anycast DNS (Re: Internet vulnerabilities)
E.B. Dreger
eddy+public+spam at noc.everquick.net
Fri Jul 5 14:12:49 UTC 2002
ME> Date: Fri, 05 Jul 2002 09:05:44 -0400
ME> From: Marshall Eubanks
ME> - it's static - no failover. If AS 701 and AS 1239 are both
ME> announcing a route to foo, and your preferred route is
ME> "through" AS701, and the AS701 foo goes down, then you do not
ME> automatically switch over to the AS1239 foo, even if you
ME> could reach it.
???
ME> - there is no way to have multiple anycast addresses within
ME> an AS
???
ME> - load balancing is tough
Just as tough as load-balancing over different upstreams in a
multihomed network. That's all anycast really is: multihoming
with the added twist of using multiple, separate systems instead
of one.
Each system has a unique, non-anycast IP address bound as the
primary IP, allowing communication between the disjoint parts.
Secondary IP(s) live(s) in the anycast range, and is/are routed
appropriately.
You can bind the appropriate 192.175.48/24 addresses to your NSen
and run an authoritative copy of the root TLD. IIRC, Paul even
mentioned doing this a few weeks ago... I believe the thread was
on dynamic DNS updates and Win2000's broken implementation.
Think of anycast as DDoS in reverse: Instead of distributed
traffic sources, one has distributed traffic sinks. Hence the
attractiveness in surviving DDos attacks.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.
More information about the NANOG
mailing list