Anycast DNS

1. Anycast DNS

2. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Outline Current Anycast routing Anycast implemented Problems resolved Future

3. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Definitions DNS Authoritative Recursive/Caching

4. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Current DNS IP Address Management: Maintain DNS: ISC BIND

5. Current DNS – Layer 1 WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

6. Current DNS Layer 7 WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

7. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Problems 1 Load Redundancy Configuration

8. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Problems 2 Constituency Caching Monitoring Complexity Non-standard Domains

9. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS DNS Requirements Availability Redundancy Complexity Integration

10. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS “New” DNS Design* Linux ISC Bind Cfengine Anycast Routing

11. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Why Linux? Cost Hardware

12. Routing - Unicast • Single machine to single machine • Web browsing WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

13. Routing - Broadcast • Single machine to all • ARP lookup WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

14. Routing - Multicast • Single machine to some (not all) • Save resources • IP TV WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

15. Routing - Anycast • Single machine to one of some • DNS/RADIUS/NTP • Single machine to one of some • DNS/RADIUS/NTP WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

16. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast – Is it new? 95% of the root name servers Corporations (eg: easydns.com) Google

17. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 1 RHEL host runs Quagga (open source router) Hosts have a /30 uplink to a constituency router

18. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 2 The router config for cr-adns-mc-1 router ospf ospf router-id 129.97.2.54 passive-interface sit0 network 129.97.2.1/32 area 0.0.0.1 network 129.97.2.2/32 area 0.0.0.1 network 129.97.2.52/30 area 0.0.0.1 network 172.16.3.0/32 area 0.0.0.1

19. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Anycast - Implemented 3 Routing entry for 129.97.2.1/32 Known via "ospf 10", distance 110, metric 11, type intra area Last update from 129.97.2.54 on Vlan505, 1d05h ago Routing Descriptor Blocks: 129.97.2.74, from 129.97.2.74, 1d05h ago, via Vlan500 Route metric is 11, traffic share count is 1 * 129.97.2.66, from 129.97.2.66, 1d05h ago, via Vlan502 Route metric is 11, traffic share count is 1 129.97.2.62, from 129.97.2.62, 1d05h ago, via Vlan503 Route metric is 11, traffic share count is 1

20. Anycast Cluster – Layer 1 WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

21. Failure - Single Node • Hardware Failure • Network failure • Routine Maintenance WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

22. Failure - Single Node WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

23. Failure – MC Machine Room WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

25. Failure – All MC WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

26. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Failure Timings Expected Worst case: 65s Technical Worst case: 105s Mitigate with unicast secondary

27. Load - Authoritative WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

28. Load - Caching WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

29. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Total Load Current Total 9/5k Anycast Total 100/30K Load ~ 2k/sec Auth = 2/3

30. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Redundancy Anycast DNS provides non instant automated fail-over

31. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problems Addressed – Configuration Single config for all Anycast servers

32. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problem Addressed - Constituency Caching Can only recommend

33. Problems Addressed - Monitoring WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

34. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Problem Addressed - Complexity Still complex layout Automated

35. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS But what about the dots? Stern warning

36. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Time line

37. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Try it $ dig +short @129.97.2.1 HOSTNAME.BIND CH TXT "cr-adns-ech-1" >nslookup -type=TXT -class=CHAOS HOSTNAME.BIND 129.97.2.1 Server: cn-ns1.uwaterloo.ca Address: 129.97.2.1 HOSTNAME.BIND text = "cr-adns-ech-1"

38. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Future NS1 Slave diversity Second Cluster MS DNS / DDNS DHCP

39. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Questions? jbgorrie@uwaterloo.ca