[dns-operations] "first class" anycast?
heldal at eml.cc
Sun Jul 16 10:45:32 UTC 2006
On Sat, 2006-07-15 at 22:06 +0000, Paul Vixie wrote:
>i won't criticize per heldal for feeding trolls here, since he already knows,
[sorry. Not only should I have changed the subject, but it should
probably also have come with a flamebait-warning;)]
> and he usually goes a good job. and furthermore, his off-topic excursion is
> a fine excuse for a new thread: is "1st class anycast" like "tier 1 backbone"?
> > To stray further OT:
> > The issue with UltraDNS desribed in this thread relates to the fact that
> > they used multiple anycast IP's in the same address-block. You get
> > problems if you do that and don't control the infrastructure
> > interconnecting the various anycast locations.
> i think you're factually wrong here. ultradns has always controlled their
> own infrastructure in the way you describe. so, whatever problem you thought
> you had observed, was due to something else. but we digress, really, from:
I didn't personally observe what happened, but have my info from the
archives. My understanding is that there were zones hosted on 2
nameservers, both anycasted within the same prefix with the following
sequence of events:
1. Both servers in a location fails at the same time
2. BGP-announcements are not withdrawn at that location
Result: Resolvers routed to this particular location get no response at
To the outside world it appears that the DNS-provider did not exercise
the appropriate control over routing devices. Whether that is due to
inadequate monitoring of services or lack of control of devices is
irrelevant to outsiders.
> This is why the only "first-class" anycast providers are providers with a
> > network footprint large enough to cover all their anycast locations.
> not only do i disagree with your judgement as to first-classitude, but also,
Probably a bad choice of words on my part, hence the quotes. Would it be
better to talk about "scalable anycast deployment" than trying to
classify the various methods?
In theory it has nothing to do with being a tier-<anything> provider.
The question is: Is the infrastructure able to independently handle each
one of any number of anycasted IP-addresses within the announced block?
In practice that means well inter-connected sites, adequate bandwidth,
minimum latency, no packet-loss/jitter etc,etc. Your choice of transport
media doesn't matter as long as the connectivity meets the requirements.
Use encapsulation techniques if you like, though in practice you'll find
that these things mostly are restrained within a single provider's
> i contest your redefinition of terms. if someone has a backbone and is able
> to advertise a netblock in location X which really exists in location Y, then
> it's not really anycast at all. even if they usually optimize by creating
I'm talking about netblocks to be associated with a network (AS) and not
a particular location. A netblock may be announced consistently to all
neighbors everywhere, while individual addresses within are scattered
throughout the interior.
> the service in both location X and location Y, by definition of the word, if
> it's possible to reach location Y due to an advertisement at location X, then
> it's not formally an "anycasted service."
The term "anycast" describe the use of one IP-address in multiple
mechanisms used to choose a particular destination doesn't matter.
Within a network you may scatter an address across any number of hosts,
announcing the presence of each instance as individual host-routes into
your IGP of choice. Although transparent to BGP, it is still anycast.
> > These providers are the only ones who reliably can provide more than one
> > anycast service within each announced prefix. Different size network have
> > different properties. Certain properties come with scale, and can't be
> > bought separately.
> i completely and totally disagree. looking at www.root-servers.org i see a
> number of "first class" or "tier 1" anycasted DNS services which have (by
> definition) no interior connectivity. this isn't "just as good", it's better
> than a dns service network with interior connectivity, and will remain so
> until IP networks run faster than light, backbone routers have no moving
> parts, and backbone engineers go home at least once a day to take a bath.
You're right on the condition that you only use _one_ single address
within each announced prefix. That would not be a problem if
anycast-allocations were unlimited. However, very few organizations even
qualify for such under current RIR policies. Although not relevant to
this list, also keep in mind that anycast in general is useful for
things other than DNS.
Scalable use of anycast beyond the exceptions covered by RIR-policies
_does_ add to the infrastructure requirements.
More information about the dns-operations