[dns-operations] anycasting axfr

Warren Kumari warren at kumari.net
Thu Apr 20 00:09:06 UTC 2017

On Wed, Apr 19, 2017 at 5:54 PM Robert Edmonds <edmonds at mycre.ws> wrote:

> Barry Raveendran Greene wrote:
> > > I would guess that per-packet load balancing among different upstream
> > > providers in edge networks is going to be a bigger factor in failed
> root
> > > zone AXFRs than BGP topology changes in the core. I'd also guess that
> > > RIPE Atlas *anchors* are going to be on better managed networks and
> > > you'd be less likely to encounter that kind of load-balancing from
> Atlas
> > > anchors.
> >
> > I’m trying to foresee any situation where a per packet load balancing
> issue would come up in this situation. Even with equal cost upstream
> exists, C & J would have 4 tuple selection on the path up (minimizing
> unnecessary asymmetric flows). Also, once you get a couple of BGP hops into
> the path, flows would stabilized to the anycasted NSID.
> If you're hashing on the 4-tuple I wouldn't call that "per-packet" load
> balancing. By "per-packet" I mean individual packets in a particular
> flow being sprayed across different upstream providers.

Yeah, that is true -- however, actual per-packet load balancing is
basically extinct; even if you are not connecting to anything anycast, the
out of order packet issues make "real" per-packet so sucky that almost
everything now does per-flow (tuple).

For example, Juniper has a "per-packet" mode (policy-statement foo mach bar
then load-balance per-packet), but this actually hashes on src ip, dst ip
and protocol for v4, and many more things for v6.

Cisco (for the last many years) is similar -- around 10 years ago I
actually wanted to do "real" per-packet (for testing), and I was not able
to find a platform/ ios combination which would do it - CEF (and hardware
magic) conspired to make shooting myself in the foot hard.

I'm fairly sure that Linux also hashes for equal cost -- I managed to make
it do actual per-packet, but I *think* I needed to jump through hoops to
force it.

Many things (like LinkedIn, a number of CDNs) are TCP Anycast. So yes,
actual per-packet may cause issues with AXFR, but it causes so many other
issues that it is vanishingly small.


> --
> Robert Edmonds
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations
> <https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-operations>
> mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170420/3c4cbb16/attachment.html>

More information about the dns-operations mailing list