DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Randy Bush <randy@psg.com>
Cc: dnsop@cafax.se
From: Patrik Fältström <paf@cisco.com>
Date: Mon, 4 Nov 2002 16:45:35 +0100
In-Reply-To: <E188j8y-000Bdu-00@rip.psg.com>
Sender: owner-dnsop@cafax.se
Subject: Re: DoS and anycast

On måndag, nov 4, 2002, at 16:28 Europe/Stockholm, Randy Bush wrote:

>>>> When _people_ see problems with data from one IP-address, they call
>>>> whatever party is responsible for that IP address.
>>> no, they call their isp.  the vast majority of them wouldn't know
>>> an ip address if it bit them on the butt.
>> Who do people at the ISP call?
>
> when it is a dns problem, their dns folk.

No, not if the DNS problem has to do with problems at a DNS server they 
don't have inside their network.

> do remember that this
> happens today and has been happening for many years.  isps have
> been using anycast dns for many years.

Yes, but not for what we are now discussing, if I understand things 
correctly. See my question below.

Also, when you say "isps", you are using a very very very broad brush, 
and that argument doesn't help in this discussion.

>> Say I buy IP from ISP A, which in turn buy transit from B which
>> buys transit from C. If C internally have an anycast copy of IP
>> address 1.2.3.4, and I send a packet to that address, will the
>> packet go to the copy of the 1.2.3.4 address at ISP C, or to ISP
>> D where the "original" is, the one which is mentioned in whois?
>
> first, this is the same problem as any transitive service.
>
> second, as many of us have repeatedly said, routing of anycast
> addresses has to be appropriately scoped, as it has to be today.
> it would be useful to have a discussion of 'appropriately' if we
> could stop ratholing on other issues.

I thought I had a very specific question?

Default route for ISP A is to B, for B is to C. If C _internally_ have 
a copy of the IP address 1.2.3.4 for it's own use, will traffic from B 
to C reach that server, or the real 1.2.3.4 which is at D which B ask C 
to transit traffic to?

Customer -> A -> B -> C ----> D
                       |       |
                       v       v
                    1.2.3.4 1.2.3.4

I.e. it is one thing if ISP C have multiple copies of server 2.3.4.5 
which it own, and all copies are within the AS of ISP C.

My scenario is something different. I talk about ISP C hijacking 
traffic which B think should go to D, and it goes to C instead.

My view is that this _is_ ok, if both copies of 1.2.3.4 is handled by 
the same organization, so when A, or B calls the organization, they can 
check both servers and see they are in sync.

   paf

#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.

Follow-Ups:
- Re: DoS and anycast
  - From: Måns Nilsson <mansaxel@sunet.se>
- Re: DoS and anycast
  - From: Bruce Campbell <bruce.campbell@ripe.net>

References:
- Re: DoS and anycast
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: DoS and anycast
Next by Date: Serverid draft (was Re: DoS and anycast)
Prev by thread: Re: DoS and anycast
Next by thread: Re: DoS and anycast
Index(es):
- Date
- Thread

Home | Date list | Subject list