Wednesday, April 6, 2011

More on Anycast and DNS

I'll take you back some to 2002. I'd just got my very first job, a semblance of freedom (Im not too sure it wasn't slavery of sorts now:-)), a chance to spread my 'wings', someone had trusted me with their customers as a technical analyst/systems admin/power dude/network admin/billing admin and some other things in between, I was ready to conquer the world .....I was young, full of energy and fresh from ditching campus for part  money part frustration part defiance and some bzzzzz word abbreviated as ADD and some excitement.....oh those were happy days.

Elsewhere on the internet:
October 21, 2002 something a bit bigger targeted at a larger audience happened:
An attack was launched at all 13 root servers aiming at disabling the internet itself. the closest we had got to a catastrophe was earlier in April 1997 when 7 root servers went offline for technical reasons.

The role of anycast addressing in all this cannot be underestimated. Anycast ensured that a total outage never occured. It continutes to do so for DNS, it can do the same for your organization's services.

Anycast is simply the use of routing/addressing policy to choose and use several geographically dispersed targets that "listen" to a service within a receiver group from a single source.

So the same IP addressing space is used to address each of the listeners.  Layer 3 routing dynamically handles the calculation and transmission of packets from our source ( in our case a DNS Client) to its most appropriate (DNS Server) target. So if I try to resolve, the root server at KIXP as opposed to the one in NewYork will respond, which essentially means an outage to the one in New York will not affect us.

One of the other significant uses for anycast in the IPv6 arena is the Anycast Prefix for 6to4 Relay Routers.

It has a simple operational model:
6to4 Assigns a block of IPv6 address space to any host or network that has a global IPv4 address.
6to4 Encapsulates IPv6 packets inside IPv4 packets for transmission over an IPv4 network using 6in4.
6to4 Routes traffic between 6to4 and "native" IPv6 networks.

It's supposed to be a transitional mechanism, I haven't tested it but there is a list of relay routers thats
constantly updated.Today everyone using 6to4 should now set their default router to 2002:c058:6301::
which is a special magic anycast address for the nearest (in BGP terms) Relay Router.

So now working on the same premise, that anycast can help you distribute a service, a network designer can use anycast by either using IANA reserved addresses or apportioning a part of his/her address space for anycast addressing and distributing applications. Include it in your 'toolbox' for your next design.

Practical uses for anycast in our environment:

1: Depending on how a bank has done their network, geographically distributed ATM's could use it. Well that means banks with newer networks and open to new ideas, old banks have really rigid old 'unchangeable' systems. (because of policy of course). Working on a banks network is both fun and annoying.
- Healthcare networks are more open and something like patient records can be distributed using anycast, the same goes for student record in schools.

2: We have alot of customers using 3g/edge/umts. They can be configured to send whatever data they collect to the closest server.
- For instance each nakumatt or shoe store or a fleet manager tracking his trucks with a distributed network can post truck data, sales or collections or whatever data to a local server that at the back end synchronizes with the main database.
- What this ensures is customers especially in large retail stores are always served without suffering WAN delays. (that time you wait as the guy scans your goods, waits for the price to pop up, tallying it up grr).
 - This obviously depends on the operators network and in extremely good/lucky cases, if direct tunnel is employed then you can get the services like dns,wapgw's,www servers as close to the ggsn's as possible.

3: Static databases for corporate use can be installed on all pop's saving you alot of WAN capacity and improving user experience. same as above but directed at where I work:-)

4: print servers,mail (smtp) servers,smpp,wapgw's,www servers etc.You can basically have a distributed DMZ give the same IP or dns name to each customer and they would never face some of the issues I've seen around. A service like skiza will be greatly enhanced by this (remember one of the advantages is loadbalancing, and this negates the need for load balancers).

5: In a telco, you can have the Ga/Gy/Gi interfaces on the ggsn/sgsn as close to the users as possible. Actually so would the Gr interface. You can shorten the hop count for signalling and save some milliseconds which count for alot in a mobile environment. services like GRX services pretty much use an almost similar model.

- complexity
- Expensive
- Difficult to manage and troubleshoot
- Monitoring it is a pain

- It works, DNS is a good example, Akamai, Google and a bunch of other large networks use it.
- Reliable
- Load balances your traffic/internet traffic. google's installation of a caching server at the kenyan exchange point will save us all alot of expensive bandwidth.
- localizing DDos and any other issues ie only a small userbase gets affected.
- Clients only configure one IP regardless of where you are. Technically you can use a single wapGW,smtp,dns address and anycast takes care of the rest for you.
- obviously you get increased availability.
google for anycast + bgp+dns or any other keyword....

1 comment:

  1. Thanks for explaining well about Anycast. Anycast in my head is a piece of USB that can send video and audio from my smartphone or tablet to my big screen TV.