[dns-operations] Anycast vs. unicast NS

David Miller dmiller at tiggee.com
Sun Mar 20 22:02:21 UTC 2011 

Definitions of *Single point of failure* on the Web:

    * A Single Point of Failure, (SPOF), is a part of a system which, if
      it fails, will stop the entire system from working . They are
      undesirable in any system whose goal is high availability, be it a
      network, software application or other industrial system.
      en.wikipedia.org/wiki/Single_point_of_failure
      <http://www.google.com/url?q=http://en.wikipedia.org/wiki/Single_point_of_failure&sa=X&ei=OWqGTfOuNZS8sAPSzuDrAQ&ved=0CAoQpAMoAA&usg=AFQjCNEABaeh-qWQHTC-ZySQnvMr6BPCNg>
    * a component in a device, or a point in a network, that, if it were
      to fail would cause the entire device or network to fail; normally
      eliminated by adding redundancy
      en.wiktionary.org/wiki/single_point_of_failure
      <http://www.google.com/url?q=http://en.wiktionary.org/wiki/single_point_of_failure&sa=X&ei=OWqGTfOuNZS8sAPSzuDrAQ&ved=0CAsQpAMoAQ&usg=AFQjCNHajRjFjzDRivFwMLoCXHkwG_d4BQ>
    * An element of a system for which no redundancy exists. A failure
      of such a component may disable the entire system.
      www.businessrecords.com/resources-21/glossary-112/
      <http://www.google.com/url?q=http://www.businessrecords.com/resources-21/glossary-112/&sa=X&ei=OWqGTfOuNZS8sAPSzuDrAQ&ved=0CAwQpAMoAg&usg=AFQjCNE9F4iQJ_AtGiauTx_4M4_zFIpHxQ>



On 3/20/2011 4:03 PM, Bill Woodcock wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Mar 20, 2011, at 12:21 PM, Jim Reid wrote:
>> Extra complexity in server configuration

This depends on particular implementation choices and is not inherent to 
anycast itself.

For example, I can set up a network segment at a location (Location A) 
addressed as 192.0.2.0/24 and place a server on this segment with an 
address of 192.0.2.10 (Server A).  Server A has a single IP address and 
is configured with the exact same complexity as a unicast server.

I can also set up a network segment at another location (Location B) 
addressed as 192.0.2.0/24 and place a server on this segment with an 
address of 192.0.2.10 (Server B).  Server B has a single IP address and 
is configured with the exact same complexity as a unicast server.

Now, Server A and Server B service the anycast address 192.0.2.10 from 
Location A and Location B with no extra complexity in server configuration.

In any case, complexity isn't a SPoF per se.

If the claim is that some admin could accidentally misconfigure a 
server, then unicast is much more susceptible to this.  If an anycast 
server is 'broken' then that anycast address is only 'down' for a 
particular region.  If a unicast server is 'broken' then that unicast 
address is 'down' for the entire internet.

Unicast, as opposed to anycast, has a designed in SPoF - i.e. one server 
on one address.  This SPoF can be mitigated, to some degree, by having 
additional servers that can service the unicast address with a failover 
mechanism to make that happen, but this requires adding in the 
complexity to the unicast configuration that you refer to above.

>> More complicated systems&  network management (procedures)
>> More complicated monitoring arrangements
>> More elaborate network operations and support (procedures)
> Aren't all of these differences dependent on the number of servers, rather than whether they're anycast or unicast?  I'd argue, actually, that these are all valid arguments against large unicast server networks, that hold _less_ true of similarly-sized anycast networks.  After all, unicast servers each have to be uniquely configured and have unique routing and be managed, to some degree, individually.  None of that is true of anycast server clouds.
>
> I think you're just arguing against having multiple servers, not against anycast.
>

Agreed, these are merely arguments against complexity (i.e. multiple 
servers).

Also, none of these are SPoFs inherent to anycast.

>> Extra complexity in router setups
>> "Special" filtering/peering treatment for anycast ASNs and prefixes
> I disagree with these two.  Routers don't need special configuration to deal with anycast, because they don't know the difference between anycast and unicast.  Therefore, no additional complexity on that front, nor any special treatment.
>

Agreed, the routers of the world don't know the difference between 
anycast and unicast routes.  There is nothing on a route as it exists in 
the DFZ that signals that a prefix is anycast or unicast.

The routers under the control of an anycast service provider could have 
knowledge of and provide different treatment to anycast prefixes, but 
this is a particular implementation decision and is not inherent to 
anycast itself.  Anycast requires nothing more than the exact same 
routing that is used to guide traffic to a unicast address.


>                                  -Bill
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (Darwin)
>
> iEYEARECAAYFAk2GXYEACgkQGvQy4xTRsBHI3QCgmQRXZoi+A5f+wsEU7QfrTzXr
> DzYAnA7bLM/T2ss9mbOlpJ9qxswzAeRB
> =eTmI
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations


-- 
-___________________________________
David Miller
Tiggee LLC
dmiller at tiggee.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110320/74989af4/attachment.html>

More information about the dns-operations mailing list