Best Practices in DNS Service-Provision Architecture Version 1.0 - - PowerPoint PPT Presentation

best practices in dns service provision architecture
SMART_READER_LITE
LIVE PREVIEW

Best Practices in DNS Service-Provision Architecture Version 1.0 - - PowerPoint PPT Presentation

Feb 11, 2024 6 likes •422 views

Best Practices in DNS Service-Provision Architecture Version 1.0 February 2006 Bill Woodcock Packet Clearing House Its all Anycast Large ISPs have been running production anycast DNS for more than a decade. Which is a very long time, in

slide-1
SLIDE 1

Best Practices in DNS Service-Provision Architecture

Version 1.0 February 2006 Bill Woodcock Packet Clearing House

slide-2
SLIDE 2

It’s all Anycast

Large ISPs have been running production anycast DNS for more than a decade. Which is a very long time, in Internet years. 95% of the root nameservers are anycast. The large gTLDs are anycast.

slide-3
SLIDE 3

Reasons for Anycast

Transparent fail-over redundancy Latency reduction Load balancing Attack mitigation Configuration simplicity (for end users)

  • r lack of IP addresses (for the root)
slide-4
SLIDE 4

No Free Lunch The two largest benefits, fail-over redundancy and latency reduction, both require a bit of work to operate as you’d wish.

slide-5
SLIDE 5

Fail-Over Redundancy

DNS resolvers have their own fail-over mechanism, which works... um... okay. Anycast is a very large hammer. Good deployments allow these two mechanisms to reinforce each other, rather than allowing anycast to foil the resolvers’ fail-over mechanism.

slide-6
SLIDE 6

Resolvers’ Fail-Over Mechanism

DNS resolvers like those in your computers, and in referring authoritative servers, can and often do maintain a list of nameservers to which they’ll send queries. Resolver implementations differ in how they use that list, but basically, when a server doesn’t reply in a timely fashion, resolvers will try another server from the list.

slide-7
SLIDE 7

Anycast Fail-Over Mechanism

Anycast is simply layer-3 routing. A resolver’s query will be routed to the topologically nearest instance of the anycast server visible in the routing table. Anycast servers govern their own visibility. Latency depends upon the delays imposed by that topologically short path.

slide-8
SLIDE 8

Conflict Between These Mechanisms

Resolvers measure by latency. Anycast measures by hop-count. They don’t necessarily yield the same answer. Anycast always trumps resolvers, if it’s allowed to. Neither the DNS service provider nor the user are likely to care about hop-count. Both care a great deal about latency.

slide-9
SLIDE 9

How The Conflict Plays Out

Client Anycast Servers

slide-10
SLIDE 10

How The Conflict Plays Out

Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path Client Anycast Servers ns1.foo ns2.foo Two servers with the same routing policy

slide-11
SLIDE 11

How The Conflict Plays Out

Anycast chooses this one Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path Client Anycast Servers ns1.foo ns2.foo Two servers with the same routing policy

slide-12
SLIDE 12

How The Conflict Plays Out

Resolver chooses this one Anycast chooses this one Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path Client Anycast Servers ns1.foo ns2.foo Two servers with the same routing policy

slide-13
SLIDE 13

How The Conflict Plays Out

Anycast trumps resolver Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path Client Anycast Servers ns1.foo ns2.foo Two servers with the same routing policy

slide-14
SLIDE 14

Resolve the Conflict

The resolver uses different IP addresses for its fail-over mechanism, while anycast uses the same IP addresses.

Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path Client Anycast Servers ns1.foo ns2.foo

slide-15
SLIDE 15

Resolve the Conflict

Client Anycast Cloud A Anycast Cloud B Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path ns2.foo ns1.foo

Split the anycast deployment into “clouds” of locations, each cloud using a different IP address and different routing policies.

slide-16
SLIDE 16

Resolve the Conflict

Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path

This allows anycast to present the nearest servers, and allows the resolver to choose the one which performs best.

Client ns2.foo ns1.foo Anycast Cloud A Anycast Cloud B

slide-17
SLIDE 17

Resolve the Conflict

Low-latency, high hop-count desirable path High-latency, low hop-count undesirable path

These clouds are usually referred to as “A Cloud” and “B Cloud.” The number of clouds depends on stability and scale trade-offs.

Client ns2.foo ns1.foo Anycast Cloud A Anycast Cloud B

slide-18
SLIDE 18

Latency Reduction

Latency reduction depends upon the native layer-3 routing of the Internet. The theory is that the Internet will deliver packets using the shortest path. The reality is that the Internet will deliver packets according to ISPs’ policies.

slide-19
SLIDE 19

Latency Reduction

ISPs’ routing policies differ from shortest- path where there’s an economic incentive to deliver by a longer path.

slide-20
SLIDE 20

ISPs’ Economic Incentives (Grossly Simplified)

ISPs have high cost to deliver traffic through transit. ISPs have a low cost to deliver traffic through their peering. ISPs receive money when they deliver traffic to their customers.

slide-21
SLIDE 21

ISPs’ Economic Incentives (Grossly Simplified)

Therefore, ISPs will deliver traffic to a customer across a longer path, before by peering or transit across a shorter path. If you are both a customer, and a customer of a peer or transit provider, this has important implications.

slide-22
SLIDE 22

Normal Hot-Potato Routing

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East Transit Provider Green If the anycast network is not a customer of large Transit Provider Red... ...but is a customer of large Transit Provider Green... Transit Provider Red

slide-23
SLIDE 23

Normal Hot-Potato Routing

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East Transit Provider Green Traffic from Red’s customer... Transit Provider Red Red Customer East

slide-24
SLIDE 24

Transit Provider Red

Normal Hot-Potato Routing

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East Transit Provider Green Red Customer East ...then traffic from Red’s customer... ...is delivered from Red to Green via local peering, and reaches the local anycast instance.

slide-25
SLIDE 25

How the Conflict Plays Out

Anycast Instance West Anycast Instance East Transit Provider Red Exchange Point West Exchange Point East Transit Provider Green But if the anycast network is a customer of both large Transit Provider Red... ...and of large Transit Provider Green, but not at all locations...

slide-26
SLIDE 26

How the Conflict Plays Out

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East Transit Provider Green ...then traffic from Red’s customer... ...will be misdelivered to the remote anycast instance... Red Customer East

slide-27
SLIDE 27

How the Conflict Plays Out

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East Transit Provider Green ...then traffic from Red’s customer... ...will be misdelivered to the remote anycast instance, because a customer connection... Red Customer East

slide-28
SLIDE 28

How the Conflict Plays Out

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East Transit Provider Green ...then traffic from Red’s customer... ...will be misdelivered to the remote anycast instance, because a customer connection is preferred for economic reasons over a peering connection. Red Customer East

slide-29
SLIDE 29

Resolve the Conflict

Anycast Instance West Anycast Instance East Exchange Point West Exchange Point East

Any two instances of an anycast service IP address must have the same set of large transit providers at all locations.

This caution is not necessary with small transit providers who don’t have the capability of backhauling traffic to the wrong region on the basis of policy.

Transit Provider Red Transit Provider Green

slide-30
SLIDE 30

Putting the Pieces Together

  • We need an A Cloud and a B Cloud.
  • We need a redundant pair of the same transit

providers at most or all instances of each cloud.

  • We need a redundant pair of hidden masters for

the DNS servers.

  • We need a network topology to carry control and

synchronization traffic between the nodes.

slide-31
SLIDE 31

Redundant Hidden Masters

slide-32
SLIDE 32

An A Cloud and a B Cloud

slide-33
SLIDE 33

A Network Topology

“Dual Wagon-Wheel”

A Ring B Ring

slide-34
SLIDE 34

Redundant Transit

Two ISPs

ISP Red ISP Green

slide-35
SLIDE 35

Redundant Transit

ISP Blue ISP Yellow

Or four ISPs

ISP Red ISP Green

slide-36
SLIDE 36

Local Peering

IXP IXP IXP IXP IXP IXP IXP IXP IXP IXP

slide-37
SLIDE 37

Resolver-Based Fail-Over

Customer Resolver Server Selection Customer Resolver Server Selection

slide-38
SLIDE 38

Resolver-Based Fail-Over

Customer Resolver Server Selection Customer Resolver Server Selection

slide-39
SLIDE 39

Internal Anycast Fail-Over

Customer Resolver Customer Resolver

slide-40
SLIDE 40

Global Anycast Fail-Over

Customer Resolver Customer Resolver

slide-41
SLIDE 41

Thanks, and Questions?

Copies of this presentation can be found in Keynote, PDF, and QuickTime formats at: http:// www.pch.net / resources / papers / dns-service-architecture Bill Woodcock Research Director Packet Clearing House woody@pch.net