Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
Töma Gavrichenkov <ximaera@gmail.com> Mon, 09 August 2021 10:48 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 337043A0805; Mon, 9 Aug 2021 03:48:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUnwkPprKNkf; Mon, 9 Aug 2021 03:48:08 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 806B23A0802; Mon, 9 Aug 2021 03:48:08 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id d11so3704506eja.8; Mon, 09 Aug 2021 03:48:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xcBJV06Zd+mAOWFQVbMB12cLGe0nyGJpC0ogjq8wvI4=; b=aaCRLa9XPQ6asr1X9fUouEKcVPwFXbP8Dr09qRrTaODeatx5FhIRHWZah4S/gDcZNm nN/44/pvS7jhoECA/pwkmk8KbAOjDhUIUc2NamWFlv/GWHKtwS6S2ZTDzQDJtQFtEYqY nSU77Zhh/MiIcygkRBPp0Z1r15fr374nXz5CkpVEJO1eL7jLEh9Wn7cKYvzMu+rhBZlo o/SyzEZ619TG7Y35zcvIxVVVotz1Hnzgw47yi2SpN6qkJhE+lm475EH5esMJ4SMMMnWe rIXNVkXhFRb7irCiUN9qnnN+g6A5P/PLZmAXzSi6gmqGnHTNpBAUE2IlERziW4S8XocM AqxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xcBJV06Zd+mAOWFQVbMB12cLGe0nyGJpC0ogjq8wvI4=; b=OerBDV9WbNqrSe7gYsHWkKzMWs6V93cRg03ob6dMvjwuYPjib0GqkPqvS02P0v7JwY abAgIQKP8f+mW0YLMq8Xfsbar/b3KH6REDaXnV24hJvskZTjCdRmAhjEqinmCvIIiM62 iNjr9+kvOssnZyo7uBG4mE9AhHJ0RN4nkvBobf1P1Hi2Pqb+TowlhddGaIRN63XCu1i4 cwjs1pSiFlFnHEqyNSMHR0JE9M68jgZSLRY1B6DjW9yzfKWl5eulLBlKWYPnrCTU1y1b 4zJ3o3rdKERBAlkHtiQYVkHpETA1CtYGHMFWDusteaWAIbbJ/8Ee98kdp3cHNp7UdcTt P6HA==
X-Gm-Message-State: AOAM533pe82tofQtf6XkvAmzk6FTwA20TIqf4v/eTF7TjlJMnXnzD7Ay OkMrqg2kOEflqlwTFEiD1kznn/u//SRU9zm6bZ4=
X-Google-Smtp-Source: ABdhPJxWfiA1/9dSUO/HphopFeTFBtIAgBmmXwP+uSSUxCeyYVVqiXWzRim+zCGxs/Ca+UR5A0je/xt/7G+ieGwH3dw=
X-Received: by 2002:a17:906:c087:: with SMTP id f7mr21560962ejz.487.1628506085498; Mon, 09 Aug 2021 03:48:05 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S36pbw2angEmDpu5DnX2nix9KgxFs7ExU17x+JXQFs23TA@mail.gmail.com> <CALZ3u+Yt2X3faSVW7K0eaxmaQy6iA6p4=f0c4E_F4CP0tfjHYw@mail.gmail.com> <CALx6S343sL0=5wUTRSXMnhSamjTTZU=DzA9Y+dbJ4NRTu0_83w@mail.gmail.com> <CALZ3u+ad6Cecp4T+wfuKVJ4ZmnQvaCSX2njFPCN8DuctrU6uew@mail.gmail.com> <CALx6S37u=y1wX8+6d8aX-6=N1MFEqO9RwxQN5zhZnS4DLM8DcA@mail.gmail.com> <CALZ3u+bHbsdzQsHOHx-6nEe6yQBbHMDhH9_PWB=WHTchB8tj5w@mail.gmail.com> <CALx6S36MpCOh2mR+cfM__ASTdn9c4CuhxUrCnUgEv1WhORLyRg@mail.gmail.com> <CALZ3u+ZyQKUJc__HWu6drNyLSCJJ8bOsLfg1B18xwB9+HMe8GA@mail.gmail.com> <CALx6S366bXkCsyEkWCONBX5kcB9JzHU=aNF9hd+wT9FcTdShFw@mail.gmail.com> <CALZ3u+aP=v_1=w1xqfEKof7Cc6Ba3pwOYV3O=0b=NxS4hRWhiA@mail.gmail.com> <YRBdZrKV+MrrhUCG@mit.edu>
In-Reply-To: <YRBdZrKV+MrrhUCG@mit.edu>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Mon, 09 Aug 2021 13:47:53 +0300
Message-ID: <CALZ3u+aBdE3Bw3_ry+CuV4tS016c4mWewJFpr0aCbBnwj70Vzg@mail.gmail.com>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
To: Theodore Ts'o <tytso@mit.edu>
Cc: Tom Herbert <tom@herbertland.com>, 6man WG <ipv6@ietf.org>, IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bda42f05c91e1e45"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/llQY2JuoBOOnRB_03zp6T8vyDmI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 10:48:10 -0000
Peace, On Mon, Aug 9, 2021, 1:40 AM Theodore Ts'o <tytso@mit.edu> wrote: > Which of the top 5, 10, 100 sites on the Internet use anycast? > You should understand that this is a wrong question to ask, because there's just no way of reliably figuring that out. Anycast isn't just something which is written all over your BGP announcement. By the nature of it, anycast is the announcement of the same IP prefix, through BGP, from multiple physical locations. And, the concept of a "physical location" is not incorporated within BGP or any globally available network layer protocol. You can, probably, carry a research, of course, to a certain level of reliability only, using something like hundreds of RIPE Atlas probes with a good geographic AND source network distribution (not the same thing), and measure which IP flows land within which ranges of expected intervals of time. Based if the value of the speed of light, it will then show you (with some level of reliability) which sites of the group certainly use anycast, and there's no real way of telling if any of them don't, because the locations could be just too close to each other. That is a massive piece of work, and I hope you didn't just suggest that I'd do it, right? Anyhow, this doesn't mean a lot, because: If Facebook, Amazon, Google, Wikipedia, etc., are using standard IPv4 > and IPv6 endpoints and are *not* using anycast, and they have > successly fielded defenses against DDOS's without using anycast, > wouldn't that tend to blow a gigantic, gaping hole in your assertion? > A gigantic, gaping hole in my assertion and experience would be blown by anyone who's ready to come up with an autonomous system architecture, able to reliably process and mitigate stateful layer 7-enabled (including combined vectors) DDoS attacks towards a layer 7 network service with no (or, insignificant) impact to the legitimate users of the service, with no particular scrubbing centers likely to overload during the attack, without anycast. So far, no one was able to even draft this after a week of chatting, grumbling, and architecture astronautics. -- Töma >
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Mark Smith
- Re: IPv6 Anycast has been killed by LINUX patch i… Jeff Tantsura
- Re: IPv6 Anycast has been killed by LINUX patch i… Mark Smith
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian E Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Simon Hobson
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… David Farmer
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Theodore Ts'o
- Re: IPv6 Anycast has been killed by LINUX patch i… Nick Hilliard
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian E Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Jen Linkova
- Re: IPv6 Anycast has been killed by LINUX patch i… Patrik Fältström
- Re: IPv6 Anycast has been killed by LINUX patch i… Ole Troan
- Re: IPv6 Anycast has been killed by LINUX patch i… Patrik Fältström
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Nick Hilliard
- Re: IPv6 Anycast has been killed by LINUX patch i… Templin (US), Fred L
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Christian Huitema
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Theodore Ts'o
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- Driver for SRV6 [Re: IPv6 Anycast has been killed… Brian E Carpenter
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Gyan Mishra
- RE: Driver for SRV6 [Re: IPv6 Anycast has been ki… Vasilenko Eduard
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Stefano Salsano
- RE: Driver for SRV6 [Re: IPv6 Anycast has been ki… Vasilenko Eduard
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Gyan Mishra