ucarp/vip-up.sh

Create Virtual IP Down Script

Then create the file /etc/ucarp/vip-down.sh

This script is run by ucarp when the local machine becomes the PASSIVE (redundant) server. You can add commands to stop services or unmount partions to this file.

 
#!/bin/bash
# Copyright 2005 Mike Glenn & Homechicken Software
# Distributed under the terms of the GNU General Public License v2
 
# read in the configuration file
source /etc/conf.d/ucarp
 
#
# bring down the virtual interface
$IFCONFIG $INTERFACE down

Change the permissions of the file to allow execution

$ chmod 744 /etc/ucarp/vip-down.sh

Create Conf.d file

Create the file /etc/conf.d/ucarp

 
# Copyright 2005 Mike Glenn & Homechicken Software
# Distributed under the terms of the GNU General Public License v2
 
# Location of the ucarp executable
UCARP_EXEC=/usr/sbin/ucarp
IFCONFIG=/sbin/ifconfig
 
#
# Location of the ucarp pid file
UCARP_PIDFILE=/var/run/ucarp.pid
 
#
# ucarp options
# -z run shudown script on exit
# -P force perferred master
OPTIONS="-z"
 
#
# ucarp base, lower number will be perfered master
# set to same to have master stay alive as long as possible
UCARP_BASE=1
 
#
# Interface for Ipaddress
INTERFACE=eth0:0
 
#
# Instance id
# any number from 1 to 255
# Master and Backup need to be the same
INSTANCE_ID=42
 
#
# Password so servers can trust who they are talking to
PASSWORD=<some_password>
 
#
# The start and stop scripts
START_SCRIPT=/etc/ucarp/vip-up.sh
STOP_SCRIPT=/etc/ucarp/vip-down.sh
 
#
# The Application Address that will failover
VIRTUAL_ADDRESS=<floating_ip_address>
VIRTUAL_BROADCAST=<broadcast_ip>
VIRTUAL_NETMASK=255.255.255.0
 
#
# The Maintanence Address of the local machine
SOURCE_ADDRESS=<local_ip_address>
 
#
# DO NOT EDIT BELOW THIS LINE!
UCARP_OPTS="$OPTIONS -b $UCARP_BASE -i $INTERFACE -v $INSTANCE_ID -p $PASSWORD -u $START_SCRIPT -d $STOP_SCRIPT -a $VIRTUAL_ADDRESS -s $SOURCE_ADDRESS"
  

Create the init.d script

Create the file /etc/init.d/ucarp

 
#!/sbin/runscript
# Copyright 2005 Mike Glenn & Homechicken Software
# Distributed under the terms of the GNU General Public License v2
 
depend() {
       use logger net
}
 
start() {
       ebegin "Starting UCARP"
       start-stop-daemon --start --background --make-pidfile --pidfile ${UCARP_PIDFILE} --quiet --startas ${UCARP_EXEC} -- ${UCARP_OPTS}
       eend $?
}
 
stop()  {
        ebegin "Stopping UCARP"
        start-stop-daemon --stop --pidfile ${UCARP_PIDFILE}
        eend $?
}
  

Change the permissions of the file to allow execution

$ chmod 744 /etc/init.d/ucarp

Add ucarp to default runlevel

Finally add ucarp to start up

# rc-update add ucarp default

Modify IPTABLES

Don't forget to allow traffic to the new virtual interface if you are using a host based firewall.

Add ucarp to hibernate.conf

For laptop users who use the hibernate scripts, the ucarp process will die silently when the underlying network driver modules are removed from the kernel so the start/stop scripts will need to be zapped. To prevent this, add ucarp to the RestartServices line in /etc/hibernate/hibernate.conf

 ### services
 RestartServices ucarp
 # StopServices alsasound
 # StartServices aumix