[olug] Followup items re: ipv6 anycast

Rob Townley rob.townley at gmail.com
Fri Apr 8 19:42:02 UTC 2011


On Wed, Apr 6, 2011 at 10:35 PM, Brian Roberson <brian at bstc.net> wrote:
> Here is a really good burb on what we were talking about in respect to
> anycast and the (BASIC) loadbalancing in ipv6:
>
> http://content.ruud.org/bgphints/articles/anycast.html
>
> As we discussed, the issue with this, is that there is inherintly no
> application layer testing built into the functionality, and it shouldnt be
> used to replace any inteligent load balancing for statefull applications.
>
> Interestingly enough, serveral of the root dns servers use anycast, and here
> is a great article specific to the the F root server ran by ISC:
>
> http://www.isc.org/community/f-root
>
> What is really cool, is the map at the bottom of that page showing all the
> locations the F-root server(s) are.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>


History of anycast since 1993 till Jan 2006 and some of the major
security implications of anycast.  What prevents me from assigning an
IP address also used by Verisign to one of my machines and sending out
bogus anycast routing information?
http://www.av8.net/IETF-watch/DNSRootAnycast/History.html


Remember about 5 years ago, a bunch of countries were complaining that
the root dns servers were too centralized in America and that a number
of our allies agreed it should be placed in the hands of UN
bureacracy.  Brian's map link dispels that premise.

As for a poor mans load balancing, i was thinking the servers would
communicate amongst themselves over some form of secure multicast to
determine where to send requests.  The anycast servers may communicate
with one another to determine which servers are overloaded and which
servers should respond.  Of course, that would depend on routing
tables getting updated quick enough, which would only work for
regional / macro level load balancing.

Anybody with IPv6 tested whether multicast be done over IPv6 ipsec?

To overcome some of the tcp/ip limitations, anycast may just set up
the connection until the service is handed off to TCP for longer
running sessions.

It came up over 50cent tacos afterwards that google app engine has
some pretty low timeouts which happens to be another limitation of
anycast (i believe).



More information about the OLUG mailing list