[dns-operations] anycasting for fun and profit

paul vixie paul at redbarn.org
Tue Oct 16 13:44:46 UTC 2012


On 10/16/2012 12:51 PM, Patrick W. Gilmore wrote:
> On Oct 16, 2012, at 08:33 , paul vixie <paul at redbarn.org> wrote:
>
>> ... <http://www.isc.org/solutions/sns-anycast>.
> This works, although limits your anycast nodes to a single provider.

we have several name servers, each in some provider, each having nodes
on several continents. i'm clarifying this because the terminology
"anycast node" means to some people what "name server" means to me. if
it is the target of an NS RR for some zone it is a "name server" which
can be anycasted across some number of "nodes".

> While there is nothing wrong with single-provider anycast, I would argue having anycast instances in multiple providers is beneficial.

it can be, and that's why f-root and ISC's public benefit secondary name
service do it that way.

> Also, it is difficult to find a network with truly global reach, limiting your choices if you want nodes in every corner of the globe.  Moreover, the few networks that are present on very continent all have restrictive peering policies, limiting their reach to certain networks in many places.

to the first, i note that DNS has its own high availability
characteristics -- recursive name servers will sample all "name servers"
for a zone and will stick to the one with the lowest observed RTT. this
means not every "name server" must have anycast nodes in every corner of
the globe. given that every prefix added to the global routing table is
an irreversible and universal burden on the internet core, we have to
look at the cost:benefit ratio of doing anything not truly necessary.

to the second, i'm pretty happy with the providers we use for our
commercial secondary name service, but i also know that pressure from us
as a customer has led at least one of them to be more aggressive about
their international peering. the libertarians call this "using your
dollar votes" and it's working.

> To be clear, using your own space doesn't guarantee global reach either.  But it gives you more flexibility, at the expense of greatly increased complexity, time, and effort.

and also at the expense of a small burden for everyone, for every prefix
added to the global routing table. i know that most business planners
won't take that kind of "footprint" cost into account, but some will and
it's important in these public threads to make sure we enumerate such.

paul

-- 
"I suspect I'm not known as a font of optimism." (VJS, 2012)




More information about the dns-operations mailing list