anycast (Re: Internet vulnerabilities)

• Previous message (by thread): Internet vulnerabilities
• Next message (by thread): Internet vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ME> Date: Fri, 05 Jul 2002 12:28:46 -0400
ME> From: Marshall Eubanks


ME> Let's go through this a little.
ME> 
ME> Let's say that you and I are running the foo service in
ME> anycast. You announce the foo IP address (say in a /24)
ME> behind your AS, I announce the same /24 behind my AS. Now, if
ME> my foo server goes down, how do my routers know to withdraw

The server must have some routing intelligence.  The simplest
case is a machine running Zebra speaking BGP or OSPF; if Zebra
is up, so is the route.  A process can monitor DNS and kill the
route if needed.

Better yet, hack Zebra.  Use Unix domain sockets and hack BIND to
send keepalives to Zebra.  Or have Zebra launch BIND (a la DJB's
daemontools) and watch for SIGCHLD or use kqueue() on FreeBSD or
OpenBSD.  Remember to apply some dampening before spewing IGP
equivalent into global tables.


ME> the announcements ? If they don't, why wouldn't people
ME> "closer" to me still try and get the foo service from me,
ME> alas, without success. That's what I meant.

Yes, shortest path wins.  That's why the routes must be yanked
when DNS dies.

If you have an internal backbone, anycast gets easier.  Hint: no
MEDs needed (or even wanted), many BGP speakers, aggregation.
Stable routes to the outside world, and your IGP deals with dead
servers.


ME> Or, are you saying that an anycast host has to be a router
ME> running BGP ? So if it goes down, so would the service and

Perhaps not BGP, but some routing intelligence.


ME> the announcements? This works for DNS, but not for the things
ME> I would like to anycast.

What would you like to anycast?


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.

• Previous message (by thread): Internet vulnerabilities
• Next message (by thread): Internet vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]