How to tell if something is anycasted?
Peter Boothe
peter at cs.uoregon.edu
Fri May 19 00:16:04 UTC 2006
On Thu, 18 May 2006, Dean Anderson wrote:
> First, I would strongly recommend _against_ using DNS Anycast, since
> anycast does not work for stateful DNS, which is required for DNSSEC.
> Second, there are many problems involved in DNS Anycast management and
> problem tracking.
I agree with the second - it certainly does make debugging harder. I also
agree that the method I mentioned is not foolproof. But your first
statement is probably false.
We did a broad survey about 1.5 yrs ago and found that the average time
between switches was 14.4 minutes, but the median AS saw root switches
every 3 hours on average (http://www.nanog.org/mtg-0505/boothe.html)
Some ASs had severe extant routing problems, and dragged the mean a long
ways away from the median.
Because stateful DNS queries are really short lived, let's assume a flow
of ~10 seconds duration. 14 minutes is 60 * 14 seconds, and the chance
that our flow to that given root is going to overlap is 10/(60*14), or
about 1.2%. Which isn't great, but isn't too bad. If we look at the
median AS, however, then things look a lot better. Switching every 3
hours reduces that unreliability by a factor of 3*60/14 =~ 12.9, which
means that anycast reduces DNS reliability by just less than 0.1% for a
given root.
Given that the difference in reliability (according to DNSmon) between
anycasted and non-anycasted roots is 1% in anycast's favor
(http://www.nanog.org/mtg-0505/karrenberg.html), then for the majority of
ASs, anycast is a net win in reliability even for stateful DNS, as long as
the flows are short-lived.
Counter-intuitive, I agree. But it seems to be true for the existing DNS
anycast deployment on the internet (or at least was true in late 2004).
-Peter
--
Peter Boothe
PhD Student "Young man, you think you're very
Computer Science smart, but it's turtles all the way
University of Oregon down!"
http://www.cs.uoregon.edu/~peter
More information about the NANOG
mailing list