To:
Brad Knowles <brad.knowles@skynet.be>
cc:
dnsop@cafax.se
From:
Bruce Campbell <bruce.campbell@ripe.net>
Date:
Mon, 4 Nov 2002 10:24:59 +0100 (CET)
In-Reply-To:
<a05200d0bb9eb10cb011e@[146.106.12.76]>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
On Sun, 3 Nov 2002, Brad Knowles wrote: > Under no circumstances whatsoever should Joe Random ISP be > running anycast root. Well, if they do it to their own network, thats their problem. If they advertise reachability to it without prior approval, thats everyone's problem. > Anycast requires that the data fit into a single UDP packet, > which cannot be more than 512 bytes long. TCP does not anycast. *sigh*. 'Anycast' just means that a given route is advertised by multiple points (could be the same entity, could be different entities). Your normal BGP path-selection algorithms choose the 'nearest' server based on the shortest path that your router sees. Some pretty graphs showing that anycast works can be found linked from http://www.as112.net/ , and in particular TCP queries received by the RIPE NCC's AS112 nameserver can be found at http://www.ripe.net/as112/xstats_RTCP.html Regards, -- Bruce Campbell RIPE Systems/Network Engineer NCC www.ripe.net - PGP562C8B1B Operations/Security #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.