Moin! On Aug 26, 2008, at 21:02 , Dean Anderson wrote: > Large UDP packets (think EDNSO DNSSEC as a good example of large UDP > packets almost certain to be fragmented) suffer the same problem, as > they can be fragmented by PMTU discovery. The server (operating > system) > has to maintain UDP state for PMTUD to work. If the ICMP > fragmentation > needed is lost due to Anycast, PMTUD will fail. Lost UDP fragments are > fatal to the UDP transaction. Ack that's the reason why the MTUs in todays networks get bigger and bigger.
> FIB entries change at every hop. The more hops away, the more often > the > paths can change. What works close by, might not work far away, and > vice versa. FIB and path changes only matter when the final IP destination changes, again not a problem in todays network where IP is just one overlay transport of an underlying label switched network. And thus the path changes, but the final (anycasted) destination does not. >> But if you follow the rules it can be deployed and also works with >> tcp >> transport for DNS....at least for me. > > But the question is not whether your DNS works for you; The question > is > whether it works for everyone else. While I get paid for that it does work four our customers, so this obviously this is my first concern. > While you may be satisified with > your own DNS operations, you may not care if they work for everyone. Well we are doing DNS anycasting for recursive resolvers and I know at least of three other carriers that do exactly the same and where it also works. > Different requirements apply to Root and TLD services. Everyone, > everywhere has to be able to use Root and TLD DNS services reliably. True, and I haven't spoken about that as I don't have experience there, I guess Peter Koch or Anand Buddhdev are some of the persons I would talk to about this, as they are doing it. As a consumer of anycast TLD dns services I so far haven't encountered a problem, despite that we are using tcp as fallback mechanism for suspected spoofing. And as external BGP routing usually is a lot more stable than internal routing service I would think that problems are less than in one ASes network. > This is precisely the 'deploy and hope for the best' attitude at its > worst: "It worked for me in a very limited scenario, and I don't worry > about theory or about what works everyone". Well we did test, discovered some problems, worked around them and now are happy deploying it. That's what engineers are for. There may be theoretically cases, but unless they can be proved in a lab and there is no way around it I don't care to much. So long -Ralf --- Ralf Weber Platform Infrastructure Manager Colt Telecom GmbH Herriotstrasse 4 60528 Frankfurt Germany DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780 Fax: +49 (0)69 56606 6280 Email: [EMAIL PROTECTED] http://www.colt.net/ Data | Voice | Managed Services ***************************************** COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 * Geschäftsführer: Albertus Marinus Oosterom (Vors.), Rita Thies * Amtsgericht Frankfurt/Main HRB 53898 * USt.-IdNr. DE 220 772 475 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
