mornin' daniel:

> You also describe the rationale correctly by saying "it would
> be good if a server in Kenya did not take load from nyc".
> I'll expand a little more on that.  K does anycast with two
> objectives: primarily to increase robustness of the service
> in the face of serious load increases, secondarily provide
> better service to some local areas in the Internet topology.
> It is the secondary objective that poses the problem.  We
> operate "local nodes" which are intended to serve only a
> local area.

when it is connected to global providers, this does not work.
and do not count on the hope that small local provider p0 does
not pass the marked prefix to a global provider - that's like
saying 1918 prefixes will never leak.

[ note: i have friends in kenya, and would be happy if this
  stuff would work well.  this does not mean that i will
  pretend that it does. ]

> This is clearly a routing problem and routing policy is
> clearly the responsibility of ISPs.

as you have deployed something that participates in the global
routing mesh, this ploy should be embarrassing.  as what you
have deployed attempts to take clever advantage of a kinky, and
not widely used (guess why!), feature of the global routing
system, you would be polite to take responsibility for what
happens.

> What should we do?

at the core of the problem is the assumption that anycast will
find the closest server.  thus, if the service is deployed in
many places in the topology and geography, each will only take
local load.  it is critical to note that this relies on an
assumption of *very* topologically and geographically rich
deployment.  it also gets bitten by the abundance of providers
with linear topologies with large geographic reach (but this
will be a short-term problem as tony hain from cisco plans to
abolish us as part of cisco's ipv6 marketing campaign:-).

> Add complexity by announcing another less specific covering
> prefix like F does? 

although this further descends into the dangerous purgatory of
cleverness, you would probably be advised to do something such
as this.  otherwise, even if k connected directly to all of
multi-homed t0's upstreams, by default, none of them would give
t0 your prefix because it is poisoned.

my naive view of your current deployment means that k can not
be seen from any multi-homed sites unless one or more of their
upstreams (recurse for tier-n) is even more clever and
implements "t0 is our customer and we ignore NO_EXPORT toward
customers," thus piling on yet another bit of cleverness, the
implications of which we can discover in the next level of
purgatory.

randy

Reply via email to