DNS anycast considered harmful (was: .ORG problems this evening)
Leo Bicknell
bicknell at ufp.org
Thu Sep 18 14:05:58 UTC 2003
In a message written on Thu, Sep 18, 2003 at 09:57:23AM -0400, Todd Vierling wrote:
> The problem with UltraDNS, the point which many on this people are missing,
> is that at least some UltraDNS sites are advertising *all* anycast networks
> simultaneously (see traceroutes below). Yes, all == 2 at the moment, but
> this argument holds for any value of "all".
Having just looked at this for some work functions I must agree.
A truely robust anycast setup has two "addresses" (or networks, or
whatever), but only one per site. From the momentary outage while
BGP reconverges to the very real problem of the service being down
and the route still being announced there are issues with all anycast
addresses going to one site.
Number your sites from 1..N, have all odds announce one address, all
evens the other. DNS servers will still use the closest (due to RTT
checking), but will now also have a backup that does not go to the same
site in steady state, but is still very close as well. I strongly
suggest the UltraDNS people look at that configuration if they aren't
doing it now.
--
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030918/289f30dd/attachment.sig>
More information about the NANOG
mailing list