Anycast but for egress

Wed Jul 28 09:07:26 UTC 2021

>
> > On Jul 27, 2021, at 17:20, Vimal <j.vimal at gmail.com> wrote:
> > Yes, this makes sense as the destination can be anywhere around the
> world, and that routing is asymmetric as others mentioned.  However, if the
> destination service is "close" (in the routing metric sense) to the
> initiating host, anycast return IP ought to work well, right?  I understand
> this is a very important caveat and impractical to implement correctly in
> the real world.
>

No, there is no such thing as "close". You could have a direct peering with
some ISP and have them still deliver the responses on the other side of
earth. You do not control the routing of other networks and can not be sure
what they will do.

For larger networks you may also have multiple peering points. Say you have
a peering with them in city A and city B. How do you know which of their IP
ranges are closer to A or B? You don't. And the same goes for them, they
have no idea if you prefer A or B. Therefore you could select A and they
may reply to B. They may even load balance between A and B if you are
really unlucky.

Routing is asymmetric. That means you have absolutely no idea where the
replies end up going. Often it will not be what you think is "close".

I do not run anycast, but I understand that the usual way of dealing with
these issues is to do as little as possible with anycast before redirecting
to a unicast address. For example you could have just your DNS on anycast
and each site would reply with unique unicast addresses. Since DNS is just
a single pair of UDP request/response, with the first packet originating
from a unicast client, this works well.

Regards,

Baldur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210728/0dc463fb/attachment.html>