On Mon, 25 Aug 2008, Ralf Weber wrote: > > It should be noted that unicast TCP is unstable if unicast routing > > is unstable.
> Yes, but TCP usually adapts to the problem while anycast can't, as it > may reach another target. Large UDP packets (think EDNSO DNSSEC as a good example of large UDP packets almost certain to be fragmented) suffer the same problem, as they can be fragmented by PMTU discovery. The server (operating system) has to maintain UDP state for PMTUD to work. If the ICMP fragmentation needed is lost due to Anycast, PMTUD will fail. Lost UDP fragments are fatal to the UDP transaction. > As someone who has deployed anycast DNS within a carrier network there > are some things to consider , e.g don't put anycast routes in fast > converging routing protocols and be careful with multi links for > similar destinations. FIB entries change at every hop. The more hops away, the more often the paths can change. What works close by, might not work far away, and vice versa. > But if you follow the rules it can be deployed and also works with tcp > transport for DNS....at least for me. But the question is not whether your DNS works for you; The question is whether it works for everyone else. While you may be satisified with your own DNS operations, you may not care if they work for everyone. Different requirements apply to Root and TLD services. Everyone, everywhere has to be able to use Root and TLD DNS services reliably. This is precisely the 'deploy and hope for the best' attitude at its worst: "It worked for me in a very limited scenario, and I don't worry about theory or about what works everyone". --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop