To:
Brad Knowles <brad.knowles@skynet.be>
cc:
dnsop@cafax.se
From:
Bruce Campbell <bruce.campbell@ripe.net>
Date:
Mon, 4 Nov 2002 10:24:59 +0100 (CET)
In-Reply-To:
<a05200d0bb9eb10cb011e@[146.106.12.76]>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
On Sun, 3 Nov 2002, Brad Knowles wrote:
> Under no circumstances whatsoever should Joe Random ISP be
> running anycast root.
Well, if they do it to their own network, thats their problem. If they
advertise reachability to it without prior approval, thats everyone's
problem.
> Anycast requires that the data fit into a single UDP packet,
> which cannot be more than 512 bytes long. TCP does not anycast.
*sigh*. 'Anycast' just means that a given route is advertised by multiple
points (could be the same entity, could be different entities). Your
normal BGP path-selection algorithms choose the 'nearest' server based on
the shortest path that your router sees.
Some pretty graphs showing that anycast works can be found linked from
http://www.as112.net/ , and in particular TCP queries received by the RIPE
NCC's AS112 nameserver can be found at
http://www.ripe.net/as112/xstats_RTCP.html
Regards,
--
Bruce Campbell RIPE
Systems/Network Engineer NCC
www.ripe.net - PGP562C8B1B Operations/Security
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.