IETF Logo Mail Archive

Re: [DNSOP] Anycast and DNS questions

"Guangqing Deng" <dengguangqing@cnnic.cn> Wed, 27 August 2014 08:12 UTC

Return-Path: <dengguangqing@cnnic.cn>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D0C41A048E for <dnsop@ietfa.amsl.com>; Wed, 27 Aug 2014 01:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.67
X-Spam-Level:
X-Spam-Status: No, score=-0.67 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOpvAmEo8Dbo for <dnsop@ietfa.amsl.com>; Wed, 27 Aug 2014 01:12:35 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 64A9E1A04A1 for <dnsop@ietf.org>; Wed, 27 Aug 2014 01:12:34 -0700 (PDT)
Received: from user-THINK (unknown [218.241.103.104]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0CJtsXpkv1TQPcIAA--.8773S2; Wed, 27 Aug 2014 16:12:25 +0800 (CST)
Date: Wed, 27 Aug 2014 16:11:59 +0800
From: Guangqing Deng <dengguangqing@cnnic.cn>
To: Toerless Eckert <eckert@cisco.com>
References: <20140806114759.GF5546@cisco.com>, <25907D96-0076-417A-8DB9-41A5A178D479@ianai.net>, <20140806123205.GG5546@cisco.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7, 2, 5, 140[cn]
Mime-Version: 1.0
Message-ID: <2014082716115865363718@cnnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart280054334847_=----"
X-CM-TRANSID: AQAAf0CJtsXpkv1TQPcIAA--.8773S2
X-Coremail-Antispam: 1UD129KBjvJXoWxWw47KFWUKF1kuFyDXF1UZFb_yoWrJry5pF WkKw45CF1DGr4xCw4xZw42gw1a93s3Jay5Jry5tw1q9asIgF1xKr1jyrn5uFy7Cr4Fyw12 vrWqg3WDua1kZ3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvKb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Cr0_Gr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I 8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVCF0I0E 4I0vr24lYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4 IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwACY4xI67k04243AVAKzVAKj4xxMxkIecxE wVAFwVW8ZwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F4 0E14v26r106r1rMI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jrv_JF1l IxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxV AFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_ Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVWUJVW8JwCE64xvF2IEb7IF0Fy7YxBIdaVFxh VjvjDU0xZFpf9x07bozV8UUUUU=
X-CM-SenderInfo: 5ghqww5xdqw1xlqjqupqqluhdfq/
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/B5ddWEnIwoa0REdDhBT5IIxeuh8
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Anycast and DNS questions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 08:12:38 -0000

Just as Toerless said, the key issue of different organizations using the same anycast address is whether those organizations implement the same localization policy or not. Here, one interesting question  can be raised is what is the best localization policy for DNS? Should DNS clients visit the anycast server with the least network latency (which can be measured by RTT) or minimal AS hops or minimal router hops? In other words, the question is about what is the best assessment index for DNS system.
 


Guangqing Deng
CNNIC 
 
From: Toerless Eckert
Date: 2014-08-06 20:32
To: Patrick W. Gilmore
CC: dnsop@ietf.org
Subject: Re: [DNSOP] Anycast and DNS questions
Thanks, Patrick, inline
 
On Wed, Aug 06, 2014 at 08:10:19AM -0400, Patrick W. Gilmore wrote:
> > 
> > a) What documents beside RFC3258  are describing any uses/procedures
> >   for having DNS servers use an anycast address to receive and respond to
> >   requests ?
> 
> Dunno, but something tells me a quick BING search would return millions of answers. 
 
I carefully read the first 999,999 hits (;-) and they all where about
what i would call commercial DNS/zone services that run their own anycast cluster
of DNS server. I was wondering about variations on the scheme.
 
But a followup question coming to mind: 
 
Is it fair to say that DNS would be the prime reason for anycast addresses
injected into the global BGP routing table ?  Has anyone tried to stat that ?
Eg: counting how many global  BGP prefixes are "anycast" due to their properties,
such as availability at widely disperse nework locations without actual transit
indication in the AS path attributes (or the like, i am not a BGP expert, i am
just guessing how they could be recognized).
 
> Common? Ridiculously so, for at least 20 years.
> Well known examples?  CDNs, as you already mentioned. E.g. LLNW. 
 
Thanks for the example. Any non-CDN examples  for localized information ?
 
> > c) Any example in which the DNS servers utilizing a single shared
> >   IP address (anycast address) are run by different operators ? Any
> >   documents describing this ? (RFC3258 seems to focus on single operator
> >   anycast group of DNS servers.
> 
> How about the root servers?
 
The way i read RFC3258 it sounded as if every individual root server could
use its own anycast address across its own set of disperse DNS servers. But
i could see no indication that specific anycast addresses where assigned to be
used by root servers run in different organizations. If that is actually whats
done today, that would be good information.
 
One of the reasons of asking is trying to understand if there is a combination
of b) and c) in deployment. Eg: If some organization has some authoritative DNS data,
its easy to say: Here, i also have an IP prefix that i permit anybody to use
as the anycast for DNS serving secondaries of that. And be happy about anybody who
seconds that zone with that anycast address. Thats just performance/reliability/load-sharing.
 
Once you start leaving out the consistency of the served information AND
you allow the same anycast address to be used by different organizations,
it becomes a lot harder for any individual organization to asses whether
a client is getting the right localized information because it can come from
different organziations. Of course, i think this scheme can work if there
are specific agreements about the policies of localization across the participating
organizations, but i am not sure if this is being done, and if so, what
examples there are.
 
Thanks
    Toerless
 
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

v2.29.0 | Report a Bug | By Email | System Status