TV> Date: Thu, 18 Sep 2003 11:39:17 -0400 (EDT) TV> From: Todd Vierling TV> And guess what: neither of the two addresses supplied by TV> UltraDNS worked last night for some sites, because their TV> anycast configuration is not allowing DNS redundancy. It is TV> depending on every site somehow choosing different routes for TV> both addresses, which is not guaranteed. I don't know what UDNS does internally, but ideally anycast: + Has steady, unchanging EGP adverts + Has service-providing boxen that advert/withdraw prefixes in the IGP depending on their status + Includes an internal network, so that flaps are contained. If done properly, anycast means _all_ pods must fail to create a failure condition. If done improperly, it means _any_ pod failure can create a partial failure condition -- which means the probability of failure _increases_ with the number of pods. TV> Anycasting only works as a redundancy scheme when you have a TV> mesh of *partially* overlapping BGP advertisements, so that a TV> client has a guarantee that at least one address in the mix TV> is located elsewhere from the rest. Don't be silly. This is like claiming that multihoming only works if you spread services over different netblocks. TV> But if all such anycast addresses have the ability to point TV> to the same physical location, there is only an illusion of TV> redundancy, because there's no way to get an alternate access TV> point to the zone if a site is choosing a dead route for all TV> server addresses. It doesn't matter how many other servers Ergo, that's why one withdraws the routes when a pod dies. Routes need to reflect what's up. Funny thing is, standard BGP has the same requirement. You're correct that an incorrect anycast setup can cause trouble, and arguably more than unicast. However, claiming that anycast is inherently bad is really, really silly. Eddy (no selfish interest in defending UltraDNS) -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.