[83132] in North American Network Operators' Group
Re: /8 end user assignment?
daemon@ATHENA.MIT.EDU (Sabri Berisha)
Fri Aug 5 07:55:46 2005
Date: Fri, 5 Aug 2005 13:54:44 +0200
From: Sabri Berisha <sabri@cluecentral.net>
To: Bill Woodcock <woody@pch.net>
Cc: Iljitsch van Beijnum <iljitsch@muada.com>,
Bruce Campbell <bc-nanog@vicious.dropbear.id.au>,
NANOG list <nanog@merit.edu>
In-Reply-To: <Pine.SOC.4.61.0508050410260.12069@paixhost.pch.net>
Errors-To: owner-nanog@merit.edu
On Fri, Aug 05, 2005 at 04:10:46AM -0700, Bill Woodcock wrote:
>
> On Fri, 5 Aug 2005, Sabri Berisha wrote:
> > With the use of anycast DNS servers on the internet, TCP is no longer an
> > option for DNS.
>
> Bzzzt. Try again.
/--[cabernet]--[merlot]--[riesling]--[server 1]
[end-host] ----- [shiraz] |
\--[sangria]]--[chardonnay]--[bordeaux]--[server 2]
Imagine a TCP session between end-host and server 1. The path is
asymmetric: traffic from end-host to server 1 flows as
shiraz->cabernet->merlot->riesling->server 1
traffic from server 1 to end-host flows as
riesling->merlot->chardonnay->sangria->shiraz->end-host
end-host does a dns request, and server 1 answers.
There are now 2 things which can theoretically break:
1. route change
Suppose merlot looses adjacency with riesling. It will then send the
tcp-packets from end-host to server 2, which has now knowledge of the
session and return a RST
2. mtu problems
Suppose server 1 returns a packet with an size of X bytes. Suppose
Chardonnay has an mtu of X-1 to Sangria. Chardonnay will then send a
packet-too-large to the server 1. But what if Chardonnay has a better
route via Bordeaux instead of via Merlot? The icmp packet will not
arrive at server 1 and the request will time out.
Yes, this is theoretically. Yes the request will definately be
retransmitted. But it can brake, so imho anycast dns using tcp is not a
wise thing to do.
--
Sabri Berisha,
Juniper Certified - JNCIA #747 | Cisco Certified - CCNA
email: sabri@cluecentral.net | cell: +31 6 19890416
http://www.cluecentral.net/ | http://www.virt-ix.net/
