| version 1.29, 2004/02/13 07:14:51 |
version 1.30, 2004/03/24 07:38:36 |
|
|
| <p> |
<p> |
| <h3> |
<h3> |
| <ul> |
<ul> |
| |
<li><a href="#35">3.5: "CARP License" and "Redundancy must be free"</a> |
| <li><a href="#34">3.4: "The Legend of Puffy Hood"</a> |
<li><a href="#34">3.4: "The Legend of Puffy Hood"</a> |
| <li><a href="#33">3.3: "Puff the Barbarian"</a> |
<li><a href="#33">3.3: "Puff the Barbarian"</a> |
| <li><a href="#32">3.2: "Goldflipper"</a> |
<li><a href="#32">3.2: "Goldflipper"</a> |
|
|
| </ul> |
</ul> |
| </h3> |
</h3> |
| <p> |
<p> |
| |
|
| |
<hr> |
| |
<a name=35></a> |
| |
<h2><font color="#00b000">3.5: "CARP License" and "Redundancy must be free"</font></h2> |
| |
<table border=0 cellspacing=0 cellpadding=2 width="100%"> |
| |
<tr> |
| |
<td valign="top" width="28%"> |
| |
OpenBSD 3.5 CD2 track 2 is an<br> |
| |
uncompressed copy of this skit & song.<br> |
| |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/songs/song35.mp3">MP3 version of song (3.5 minutes, 7.0MB)</a><br> |
| |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/songs/song35.ogg">OGG version of song (3.5 minutes, 5.1MB)</a><br> |
| |
<br> |
| |
<br> |
| |
<a href="images/Carp.gif"><img alt="CARP" src="images/Carp.gif"></a> |
| |
<br> |
| |
<br> |
| |
<em> |
| |
A common theme used by the comedy crew Monty Python was to emphasize |
| |
and exaggerate ridiculousnesses that their target had imposed upon |
| |
themselves. Few things could be considered as humorous as making a |
| |
redundancy protocol... redundant; e.g. being forced to replace it by |
| |
Cisco lawyers and IETF policy. |
| |
<p> |
| |
We've been working a few years now on our packet filtering software |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> |
| |
and it became time to add failover. We want to be able to set up pf |
| |
firewalls side by side, and exchange the stateful information between |
| |
them, so that in case of failure another could take over 'keep state' |
| |
sessions. Our |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> |
| |
protocol solves this problem. However, on both sides of the firewall, |
| |
it is also necessary to have all the regular hosts not see a |
| |
network failure. The only reliable way to do this is for both |
| |
firewall machines to have and use the same IP and MAC addresses. But |
| |
the only real way to do that is to use multicast protocols. |
| |
<p> |
| |
The IETF community proposed work in this direction in the late |
| |
90's, however in 1997 Cisco informed them that they believed some of |
| |
Cisco's patents covered the proposed IETF VRRP (Virtual Router |
| |
Redundancy Protocol); on |
| |
<a href="http://www.ietf.org/ietf/IPR/VRRP-CISCO"> |
| |
March 20, 1998 they went further and specifically named their HSRP |
| |
"Hot Standby Router Protocol" patent</a>. Reputedly, they were upset |
| |
that IETF had not simply adopted the flawed HSRP protocol as the |
| |
standard solution for this problem. Despite this legal pressure, the |
| |
IETF community forged ahead and published VRRP as a standard even |
| |
though there was a patent in the space. Why? |
| |
<a href="http://www.cs-ipv6.lancs.ac.uk/ipv6/documents/standards/general-comms/ietf/vrrp/vrrp-minutes-97dec.txt"> |
| |
There was much deliberation</a> |
| |
at all levels of the IETF, and unfortunately for all of us the |
| |
politicians within eventually decided to allow patented technology in |
| |
standards -- as long as the patented technology is licensed under RAND |
| |
(Reasonable And Non Discriminatory) terms. As free software |
| |
programmers, we therefore find ourselves in the position that these |
| |
RAND standards must not be implemented by us, and we must deviate from |
| |
the standard. We find all this rather Unreasonable and Discriminatory |
| |
and we *will* design competing protocols. Some standards organization, |
| |
eh? |
| |
<p> |
| |
Due to some HSRP flaws fixed by VRRP and for compatibility with the |
| |
(HSRP-licensed) VRRP implementations of their competitors, Cisco in |
| |
recent times has largely abandoned HSRP and now relies on VRRP instead |
| |
-- a protocol designed for and by the community, but for which they |
| |
claim patent rights. |
| |
<p> |
| |
On August 7 2002, after many communications, Robert Barr (Cisco's |
| |
lawyer) firmly informed the OpenBSD community that Cisco would defend |
| |
its patents for VRRP implementations -- meaning basically that it was |
| |
impossible for a free software group to produce a truly free |
| |
implementation of the IETF standard protocol. Perhaps this is because |
| |
Cisco and Alcatel are currently engaged in a pair of patent lawsuits; a |
| |
small piece of which is Cisco attempting to use the HSRP patent |
| |
against Alcatel for their use of VRRP. Some IETF working group |
| |
members took note of our complaints, |
| |
<a href="http://lists.microshaft.org/pipermail/dmca_discuss/2003-April/004702.html"> |
| |
however an attempt in April 2003 to have the IETF abandon the use of |
| |
patented technology failed to "reach consensus" in the IETF</a>. |
| |
<p> |
| |
A few years ago, the W3C, who designs our web protocols, tried to move |
| |
to a RAND policy as well (primarily because of pressure from Microsoft |
| |
and Apple), but the community outrage was so overpowering that they |
| |
backed down. Some standards groups use this policy, while others |
| |
avoid it -- the one differentiation being the amount of corporate |
| |
participation. In the IETF, the pro-RAND agents work for AT&T, |
| |
Alcatel, IBM, Cisco, Microsoft, and other large companies. Since IETF |
| |
is an open forum, they can blend in as the populace, and vote just |
| |
like all others, except against the community. |
| |
<p> |
| |
Translation: In failing to "reach consensus", the companies who |
| |
benefit from RAND won, and the community lost again. |
| |
<p> |
| |
Left with little choice, we proceeded to reinvent the wheel or, more |
| |
correctly, abandon the wheel entirely and go for a "hovercraft". We |
| |
designed CARP (Common Address Redundancy Protocol) to solve the same |
| |
problem that these other protocols are designed for, but without the |
| |
same technological basis as HSRP and VRRP. We read the patent |
| |
document carefully and ensured that CARP was fundamentally different. |
| |
We also avoided many of the flaws in HSRP and VRRP (such as an inherent |
| |
lack of security). And since we are OpenBSD developers, we designed |
| |
it to use cryptography. |
| |
<p> |
| |
The combination of |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, and |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> |
| |
has permitted us to build highly redundant firewalls. To date, we |
| |
have built a few networks that include as many as 4 firewalls, all |
| |
running random reboot cycles. As long as one firewall is alive in a |
| |
group, traffic through them moves smoothly and correctly for all of |
| |
our packet filter functionality. Cisco's low end products are unable |
| |
to do this reliably, and if they have high end products which can do |
| |
this, you most certainly cannot afford them. |
| |
<p> |
| |
As a final note of course, when we petitioned IANA, the IETF body |
| |
regulating "official" internet protocol numbers, to give us numbers |
| |
for CARP and pfsync our request was denied. Apparently we had failed |
| |
to go through an official standards organization. Consequently we |
| |
were forced to choose a protocol number which would not conflict with |
| |
anything else of value, and decided to place CARP at IP protocol 112. |
| |
We also placed pfsync at an open and unused number. We informed IANA of |
| |
these decisions, but they declined to reply. |
| |
<p> |
| |
This ridiculous situation then inspired one of our developers to create |
| |
this parody of the well-known Monty Python skit and song. |
| |
<br> |
| |
</em> |
| |
</td><td valign="top" width="3%"> |
| |
<br> |
| |
</td><td valign=top width="33%"> |
| |
<br> |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Hello, I would like to buy a CARP license please. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
A what? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
A license for my network redundancy protocol, CARP. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Well, it's free isn't it? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Exactly, the protocol's name is CARP. CARP the redundancy protocol. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
What? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
He is an.... redundancy protocol. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
CARP is a free redundancy protocol! |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Yes, I chose it out of three, I didn't like the others, |
| |
they were all too... encumbered. And now I must license it! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
You must be a looney. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
I am not a looney! Why should I be tied with the epithet looney merely |
| |
because I wish to protect my redundancy protocol? I've heard tell |
| |
that Network Associates has a pet algorithm called RSA used in IETF |
| |
standards, and you wouldn't call them a looney; Geoworks has a claim |
| |
on WAP, after what their lawyers do to you if you try to implement it. |
| |
Cisco has two redundant patents, both encumbered, and Cadtrack has a |
| |
patent on cursor movement! So, if you're calling the large American |
| |
companies that fork out millions of dollars for the use of XOR a |
| |
bunch of looneys, I shall have to ask you to step outside! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Alright, alright, alright. A license. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Yes. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
For a free redundancy protocol? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Yes. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
You are a looney. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Look, it allows for bleeding redundancy doesn't it? Cisco's got a |
| |
patent for the HSRP, and I've got to get a license for me router |
| |
VRRP. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
You don't need a license for your VRRP. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
I bleeding well do and I got one. It can't be called VRRP without it |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
There's no such thing as a bloody VRRP license. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Yes there is! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Isn't! |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Is! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Isn't! |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
I bleeding got one, look! What's that then? |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
This is a Cisco HSRP patent document with the word "Cisco" crossed |
| |
out and the word "IETF" written in in crayon. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
The man didn't have the right form. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
What man? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Robert Barr, the man from the redundancy detector van. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
The looney detector van, you mean. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Look, it's people like you what cause unrest. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
What redundancy detector van? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
The redundancy detector van from the Monopoly of Cizzz-coeee. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Cizzz-coeee? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
It was spelt like that on the van. I'm very observant! I never seen |
| |
so many bleeding aerials. The man said that their equipment could |
| |
pinpoint a failover configuration at 400 yards! And my Cisco router, |
| |
being such a flappy bat, was a piece of cake. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
How much did you pay for this? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Sixty quid, and twenty grand for the PIX. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
What PIX? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
The PIX I'm replacing! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
So you're replacing your PIX with free software, and yet you want to |
| |
license it? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
There's nothing so odd about that. I'm sure they patented this |
| |
protocol too. After all, the IETF had a hand in it! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
No they didn't! |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Did! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Didn't! |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Did, did, did and did! |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
Oh, all right. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Spoken like a gentleman, sir. Now, are you going to give me a CARP |
| |
license? |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
I promise you that there is no such thing. You don't need one. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
In that case, give me a Firewall License. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
A license? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Yes. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
For your firewall? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
No. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
No? |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
No, half my firewall. It had an accident. |
| |
<br> |
| |
<font color="#b00000">Licenser:</font> |
| |
You're off your chump. |
| |
<br> |
| |
<font color="#b00000">Customer:</font> |
| |
Look, if you intend by that utilization of an obscure colloquialism |
| |
to imply that my sanity is not up to scratch, or indeed to deny the |
| |
semi-existence of my little half firewall, I shall have to ask you to |
| |
listen to this! Take it away CARP the orchestra leader! |
| |
<br> |
| |
<br> |
| |
A zero... one.. A one zero one one<br> |
| |
<br> |
| |
VRRP, philosophically,<br> |
| |
must ipso facto standard be<br> |
| |
But standard it<br> |
| |
needs to be free<br> |
| |
vis a vis<br> |
| |
the IETF<br> |
| |
you see?<br> |
| |
<br> |
| |
But can VRRP<br> |
| |
be said to be<br> |
| |
or not to be<br> |
| |
a standard, see,<br> |
| |
when VRRP can not be free,<br> |
| |
due to some Cisco patentry..<br> |
| |
<br> |
| |
Singing...<br> |
| |
<br> |
| |
La Dee Dee, 1, 2, 3.<br> |
| |
VRRP ain't free.<br> |
| |
O P E N B S D<br> |
| |
CARP is free<br> |
| |
<br> |
| |
Is this wretched Cisco-eze<br> |
| |
let through IETF to mean<br> |
| |
my firewall must pay legal fees?<br> |
| |
No! CARP and PF are Free!<br> |
| |
<br> |
| |
Fiddle dee dum,<br> |
| |
Fiddle dee dee,<br> |
| |
CARP and PF are free.<br> |
| |
<br> |
| |
1 1 2,<br> |
| |
Tee Hee Hee,<br> |
| |
CARP and PF are free.<br> |
| |
<br> |
| |
My firewall just keeps running, see,<br> |
| |
bisected accidentally,<br> |
| |
one summer afternoon by me.<br> |
| |
Redundancy's good when free.<br> |
| |
<br> |
| |
Redundancy must be free.<br> |
| |
Redundancy must be free.<br> |
| |
<br> |
| |
The End<br> |
| |
<br> |
| |
Under the Geddy Lee?<br> |
| |
<br> |
| |
No, Redundancy must be free!<br> |
| |
<br> |
| |
Geddy must be free.<br> |
| |
<br> |
| |
<br> |
| |
</td><td valign=top width="33%"> |
| |
<img src="images/Carp_song.gif"><br> |
| |
</td></tr></table> |
| |
<p> |
| |
<em> |
| |
<font color="#00b000">"CARP License"</font> sketch:<br> |
| |
Tony Binns as the Customer, Peter Rumpel as the Licenser. |
| |
<br> |
| |
<font color="#00b000">"Reduncancy must be free"</font> song:<br> |
| |
Lead vocal by Peter Rumpel, backing vocals by Jonathan Lewis and Ty Semaka. |
| |
Piano by Janet Lewis, acoustic guitars by Chantal Vitalis. |
| |
Bass and Geddy Lee questioning by Jonathan Lewis. |
| |
Lyrics by Bob Beck.<br> |
| |
<br> |
| |
<br> |
| |
</em> |
| |
|
| <hr> |
<hr> |
| <a name=34></a> |
<a name=34></a> |
![[BACK]](/icons/back.gif){kind=icon}
Return to lyrics.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www