To:
Bruce Campbell <bruce.campbell@ripe.net>
cc:
Brad Knowles <brad.knowles@skynet.be>, dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Mon, 04 Nov 2002 18:35:00 +0700
In-Reply-To:
<Pine.LNX.4.44.0211040954130.4233-100000@x22.ripe.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
Date: Mon, 4 Nov 2002 10:24:59 +0100 (CET)
From: Bruce Campbell <bruce.campbell@ripe.net>
Message-ID: <Pine.LNX.4.44.0211040954130.4233-100000@x22.ripe.net>
| Well, if they do it to their own network, thats their problem.
It becomes their customers' problem, which I suspect was the point.
Particularly since (other than by RTT measurement, and knowing what
the answer should be) it is very difficult to determine whether or not
your ISP has done this.
| *sigh*. 'Anycast' just means that a given route is advertised by multiple
| points (could be the same entity, could be different entities).
If it is the same entity, then that's just IP routing (as it was always
meant to be), and isn't interesting at all.
It is only anycast when there are multiple different entities that can
receive the packet.
That you can't safely make work with TCP (sometimes it might work,
other times not).
Note: that taking over a route to some address, and advertising it as
pointing to some other place, is not anycast. That's route hijacking.
If all you're doing is forcing all packet from one region of the net to
go to one particular end-point, instead of another, you haven't done
anycast under any reasonable definition of the term.
Anycast means that the packet could do to any of a set of servers, that
you cannot predict in advance (may depend upon which is up at the time,
what routing looks like, ...)
Please everyone stop abusing the "anycast" term to mean other things
than that, and especially stop abusing it to mean "route hijacking,
but we're good guys not doing it for evil purposes".
kre
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.