View
221
Download
6
Category
Tags:
Preview:
Citation preview
Anycast DNS
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Outline
Current Anycast routing Anycast implemented Problems resolved Future
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Definitions
DNS Authoritative Recursive/Caching
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Current DNS
IP Address Management: Maintain DNS: ISC BIND
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Current DNS – Layer 1
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Current DNS Layer 7
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
DNS Problems 1
Load Redundancy Configuration
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
DNS Problems 2
Constituency Caching Monitoring Complexity Non-standard Domains
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
DNS Requirements
Availability Redundancy Complexity Integration
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
“New” DNS Design*
+Linux +ISC Bind+Cfengine+Anycast Routing
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Why Linux?
Cost Hardware
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Routing - Unicast
Single machine to single machine
Web browsing
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Routing - Broadcast
Single machine to all
ARP lookup
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Routing - Multicast
Single machine to some (not all)
Save resources IP TV
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Routing - Anycast
Single machine to one of some
DNS/RADIUS/NTP
Single machine to one of some
DNS/RADIUS/NTP
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Anycast – Is it new?
95% of the root name servers Corporations (eg: easydns.com) Google
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Anycast - Implemented 1
RHEL host runs Quagga (open source router)
Hosts have a /30 uplink to a constituency router
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Anycast - Implemented 2
The router config for cr-adns-mc-1
router ospf ospf router-id 129.97.2.54 passive-interface sit0 network 129.97.2.1/32 area 0.0.0.1 network 129.97.2.2/32 area 0.0.0.1 network 129.97.2.52/30 area 0.0.0.1 network 172.16.3.0/32 area 0.0.0.1
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Anycast - Implemented 3Routing entry for 129.97.2.1/32
Known via "ospf 10", distance 110, metric 11, type intra area
Last update from 129.97.2.54 on Vlan505, 1d05h ago
Routing Descriptor Blocks:
129.97.2.74, from 129.97.2.74, 1d05h ago, via Vlan500
Route metric is 11, traffic share count is 1
* 129.97.2.66, from 129.97.2.66, 1d05h ago, via Vlan502
Route metric is 11, traffic share count is 1
129.97.2.62, from 129.97.2.62, 1d05h ago, via Vlan503
Route metric is 11, traffic share count is 1
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Anycast Cluster – Layer 1
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Failure - Single Node
Hardware Failure
Network failure Routine
Maintenance
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Failure - Single Node
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Failure – MC Machine Room
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Failure – All MC
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Failure Timings
Expected Worst case: 65s Technical Worst case: 105s Mitigate with unicast secondary
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Load - Authoritative
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Load - Caching
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Problems Addressed – Total Load
Current Total 9/5k Anycast Total 100/30K Load ~ 2k/sec Auth = 2/3
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Problems Addressed – Redundancy
Anycast DNS provides non instant automated fail-over
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Problems Addressed – Configuration
Single config for all Anycast servers
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Problem Addressed - Constituency Caching
Can only recommend
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Problems Addressed - Monitoring
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Problem Addressed - Complexity
Still complex layout Automated
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
But what about the dots?
Stern warning
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Time lineDate Item
Done
Jan 2010
Mar 2010
Mar 2010 All: change DNS option DHCP machine
Jun 2010 All: change DNS hard-coded servers
Sep 2010
Wireless (Campus + Resnet)
Campus: Admin
Resnet: Using new DNS
Shutdown of 129.97.128.100
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Try it
$ dig +short @129.97.2.1 HOSTNAME.BIND CH TXT
"cr-adns-ech-1"
>nslookup -type=TXT -class=CHAOS HOSTNAME.BIND 129.97.2.1
Server: cn-ns1.uwaterloo.ca
Address: 129.97.2.1
HOSTNAME.BIND text =
"cr-adns-ech-1"
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Future
NS1 Slave diversity Second Cluster MS DNS / DDNS DHCP
WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS
Questions?
jbgorrie@uwaterloo.ca
Recommended