Cogent --> Google Public DNS routing issue
Dennis Burgess
dmburgess at linktechs.net
Wed Aug 17 16:27:35 UTC 2011
The .129 is our peer to cogent, it just drops the traffic now..
Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.25.0.1
2 1 ms 1 ms 1 ms 10.250.0.129
3 10.250.0.129 reports: Destination host unreachable.
Trace complete.
-----------------------------------------------------------
Dennis Burgess, Mikrotik Certified Trainer
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
LIVE On-Line Mikrotik Training - Author of "Learn RouterOS"
> -----Original Message-----
> From: David Miller [mailto:dmiller at tiggee.com]
> Sent: Wednesday, August 17, 2011 11:02 AM
> To: nanog at nanog.org
> Subject: Re: Cogent --> Google Public DNS routing issue
>
> On 8/17/2011 9:13 AM, Patrick W. Gilmore wrote:
> > On Aug 17, 2011, at 1:07 AM, Christopher Morrow wrote:
> >> On Wed, Aug 17, 2011 at 12:09 AM, Robert Glover<robertg at garlic.com>
> wrote:
> >>> Hello,
> >>>
> >>> We have noticed that from our Cogent link (as well as from ALL
U.S.
> >>> based points we tested via the Cogent Looking Glass:
> >>> http://www.cogentco.com/en/network/looking-glass), traceroutes to
> >>> 8.8.8.8 and 8.8.5.5 all seem to go over to Europe:
> >> 8.8.5.5 ain't the driods you are looking for...
> > In the traceroute appended to the original post, he did trace to
8.8.4.4.
> >
> > While it did go all over, I don't see the problem - it got to the
destination
> host.
> >
> > Anycast is OK for some things, but it depends on BGP. BGP has zero
> concept of latency, loss, or geography. Expecting anycast to
guarantee an
> optimal path or location is a grave error.
>
> There are two basic types of anycast:
> 1. Simple anycast - announce an anycast prefix to whoever/wherever in
> more than one location.
> 2. Global anycast + careful configuration - announce an anycast prefix
to
> particular providers at specific geographically disparate locations
and using
> other options to achieve geographic and/or performant inbound traffic
> distribution.
>
> Perhaps we need a new term for 2.
>
> Google is clearly attempting to implement 2 and not 1 for their
resolving DNS
> service. Based on Google's claims of speed (and my testing of their
response
> times), they have either found a way to exceed the speed of light with
> packets or they are managing to keep most of their traffic "local ish"
to the
> requester.
>
> To say that anycast "relies on BGP" and therefore expecting an optimal
path
> is an error - is disengenuous (I want a better word, but this one will
do). The
> internet as a whole "relies on BGP" and yet we expect mostly optimal
paths.
> While it is true that BGP has no capacity to account for latency or
loss, IGPs
> which can take into account these factors end at the borders of
networks
> (where prefixes are passed using BGP). This is what makes up the
"inter
> net".
>
> If you were tracing from a host in Ashburn to a unicast host in NYC
and your
> path passed through San Jose, then you would say that was an issue.
The
> same would be true with an anycast destination address.
>
> As to geography, IGPs don't have a concept of geography either. A
router in
> NYC doesn't know or care that the router at the other end of a link is
in CHI.
> All it knows is the prefixes that it gets from that router and metrics
to choose
> a best path for them. BGP combined with "proper" (i.e. distributed)
peering
> of networks does provide performant paths for traffic. In an anycast
> configuration the "careful configuration" is selecting providers to
announce
> anycast prefixes to and communities that you put on the prefixes to
control
> redistribution.
> Global anycast + careful configuration can and does provide mostly
> performant paths and a very high level of geographic fidelity -
though,
> granted, not "guaranteed" (at least not guaranteed at a higher level
than
> unicast prefixes).
>
> You can't "guarantee" performant paths ever (regardless of anycast or
> unicast) if any path between the source and destination crosses the
border
> between two networks because some networks will choose a "primary"
> upstream (single homed or heavily pref'ed) that only picks up a prefix
in a
> particular area and sends all of the traffic there. The originator of
the prefix
> can depref that provider to try to influence path selection, but some
> networks will doggedly prefer to send packets to that network despite
the
> efforts of the originator. The only thing to do then is to ask why
this network
> selected that particular upstream and then to explain to them why that
might
> not have been the best choice, if they want performant paths...
>
> > The possible reasons for this are nearly innumerable. Perhaps
Congent<>
> Google is congested in the US so one or the other prefers EU? Perhaps
there
> is some IGP metric messed up inside Cogent that prefers the EU?
Perhaps
> more nefarious problems, such as Google de-peering Cogent in the US?
Etc.,
> etc.
> >
> > You may be able to find out if you look, and you may not (I didn't
even try).
> But even if you do figure out the answer, you can't fix it. Only
Cogent and/or
> Google can.
>
> My traces show all the Cogent locations in the US that I traced from
going to
> Telia in EU and then to Google.
>
> My traces from Telia locations in the US all (properly) reach Google
> destinations in the US.
>
> So, Cogent is only receiving/using/preferring these two prefixes from
their
> peering(s) with Telia in EU.
>
> As to the root cause of that... only the players in that game can say.
>
> >
> > Moreover, you can see things like this with anycast even when there
is no
> problem!
> >
>
> The OP believes that it is a problem. You *can* see this with
anycast, but I
> would say that this *is* a "problem" (for my definition of "problem"
which
> admittedly may be different from others). There are many potential
> solutions to the problem, the most obvious is for the OP to stop
preferring to
> send traffic to these prefixes over Cogent.
>
> To the OP: I have to wonder what factors were used to decide "primary"
> vs "backup" provider. If "price", then you should expect issues with
less
> performant routing. If "quality", then what measures were used to
> determine a "quality" ranking? I am also curious as to who the
"backup"
> is (but that is just morbid curiousity).
>
> -DMM
>
More information about the NANOG
mailing list