IETF Logo Mail Archive

Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?

Töma Gavrichenkov <ximaera@gmail.com> Sun, 08 August 2021 15:08 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F5593A306F; Sun, 8 Aug 2021 08:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N0wzWt5zsBgr; Sun, 8 Aug 2021 08:08:47 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C99983A3075; Sun, 8 Aug 2021 08:08:46 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id hs10so24497316ejc.0; Sun, 08 Aug 2021 08:08:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DWtULGrkcoJbHQmIe3YS0rLEmPFx3VqSL6VJdCFtr4g=; b=h9M5ZSoDI96YxhOLqqWv2l+9ieotdLyjY2F5AX86sRUEjMqqBQwPuXjuuHoqCu2dXy BRDeIX622B6xBljwVlb05gzX2g1bCukiu3IcP2S+xMd6E8a8BVMmnyJMgwzFUxI5Wobp HpthYmrBc4wnF+xnaFLPuXiiuSueWWFd/J17sPAenxvIlkf0u0eP8jXKvI4Hjlp/UkFv GMJQ1dox6KpVNdQbVKlkQssH2K/OI64vgkhoeSl/+PQEhMHHHyrkueijNSmi8MYdm+MP McnjQjEEeHA8oTrmPqSWo+tSphooLcYisIcqb+YUuc3aI5nqVlxWTXu5nhauKHLEgW1U kkpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DWtULGrkcoJbHQmIe3YS0rLEmPFx3VqSL6VJdCFtr4g=; b=Ep9i3F+At2a5OgoM44uXK/dLADXsJOWsjDiu1K1dm7NpzYPOBhNYSjq7p48/vg8UNG Cfd/fmTxU9EIFOlnRbYhy/WgU0g/TJgBKm7cjSeEMV4FsQ8WjpZ0PjSU9XQq0WTaOEr9 4PM/DJxE5knk7/mFHD343yamGrV1GGyPtAS+PtuL/KEzF1Se1S8urLSDrsv+IQR4PWnZ 29TkBtrfBzHmRe6xTKsRry5AL4EfBzHFzAMOO0rQrRSDo/3EjERU9d07JR/RLOzqmF/B 5TeN4gFNci2z+z7wTjnKtl97zRRjFg1VdVAl2r759BIryChkTUgmlpQSqSIYXuccv/pT WL3Q==
X-Gm-Message-State: AOAM533Sv7Fni6Ch2FTN3HAsUKJOsZjp2OEwg5iacnB2rLqX8djKlez3 8VXeT5xnNxdlSeeNLbx+JEFTehfil3yY9t08dwE=
X-Google-Smtp-Source: ABdhPJyECe9RY8Mfopb3CXkwA83QH/3D4HWkn0U793Z/zrz/Z4IUTGtz54mKPGFq3Z5FR355MpJi2lMK6ktyQJe3E1U=
X-Received: by 2002:a17:906:318b:: with SMTP id 11mr5062260ejy.493.1628435324237; Sun, 08 Aug 2021 08:08:44 -0700 (PDT)
MIME-Version: 1.0
References: <db8c1a5534e9412ebcfa37682d75f862@huawei.com> <C23D7023-B5B7-47C6-8AC5-65A98822A724@lurchi.franken.de> <CANMZLAZGawUjRhSSE_rA8AyqMx=mx1WFeJ_tZq0KVEXJd2XBfQ@mail.gmail.com> <20210807014730.GA28901@faui48f.informatik.uni-erlangen.de> <CAO42Z2yezZh5-B0PwCuNt2FUMAW-FjMK8QZ8uL4TsPhs26zziw@mail.gmail.com> <20210807151716.GA3098@faui48f.informatik.uni-erlangen.de> <CALZ3u+a_7XQ+R8mV+9KzwRwxa0riP-QD_2R69ycV0NL9jy_S3Q@mail.gmail.com> <20210807175410.GA63079@faui48f.informatik.uni-erlangen.de> <CALx6S36b33LD_hNFvptOJuny4g98=dhq3RtKsGeLx3ks-yYjFg@mail.gmail.com> <6F63D7FE-8768-4BD8-846E-61E50E44228F@lurchi.franken.de> <CALx6S36pbw2angEmDpu5DnX2nix9KgxFs7ExU17x+JXQFs23TA@mail.gmail.com> <CALZ3u+Yt2X3faSVW7K0eaxmaQy6iA6p4=f0c4E_F4CP0tfjHYw@mail.gmail.com> <CALx6S343sL0=5wUTRSXMnhSamjTTZU=DzA9Y+dbJ4NRTu0_83w@mail.gmail.com> <CALZ3u+ad6Cecp4T+wfuKVJ4ZmnQvaCSX2njFPCN8DuctrU6uew@mail.gmail.com> <CALx6S37u=y1wX8+6d8aX-6=N1MFEqO9RwxQN5zhZnS4DLM8DcA@mail.gmail.com> <CALZ3u+bHbsdzQsHOHx-6nEe6yQBbHMDhH9_PWB=WHTchB8tj5w@mail.gmail.com> <CALx6S36MpCOh2mR+cfM__ASTdn9c4CuhxUrCnUgEv1WhORLyRg@mail.gmail.com>
In-Reply-To: <CALx6S36MpCOh2mR+cfM__ASTdn9c4CuhxUrCnUgEv1WhORLyRg@mail.gmail.com>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Sun, 08 Aug 2021 18:08:30 +0300
Message-ID: <CALZ3u+YmRk+VoWevKMqW3tdk1-CCGAET-GeLYjwnC5=_yFzHtA@mail.gmail.com>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
To: Tom Herbert <tom@herbertland.com>
Cc: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>, 6man WG <ipv6@ietf.org>, IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000a7a3105c90da5ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/7cMWKfDY2p_vik8MHhr448vbL3E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Aug 2021 15:08:52 -0000

Peace,

On Sun, Aug 8, 2021, 5:40 PM Tom Herbert <tom@herbertland.com> wrote:

> For instance, DNS can return different addresses to users in different
> geographic regions, mirrors have long been used for file download.
>

I want to highlight that because this is important.

There surely are methods to distribute endpoint addresses in such a way
that the client would have options on which endpoint to choose: the one you
advertise to the IPs in the client's region, or the one you advertised to
them w weeks ago, or the one the client has obtained via collaboration
(read C2C) with clients in other regions, et cetera.

But anycast is the only way to distribute the address(es) in such a way
that the client has _no_choice_.

And this is crucial in DDoS mitigation because otherwise you leave the
control over your traffic engineering to the attacker.  The resulting
complete downtime is just a matter of time then.

--
Töma

>

v2.23.0 | Report a Bug | By Email