On Mon, 25 Aug 2008, Ralf Weber wrote:
> > It should be noted that unicast TCP is unstable if unicast routing
> > is unstable.
> Yes, but TCP usually adapts to the problem while anycast can't, as it
> may reach another target.
Large UDP packets (think EDNSO DNSSEC as a good example of large UDP
packets almost certain to be fragmented) suffer the same problem, as
they can be fragmented by PMTU discovery. The server (operating system)
has to maintain UDP state for PMTUD to work. If the ICMP fragmentation
needed is lost due to Anycast, PMTUD will fail. Lost UDP fragments are
fatal to the UDP transaction.
> As someone who has deployed anycast DNS within a carrier network there
> are some things to consider , e.g don't put anycast routes in fast
> converging routing protocols and be careful with multi links for
> similar destinations.
FIB entries change at every hop. The more hops away, the more often the
paths can change. What works close by, might not work far away, and
vice versa.
> But if you follow the rules it can be deployed and also works with tcp
> transport for DNS....at least for me.
But the question is not whether your DNS works for you; The question is
whether it works for everyone else. While you may be satisified with
your own DNS operations, you may not care if they work for everyone.
Different requirements apply to Root and TLD services. Everyone,
everywhere has to be able to use Root and TLD DNS services reliably.
This is precisely the 'deploy and hope for the best' attitude at its
worst: "It worked for me in a very limited scenario, and I don't worry
about theory or about what works everyone".
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
