On Jul 27, 2021, at 17:20, Vimal <j.vimal@gmail.com> wrote: Yes, this makes sense as the destination can be anywhere around the world, and that routing is asymmetric as others mentioned. However, if the destination service is "close" (in the routing metric sense) to the initiating host, anycast return IP ought to work well, right? I understand this is a very important caveat and impractical to implement correctly in the real world.
No, there is no such thing as "close". You could have a direct peering with some ISP and have them still deliver the responses on the other side of earth. You do not control the routing of other networks and can not be sure what they will do. For larger networks you may also have multiple peering points. Say you have a peering with them in city A and city B. How do you know which of their IP ranges are closer to A or B? You don't. And the same goes for them, they have no idea if you prefer A or B. Therefore you could select A and they may reply to B. They may even load balance between A and B if you are really unlucky. Routing is asymmetric. That means you have absolutely no idea where the replies end up going. Often it will not be what you think is "close". I do not run anycast, but I understand that the usual way of dealing with these issues is to do as little as possible with anycast before redirecting to a unicast address. For example you could have just your DNS on anycast and each site would reply with unique unicast addresses. Since DNS is just a single pair of UDP request/response, with the first packet originating from a unicast client, this works well. Regards, Baldur