Download presentation
Presentation is loading. Please wait.
1
Anycast DNS
2
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Outline Current Anycast routing Anycast implemented Problems resolved Future
3
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Definitions DNS Authoritative Recursive/Caching
4
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS IP Address Management: Maintain DNS: ISC BIND
5
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS – Layer 1
6
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS Layer 7
7
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Problems 1 Load Redundancy Configuration
8
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Problems 2 Constituency Caching Monitoring Complexity Non-standard Domains
9
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Requirements Availability Redundancy Complexity Integration
10
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS “New” DNS Design* + Linux + ISC Bind + Cfengine + Anycast Routing
11
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Why Linux? Cost Hardware
12
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Unicast Single machine to single machine Web browsing
13
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Broadcast Single machine to all ARP lookup
14
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Multicast Single machine to some (not all) Save resources IP TV
15
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Routing - Anycast Single machine to one of some DNS/RADIUS/ NTP Single machine to one of some DNS/RADIUS/ NTP
16
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast – Is it new? 95% of the root name servers Corporations (eg: easydns.com) Google
17
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented1 RHEL host runs Quagga (open source router) Hosts have a /30 uplink to a constituency router
18
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 2 The router config for cr-adns-mc-1 router ospf ospf router-id 129.97.2.54 passive-interface sit0 network 129.97.2.1/32 area 0.0.0.1 network 129.97.2.2/32 area 0.0.0.1 network 129.97.2.52/30 area 0.0.0.1 network 172.16.3.0/32 area 0.0.0.1
19
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 3 Routing entry for 129.97.2.1/32 Known via "ospf 10", distance 110, metric 11, type intra area Last update from 129.97.2.54 on Vlan505, 1d05h ago Routing Descriptor Blocks: 129.97.2.74, from 129.97.2.74, 1d05h ago, via Vlan500 Route metric is 11, traffic share count is 1 * 129.97.2.66, from 129.97.2.66, 1d05h ago, via Vlan502 Route metric is 11, traffic share count is 1 129.97.2.62, from 129.97.2.62, 1d05h ago, via Vlan503 Route metric is 11, traffic share count is 1
20
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast Cluster – Layer 1
21
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure - Single Node Hardware Failure Network failure Routine Maintenance
22
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure - Single Node
23
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure – MC Machine Room
25
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure – All MC
26
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure Timings Expected Worst case: 65s Technical Worst case: 105s Mitigate with unicast secondary
27
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Load - Authoritative
28
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Load - Caching
29
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Total Load Current Total 9/5k Anycast Total 100/30K Load ~ 2k/sec Auth = 2/3
30
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Redundancy Anycast DNS provides non instant automated fail-over
31
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Configuration Single config for all Anycast servers
32
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problem Addressed - Constituency Caching Can only recommend
33
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed - Monitoring
34
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problem Addressed - Complexity Still complex layout Automated
35
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS But what about the dots? Stern warning
36
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Time line
37
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Try it $ dig +short @129.97.2.1 HOSTNAME.BIND CH TXT "cr-adns-ech-1" >nslookup -type=TXT -class=CHAOS HOSTNAME.BIND 129.97.2.1 Server: cn-ns1.uwaterloo.ca Address: 129.97.2.1 HOSTNAME.BIND text = "cr-adns-ech-1"
38
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Future NS1 Slave diversity Second Cluster MS DNS / DDNS DHCP
39
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Questions? jbgorrie@uwaterloo.ca
Similar presentations
