Internet vulnerabilities
Richard A Steenbergen
ras at e-gerbil.net
Mon Jul 8 02:02:27 UTC 2002
On Sun, Jul 07, 2002 at 08:37:55PM -0400, Stephen Griffin wrote:
>
> In the referenced message, Rodney Joffe said:
> > Just as a guess, Marshall is probably thinking of using anycast for
> > something other than DNS, like http, or ftp, or telnet. And he's
> > wondering about state ;-)
>
> If you don't use per-packet type load-sharing, but something like
> per-flow, or per-src/dst-hash, then you can use anycast for protocols
> which require state (including tcp or other connection-oriented protocols,
> for that matter).
>
> Worst-case when the server you are communicating with fails, the
> connection is broken, much as it would had anycast not been in use.
I think the problem they are refering to is what happens if your routing
topology changes (or worse, flaps). A stateful connection (like TCP) which
would have stayed up during a routing change could potentially be shifted
to a different server which obviously wouldn't know the other one's state.
Perhaps not terrible for a web server and for recovering from a network
outage, but I'd imagine it would be pretty annoying if you managed to
develop a persistant oscillation.
That is why people use anycast DNS to refer the requester to the closest
server with via regular IP, based on which server the request hits. Of
course then there is no failover, but thats life. DNS is also more
scalable for doing anycast with customers. Which method to use is up to
you. :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
More information about the NANOG
mailing list