To:
Bruce Campbell <bruce.campbell@ripe.net>
cc:
Brad Knowles <brad.knowles@skynet.be>, dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Mon, 04 Nov 2002 18:35:00 +0700
In-Reply-To:
<Pine.LNX.4.44.0211040954130.4233-100000@x22.ripe.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
Date: Mon, 4 Nov 2002 10:24:59 +0100 (CET) From: Bruce Campbell <bruce.campbell@ripe.net> Message-ID: <Pine.LNX.4.44.0211040954130.4233-100000@x22.ripe.net> | Well, if they do it to their own network, thats their problem. It becomes their customers' problem, which I suspect was the point. Particularly since (other than by RTT measurement, and knowing what the answer should be) it is very difficult to determine whether or not your ISP has done this. | *sigh*. 'Anycast' just means that a given route is advertised by multiple | points (could be the same entity, could be different entities). If it is the same entity, then that's just IP routing (as it was always meant to be), and isn't interesting at all. It is only anycast when there are multiple different entities that can receive the packet. That you can't safely make work with TCP (sometimes it might work, other times not). Note: that taking over a route to some address, and advertising it as pointing to some other place, is not anycast. That's route hijacking. If all you're doing is forcing all packet from one region of the net to go to one particular end-point, instead of another, you haven't done anycast under any reasonable definition of the term. Anycast means that the packet could do to any of a set of servers, that you cannot predict in advance (may depend upon which is up at the time, what routing looks like, ...) Please everyone stop abusing the "anycast" term to mean other things than that, and especially stop abusing it to mean "route hijacking, but we're good guys not doing it for evil purposes". kre #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.