IETF Logo Mail Archive

Re: Generic anycast addresses...

Toerless Eckert <tte@cs.fau.de> Thu, 30 May 2019 20:32 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E11A120136 for <ipv6@ietfa.amsl.com>; Thu, 30 May 2019 13:32:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEIAzqNrj1K2 for <ipv6@ietfa.amsl.com>; Thu, 30 May 2019 13:32:51 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C06C6120182 for <6man@ietf.org>; Thu, 30 May 2019 13:32:42 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 715A554890C; Thu, 30 May 2019 22:32:38 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 5F7A4440041; Thu, 30 May 2019 22:32:38 +0200 (CEST)
Date: Thu, 30 May 2019 22:32:38 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Fred Baker <fredbaker.ietf@gmail.com>
Cc: Ted Lemon <mellon@fugue.com>, "6man@ietf.org" <6man@ietf.org>, Dave Thaler <dthaler@microsoft.com>
Subject: Re: Generic anycast addresses...
Message-ID: <20190530203238.gido4wiemzwghuco@faui48f.informatik.uni-erlangen.de>
References: <D22E680C-3EE3-4AD7-90C0-9339DA2E5A29@fugue.com> <BN6PR21MB04978DB375C05CB3CE4C914EA31F0@BN6PR21MB0497.namprd21.prod.outlook.com> <4EF97F31-1F39-4150-B044-955C46E96FB4@fugue.com> <20190530002833.wfvjfbj2lv2ig664@faui48f.informatik.uni-erlangen.de> <AA201EA5-5FE1-418A-A574-3A73ED305F47@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AA201EA5-5FE1-418A-A574-3A73ED305F47@gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Reip7Lb0NYarS1a4APoIkqlR948>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 20:32:53 -0000

Thanks Fred.

The scenario you describe is in principle what i think is the
right direction - using the routing control plane to define scope/zones
of addresses and their policies. Except that we haven't tried to
explicitly add features to routing protocols yet that are solely
for this anycast purpose. Not sure exactly what type of feature
might improve the zone boundary situation you're describing though.



On Thu, May 30, 2019 at 10:50:01AM -0700, Fred Baker wrote:
> I second the observation. I'll add a bit: in anycast deployments for DNS, scope is handled using BGP, and is measured in policy hops, not router interfaces. My context here is that I am associated with ISC, which operates one of the DNS root services and is an anycast operation.
> 
> The issue I see is that not all servers are equal even within an anycast service. Without naming names (although there are many that could be named), imagine this scenario: there is an instance (call it "A") that is generally reachable through some domain, perhaps Central Asia, and there is some other instance (call it "B") that happens to be located in that domain but by policy only serves a smaller area, such as the systems located in a data center. Within the locality, the anycast instance near B announces its route with the community "No-export", meaning that it may be distributed freely in IBGP but is not to be exported in EBGP to a routing neighbor.
> 
> In that scenario, now place two users of the anycast service (which I will call "a" and "b" respectively) on either side of the dividing line between A and B. In routing, a will access the service at A, and b will access the service at B, even though they are each at most one routing hop from B and perhaps many EBGP hops from A.
> 
> From my perspective, this proposal would appear to work well in the Internet as it existed in 1983, but by acting in ignorance of the routing policy in force, fails dramatically at any time after the development of BGP.
> 
> I might suggest soliciting the comments of current operators of anycast services.
> --------------------------------------------------------------------------------
> Victorious warriors win first and then go to war,
> Defeated warriors go to war first and then seek to win.
>      Sun Tzu
> 



-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email