[dnsop] Re: Root Anycast (fwd)

• Previous message (by thread): [dnsop] DNS Anycast revisited (fwd)
• Next message (by thread): [dnsop] Re: Root Anycast
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BTW, Iljitsch notes that "he is worried, but not as much as Dean seems to
be".  As I told Iljitsch, I'm not saying the sky is falling, but I am
saying there is a problem, and instead of addressing the problem, people
are just making personal attacks.

---------- Forwarded message ----------
Date: Sun, 3 Oct 2004 23:01:42 +0200
From: Iljitsch van Beijnum <iljitsch at muada.com>
To: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Cc: dnsop at lists.uoregon.edu
Subject: Re: [dnsop] Re: Root Anycast

On 2-okt-04, at 21:42, Stephane Bortzmeyer wrote:

> Troll Bot <dean at av8.com> keeps mentioning PPLB. May be some people
> more knowledgeable about BGP than I am will explain to me why PPLB is
> such a new issue for anycasting?

I have no idea how new this is, but I have to admit I'm slightly 
worried. Not to the degree Dean seems to be, though.

It is true that if you turn on load balancing over multiple paths in 
BGP and then per packet load balancing between several links, packets 
belonging to one session can end up on different anycast instances. 
(This would be harmful in the case of TCP, but TCP will probably 
recover by retransmitting. It would be quite deadly in the case of 
fragmented UDP packets.)

What can happen is this:

     A
    / \
   B1  B2
   |    |
   C    D
   |    |
   E1  E2

AS A connects to two different routers in AS B, and each of these 
routers prefers a different external path towards different anycast 
instances of AS E. In order for this to happen the paths from B to both 
anycast instances E1 and E2 must be completely identical, except that 
for one router in B one path is preferred and for another router the 
other. This will only happen if these routers connect to ASes C and D 
themselves, or if one sees a better IGP metric towards the router 
connecting to C and another sees a better IGP metric towards the router 
connecting to D.

Now the part that worries me is what's happening in .org. They only use 
two addresses in the delegation from the root, and both are heavily 
anycasted. This makes no sense at all as it effectively hides all but 
two of the .org TLD servers while there are no reasons at all for not 
making at least have a dozen others visible. End-user impacting issues 
with this have been reported (but have predictably been almost 
impossible to reproduce) but the situation persists.

Fortunately, the root operators have more sense (or inherited a better 
situation). Still, I'm not entirely comfortable with the fact that each 
of them seems to make anycasting decisions on their own. Anycast has 
many things going for it as it allows root servers to be installed in 
many more places than could be done otherwise, but it's also risky as 
more and more root servers seem to be in the same place from any given 
viewpoint, and especially from not so well connected viewpoints. 
Problems such as congestion and BGP blackholes or (temporary) BGP 
instability can then impact most or even all of the root servers.  
(Only for some places connected to the net, though.) So I feel it's 
very important to have a reasonable number of root servers that are NOT 
anycast. Preferably, those should be in locations that are far apart.

.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html

• Previous message (by thread): [dnsop] DNS Anycast revisited (fwd)
• Next message (by thread): [dnsop] Re: Root Anycast
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]