Re: TLD anycast clouds?

2005-10-05 Thread John Payne 



On Oct 5, 2005, at 2:19 PM, Steve Gibbard wrote:



Thanks!

Am I reading your CENTR presentation correctly as saying that you're 
announcing all four prefixes from all five locations?


I read it as they have the ability to announce all four from any 
location, but by default, they don't... rather each prefix is enabled 
from at least three of the five locations.

Re: TLD anycast clouds?

2005-10-05 Thread Steve Gibbard 


Thanks!

Am I reading your CENTR presentation correctly as saying that you're 
announcing all four prefixes from all five locations?


-Steve

On Wed, 5 Oct 2005, Gustavo Lozano wrote:


Steve,

.mx NS servers (a,b,c,d.ns.mx) are anycasted.

We announce dns servers prefixes from:

Verio
ISC
Telmex
Avantel
Alestra ATT
NYIIX trough ISC

If you want more details, we gave a presentation about our dns infrastructure 
in the last CENTR technical meeting.

http://www.centr.org/docs/2005/07/centr-tech14-lozano-dotmx.pdf

At 05:07 p.m. 04/10/2005 -0700, Steve Gibbard wrote:

I'm attempting to come up with a list of all the top level domain DNS 
servers that are anycasted.  I already know about the anycast clouds run by 
PCH, Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from 
traceroutes to be anycasted as well.


(I know about the anycasted root servers as well; they're out of scope for 
this question...)


Are there others that I'm missing?

Thanks,
-Steve



gus



Steve Gibbard   [EMAIL PROTECTED]
+1 415 717-7842 (cell)  http://www.gibbard.org/~scg
+1 510 528-1035 (home)

Re: TLD anycast clouds?

2005-10-05 Thread Joe Abley 



On 5-Oct-2005, at 11:33, Florian Weimer wrote:


* Joe Abley:


On 5-Oct-2005, at 05:53, william(at)elan.net wrote:


2002::/16 AS3344 - 6to4 relay anycast - no longer done, right??


6to4 is alive and well.


For some values of.  I believe the bit.nl 6to4 gateway still generates
IPv4 packets with non-routable source addresses, which are uRPFed by
some operators.


Ah yes, that's true, and we've been bitten by that.

At ISC, we have an unusually large population of external users using  
6to4 to reach us, since most things we host are available on v6, and  
also because most things we host are of interest to developers who  
probably have more energy for turning things like 6to4 on than most  
people.


Our 6to4-using client population became much more happy once I  
deployed a 6to4 relay router inside AS3557, and had people use it  
directly instead of the anycast 6to4 relay router address. I don't  
think I've had a single complaint reported since I turned that on, in  
fact.


Advertising 2002::/16 and 192.88.99.0/24 for global transit from AS  
3557 is on the to-do list. No ETA for that right now, however.



Joe

Re: TLD anycast clouds?

2005-10-05 Thread Florian Weimer 

* Joe Abley:

> On 5-Oct-2005, at 05:53, william(at)elan.net wrote:
>
>> 2002::/16 AS3344 - 6to4 relay anycast - no longer done, right??
>
> 6to4 is alive and well.

For some values of.  I believe the bit.nl 6to4 gateway still generates
IPv4 packets with non-routable source addresses, which are uRPFed by
some operators.

Re: TLD anycast clouds?

2005-10-05 Thread Todd Vierling 

On Wed, 5 Oct 2005, Joe Abley wrote:

> > 2002::/16 AS3344 - 6to4 relay anycast - no longer done, right??
>
> 6to4 is alive and well.

But not well deployed on the v6 side, as I noted earlier this year.  There
aren't enough North America exit routes to cover some of the v6 networks
there.  Of course, there aren't enough North America v6 nets, either.  

-- 
-- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Re: TLD anycast clouds?

2005-10-05 Thread Joe Abley 



On 5-Oct-2005, at 05:53, william(at)elan.net wrote:


2002::/16 AS3344 - 6to4 relay anycast - no longer done, right??


6to4 is alive and well.


Joe

Re: TLD anycast clouds?

2005-10-05 Thread Joe Abley 



On 5-Oct-2005, at 02:54, william(at)elan.net wrote:

I'm pretty sure ISC runs anycasted dns servers too and they  
run .museum TLD and serve as secondary for one or two other TLDs.


Service for the nameservers NS-EXT.VIX.COM and NS-EXT.ISC.ORG are  
provided by an anycast cluster along the lines described in:


  http://www.isc.org/pubs/tn/index.pl?tn=isc-tn-2004-1.txt
  http://www.nanog.org/mtg-0505/abley.cluster.html

So, service is distributed over multiple hosts using anycast, but the  
scope of the anycast is limited geographically to a single location  
in a single AS.



Joe

Re: TLD anycast clouds?

2005-10-05 Thread william(at)elan.net 



On Wed, 5 Oct 2005, Elmar K. Bins wrote:


[EMAIL PROTECTED] (william(at)elan.net) wrote:


authoritative DNS servers (and their IP addresses) and try that list
on the routing registries...


Assuming that you do that, what would you be your criteria to find based
on RR if the ip is anycasted or not?


Maybe I overestimate the openness of the people and believe everybody
would drop their documentation there...

~>whois -h whois.radb.net 194.246.96.1
route:194.246.96.0/24
descr:DENIC eG anycast prefix
origin:   AS31529


Interesting, I did not notice they put it in there...

As I have necessary tools to quicly filter such data from multiple DBs, 
you might be interested in the list of those self-reporting anycast in RR 
(its not very long):


192.5.5.0/24 AS3557 - ISC F ROOT (source: OTTIX, VERIO, RIPE)
64.94.96.0/24 AS24246 - INTERNAP (source: SAVVIS, RADB)
204.8.212.0/22 AS32476 - Tellme Networks (source: RADB)
196.6.240.0/24 AS27598 - IS.CO.ZA (source: RADB, RIPE)
195.85.200.0/24 AS29117 - irc-hispano.org (source: RIPE)
192.88.99.0/24 AS12859 - BIT.NL 6to4 relay RFC3068 (source: RIPE)
194.145.251.0/24 AS33837 - PRQ.SE (source: RIPE)
194.246.96.0/24 AS31529 - DENIC (source: RIPE)
84.205.72.0/24 AS12654 - RIPE NCC RIS (source: RIPE)
84.205.73.0/24 AS12654 - RIPE NCC RIS (source: RIPE)
192.88.99.0/24 AS3344 - kewlio.net 6to4 relay RFC3068 (source: RIPE)

2001::500::/48 AS3557 - ISC F ROOT (source: RIPE)
2002::/16 AS3344 - 6to4 relay anycast - no longer done, right??

Getting back to the subject of anycast DNS TLDs, its possible that above
did provide a clue that one of the .ZA servers might be anycasted (although
NSZA.IS.CO.ZA is 196.4.160.27 right now and not listed anycast in RR).

P.S. I will search for anycast in description of ip whois data when I get
a chance and if its not long and interesting may post summary here as well.

--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: TLD anycast clouds?

2005-10-05 Thread Elmar K. Bins 

[EMAIL PROTECTED] (william(at)elan.net) wrote:

> >authoritative DNS servers (and their IP addresses) and try that list
> >on the routing registries...
> 
> Assuming that you do that, what would you be your criteria to find based
> on RR if the ip is anycasted or not?

Maybe I overestimate the openness of the people and believe everybody
would drop their documentation there...

~>whois -h whois.radb.net 194.246.96.1
route:194.246.96.0/24
descr:DENIC eG anycast prefix
origin:   AS31529
...

The AS object gives a lot more clue then...

aut-num:  AS31529
as-name:  DENIC-ANYCAST-AS
descr:DENIC eG
descr:DNS anycast AS object
...
remarks:  | DENIC eG operates the .de ccTLD registry. DENICs IPv4  |
remarks:  | DNS servers are partial unicast and partial anycast.   |
remarks:  | This object covers the IPv4 anycast setups.|
...

Maybe using route servers helps more (coffee!) :-)


> I mean lets suppose that I run dns server at AS0 and peer at location A 
> and also at location B with same ISP with AS1. I might have one dns server 
> at location A and another different one at location B, which means its 
> anycasting. But from peering perspective it would just appear as the
> same path AS0->AS1 no matter what location it is.

That's some kind of anycasting, but from a networking point of view
it's redundant links to the same "thing" ;-)

If you are lucky, you can see different next-hops in the BGP.


> Opposite to that route to the same server might be seen from different 
> peer AS# based on location because of routing policies.

Using views from route-servers that are distant from each other might
improve the picture. The RIPE RIS project may be able to help.

Cheers,
Elmi.

--

"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren."
  (PLemken, <[EMAIL PROTECTED]>)

--[ ELMI-RIPE ]---

Re: TLD anycast clouds?

2005-10-05 Thread william(at)elan.net 



On Wed, 5 Oct 2005, Elmar K. Bins wrote:


I'd propose taking the list of TLDs, generating the list of associated
authoritative DNS servers (and their IP addresses) and try that list
on the routing registries...


Assuming that you do that, what would you be your criteria to find based
on RR if the ip is anycasted or not?

I mean lets suppose that I run dns server at AS0 and peer at location A 
and also at location B with same ISP with AS1. I might have one dns server 
at location A and another different one at location B, which means its 
anycasting. But from peering perspective it would just appear as the

same path AS0->AS1 no matter what location it is.

Opposite to that route to the same server might be seen from different 
peer AS# based on location because of routing policies.


--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: TLD anycast clouds?

2005-10-05 Thread Stephane Bortzmeyer 

On Tue, Oct 04, 2005 at 11:54:03PM -0700,
 william(at)elan.net <[EMAIL PROTECTED]> wrote 
 a message of 49 lines which said:

> they [ISC] run .museum TLD

It does not seem so.

> and serve as secondary for one or two other TLDs.

Not with their anycast servers, unless they added this service very
recently.

Re: TLD anycast clouds?

2005-10-05 Thread Elmar K. Bins 

[EMAIL PROTECTED] (Steve Gibbard) wrote:

> 
> I'm attempting to come up with a list of all the top level domain DNS 
> servers that are anycasted.  I already know about the anycast clouds run 
> by PCH, Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from 
> traceroutes to be anycasted as well.
> 
> (I know about the anycasted root servers as well; they're out of scope for 
> this question...)
> 
> Are there others that I'm missing?

Add .de to your list. "z.nic.de" is anycasted.

I'd propose taking the list of TLDs, generating the list of associated
authoritative DNS servers (and their IP addresses) and try that list
on the routing registries...

Cheers,
Elmi.

--

"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren."
  (PLemken, <[EMAIL PROTECTED]>)

--[ ELMI-RIPE ]---

Re: TLD anycast clouds?

2005-10-04 Thread william(at)elan.net 



On Tue, 4 Oct 2005, Steve Gibbard wrote:


I'm attempting to come up with a list of all the top level domain DNS servers


How are you attempting to do it?

One of the problems is that you need to check from multiple locations 
around the world because dns server would appear to be different depending 
on where you look at it from. When you look at this in case of ccTLD
you not only need to appear in different locations around the world, but 
it  would probably be good to check from multiple locations in that 
particular country. This makes administratively difficult to arrange

to do proper measurement for all the ccTLDs.

that are anycasted.  I already know about the anycast clouds run by PCH, 
Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from traceroutes to 
be anycasted as well.


I'm pretty sure ISC runs anycasted dns servers too and they run .museum 
TLD and serve as secondary for one or two other TLDs.



BTW - anyone can guess why lookup for SIG RR on .museum results in 
different response then for some other non-existant RR like NAPTR?


-bash-3.00$ dig museum sig
; flags: qr rd ra; QUERY: 1, ANSWER: 0, 
AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;museum.IN  SIG
;; Query time: 4 msec
;; SERVER: 216.151.192.1#53(216.151.192.1)

-bash-3.00$ dig museum naptr
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;museum.IN  NAPTR
;; AUTHORITY SECTION:
museum. 3236IN  SOA nic.museum. 
hostmaster.nic.museum. 2005092312 28800 7200 1209600 3600

;; Query time: 4 msec
;; SERVER: 216.151.192.1#53(216.151.192.1)

--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

TLD anycast clouds?

2005-10-04 Thread Steve Gibbard 


I'm attempting to come up with a list of all the top level domain DNS 
servers that are anycasted.  I already know about the anycast clouds run 
by PCH, Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from 
traceroutes to be anycasted as well.


(I know about the anycasted root servers as well; they're out of scope for 
this question...)


Are there others that I'm missing?

Thanks,
-Steve