I was researching next week’s OpenBSD talk and thought “You know, I ought to tell the story about VRRP, CARP, and Cisco. That’s a good one, and it illustrates how the OpenBSD community works and thinks.” It’s been ten years, so I decided to do some research to make sure I had my facts straight.
And I came across the Cisco Nexus 1000V manual. This big and mighty Cisco switch… supports CARP.
This is absolutely hilarious. I laughed so much my sides hurt.
Some of you younger folks are probably wondering what the big deal is. Well…
Back in the late 1990s, Cisco came up with the Virtual Router Redundancy Protocol (VRRP), using some of the lessons of their Hot Standby Router Protocol (HSRP). This was a quick-acting router failover protocol. If one router died, a second would notice and automatically take over for it. VRRP isn’t rocket surgery, it’s just that Cisco’s hardware could now support it and the market demanded it. Fair enough.
But then Cisco patented VRRP.
Cisco announced that anyone could implement VRRP, so long as they didn’t sue Cisco over it. Cisco wanted to offer something to the world, and didn’t want it to come back and bite them. Again, fair enough. Perfectly sensible from Cisco’s perspective.
The OpenBSD folks wanted router redundancy, too. And they wanted it in the base system. But Cisco’s licensing terms were a problem.
The modern BSD license boils down to:
1) Keep our copyright notice on this code
2) Don’t sue us if it breaks
There’s nothing in there about “And don’t sue Cisco if something breaks.” Specifically, the code can be used for any purpose, including suing Cisco. Mind you, you’d have a pretty hard time using OpenBSD code to sue Cisco, but the license doesn’t prohibit it.
So, while the VRRP patent terms were fine for Cisco, they weren’t acceptable under the BSD license.
And the OpenBSD devs wanted redundancy.
What to do? Go off and write your own protocol, the Common Address Redundancy Protocol (CARP). Make it different from VRRP. Field-test the protocol, using your legions of willing lackeys — er, devoted userbase. Make CARP not only a usable replacement for VRRP, but inherently better and stronger. Put the protocol under the BSD license, and give the protocol and code away.
This caused something of a kerfuffle at the time. Ugly accusations flew around. “It’s a VRRP knock-off!” “No, it’s a different protocol!” Great big reams of email were written about the whole thing.
The OpenBSD folks applied to IANA for a protocol number. IANA rejected the application, telling them to use VRRP instead. VRRP was assigned protocol 112. So OpenBSD used protocol 112 for CARP. And putting CARP hosts on a network with Cisco VRRP hosts made Cisco routers crash. The Cisco stack wasn’t robust enough to handle strange packets on the network. Cisco updated their hardware to survive seeing a lone CARP packet.
This escalated the kerfuffle into industry news. You’d see articles in all kinds of industry magazines about OpenBSD versus Cisco.
The OpenBSD folks responded by doing a CARP/VRRP-themed 3.5 release, complete with a Monty Python parody (lyrics, MP3).
And in the end of it all… everyone shut up. Other people started implementing CARP. Because it’s a solid, respectable redundancy protocol. You can get CARP from FreeBSD, Linux, Solaris, and a whole bunch of other vendors…
…including Ciso.
I had plans for today, but I’m too busy laughing. And then I need to go watch some Monty Python.
LIKE! 🙂
Well to point, the Nexus 1000v is really not a “big and mighty Cisco switch” per say. The V in 1000v stands for virtual and that is all it is. It is a software switch that replaces the vswitch in VMware or HyperV to give you Cisco single pained management of your network with the rest of your network gear. Now if they added support to all IOS or NXOS devices, then I will really be impressed…
That should have read just the “big and mighty Cisco supports carp”. Those of use that recall the whole fiasco get a good laugh of it either way.
Jason, you are correct. Mea culpa.
I got this confused with another Cisco switch with a whole bunch of zeroes in the name.
That is okay Michael. You know I have been humming that song since I started reading this post and cannot get it out of my head. Its like going to Disneyland getting it’s a small world stuck…
Awesome and thank you for sharing!
Yes, that was a long time ago now. Longer ago for Cisco than for *our* side though.
I can’t see to find it online, but didn’t they call either CARP developers or IP “pirates” in general “terrorists” post-USA PATRIOT Act?
@ George, controlling mongers always point a finger when you don’t follow their lead. Cisco has the control freak attitude! Great news is, they can’t seem to code brilliance like our fantastic OpenBSD developers. Long live CARP!