|Development ( 16 )|
|DNS ( 17 )|
|Linux ( 8 )|
|MySQL ( 4 )|
|Oracle ( 4 )|
|Perl ( 9 )|
|PHP ( 6 )|
|Solaris ( 10 )|
|Sybase ( 8 )|
|VitalQIP ( 7 )|
|Windows Server ( 2 )|
|Anycast DNS - Part 1, Overview|
|Written by Patrick H. Piper|
This is the first article in series on the topic of deploying Anycast DNS. The purpose of this series of articles is to share some ideas, recipes, and information on how to deploy Anycast in your environment. The first thing we need to do is explain what Anycast is. Anycast is the use of routing and addressing policies to affect the most efficient path between a single source and several geographically dispersed targets that "listen" to a service within a receiver group. In Anycast, the same IP address space is used to address each of the listening targets (DNS servers in our case). Layer 3 routing dynamically handles the calculation and transmission of packets from our source (DNS Client) to its most appropriate (DNS Server) target.
The diagram below shows an example of Anycast DNS. A single DNS client workstation, configured with the Anycast DNS IP address of 10.10.10.10, is shown performing DNS resolution against its "closest" of three DNS name servers deployed using the same Anycast IP address.
The client's DNS resolver can resolve against any one of the three DNS servers shown above. According to the drawing above, layer 3 routing would send our DNS client's packets through router R1 due to the routing topology. Should router R1 or Server A fail, our DNS client's packets would automatically be rerouted to the next nearest DNS server via routers R2 and R3, and so forth. Additionally, the route to our server A, would be removed from the routing tables, thus preventing further use of that nameserver. Server A won't be used until it is restored and the IP Anycast address routes reinjected to the network. In our series we'll go more in depth into Anycast DNS by showing recipes for configuring Anycast using static routes, RIP version 2, OSPF, and BGP, and provide the pros and cons of each.
Anycast, Unicast, Multicast?
Unicast is one source that can "talk" to a service that is advertised or hosted on one (1) node configured with a globally unique IP address. The source will always talk to that target node when configured and told to do so. Traditional DNS deployments use unicasting. DNS clients are configured with different combinations of unicast addresses of DNS servers that are deployed.
Anycast is one source that can "talk" to a service that is advertised or hosted on multiple nodes configured with the same IP Address. Layer 3 routing will route the packets to the "nearest" target based upon topology.
Multicast is one-to-many. Multicast consists of a source that delivers a service to multiple nodes using a Multicast Group Address. The main difference in Multicast and Anycast is that the source is a transmitter of a service and it is distributed via layer 3 using specially allocated IP Address group addressing. A common use of multicast is streaming audio where the audio is published via Multicast Addressing and clients pick up the routed stream as a channel.
The basic requirements for Anycast DNS
The following list is a basic set of requirements and recommendations for supporting Anycast DNS:
What are the benefits of Anycast DNS?
What are the drawbacks of using Anycast?
While there are many benefits to Anycast, there are potentially some drawbacks. One could argue that Anycast is:
Most of these objections will be addressed in subsequent articles in this series.
Default DNS resolver behavior
DNS client resolvers can be configured with multiple DNS name server targets. Resolvers vary based upon operating systems and have different time outs. Common DNS resolver behavior is to use the first server in the list. The client resolver will make a distinction between a negative response and no response. In the event the resolver doesn't receive any response (positive or negative), it will typically wait a time out value, before it will switch to the second server in the resolver list. The next time the resolver has to perform a look up though, it won't "remember" that the first server in the list was non-responsive. On subsequent queries the resolver will start querying with the first server in the list even though it is unavailable. We'll see the same time out as it switches to the next name server in the list. Depending on the operating system of the client this could be 1-5 seconds as it "rotates" through the resolver list each time, attempting the failed server.
How Anycast DNS improves on this behavior
Anycast DNS virtually eliminates this issue. Our DNS client resolver is configured with Anycast IP Address(es) that map to a group of Anycast DNS servers. As shown above, if one of the Anycast DNS servers in the list were to go down, routing would redirect the requests to an alternate Anycast DNS that is configured in the same Anycast Group. The failover process is handled by the routing protocol used in the deployment of Anycast. In some cases the delay or time out to the resolver is negligible and undetectable from an end-user perspective.
What other services are suitable for Anycast?
Core Network Services or CNS, such as DNS, NTP, Radius, and Kerberos are services that can easily be deployed using the same strategies that we'll outline in our series of recipes. While TCP applications have been shown to function under Anycast, they are connection or session oriented and can be more temperamental with routing changes and updates. Applications using single question and responses over UDP are better suited because they are connectionless services.
Anycast DNS is a tremendous way to improve the performance and resiliency of your DNS architecture whether you are an ISP or private enterprise. In this overview we've shown at a high-level what Anycast is and how it works in theory. Our next article will be the first of several recipes on how to actually configure Anycast using static routes. Additionally, we'll discuss the pros and cons of using static routing as a means to achieving an Anycast DNS design.
Wikipedia - Anycast
Anycast Addressing on the Internet by John Kristoff
Deploying IP Anycast - Presentation Resource Page at CMU
Deploying IP Anycast - Ken Miller CMU Network Group NANOG29 - Oct. 2003
On the Use of Anycast in DNS - Sandeep Sarat, Vasieios Pappas, Andreas Terzis 2004
Best Practices in DNS Anycast Service-Provision Architecture Bill Woodcock Gaurab Raj Upadhaya - March 2006
Anycast & DNS by Shaurya Rastogi
Configuring Anycast DNS
Best Practices in IPv4 Anycast Routing v1.0 by Bill Woodcock August, 2002
Anycast DNS: The Secret to High Availability Whitepaper by Secure64
|Last Updated on Wednesday, 24 February 2010 06:57|