Anycast DNS

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Outline Current Anycast routing Anycast implemented Problems resolved Future

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Definitions DNS Authoritative Recursive/Caching

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS IP Address Management: Maintain DNS: ISC BIND

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS – Layer 1

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS Layer 7

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Problems 1 Load Redundancy Configuration

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Problems 2 Constituency Caching Monitoring Complexity Non-standard Domains

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Requirements Availability Redundancy Complexity Integration

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS “New” DNS Design* + Linux + ISC Bind + Cfengine + Anycast Routing

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Why Linux? Cost Hardware

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Unicast Single machine to single machine Web browsing

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Broadcast Single machine to all ARP lookup

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Multicast Single machine to some (not all) Save resources IP TV

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Anycast Single machine to one of some DNS/RADIUS/ NTP Single machine to one of some DNS/RADIUS/ NTP

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast – Is it new? 95% of the root name servers Corporations (eg: easydns.com) Google

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented1 RHEL host runs Quagga (open source router) Hosts have a /30 uplink to a constituency router

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 2 The router config for cr-adns-mc-1 router ospf ospf router-id passive-interface sit0 network /32 area network /32 area network /30 area network /32 area

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 3 Routing entry for /32 Known via "ospf 10", distance 110, metric 11, type intra area Last update from on Vlan505, 1d05h ago Routing Descriptor Blocks: , from , 1d05h ago, via Vlan500 Route metric is 11, traffic share count is 1 * , from , 1d05h ago, via Vlan502 Route metric is 11, traffic share count is , from , 1d05h ago, via Vlan503 Route metric is 11, traffic share count is 1

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast Cluster – Layer 1

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure - Single Node Hardware Failure Network failure Routine Maintenance

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure - Single Node

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure – MC Machine Room

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure – All MC

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure Timings Expected Worst case: 65s Technical Worst case: 105s Mitigate with unicast secondary

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Load - Authoritative

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Load - Caching

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Total Load Current Total 9/5k Anycast Total 100/30K Load ~ 2k/sec Auth = 2/3

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Redundancy Anycast DNS provides non instant automated fail-over

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Configuration Single config for all Anycast servers

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problem Addressed - Constituency Caching Can only recommend

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed - Monitoring

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problem Addressed - Complexity Still complex layout Automated

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS But what about the dots? Stern warning

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Time line

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Try it $ dig HOSTNAME.BIND CH TXT "cr-adns-ech-1" >nslookup -type=TXT -class=CHAOS HOSTNAME.BIND Server: cn-ns1.uwaterloo.ca Address: HOSTNAME.BIND text = "cr-adns-ech-1"

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Future NS1 Slave diversity Second Cluster MS DNS / DDNS DHCP

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Questions?