TV> Date: Thu, 18 Sep 2003 11:39:17 -0400 (EDT)
TV> From: Todd Vierling

TV> And guess what:  neither of the two addresses supplied by
TV> UltraDNS worked last night for some sites, because their
TV> anycast configuration is not allowing DNS redundancy.  It is
TV> depending on every site somehow choosing different routes for
TV> both addresses, which is not guaranteed.

I don't know what UDNS does internally, but ideally anycast:

+ Has steady, unchanging EGP adverts
+ Has service-providing boxen that advert/withdraw prefixes in
  the IGP depending on their status
+ Includes an internal network, so that flaps are contained.

If done properly, anycast means _all_ pods must fail to create a
failure condition.  If done improperly, it means _any_ pod
failure can create a partial failure condition -- which means the
probability of failure _increases_ with the number of pods.

TV> Anycasting only works as a redundancy scheme when you have a
TV> mesh of *partially* overlapping BGP advertisements, so that a
TV> client has a guarantee that at least one address in the mix
TV> is located elsewhere from the rest.

Don't be silly.  This is like claiming that multihoming only
works if you spread services over different netblocks.

TV> But if all such anycast addresses have the ability to point
TV> to the same physical location, there is only an illusion of
TV> redundancy, because there's no way to get an alternate access
TV> point to the zone if a site is choosing a dead route for all
TV> server addresses.  It doesn't matter how many other servers

Ergo, that's why one withdraws the routes when a pod dies.
Routes need to reflect what's up.  Funny thing is, standard BGP
has the same requirement.

You're correct that an incorrect anycast setup can cause trouble,
and arguably more than unicast.  However, claiming that anycast
is inherently bad is really, really silly.

Eddy (no selfish interest in defending UltraDNS)
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
          DO NOT send mail to the following addresses :
Sending mail to spambait addresses is a great way to get blocked.

Reply via email to