How To... | Why not..? | Scripts | Patches |
Last updated: 2018-09-26
In this post I show you how to configure carp(4) on virtual machines that run on VMware vSphere. The setup will consist of two VMs running OpenBSD -current. Each VM gets one single vNIC.
As a preparation for this setup I've filled in the required information in the following table:
Information | Value |
---|---|
Shared IP | 192.0.2.10 |
Hostname VM1 | vmone |
Mgmt IP VM1 | 192.0.2.11 |
AdvSkew VM1 | 0 |
Hostname VM2 | vmtwo |
Mgmt IP VM2 | 192.0.2.12 |
AdvSkew | 100 |
VHID | 99 |
Password | SharedSecret |
Subnetmask | 255.255.255.0 |
Domain name | example.net |
The network functionality that VMware vSphere provides for virtual machines comes along with a security policy. Using this policy you can prevent certain networking practices:
Rejecting all three can slightly improve the security in your network. But all three are required if you want to use carp(4). I recommend that you set all three to Accept for the port group your carp(4) interface will be connected to.
VM1 is my designated master and VM2 is the backup. To enforce this
policy you need different values for the parameter advskew
on each VM
and the following sysctl(8) setting:
$ doas sysctl net.inet.carp.preempt=1
Write this setting to /etc/sysctl.conf
. OpenBSD will set the value
automatically during startup.
I will first configure the backup, then the master. On VM2 I create the
file /etc/hostname.carp0
with the following content:
vhid 99 pass SharedSecret carpdev vmx0 advskew 100 192.0.2.10/24
To create and configure the interface you can use /etc/netstart
:
$ doas /bin/sh /etc/netstart
On VM1 the line in /etc/hostname.carp0
looks slightly different:
vhid 99 pass SharedSecret carpdev vmx0 192.0.2.10/24
Reboot both VMs to test the new configuration and make sure you don't have any typos in your config files.
You can look at the carp0
interface using ifconfig(8)
to perform a basic check of the configuration. On my VM2 I get the
following output:
$ ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:53:67:89:ab
index 4 priority 15 llprio 3
carp: BACKUP carpdev vmx0 vhid 99 advbase 1 advskew 100
groups: carp
status: backup
inet 192.0.2.10 netmask 0xffffff00 broadcast 192.0.2.255
On my VM1 the output is slightly different:
$ ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 150
lladdr 00:00:5e:12:34:56
index 4 priority 15 llprio 3
carp: MASTER carpdev vmx0 vhid 81 advbase 1 advskew 0
groups: carp
status: master
inet 192.0.2.10 netmask 0xffffff00 broadcast 192.0.2.255
Your final test should be pinging the carp IP from a third system and shutdown the current master during the pinging. If everything works as expected you should not loose a single echo reply packet.