TCP and anycast (was Re: ECN)

Thu Nov 14 09:10:00 UTC 2019

> On Nov 14, 2019, at 7:39 AM, Anoop Ghanwani <anoop at alumni.duke.edu> wrote:
> RFC 7094 (https://tools.ietf.org/html/rfc7094) describes the pitfalls & risks of using TCP with an anycast address.  It recognizes that there are valid use cases for it, though.
> Specifically, section 3.1 says this:
>    Most stateful transport protocols (e.g., TCP), without modification, do not understand the properties of anycast; hence, they will fail
>    probabilistically, but possibly catastrophically, when using anycast addresses in the presence of "normal" routing dynamics.
>    This can lead  to a protocol working fine in, say, a test lab but not in the global Internet.
> 
> On Thu, Nov 14, 2019 at 12:25 AM Matt Corallo <nanog at as397444.net> wrote:
> > This sounds like a bug on Cloudflare’s end (cause trying to do anycast TCP is... out of spec to say the least),

No. We have been doing anycast TCP for more than _thirty years_, most of that time on a global scale, without operational problems.

There were people who seemed gray-bearded at the time, who were scared of anycast because it used IP addresses _non uniquely_ and that wasn’t how they’d intended them to be used, and these kids these days, etc.  What you’re seeing is residuum of their pronouncements on the matter, carrying over from the mid-1990s.

It’s very true that anycast can be misused and abused in a myriad of ways, leading to unexpected or unpleasant results, but no more so than other routing techniques.  We and others have published on many or most of the potential issues and their solutions over the years.  That RFC has never actually been a comprehensive source of information on the topic, and it contains a lot of scare-mongering. 

                                -Bill