Intradomain DNS Anycast revisited

Mailman List Mirror (Read Only)
1

thanks.

No, because both routers are reached through the
same L1/L2 medium, so
Quagga can't use link-state to determine
reachability of the next-hop.
You could fix that by getting rid of the switches,
and just having a bunch
of router interfaces facing two Ethernet interfaces
on each server, which
would remove some points of failure, and would be a
good idea if you can
spare the router interfaces...

Do you mean Quagga's OSPF route has higher priority
than static route? or even there is static default
route configured, once Quagga detects link to default
router is down it will replace 0.0.0.0/0.0.0.0 in
host routing table?

    > 2) If each server is configured two default
router (
    > router-1 &
    > router-2), or each server learn route
0.0.0.0/0.0.0.0
    > by OSPF ( our border router inject default
route into
    > OSPF ); there should be
    > two equal cost path to 0.0.0.0/0.0.0.0 on each
DNS
    > server, the DNS server should disperse any
outgoing
    > packets onto the two paths, will
    > that do harm to DNS service ?
    
Nope, no problem, particularly so long as the two
routers are iBGP peers,
so they'll both (for the most part) have the same
idea of what selected
paths are.

I don't understand why should both routers be iBGP
peers. In fact, iBGP does not run on that two
routers; the two routers are only members of OSPF
backbone area who only run OSPF; only border router (
at the edge of our network) runs BGP and enject
default route into OSPF backbone area.

Although all DNS servers are cache server, we have to
open 53/TCP to allow resolver using TCP protocol. For
example,

server-(1,3)--switch--router-1--\
                > (OSPF only) router3--host
server-(2,4)--switch--router-2--/

if that possible that router3 or router-1 dispers
packets of the same TCP connection to different path?
Is there possibility that a DNS requests are divided
into multiple UDP packets?

    > 3) Is there any requirement on BIND to fit to
such
    > multipath routing situation?

Nope. BIND doesn't know what's going on that far
below it.

Do I only need to configure BIND to origin request
from administration IP address ( configured on NIC and
different from DNS service address)?

regards

Joe

2

Do you mean Quagga's OSPF route has higher priority

    > than static route? or even there is static default
    > route configured, once Quagga detects link to default
    > router is down it will replace 0.0.0.0/0.0.0.0 in
    > host routing table?

If you're using dynamic routing (whether it be OSPF or iBGP) to distribute
default routes for fail-over, yes, you need to make sure that any statics
you also have are at lower priority. One way of playing it safe would be
to not have static _defaults_, but to only have static routes to your
internal management networks.

    > > Nope, no problem, particularly so long as the two
    > > routers are iBGP peers,
    > > so they'll both (for the most part) have the same
    > > idea of what selected
    > > paths are.
    >
    > I don't understand why should both routers be iBGP
    > peers. In fact, iBGP does not run on that two
    > routers; the two routers are only members of OSPF
    > backbone area who only run OSPF; only border router (
    > at the edge of our network) runs BGP and enject
    > default route into OSPF backbone area.

Ah, you're correct, there's no requirement for the routers to be iBGP
peers or to run BGP at all... If you're doing this principally as an
intranet thing, you might not have any BGP speakers nearby, or any need
for BGP. I've usually done it as a service provider, which meant that the
point was to have the servers as close to the rest of the world as
possible, which means directly adjacent to an AS-edge BGP speaker. But
you're quite right.

    > if that possible that router3 or router-1 dispers
    > packets of the same TCP connection to different path?

Depends upon the equal-cost-path load-balancing algorithm that the routers
are using. You want to select a source-destination-hash one, to avoid
that issue.

    > Is there possibility that a DNS requests are divided
    > into multiple UDP packets?

No. Not unless they hit an undetected MTU below 576 bytes, or whatever it
is... Any DNS packet which can't fit inside a single UDP packet is
supposed to be sent via TCP instead. Note that I'm a network guy, not a
DNS guy, so this is possibly an oversimplification.

    > Do I only need to configure BIND to origin request
    > from administration IP address ( configured on NIC and
    > different from DNS service address)?

You mean for requests that the anycast server is making of other servers?
If it needs to originate a zone transfer, or perform recursive lookups?
Yes, those need to originate from the unique/administration address, as
opposed to the shared/service address.

                                -Bill