so a few of us are still looking at routing through the anycast sunglasses. a particular probe is seeing instability [0] for k.root-servers.net [1]. so we hop on to a router nearby, and have some fun looking at things. we discover an anomaly which takes a while to sort out o some of the anycasted servers mark their announcements with the magic NO_EXPORT community in an attempt to localize their distribution (it would be good if a server in kenya did not take load from nyc) o they also have a server or two which does not so mark their announcements on the presumption that the rest of the world can get to those non-marking server(s) this last assumption is not safe o consider large providers p0 and p1 which are connected to k0 which announces with NO_EXPORT o there is also server k1 which is out there somewhere and announcing without NO_EXPORT o test point t0 is in a multi-homed asn connected to p0 and p1 o the routers in p0 and p1 at which t0's router is connected have their best path to k being the one to k0 o this obscures their path to k1 o and, as they obey k0's NO_EXPORT, they can not export any route to a k.root-servers.net server to t0 o so t0 sees no route to k.root-servers.net this implies that a non-trivial part of the net can not see anycast services for which some of the servers are marking their announcements as NO_EXPORT. note that we saw this from a multi-homed site in seattle, not from some more net-isolated probe. whoops! randy --- [0] - please remember, this is not that the servers are unstable, but rather that routing near the probe is unstable, and the anycasted prefixes are likely to show this more than those which are unicast. [1] - side note: we got misled for a few seconds by % host k.root-servers.org. k.root-servers.org has address 193.0.0.214 % host k.root-servers.net. k.root-servers.net has address 193.0.14.129