Re: [DNSOP] Anycast and DNS questions
Toerless Eckert <eckert@cisco.com> Wed, 06 August 2014 12:32 UTC
Return-Path: <eckert@cisco.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C6C81B29E4 for <dnsop@ietfa.amsl.com>; Wed, 6 Aug 2014 05:32:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gtYFExJcMLTY for <dnsop@ietfa.amsl.com>; Wed, 6 Aug 2014 05:32:07 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF741B29DE for <dnsop@ietf.org>; Wed, 6 Aug 2014 05:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2938; q=dns/txt; s=iport; t=1407328328; x=1408537928; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=VDxvOdbE8vUvvua9dvyyOcPVi9iRQKg31T2CszdgMVg=; b=W4ZwWsv1mDIUJCTRNka+CYuTo2427yXUff6P9tIzmHF9E3mBA+7970+1 fSP2pPW6K23jhBWfBQ10jqdagekJ/SS1MkVxjwWmKVR3tMP/WS5IYQ3DP gNqKvOAoUHbdLPLLuSW5yF973gzaO2oq/krIs3oS6vYROeQP/4JaBoQlr k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFAPIe4lOtJA2H/2dsb2JhbABagw3VGgGBEBZ3hAMBAQEDAToxDgULCxgJJQ8FSYhNCMNSF49MB4RLBYsTkH4BlGWDdB0
X-IronPort-AV: E=Sophos;i="5.01,811,1400025600"; d="scan'208";a="345446027"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-2.cisco.com with ESMTP; 06 Aug 2014 12:32:07 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s76CW6Bo019977 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 6 Aug 2014 12:32:06 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id s76CW5VB024585; Wed, 6 Aug 2014 05:32:05 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id s76CW5HH024584; Wed, 6 Aug 2014 05:32:05 -0700
Date: Wed, 06 Aug 2014 05:32:05 -0700
From: Toerless Eckert <eckert@cisco.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Message-ID: <20140806123205.GG5546@cisco.com>
References: <20140806114759.GF5546@cisco.com> <25907D96-0076-417A-8DB9-41A5A178D479@ianai.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <25907D96-0076-417A-8DB9-41A5A178D479@ianai.net>
User-Agent: Mutt/1.4.2.2i
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/65MedjAuqxhX6Qjkf1BmTW5ltN4
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Anycast and DNS questions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2014 12:32:18 -0000
Thanks, Patrick, inline
On Wed, Aug 06, 2014 at 08:10:19AM -0400, Patrick W. Gilmore wrote:
> >
> > a) What documents beside RFC3258 are describing any uses/procedures
> > for having DNS servers use an anycast address to receive and respond to
> > requests ?
>
> Dunno, but something tells me a quick BING search would return millions of answers.
I carefully read the first 999,999 hits (;-) and they all where about
what i would call commercial DNS/zone services that run their own anycast cluster
of DNS server. I was wondering about variations on the scheme.
But a followup question coming to mind:
Is it fair to say that DNS would be the prime reason for anycast addresses
injected into the global BGP routing table ? Has anyone tried to stat that ?
Eg: counting how many global BGP prefixes are "anycast" due to their properties,
such as availability at widely disperse nework locations without actual transit
indication in the AS path attributes (or the like, i am not a BGP expert, i am
just guessing how they could be recognized).
> Common? Ridiculously so, for at least 20 years.
> Well known examples? CDNs, as you already mentioned. E.g. LLNW.
Thanks for the example. Any non-CDN examples for localized information ?
> > c) Any example in which the DNS servers utilizing a single shared
> > IP address (anycast address) are run by different operators ? Any
> > documents describing this ? (RFC3258 seems to focus on single operator
> > anycast group of DNS servers.
>
> How about the root servers?
The way i read RFC3258 it sounded as if every individual root server could
use its own anycast address across its own set of disperse DNS servers. But
i could see no indication that specific anycast addresses where assigned to be
used by root servers run in different organizations. If that is actually whats
done today, that would be good information.
One of the reasons of asking is trying to understand if there is a combination
of b) and c) in deployment. Eg: If some organization has some authoritative DNS data,
its easy to say: Here, i also have an IP prefix that i permit anybody to use
as the anycast for DNS serving secondaries of that. And be happy about anybody who
seconds that zone with that anycast address. Thats just performance/reliability/load-sharing.
Once you start leaving out the consistency of the served information AND
you allow the same anycast address to be used by different organizations,
it becomes a lot harder for any individual organization to asses whether
a client is getting the right localized information because it can come from
different organziations. Of course, i think this scheme can work if there
are specific agreements about the policies of localization across the participating
organizations, but i am not sure if this is being done, and if so, what
examples there are.
Thanks
Toerless
- Re: [DNSOP] Anycast and DNS questions David Conrad
- [DNSOP] Anycast and DNS questions Toerless Eckert
- Re: [DNSOP] Anycast and DNS questions Patrick W. Gilmore
- Re: [DNSOP] Anycast and DNS questions Toerless Eckert
- Re: [DNSOP] Anycast and DNS questions William F. Maton Sotomayor
- Re: [DNSOP] Anycast and DNS questions Tony Finch
- Re: [DNSOP] Anycast and DNS questions Tony Finch
- Re: [DNSOP] Anycast and DNS questions Toerless Eckert
- Re: [DNSOP] Anycast and DNS questions Joe Abley
- Re: [DNSOP] Anycast and DNS questions Patrick W. Gilmore
- Re: [DNSOP] Anycast and DNS questions David Conrad
- Re: [DNSOP] Anycast and DNS questions Paul Vixie
- Re: [DNSOP] Anycast and DNS questions Davey Song
- Re: [DNSOP] Anycast and DNS questions Guangqing Deng
- Re: [DNSOP] Anycast and DNS questions Masataka Ohta
- Re: [DNSOP] Anycast and DNS questions Masataka Ohta
- Re: [DNSOP] Anycast and DNS questions Antoin Verschuren
- Re: [DNSOP] Anycast and DNS questions Andrew Sullivan
- Re: [DNSOP] Anycast and DNS questions Antoin Verschuren
- Re: [DNSOP] Anycast and DNS questions Guangqing Deng
- Re: [DNSOP] Anycast and DNS questions Masataka Ohta
- Re: [DNSOP] Anycast and DNS questions Guangqing Deng
- Re: [DNSOP] Anycast and DNS questions Chris Thompson
- Re: [DNSOP] Anycast and DNS questions David Conrad
- Re: [DNSOP] Anycast and DNS questions joel jaeggli
- Re: [DNSOP] Anycast and DNS questions Joe Abley
- Re: [DNSOP] Anycast and DNS questions George Michaelson