IETF Logo Mail Archive

Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?

Tom Herbert <tom@herbertland.com> Mon, 09 August 2021 00:37 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8F93A1F8E for <ipv6@ietfa.amsl.com>; Sun, 8 Aug 2021 17:37:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlvnE6rPQb3K for <ipv6@ietfa.amsl.com>; Sun, 8 Aug 2021 17:37:22 -0700 (PDT)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D7C3A1F8B for <ipv6@ietf.org>; Sun, 8 Aug 2021 17:37:22 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id y12so22034703edo.6 for <ipv6@ietf.org>; Sun, 08 Aug 2021 17:37:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qXSxy2ExG2fAQs8wFn0oPVwcO6lXyQ7RZzrtdoVrDAY=; b=DsJfaJ6JAJbRbAwVc9WQmGG25/O49JWH/Zx+aNx6YbQDbwXUjc2U/NoGzagxzBifQV oGOPc+YjBQjww5xgr2GGkTsRkWyGi3R16AfMfiFqlbmfpqdFK6eGBoeVmPlGPJqbbid6 tlmUIZr9jTkcNlYZQDhlK7Cq0GNVeoCfGstOQqLt+J+ATi7/JTQqoinaZOW1rQFnSWVt efyz2Wr7G/ZAdUUrVCxxx75oENA0o6KjzBXKWLoEvzN0rlna7jnHSBF4XjXK/6qiPBms 6u1VqhKPmZ30Zh8a2It/xH2WHfFccSyWtVbsrQXCqmMqNE0IzTWAcSKmeG+niBvzU+G6 sYgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qXSxy2ExG2fAQs8wFn0oPVwcO6lXyQ7RZzrtdoVrDAY=; b=WhsOc5BKw1PCEdzJoKDvqcgBdrdHS90JCUHkgIHHWfiHzHLkxwhkha3fCXF5hJJY7W rgi6JR11CRGBk/snWIL0aouToD3MV7GYgOiWOwMAHy3ivuaRx2HkVGn0eCvderwI7kca KBSYaefpzyM5M8rOBEMFpo6wvBRnxt0rgKfzQhMQxzKhJ4LMp8aZ+KpU9yWyDxPOKkeF VL/2hEmFIB2bpkPnwOt4mON0HCBOSN5LAfCmEEFXhbqASucvqFOEIzlShbJWr/woXxVw TfxmAkwZSjwtqbv5zHCTK/fpShimDGSXMsC/0QgS8NUtehIDVxchyhs61rhEmc1Lx7Pe gchA==
X-Gm-Message-State: AOAM533zyaf6n6vdp3S/MV9E7aE1hal5+qk08STmwwl5EJd0Jfzj801K mPLCXhqAZqCcKMK+LmZXfsoUTdYPHL5h7hR+JD7ETPPuoizesw==
X-Google-Smtp-Source: ABdhPJyRv3lJBl5QSOa/DiVt7Sl6A18EduBDEBOY3PSn0gknBqVuNSnFARQwZa79ikpu64vSBgGisWLt4ExU8gJzF7Q=
X-Received: by 2002:a05:6402:796:: with SMTP id d22mr26916110edy.57.1628469439933; Sun, 08 Aug 2021 17:37:19 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S36pbw2angEmDpu5DnX2nix9KgxFs7ExU17x+JXQFs23TA@mail.gmail.com> <CALZ3u+Yt2X3faSVW7K0eaxmaQy6iA6p4=f0c4E_F4CP0tfjHYw@mail.gmail.com> <CALx6S343sL0=5wUTRSXMnhSamjTTZU=DzA9Y+dbJ4NRTu0_83w@mail.gmail.com> <CALZ3u+ad6Cecp4T+wfuKVJ4ZmnQvaCSX2njFPCN8DuctrU6uew@mail.gmail.com> <CALx6S37u=y1wX8+6d8aX-6=N1MFEqO9RwxQN5zhZnS4DLM8DcA@mail.gmail.com> <CALZ3u+bHbsdzQsHOHx-6nEe6yQBbHMDhH9_PWB=WHTchB8tj5w@mail.gmail.com> <CALx6S36MpCOh2mR+cfM__ASTdn9c4CuhxUrCnUgEv1WhORLyRg@mail.gmail.com> <CALZ3u+ZyQKUJc__HWu6drNyLSCJJ8bOsLfg1B18xwB9+HMe8GA@mail.gmail.com> <CALx6S366bXkCsyEkWCONBX5kcB9JzHU=aNF9hd+wT9FcTdShFw@mail.gmail.com> <CALZ3u+aP=v_1=w1xqfEKof7Cc6Ba3pwOYV3O=0b=NxS4hRWhiA@mail.gmail.com> <YRBdZrKV+MrrhUCG@mit.edu> <9129410f-bdef-9341-9f42-0ee585f01a69@foobar.org>
In-Reply-To: <9129410f-bdef-9341-9f42-0ee585f01a69@foobar.org>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 08 Aug 2021 17:37:07 -0700
Message-ID: <CALx6S35o8v1aJKjP6v1Ab78Xm593BYnpeqhpzRkqU0ycjkQniA@mail.gmail.com>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
To: Nick Hilliard <nick@foobar.org>
Cc: Theodore Ts'o <tytso@mit.edu>, 6man WG <ipv6@ietf.org>, Töma Gavrichenkov <ximaera@gmail.com>, IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007ebe6505c9159640"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zg_mOeGOV8QJaRozP1brD9Ye8Yk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 00:37:27 -0000

On Sun, Aug 8, 2021, 4:10 PM Nick Hilliard <nick@foobar.org> wrote:

> Theodore Ts'o wrote on 08/08/2021 23:40:
> > Which of the top5, 10,  100 sites on the Internet use anycast?
>
> for starters, all the dns root servers. For content delivery, some of
> Cloudflare's content is delivered to end users using anycast on the
> front side.  Are the DNS root servers top-5, top-10 or top-100 sites
> (asking for a friend)?
>

Route changes wouldn't impact stateless UDP use of anycast.

>
> > If Facebook, Amazon, Google, Wikipedia, etc., are using standard IPv4
> > and IPv6 endpoints and are *not* using anycast, and they have
> > successly fielded defenses against DDOS's without using anycast,
> > wouldn't that tend to blow a gigantic, gaping hole in your assertion?
>
> It's the norm to build ddos defenses without anycast, but it has its
> place as a technology.
>
> Otherwise: anycast is one of many tools in the box; rewriting the ipv6
> flow label hurts ipv6 anycast when DDOS traffic sinkers use ECMP for
> load balancing; tcp anycast is a hack which works quite nicely for
> short-lived tcp sessions and barely at all for long-lived sessions (this
> is well-understood in network engineering circles).
>

Perhaps, but I would hope users are aware of the susceptibility of anycast
to arbitrary routing changes in the path (flow label modulation being just
one example). It's also a question of how much we should accommodate
protocols like this that aren't aligned with the core architecture of the
Internet. At some point such accomodations impede evolution of protocols
and the Internet

>
> @Tom your suggestions for tuning down the flow label rewriting
> aggression level sound reasonable.
>
> Nick
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email