TFTP over anycast

Tue Feb 27 18:02:47 UTC 2024

Thanks to you all for your answers, it has helped me a lot already.

My design is very simplistic, I have 2 sets of firewalls that I will have advertising a /32 unicast to the network at each location and it will have a TFTP server behind each firewall.

I have no intention to have this be part of the internet as it will be used to serve internal customers devices that require TFTP
For the setup where you are running Anycast on a datacenter, are you running it inside the datacenter only or across multiple datacenters? other than having to replicate IPs and file services between datacenters have you seen any other issues?

Kind regards,

Javier Gutierrez,

Network Architect – AS19016
https://www.peeringdb.com/net/4073

Westman Communications Group

[cid:2db642a4-fcf9-40b4-a719-2afd8097f2e9]1906 Park Ave. • Brandon, MB • R7B 0R9

[cid:8862c057-cdef-45f6-a0e3-497508d0d64a]204.720.1158
[cid:6a35147d-b3b0-44cf-bc96-6822377f5231] gutierrezj at westmancom.com<mailto:gutierrezj at westmancom.com>

[A close up of a sign  Description automatically generated]<https://westmancom.com/personal>

[cid:486e0290-5d40-48dd-80eb-3be9a705b1e6]<https://www.facebook.com/WestmanCom>[cid:425d7b57-d7e3-491d-9d22-910d4072b88a]<https://twitter.com/WestmanCom>  [cid:ee77dd48-8761-498b-b45b-82b00e5bf553] <https://www.youtube.com/user/WestmanCom>   [cid:547ce68d-d61c-40e3-b150-39bff72b8d6b] <https://www.instagram.com/westmancom>   [cid:ba4751b3-edc0-484e-bb40-731ca94e8c84] <https://www.linkedin.com/company/westmancom>

This e-mail and any attachments contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than intended recipient is unauthorized and may be illegal.

________________________________
From: NANOG <nanog-bounces+gutierrezj=westmancom.com at nanog.org> on behalf of Bill Woodcock <woody at pch.net>
Sent: Saturday, February 24, 2024 1:09 AM
To: Ask Bjørn Hansen <ask at develooper.com>
Cc: nanog at nanog.org <nanog at nanog.org>
Subject: Re: TFTP over anycast

CAUTION: This email is from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe.

The system Ask is describing is the traditional method of using anycast to geographically load-balance long-lived flows.  The first time I did that was with FTP servers in Berkeley and Santa Cruz, in 1989.

I did a bigger system, also load balancing FTP servers for Oracle, their public-facing documentation stores, with servers in San Jose and Washington DC, a couple of years later.   A couple of years further on and the World Wide Web was a thing, and everybody was doing it.

                -Bill

On Feb 24, 2024, at 7:38 AM, Ask Bjørn Hansen <ask at develooper.com> wrote:

On Feb 23, 2024, at 20:32, William Herrin <bill at herrin.us> wrote:

The relay server `dhcplb` could, maybe, help in that scenario
(dhcplb runs on the anycast IP, the “real” DHCP servers on
unicast IPs behind dhcplb).

Although they used the word "anycast", they're just load balancing.

The idea is to run the relays on an anycasted IP (so the load balancer / relay IP is anycasted).

[….] Relying on ECMP for anycasted DHCP would be a disaster
during any sort of failure. Add or remove a single route from an ECMP
set and the hashed path selection changes for most of the connections.

Consistent hashing (which I thought was widely supported now in ECMP implementations) and a bit of automation in how announcements are added can greatly mitigate this.

Ask
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240227/445a5429/attachment.html>