[62786] in North American Network Operators' Group
Re: anycast (Re: .ORG problems this evening)
daemon@ATHENA.MIT.EDU (Patrick)
Mon Sep 22 18:41:35 2003
Date: Mon, 22 Sep 2003 15:40:57 -0700 (PDT)
From: Patrick <patrick@stealthgeeks.net>
To: "David G. Andersen" <dga@lcs.mit.edu>
Cc: Todd Vierling <tv@duh.org>, nanog@merit.edu
In-Reply-To: <20030922223219.GC24356@lcs.mit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 22 Sep 2003, David G. Andersen wrote:
> > Yes, I hope that UltraDNS implements something like this, if they have not
> > already. It's still not a guarantee that things will get withdrawn -- or be
> > reachable, even if working but not withdrawn -- in case of a problem. That
> > still leaves the DNS for a gTLD at risk for a single point of failure.
>
> The whole problem with only listing two anycast servers is that
> you leave yourself vulnerable to other kinds of faults. Your
> upstream ISP fat-fingers "ip route 64.94.110.11 null0" and
> accidentally blitzes the netblock from which the anycast servers
> are announced. A router somewhere between customers and the
> anycast servers stops forwarding traffic, or starts corrupting
> transit data, without interrupting its route processing.
> packet filters get misconfigured..
That's a good reason to make sure that you are anycasting from at least
two disparate netblocks, isn't it?. :-)
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell
Asking the wrong questions is the leading cause of wrong answers
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
