On Sun, 4 May 2008, Paul Vixie wrote:
scg@gibbard.org (Steve Gibbard) writes:
The right solution is to design the anycast servers to be as sure as possible that the route will go away when you want it gone, but to have multiple non-interdependent anycast clouds in the NS records for each zone. If the local node in one cloud does fail improperly, something will still be responding on the other cloud's IP address.
the need for multiple independent anycast clouds is an RFC 2182 topic, but joe's innovation both in ISC-TN-2004-1 and in his earlier ISC-TN-2003-1 (see <http://www.isc.org/pubs/tn/isc-tn-2003-1.txt> is that if each anycast cluster is really several servers, each using OSPF ECMP, then you can lose a server and still have that cluster advertising the route upstream, and only when you lose all servers in a cluster will that route be withdrawn.
This is getting into minutia, but using multipath BGP will also accomplish this without having to get the route from OSPF to BGP. This simplifies things a bit, and makes it safer to have the servers and routers under independent control. But yes, Joe's ISC TechNote is an excellent document, and was a big help in figuring out how to set this up a few years ago. -Steve