On Thu, Sep 18, 2003 at 02:38:18PM -0400, Todd Vierling quacked:
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: EBD That's why one uses a daemon with main loop including
: EBD something like:
: EBD
: EBDsuccess = 1 ;
: EBDfor ( i = checklist ; i-callback != NULL ; i++ )
:
On Mon, 22 Sep 2003, David G. Andersen wrote:
Yes, I hope that UltraDNS implements something like this, if they have not
already. It's still not a guarantee that things will get withdrawn -- or be
reachable, even if working but not withdrawn -- in case of a problem. That
still leaves
DGA Date: Mon, 22 Sep 2003 18:32:19 -0400
DGA From: David G. Andersen
DGA The whole problem with only listing two anycast servers is that
DGA you leave yourself vulnerable to other kinds of faults. Your
DGA upstream ISP fat-fingers ip route 64.94.110.11 null0 and
DGA accidentally blitzes the
On Mon, 22 Sep 2003, David G. Andersen wrote:
With load balancing, traffic can get routed down a non-functional
path while routing takes place over the other one - BBN did that
to us once, was very entertaining).
Ah yes, I'll always have a special place in my heart for those
--On 18 September 2003 10:05 -0400 Todd Vierling [EMAIL PROTECTED] wrote:
DNS site A goes down, but its BGP advertisements are still in effect.
(Their firewall still appears to be up, but DNS requests fail.) Host
site C cannot resolve ANYTHING from DNS site A, even though DNS site B is
still
On Fri, 19 Sep 2003, Alex Bligh wrote:
: DNS site A goes down, but its BGP advertisements are still in effect.
: (Their firewall still appears to be up, but DNS requests fail.) Host
: site C cannot resolve ANYTHING from DNS site A, even though DNS site B is
: still up and running. But host
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Todd Vierling
Sent: Friday, September 19, 2003 11:37 AM
To: [EMAIL PROTECTED]
Subject: apathy (was Re: .ORG problems this evening)
I've repeatedly described how I do understand the methodology
Todd Vierling wrote:
On Fri, 19 Sep 2003, Alex Bligh wrote:
: DNS site A goes down, but its BGP advertisements are still in effect.
: (Their firewall still appears to be up, but DNS requests fail.) Host
: site C cannot resolve ANYTHING from DNS site A, even though DNS site B is
:
On Fri, 19 Sep 2003, Rodney Joffe wrote:
: You started from a point of having no idea that UltraDNS used anycast,
: confirmed for everyone in your second email that you had no clue about
: how anycast worked,
Please stop the bellicose, holier-than-thou attitude because you feel like
assuming
On Fri, Sep 19, 2003 at 01:36:41PM -0400, Todd Vierling wrote:
On Fri, 19 Sep 2003, Rodney Joffe wrote:
: You started from a point of having no idea that UltraDNS used anycast,
: confirmed for everyone in your second email that you had no clue about
: how anycast worked,
Please stop
On Thu, 18 Sep 2003, Jared Mauch wrote:
: ultradns uses the power of anycast to have these ips that appear
: to be on close subnets in geographyically diverse locations.
Oh, that's brilliant. How nice of them to defeat the concept of redundancy
by limiting me to only two of their servers
On Thu, 18 Sep 2003, Majdi S. Abbas wrote:
: I didn't have a problem with .org this evening, and I've asked
: around and others don't seem to have noticed anything either. It would be
: more helpful if you told us your source prefix, and which filter you're
: hitting when you traceroute
On donderdag, sep 18, 2003, at 13:38 Europe/Amsterdam, Todd Vierling
wrote:
: ultradns uses the power of anycast to have these ips that appear
: to be on close subnets in geographyically diverse locations.
Oh, that's brilliant. How nice of them to defeat the concept of
redundancy
by
On Thu, 18 Sep 2003, Stephane Bortzmeyer wrote:
: BIND does it but what about Microsoft cache/forwarder? At RIPE 45 (you
: were there), a talk by people at CAIDA showed that A.root-servers.net
: received twice as much traffic as the other root name servers since it
: is just the first one
On Thu, 18 Sep 2003, Stephen J. Wilcox wrote:
: they have two distinct servers by IP, globally they have N x clusters. i'm sure
: each instance is actualyl more than a single linux PeeCee
Doesn't matter if it's a cluster at each location. The fact remains that
there were only two IP addresses
On donderdag, sep 18, 2003, at 14:08 Europe/Amsterdam, Stephane
Bortzmeyer wrote:
BGP is really bad at. DNS servers on the other hand track RTTs for
query responses
BIND does it but what about Microsoft cache/forwarder? At RIPE 45 (you
were there),
Was I???
a talk by people at CAIDA showed
On Thu, 18 Sep 2003, Stephane Bortzmeyer wrote:
: There's an easy fix to that particular situation: Make the first (or first
: two) listed servers anycast, and the rest unicast.
:
: It would require a central management (or at least a central
: oversight) of the root name servers and I do not
Todd Vierling wrote:
Yes, it is firewalled. I was pointing out that the route is the same for
tld1 and tld2 for me, all the way up to the firewall.
Please post traceroutes from your location, as well as from the two
locations in different parts of the USA (You said earlier: I
tracerouted
On Thu, 18 Sep 2003, Stephane Bortzmeyer wrote:
: Still doesn't help .ORG, which is 100% anycast and thus has no DNS-based
: redundancy
:
: Wrong since there are two IP addresses. They may fail at the same time
: (which apparently happened to you) but there is a least an element of
: non-BGP
: There's an easy fix to that particular situation: Make the first (or first
: two) listed servers anycast, and the rest unicast.
:
: It would require a central management (or at least a central
: oversight) of the root name servers and I do not believe there is one:
: each root name
On Thu, 18 Sep 2003, Todd Vierling wrote:
On Thu, 18 Sep 2003, Stephane Bortzmeyer wrote:
: Still doesn't help .ORG, which is 100% anycast and thus has no DNS-based
: redundancy
:
: Wrong since there are two IP addresses. They may fail at the same time
: (which apparently happened to
On Thu, 18 Sep 2003, Stephen J. Wilcox wrote:
: 1. Only you were affected
I doubt this. At least one person has noted seeing the same on this list,
and I bet many more would corroborate by looking for DNS temp failures for
MAIL FROM:[EMAIL PROTECTED] in mail logs from last night between about
On Thu, 18 Sep 2003, just me wrote:
: If you're still confused, have a read here:
:
: http://www.ultradns.com/support/managed_dns_faq.cfm
:
: Q. I read that your service is supposed to make use of several
: servers all over the world, but you only give users two server
: addresses to provide to
In a message written on Thu, Sep 18, 2003 at 09:57:23AM -0400, Todd Vierling wrote:
The problem with UltraDNS, the point which many on this people are missing,
is that at least some UltraDNS sites are advertising *all* anycast networks
simultaneously (see traceroutes below). Yes, all == 2 at
On Thu, 18 Sep 2003, Leo Bicknell wrote:
: Number your sites from 1..N, have all odds announce one address, all
: evens the other. DNS servers will still use the closest (due to RTT
: checking), but will now also have a backup that does not go to the same
: site in steady state, but is still
On Thu, 18 Sep 2003, Leo Bicknell wrote:
A truely robust anycast setup has two addresses (or networks, or
whatever), but only one per site. From the momentary outage while
BGP reconverges to the very real problem of the service being down
and the route still being announced there are issues
In a message written on Thu, Sep 18, 2003 at 10:05:15AM -0400, Todd Vierling wrote:
Anycast is *NOT* a redundancy and reliability system when dealing with
application-based services like DNS. Rather, anycast is a geographically
I think you'll find most people on the list would disagree with
On Thu, 18 Sep 2003, Leo Bicknell wrote:
: Anycast is *NOT* a redundancy and reliability system when dealing with
: application-based services like DNS. Rather, anycast is a geographically
:
: I think you'll find most people on the list would disagree with you
: on this point. Many ISP's run
Speaking on Deep Background, the Press Secretary whispered:
: I think you'll find most people on the list would disagree with you
: on this point. Many ISP's run anycast for customer facing DNS
: servers, and I'll bet if you ask the first reason why isn't because
: they provide faster
TV Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
TV From: Todd Vierling
TV DNS site A goes down, but its BGP advertisements are still in
TV effect.
Or are they?
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone:
TV Date: Thu, 18 Sep 2003 11:39:17 -0400 (EDT)
TV From: Todd Vierling
TV And guess what: neither of the two addresses supplied by
TV UltraDNS worked last night for some sites, because their
TV anycast configuration is not allowing DNS redundancy. It is
TV depending on every site somehow
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: TV Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
: TV From: Todd Vierling
:
: TV DNS site A goes down, but its BGP advertisements are still in
: TV effect.
:
: Or are they?
I couldn't know for sure from some sites, but traceroutes sure got there.
That
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: TV Anycasting only works as a redundancy scheme when you have a
: TV mesh of *partially* overlapping BGP advertisements, so that a
: TV client has a guarantee that at least one address in the mix
: TV is located elsewhere from the rest.
:
: Don't be
TV Date: Thu, 18 Sep 2003 13:01:18 -0400 (EDT)
TV From: Todd Vierling
TV BGP doesn't know when a DNS server dies. Therein lies the
TV findamental problem of using anycast as an application
TV redundancy scheme.
But it can and should. Again, seeing if the process is running
is easy; verifying
TV Date: Thu, 18 Sep 2003 12:52:29 -0400 (EDT)
TV From: Todd Vierling
TV I couldn't know for sure from some sites, but traceroutes
TV sure got there. That would imply that (at their end) the
TV advertisements were still up.
Which would be an implementation flaw, not something inherently
wrong
TV BGP doesn't know when a DNS server dies. Therein lies the
TV findamental problem of using anycast as an application
TV redundancy scheme.
But it can and should. Again, seeing if the process is running
is easy; verifying correct functionality requires more work, but
definitely is
On Thu, 18 Sep 2003, Todd Vierling wrote:
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: TV Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
: TV From: Todd Vierling
:
: TV DNS site A goes down, but its BGP advertisements are still in
: TV effect.
:
: Or are they?
I couldn't know for sure
Todd Vierling wrote:
BGP doesn't know when a DNS server dies. Therein lies the findamental
problem of using anycast as an application redundancy scheme.
You ever think that maybe, just maybe, Ultra wrote some code to do this?
Yes, it might have concievably failed in a way that seems to have
E.B. Dreger wrote:
TV Date: Thu, 18 Sep 2003 13:01:18 -0400 (EDT)
TV From: Todd Vierling
TV BGP doesn't know when a DNS server dies. Therein lies the
TV findamental problem of using anycast as an application
TV redundancy scheme.
But it can and should. Again, seeing if the process is running
is
On Thu, 18 Sep 2003, Todd Vierling wrote:
BGP has no way to know that an internal network problem occurred. If
someone mistakenly tripped over a network cable that disconnected DNS
clusters from a router, how would the router know to drop anycast
advertisements?
(Sure, you could run
BGP has no way to know that an internal network problem occurred. If
someone mistakenly tripped over a network cable that disconnected DNS
clusters from a router, how would the router know to drop anycast
advertisements?
(Sure, you could run zebra on the cluster. But what about if
Date: Thu, 18 Sep 2003 13:47:01 -0400
From: Keptin Komrade Dr. BobWrench III esq.
And, I might add, in the case of a highly complex anycast
application, you will need to check not only for correctness,
but for timeliness.
In a realtime system, something that is late is considered
Date: Thu, 18 Sep 2003 10:29:06 -0700 (PDT)
From: bmanning
Ick. you really believe that BGP can or should be augmented to
understand application liveness? BGP reaching past the
And why not? BGP deals in reachability information. Perhaps it
conventionally represents interface and link
On Thu, 18 Sep 2003, Keptin Komrade Dr. BobWrench III esq. wrote:
: And, I might add, in the case of a highly complex anycast application,
: you will need to check not only for correctness, but for timeliness.
All this still assumes that DNS should be trusting a single anycast location
as the
EBD Date: Thu, 18 Sep 2003 18:01:07 + (GMT)
EBD From: E.B. Dreger
EBD That's why one uses a daemon with main loop including
EBD something like:
EBD
EBDsuccess = 0 ;
EBDfor ( i = checklist ; i-callback != NULL ; i++ )
EBDsuccess = i-callback(foo) ;
EBDif ( success )
On Thu, 18 Sep 2003, John Fraizer wrote:
: As has been stated by others, UltraDNS, like the roots and other TLD hosts
: is under nearly constant attack. Perhaps your local nodes were effected
: by an attack. IE; the pipe was full but the service was still alive so the
: anycast prefix wasn't
Bill, I know you know better, so let's try more facts and less
FUD. Mmmmkay? Your above paragraph is a red herring that is
analogous to saying all multihomed services must be run on the
router itself.
yes, it does lean that way... but to expose a sigma-six
blip in how some
TV Date: Thu, 18 Sep 2003 14:22:19 -0400 (EDT)
TV From: Todd Vierling
TV Sucks to be anyone trying to use the service whose routers
TV pick those nodes as the only ones available. That's the
TV fault of the implementor, not the client.
Yes.
TV The major issue here is that no *gTLD*,
On Thu, 18 Sep 2003, E.B. Dreger wrote:
: EBD That's why one uses a daemon with main loop including
: EBD something like:
: EBD
: EBD success = 0 ;
: EBD for ( i = checklist ; i-callback != NULL ; i++ )
: EBD success = i-callback(foo) ;
: EBD if ( success )
: EBD
Date: Thu, 18 Sep 2003 11:36:37 -0700 (PDT)
From: bmanning
Bill, I know you know better, so let's try more facts and less
FUD. Mmmmkay? Your above paragraph is a red herring that is
analogous to saying all multihomed services must be run on the
router itself.
yes, it does
On Thu, 18 Sep 2003, John Fraizer wrote:
: Todd, you don't make the announcement for the anycast address from your
: border.. You do it from within the anycast cluster as a CONDITIONAL
: announcement. IE; you use a specially written BGP daemon that makes the
: announcement when the service is
On Thu, 18 Sep 2003, Leo Bicknell wrote:
A truely robust anycast setup has two addresses (or networks, or
whatever), but only one per site. From the momentary outage while
BGP reconverges to the very real problem of the service being down
and the route still being announced there are
On Thu, Sep 18, 2003 at 02:22:19PM -0400, Todd Vierling wrote:
Sucks to be anyone trying to use the service whose routers pick those nodes
as the only ones available. That's the fault of the implementor, not the
client.
I have a sneaking suspicion that if UltraDNS's tld cluster that
On Thu, 18 Sep 2003, Majdi S. Abbas wrote:
: Sucks to be anyone trying to use the service whose routers pick those nodes
: as the only ones available. That's the fault of the implementor, not the
: client.
: I think it's out of line to speculate on how UltraDNS has configured
: these
tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
an hour or two this evening, timing out on all DNS queries. Anyone else see
similar? (The hosts are unpingable and untracerouteable, so I had to use
DNS queries to determine when they were back up.)
It makes me wonder
On Thu, Sep 18, 2003 at 12:50:28AM -0400, Todd Vierling wrote:
tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
an hour or two this evening, timing out on all DNS queries. Anyone else see
similar? (The hosts are unpingable and untracerouteable, so I had to use
TV Date: Thu, 18 Sep 2003 00:50:28 -0400 (EDT)
TV From: Todd Vierling
TV tld[12].ultradns.net, the NS for .ORG, was completely
TV unreachable for about an hour or two this evening, timing out
TV on all DNS queries. Anyone else see similar? (The hosts are
I don't recall having troubles this
On Thu, 18 Sep 2003, Todd Vierling wrote:
It makes me wonder how UltraDNS got a contract to manage the domain on all
of two nameservers hosted on the same subnet, given that they were supposed
to have deployed geographically diverse (or something like that) servers.
But then, we know
On Thu, 18 Sep 2003, Christopher L. Morrow wrote:
On Thu, 18 Sep 2003, Todd Vierling wrote:
It makes me wonder how UltraDNS got a contract to manage the domain on all
of two nameservers hosted on the same subnet, given that they were supposed
to have deployed geographically diverse
CLM Date: Thu, 18 Sep 2003 05:28:05 + (GMT)
CLM From: Christopher L. Morrow
CLM Just because they hosts are on the same subnet and are
CLM apparently behind the same end device for you doesn't make
CLM them non-geographically diverse if they are really anycast
CLM pods, does it? It really
Todd Vierling wrote:
tld[12].ultradns.net, the NS for .ORG, was completely unreachable for about
an hour or two this evening, timing out on all DNS queries. Anyone else see
similar? (The hosts are unpingable and untracerouteable, so I had to use
DNS queries to determine when they were
61 matches
Mail list logo
