nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anycast (Re: .ORG problems this evening)

From: Patrick <patrick () stealthgeeks net>
Date: Mon, 22 Sep 2003 15:40:57 -0700 (PDT)

On Mon, 22 Sep 2003, David G. Andersen wrote:


Yes, I hope that UltraDNS implements something like this, if they have not
already.  It's still not a guarantee that things will get withdrawn -- or be
reachable, even if working but not withdrawn -- in case of a problem.  That
still leaves the DNS for a gTLD at risk for a single point of failure.


The whole problem with only listing two anycast servers is that
you leave yourself vulnerable to other kinds of faults.  Your
upstream ISP fat-fingers "ip route 64.94.110.11 null0" and
accidentally blitzes the netblock from which the anycast servers
are announced.  A router somewhere between customers and the
anycast servers stops forwarding traffic, or starts corrupting
transit data, without interrupting its route processing.
packet filters get misconfigured..


That's a good reason to make sure that you are anycasting from at least
two disparate netblocks, isn't it?. :-)


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
         Asking the wrong questions is the leading cause of wrong answers
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Previous By Date Next
Previous By Thread Next

Current thread: