On Tue, March 13, 2007 14:56, Joe Abley wrote:
On 12-Mar-2007, at 19:49, joshua sahala wrote:
TCP anycast works just fine (http://www.nanog.org/mtg-0606/levine.html)...it is FUD (spread by verislime and others) that it doesn't work.
To be fair, Verisign have an extensive anycast deployment with COM/ NET and J-root, and they naturally support queries over both TCP and UDP transports. I've never heard anybody from Verisign suggest that anycast is fundamentally incompatible with TCP.
page 29 of the "Life and Times of J-Root" presentation would seem to suggest otherwise (http://www.nanog.org/mtg-0410/kosters.html): DO NOT RUN Anycast with Stateful Transport They then clarified, somewhat, that statement on page 36 of "Follow-up analysis of J root anycast traffic" presentation (http://www.nanog.org/mtg-0702/larson.html). They state that DNS anycast works "fine" over TCP, though they cite a decent number of TCP resets saying only that it requires more investigation/explanation (fair enough). They do still contend that "...longer-running TCP sessions may have problems" (warning those that don't engineer carefully).
like ALL things network-related, you have to know what you are doing and understand the limitations...
... many of which we tried to capture in RFC 4786/BCP 126.
which is a good document on the ins/outs of it...now if only more people would read those RFC things :) /joshua -- common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams -