BGP and anycast

hardie at equinix.com hardie at equinix.com
Tue Jan 30 17:43:15 UTC 2001


Swede,
	The anycast hack is pretty well understood, but it has some
serious limitations.  As both drafts note, the same AS must be used to
announce the route (either because a single administrative entity
truly controls all instances, or in a shared-control environment).
You also must be wary of deploying services on the shared unicast
address which require TCP.  In the current draft-ietf-dnsop-hardie,
that's stated this way:

  One potential problem with using shared unicast addresses is that
  routers forwarding traffic to them may have more than one available
  route, and those routes may, in fact, reach different instances of
  the shared unicast address.  Because UDP is self-contained, UDP
  traffic from a single source reaching different instances presents
  no problem.  TCP traffic, in contrast, may fail or present
  unworkable performance characteristics in a limited set of
  circumstances.  For split-destination failures to occur, the router
  forwarding the traffic must both have equal cost routes to the two
  different instances and use a load sharing algorithm which does
  per-packet rather than per-destination load sharing.

	You don't describe the nature of the services you plan to
deploy, but unless it is the DNS, I would be concerned about your
taking too much guidance from my draft.
				regards,
					Ted Hardie



> 
> 
> Thanks for the reply!
> 
> Well, I'm actually trying to "stretch" the rules of
> unicast and go to anycast. The point is to have
> several places on the internet replying to the same
> addresses. I'll mirror the same services in these
> places (on a /24 that is allowed through filters).
> 
> Masataka Ohta pointed me in this direction (you better
> be quick, they seem to be about to expire)
> * draft-ietf-dnsop-ohta-shared-root-server-00.txt
> * draft-ietf-dnsop-hardie-shared-root-server-02.txt
> If I understand these correctly I wasn't too fare away
> on my first guess. *Except* that the "uniquely
> routable addresses" should come from nearest upstream
> (which mean they could be longer than /24).
> 
> Does anyone have any more pointers on this matter
> (maybe examples on CCO :)?
> 
> Guess it's time to sign up on the lab reservation
> list...
> /Swede 
> 
> --- Mike Schoenecker <MSchoenecker at yipes.com> wrote:
> > 
> > If I understand this correctly you are trying to
> > advertise one /24 out to 2
> > separate providers on the internet.
> > If this is the case you will need to make sure that
> > the 2 providers in this
> > scenario are the same and will allow you to
> > advertise smaller subnets of
> > this block.  If you advertise the same block out of
> > 2 separate regions BGP
> > will not know where to send traffic.  BGP will
> > select the most specific and
> > route to this destination.  If there are 2 similar
> > advertisements there will
> > be routing anomalies. If you are trying to connect
> > the sites together [ one
> > subnet ] across the internet, the best way to do
> > this is to establish a VPN
> > between sites and advertise the entire /24 out of
> > one region and share the
> > subnet between regions over the VPN.  The points of
> > the VPN will need to be
> > of public address space that is either advertised or
> > routed to you from your
> > provider.  Netscreen has a solution for this.  This
> > will enable you to
> > receive traffic destined to your network at one
> > location and forward the
> > necessary traffic across the internet to your other
> > region over the VPN.  I
> > have found it very difficult to get anyone to listen
> > to advertisements less
> > than a /24 this is why I suggest that the carrier
> > between regions be the
> > same it would be easier to get them to satisfy this
> > request. I thought of
> > the use of IBGP but you will still experience the
> > same issues of
> > reachability i.e the transit carrier would need to
> > advertise no less than
> > the /24.
> > 
> > Hope this helps
> > PS. get Internetwork Routing Architectures by Cisco
> > it is the best book on
> > BGP.
> > 
> > -----Original Message-----
> > From: owner-nanog at merit.edu
> > [mailto:owner-nanog at merit.edu]On Behalf Of
> > Swede
> > Sent: Monday, January 29, 2001 5:18 PM
> > To: nanog at merit.edu
> > Subject: BGP and anycast
> > 
> > 
> > 
> > How does one announce the same net (with the same
> > origin AS) from different places on the Internet? Or
> > should the "anycast" networks be announced from
> > different origin AS:es?
> > (Can't find "anycast" setup in my BGP for
> > Dummies<tm>)
> > 
> > ----------------------------------------
> > AS12345
> > IGP
> > (announces net 1.2.3/24 among others)
> > Connected to several major networks (P, Q, W, Z)
> > ----------------------------------------
> > Isolated* site 1 (one unique routable net and
> > 1.2.3/24)
> > Router connected to a major network X, announced as
>> > AS12345
> > ----------------------------------------
> > Isolated* site 2 (one unique routable net and
> > 1.2.3/24)
> > Router connected to a major network Y, announced as
> > AS12345
> > ----------------------------------------
> > * Isolated - No contact to main AS via IGP, tunnels
> > or
> > telepathy
> > 
> > So when communicating among the sites (doing zone
> > transfers etc) I use the unique routable network...
> > piece of ca...
> > ...but won't my BGP routers at the different
> > locations
> > be a bit puzzled when they see the announcements
> > from
> > another AS12345 for my unique networks (and more so
> > for the anycast)?
> > The config above does seem to break the concept of
> > an
> > AS.
> > 
> > Feel free to bash my Yahoo mail if this post is
> > utterly stupid or seems way out of scope
> > /Swede - still among the clueless  aka Anders Plym,
> > presently without *real* mail access
> 
> 
> 
> 
> 
> __________________________________________________
> Get personalized email addresses from Yahoo! Mail - only $35 
> a year!  http://personal.mail.yahoo.com/
> 





More information about the NANOG mailing list