Service provider story about tracking down TCP RSTs

William Herrin bill at
Sat Sep 1 20:54:07 UTC 2018

On Sat, Sep 1, 2018 at 4:00 PM, William Herrin <bill at> wrote:
> On Sat, Sep 1, 2018 at 2:51 PM,  <frnkblk at> wrote:
>> pointing out that a
>> single traceroute to a Fastly site was hitting two of their POPs (they use
>> anycast) and because they don’t sync state between POPs the second POP would
>> naturally issue a TCP RST (sidebar: fascinating blog article on Fastly’s
>> infrastructure here:
> Better yet, do the job right and build an anycast TCP stack as
> described here:

BTW, for anyone concerned about an explosion in state management
overhead, the TL;DR version is: the anycast node which first accepts
the TCP connection encodes its identity in the TCP sequence number
where all the other nodes can statelessly find it in the subsequent
packets. The exhaustive details for how that actually works are
covered in the paper at the URL above, which you'll have to read
despite its length if you want to understand.

Bill Herrin

William Herrin ................ herrin at  bill at
Dirtside Systems ......... Web: <>

More information about the NANOG mailing list