Re: DNS anycast considered harmful (was: .ORG problems this evening)

[Leo Bicknell <bicknell () ufp org>]

In a message written on Thu, Sep 18, 2003 at 09:57:23AM -0400, Todd Vierling wrote:
> The problem with UltraDNS, the point which many on this people are missing,
> is that at least some UltraDNS sites are advertising *all* anycast networks
> simultaneously (see traceroutes below).  Yes, all == 2 at the moment, but
> this argument holds for any value of "all".

Having just looked at this for some work functions I must agree.
A truely robust anycast setup has two "addresses" (or networks, or
whatever), but only one per site.  From the momentary outage while
BGP reconverges to the very real problem of the service being down
and the route still being announced there are issues with all anycast
addresses going to one site.

Number your sites from 1..N, have all odds announce one address, all
evens the other.  DNS servers will still use the closest (due to RTT
checking), but will now also have a backup that does not go to the same
site in steady state, but is still very close as well.  I strongly
suggest the UltraDNS people look at that configuration if they aren't
doing it now.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org

Attachment: _bin
Description: