On Fri, 2 Jul 2004, Stephen J. Wilcox wrote: > 10.1.0.1 Anycast1 (x50 boxes) > 10.2.0.1 Anycast2 (x50 boxes - different to anycast1) > In each scenario two systems have to fail to take out any one customer.. but > isnt the bottom one better for the usual pro anycast reasons? Correct, and that's what's done whenever engineering triumphs over marketing. The problem is that there's always a temptation to put instances of both clouds at a single physical location, but that's sabotaging yourself, since then the attack which takes down one will take down the other as well. With DNS, it really makes sense to do what you're suggesting, since DNS has its own internal load-balancing function, and having two separate clouds just means that you're giving both the anycast and the DNS client load-balancing algorithms a chance to work. With pretty much any other protocol (except peer-to-peer clients, which also mostly do client-side load balancing) there's a big temptation to have a single huge cloud that appears in as many places as possible. -Bill