IETF Logo Mail Archive

Re: Generic anycast addresses...

Mark Smith <markzzzsmith@gmail.com> Fri, 31 May 2019 02:25 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5366412006E for <ipv6@ietfa.amsl.com>; Thu, 30 May 2019 19:25:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvW8f_2hOYIi for <ipv6@ietfa.amsl.com>; Thu, 30 May 2019 19:25:31 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61ABF120019 for <6man@ietf.org>; Thu, 30 May 2019 19:25:31 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id v25so6024177oic.9 for <6man@ietf.org>; Thu, 30 May 2019 19:25:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=U/eewdSpsZFUa0x5OCNndJPBtLsC3ZtyvQ15q/KGlYs=; b=R9Lv0Mu/nnBP8V5UPURNVpiuR/HLrqAjaCwJ4UiPEI4OlwYqInoAOs8y82hHvCCVsq 8tf4NhQ6l57PPJGuyrnc8/zlQ+T20L6VEYu79g4PiSeDuRQJDGyf2j/KyeTZBsVonrGs Qr9fcQxuWSeZ0Y2bNFkXOpyCvvooFG5REdiPEvxVo9ui3oTZ7wNIJIMtrt/Le7yoM+jf f7ZO5nBh2g3YWJmjWJkW/J/dasMwTZKzjSEI/Uaif6GvuuFjHj5OFKJIY4aKa3OnYM1j mrP2tB2mNpyOiqGIqB3LCsHJDYviH6+IOUNdUqEEB86xBEg+pUpQ1hCMuNeP3Hz5i9W1 l2YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=U/eewdSpsZFUa0x5OCNndJPBtLsC3ZtyvQ15q/KGlYs=; b=RORinvm/my6kHi65SS2kpZon/9nr5cqNAQp0ZykAutq0kbZOeucjKX7upEOx3VQ4XH eVY9dp4tDsX0GhQE5OHGlQLn+N7fzBCKUu6bokpvUa253tWes5L7nJo2aOzE9LWzjH6p x38cGCBKcUVW2RePOuvk+drfcVN+E3n/ivNF8vW2PoXKB2qHdxy0Ff6/NsjbZjfrVUpJ mncj/iLcGjKYFn313dbqlG/DoKRsmc8c4rQBWD6uzDc3B+PfwyDsyv2VnSERIS5mTMxR VFp0ipT89i2ipxFnb+oSNhw8RHBf8UB5k3Rx8CnjTuvN5Q0R51c3/nLPjz/G83uS/dKD f76Q==
X-Gm-Message-State: APjAAAXFnmmT3si8X+dfERz1qKAFE7lFBVShgMfqM0klCT0fQGmHPcLR 5K7paNz0TtNYvGTVYSkZx7Gg2XRbnT+SdBdTkHI=
X-Google-Smtp-Source: APXvYqy0T6yT3J5+urCVo6h2CeNUkhAMgperQo5T9AL2SzhZdFrZn+HezHH7/awjby/uY1Zro5UA57yQCRvXXl6lic0=
X-Received: by 2002:aca:5591:: with SMTP id j139mr4769210oib.38.1559269530593; Thu, 30 May 2019 19:25:30 -0700 (PDT)
MIME-Version: 1.0
References: <7A9560FC-0393-45DF-8389-B868455AC6DD@fugue.com> <20190530005734.7d2alod2zoaemmhc@faui48f.informatik.uni-erlangen.de> <D6E27B45-437F-45BE-A305-47DD460BCE02@fugue.com> <26144.1559226966@localhost> <1DD451A7-D898-4105-974C-53776A3DA9F2@fugue.com> <20190530152902.l2nmyhadr4e4kt7x@faui48f.informatik.uni-erlangen.de> <0FF19D6D-1A45-41EF-BE34-CC35B5E51E1E@steffann.nl> <D91629F6-73AC-4A80-80EF-16644F73DA36@fugue.com> <701687d4-842c-6a16-3c97-349125324e3f@gmail.com> <D648647D-60E1-4DCE-B0BE-11002E0AE5A4@fugue.com> <20190530220838.g2hshonsjxmfnd55@faui48f.informatik.uni-erlangen.de> <632BE7EC-26A6-44E9-9CCD-F0AE143D4256@fugue.com> <AF1967FC-526D-47FB-98BE-F9B949F26796@steffann.nl> <CAO42Z2yY=z-wKCUaCYZqJLHfT+LdyDOWz9bLG8QTh9C8sJCx3g@mail.gmail.com> <F3E48F41-DED1-4D5D-AEC1-A01356D4110B@fugue.com> <CAO42Z2xXbwUd6G2EZcUvPStP8acyM=Dt8n-R=Cdpra+wMwWf3Q@mail.gmail.com> <F1401F04-550E-41EA-880E-F66D464B3554@fugue.com>
In-Reply-To: <F1401F04-550E-41EA-880E-F66D464B3554@fugue.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 31 May 2019 12:25:03 +1000
Message-ID: <CAO42Z2xHJK=fRebZEk5yXZz59gBOtrDdf6kVH3Y4hp=iZDC_Rw@mail.gmail.com>
Subject: Re: Generic anycast addresses...
To: Ted Lemon <mellon@fugue.com>
Cc: Sander Steffann <sander@steffann.nl>, Michael Richardson <mcr+ietf@sandelman.ca>, "6man@ietf.org" <6man@ietf.org>, Dave Thaler <dthaler@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LIrvszzR3kFet05jcPtkKRRmJGQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2019 02:25:33 -0000

On Fri, 31 May 2019 at 11:18, Ted Lemon <mellon@fugue.com> wrote:
>
> On May 30, 2019, at 5:05 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
> > Adding, even if both upsream/parent NSPs are providing DNS resolver service with the same NSP scoped anycast address (because it will be a generic NSP scoped DNS resolver address), the downstream customers' routing will pick only one of them to use.
>
> This might be dysfunctional.  Sometimes if you query the DNS server for one upstream and then use the answer on the other upstream, the results will not be the same, and might be quite suboptimal.   That said, this isn’t likely a problem with the real point you are making, so I only mention it for completeness.
>

It's a fault you report to the ISP as they're not providing a properly
working DNS resolution service.


> > Similar to multicast, what I've proposed supports embedding a unicast /64 prefix. The all-zeros /64 is used as "unspecified".
> >
> > So in this scenario, both NSPs would advertising the same generic NSP scoped anycast DNS resolver address with an all zeros /64 part - and likely such a well-known anycast address that it could be a factory default for devices. They may also each advertise an NSP scoped anycast DNS address which embeds one of their GUA /64s.
> >
> > So a customer could leave the choice of which NSP's DNS resolver they use entirely up to their routing system by using the generic DNS anycast address, which would be the default, or they could prefer only one of their NSP's DNS anycast resolver services by configuring their hosts to use that NSP's specific anycast DNS address that includes the NSP's chosen GUA /64.
> >
> > They could go further and configure the second NSP's specific NSP scope anycast DNS resolver address as a second DNS entry on a host to get NSP independent DNS redundancy, if the first and preferred NSP's DNS anycast resolution service isn't considered reliable enough.
>
> This isn’t actually the use case that I’m talking about—I’m a bit puzzled.  Here you are configuring the anycast address just like a regular IP address.

Only if you want or need to.

>  The use case I need is for a well-defined anycast address that does not need to be discovered.   So while what you are doing may be useful, it doesn’t have anything to do with my use case.

https://tools.ietf.org/html/draft-smith-6man-form-func-anycast-addresses-00#section-5.1

5.1.  Features

   o  Provides separate globally well known and local network defined
      anycast function or service identifier spaces.  Globally well
      known identifiers can be encoded in applications during their
      development as constants, avoiding the need for them to be
      specified and configured during deployment of the application.

>  The reason I was pointing out that your scoping model didn’t work is that I didn’t understand that you intended to use different anycast addresses for different ISPs.

It's both.

There is a generic one that all are likely to ISPs would provide.

Using the draft's format (note there is an error with the scope
position in the draft, fixed in next revision),

- 0xaa - 8 bit Formal Anycast Prefix
- 0xb - 4 bit Vislble Scope: Network Service Provider
- 0x0 - 4 bit Anycast Identifier Format: Functional Anycast
- 0x:: - 64 bits Anycast Domain Prefix: 64 bits of all zeros,
indicating unspecified prefix
- 00b - 2 bits reserved, set to zero
- 00 0000b - Prefix-Length: 6 bit prefix length, all zeros having
special meaning of 64 bit prefix length
- 0000 0000b - Flags: 8 bit flags, 1 defined, T meaning Transient in
high order position i.e. non-IANA assigned (i.e. same as multicast
flag T meaning)
- 0x0 - Local Instance: 8 bit field available to local anycast domain
to allow instances or versions of the service to be included in the
address. zero by default. Can be used to extend following Anycast
Function Identifier to 32 bits in the anycast domain identified by the
Anycast Domain Prefix.
- 0x000053 - Anycast Function Identifier: 24 bit function identifier.
IANA assigned in this case because the T bit is not switched on.
Assume 53 (actually 83 in decimal).

Compressing all the zeros (common default values chosen to be zero for
that purpose), an ISPs would announce into their routing domain (and
to customers via eBGP):

aab0::53/128

This would be the default embedded in the code of DNS resolvers.
Following the formula, ISPs should all arrive at that value, however
there probably would be value in an IANA registry or similar
documenting it to minimise formula following errors.


The ISPs might also respectively provide their own unique Functional
Anycast addresses by embedding one of their GUA /64s as the Anycast
Domain prefix:

So ISP A also announces:

aab0:2001:db8:0:a::53/128


ISP B also announces:

aab0:2001:db8:0:b::53/128



With each of the following customers being multihomed to both ISP A and ISP B:

Customer A might be happy with the default, so they leave hosts' DNS
resolver clients address as the default of aab0::53. It's
plug-and-play, no configuration required.

Customer B might want to always use ISP A's DNS resolver, so they
replace the default of aab0::53 with aab0:2001:db8:0:a::53.

Customer C might want to use ISP B's DNS resolver, but fall back to
ISP A's if ISP B's fails, so they replace the default of aab0::53 with
two entries in order, aab0:2001:db8:0:b::53, aab0:2001:db8:0:a::53.


(Instead of announcing specific anycast /128s, an ISP could announce
an aggregate route for all of their specific anycast domain services
e.g. ISP A above would announce aab0:2001:db8:0:a::/80).

So ISPs announcing both the generic well-known DNS anycast address,
and their own specific versions, allows their customers to leave the
default in the DNS resolver client code, or override it to suit their
preferences as to who they get the anycast DNS service from.

Is that clearer?

Regards,
Mark.


> For that use case, there’s no need for a special scoped anycast address—each ISP can simply allocate an IP address or IP addresses and configure their routing to treat them as anycast addresses.   There are problems with this, but these problems are already discussed e.g. in RFC 7094.
>
>

v2.23.0 | Report a Bug | By Email