To:
Bruce Campbell <bruce.campbell@ripe.net>
Cc:
Brad Knowles <brad.knowles@skynet.be>, dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Mon, 4 Nov 2002 18:40:08 -0600
In-Reply-To:
<Pine.LNX.4.44.0211040954130.4233-100000@x22.ripe.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
At 10:24 AM +0100 2002/11/04, Bruce Campbell wrote:
> *sigh*. 'Anycast' just means that a given route is advertised by multiple
> points (could be the same entity, could be different entities). Your
> normal BGP path-selection algorithms choose the 'nearest' server based on
> the shortest path that your router sees.
Right, but if the route changes in the middle of the session,
you'll get a TCP connection reset by the different server, and you'll
have to start that conversation all over again. UDP survives anycast
since it's a single packet. TCP won't do so reliably, and therefore
it is not practical to try to use TCP anycast.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.