[49586] in North American Network Operators' Group
anycast DNS (Re: Internet vulnerabilities)
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Fri Jul 5 10:13:17 2002
Date: Fri, 5 Jul 2002 14:12:49 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <web-1389917@multicasttech.com>
Errors-To: owner-nanog-outgoing@merit.edu
ME> Date: Fri, 05 Jul 2002 09:05:44 -0400
ME> From: Marshall Eubanks
ME> - it's static - no failover. If AS 701 and AS 1239 are both
ME> announcing a route to foo, and your preferred route is
ME> "through" AS701, and the AS701 foo goes down, then you do not
ME> automatically switch over to the AS1239 foo, even if you
ME> could reach it.
???
ME> - there is no way to have multiple anycast addresses within
ME> an AS
???
ME> - load balancing is tough
Just as tough as load-balancing over different upstreams in a
multihomed network. That's all anycast really is: multihoming
with the added twist of using multiple, separate systems instead
of one.
Each system has a unique, non-anycast IP address bound as the
primary IP, allowing communication between the disjoint parts.
Secondary IP(s) live(s) in the anycast range, and is/are routed
appropriately.
You can bind the appropriate 192.175.48/24 addresses to your NSen
and run an authoritative copy of the root TLD. IIRC, Paul even
mentioned doing this a few weeks ago... I believe the thread was
on dynamic DNS updates and Win2000's broken implementation.
Think of anycast as DDoS in reverse: Instead of distributed
traffic sources, one has distributed traffic sinks. Hence the
attractiveness in surviving DDos attacks.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.
