Anycast

Anycast is a technique of addressing and Routage making it possible to redirect the Donnée S towards the data-processing Serveur the " more proche" or the " more efficace" according to the policy of routing.

This term wants to be near phonetically to the terms Unicast, broadcast and multicast.

In unicast , there does not exist that an association between an address network and the final point of arrival: each TO address identifies in a single way only one final receiver.
In broadcast and multicast , there is an association " from one with plusieurs" between the addresses network and the final points of arrivals: each TO address identifies a whole of final receivers, on which all information is retorted.
In anycast , there is also an association " from one with plusieurs" between the addresses network and the final points of arrivals: each TO address identifies a whole of final receivers, but only one of them is selected to receive information at one time given for a given transmitter.

On Internet, anycast is usually implemented by using BGP which announces simultaneously the same section of IP addresses from several places of the network. In this way, the packages are roads towards the point the " more proche" network announcing the road of destination.

Anycast applies more easily to the protocols in not-connected mode (which generally rest on UDP), rather than with the protocols in mode connected like TCP or of the protocols to UDP which keeps their own state, because the receiver selected for a source can change at any time when the roads are updated, cutting without preventing the conversations in progress. For the protocols in connected mode which require that the whole conversation uses the same waiter, of the systems as GeoDNS are more suitable.

For this reason, anycast is usually used to provide High availability and Répartition of load for services in mode off-line.

Use of anycast in the implementation of the DNS

Some waiters DNS root are in fact of grosses bunches of waiters using anycast. The waiters C, F, I, J, K and M are scattered on several continents and use anycast to provide a decentralized service. Blow, the majority of the waiters physics root are apart from the United States. The RFC 3258 described how anycast is used to provide a service DNS. This technique is also used on the Swiss register which manages the domain name of first CH level.

Use of anycast in the implementation of IPv6

There exists a footbridge 6to4 (protocol of IPv6 transition) accessible to address IP 192.88.99.1 (see the RFC 3068 for more details). This makes it possible the suppliers of access to Internet to implement footbridges 6to4 without the hosts not knowing a footbridge specific to the supplier.

Safety of anycast

Anycast allows equipment whose information of routing is agreed by an intermediate router to intercept any package intended for the address anycast. This can appear not very protected, but it does not present more security issue than the ordinary routing, not more, not less. As for the conventional routing, an attentive filtering of which can or cannot propagate the roads is necessary to avoid the attacks of the man of the medium or the puit.

Reliability of anycast

Anycast is usually of high reliability, considering which it can provide a redundancy on automatic breakdown. The anycast applications generally provide a monitoring by heartbeat (" beat of cœur") services and stops the advertisement of road if an error occurs. In certain cases, this is carried out by the waiters which announce the prefix anycast with the router by OSPF or another protocol IGP. If the waiter falls, the router draws aside the advertisement automatically.

The monitoring by heartbeat is important because if the advertisement is prolonged on a default server, this last will act like a black hole for the customers of proximity. This failure is most serious for a system anycast. In spite of that, this failure will pose problem only for the closest customers and not a total failure.

Denial-of-service (distributed) and anycast

Anycast on Internet can help to distribute the attacks by Denial-of-service and to reduce their effectiveness. As the traffic is road towards the node nearest (and that the attacker does not have the control of this behavior), the traffic of denial-of-service will be distributed on the closest nodes. The attack will not have any range most of the time. It is often the primary reason called upon for the deployment of anycast.

This effect can be decreased when the addresses unicast (used for the administration) are easy to recover. An attacker can thus concentrate on a precise node, as if there did not exist address anycast and that the waiters were separate.

Room or total

In certain situations of deployment anycast, one can make a difference between local and total nodes. The local nodes are mainly intended to provide an advantage to the direct and local community. Their advertisement are often made with the community BGP No-export to prevent that the routers announce them with their pars (i.e. the advertisement remains in the local zone).

When local and total nodes are deployed at the same time, the advertisement of the total nodes is often prefixed of several ACE to force the shortest way towards the local node. Waiters DNS root F and K use local and total nodes today.

External bonds

(in) Anycast Addressing one the Internet
(in) Hierarchical Anycast for Total Service Distribution, document of the ISC on anycast
(in) Effect off anycast one K-root, presentation of Lorenzo Colitti (SCRAPER NCC) at the time of the DNS-OARC of July 2005
(in) The Impact off anycast one Root DNS Servers: The off Puts K-root, presentation of Lorenzo Colitti (SCRAPER NCC) of SCRAPER 52 in April 2006

Random links: