Consider the following scheme: +-----------------+ iface1 | | iface2 +-------| host A (MASTER) |-------- | | | | +-----------------+ carp1 | +-----------------+ | | | iface2 +-------| host B (BACKUP) |-------- << packet to carp 1 IP iface1 | | +-----------------+ Lets assume both hosts are advertising themselves using rtadvd as ipv6 routers for network attached to the iface2. In this case, they both can receive ipv6 packets undercertain conditions, destined to the CARP address carp1. When a BACKUP node receives such packets, it processes them locally, regardless of the state of the CARP, as if it was MASTER. I observe this only on the ipv6, because the process of router advertising in ipv6 is different from ipv4. However, I suppose the same rule applies to the ipv4, but it's not that important, since I cannot imagine the configuration that would reproduce this for ipv4.
I think this is a design of CARP. The shared address is considered a local address for both hosts, so that applications can bind on it. It is just not being advertised outside.