Anycast is a network addressing and routing scheme whereby data is routed to the "nearest" or "best" destination as viewed by the routing topology. In computing, an address space defines a context in which a memory address makes sense. ... In computer networking the term routing refers to selecting paths in a computer network along which to send data. ...

The term is intended to echo the terms unicast, broadcast and multicast. In computer networks, unicast is the sending of information packets to a single destination. ... In computer networking, a broadcast address is an IP address that allows information to be sent to all machines on a given subnet rather than a specific machine. ... Routing Schemes anycast broadcast multicast unicast Multicast is sometimes also used to refer to a multiplexed broadcast, although that is a very different thing and should not be confused. ...

• In unicast, there is a one-to-one association between network address and network endpoint: each destination address uniquely identifies a single receiver endpoint.
• In broadcast and multicast, there is a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, to which all information is replicated.
• In anycast, there is also a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, but only one of them is chosen at any given time to receive information from any given sender.

On the Internet, anycast is usually implemented by using BGP to simultaneously announce the same destination IP address range from many different places on the Internet. This results in packets addressed to destination addresses in this range being routed to the "nearest" point on the net announcing the given destination IP address. The border gateway protocol (BGP) is one of the core routing protocols in the Internet. ... An IP address (Internet Protocol address) is a unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). ...

Anycast is best suited to connectionless protocols (generally built on UDP), rather than connection-oriented protocols such as TCP, or UDP based protocols that keep their own state, since the receiver selected for any given source may change from time to time as optimal routes change, silently breaking any conversations that may be in progress at the time. For stateful protocols where it is required that an entire session will use the same server, systems like GeoDNS are more appropriate. In telecommunications, connectionless describes communication between two network end points in which a message can be sent from one end point to another without prior arrangement. ... The User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ... In telecommunications, connection-oriented describes a means of transmitting data in which the devices at the end points use a preliminary protocol to establish an end-to-end connection before any data is sent. ... It has been suggested that SYN (TCP) be merged into this article or section. ... It has been suggested that Geodns be merged into this article or section. ...

For this reason, anycast is generally used as a way to provide high availability and load balancing for stateless services such as access to replicated data. A stateless server is one that treats each request as an independent transaction, unrelated to any previous request. ...

Use of anycast to implement DNS

A number of the Internet root nameservers are implemented as large numbers of clusters of machines using anycast. The C, F, I, J, K and M servers exist in multiple locations on different continents, using anycast announcements to provide a decentralized service. As a result most of the physical, rather than nominal, root servers are now outside the United States. RFC 3258 documents how anycast is used to provide authoritative DNS service. The AMS-IX mirror of the K root-server. ...

Use of anycast to implement IPv6 transition

There is a 6to4 (IPv6 transition protocol) anycast default gateway available with the IP address 192.88.99.1. (See RFC 3068 for details.) This allows multiple providers to implement 6to4 gateways without hosts needing to know each individual provider's gateway addresses. 6to4 (sometimes written 6 to 4) is a system that allows IPv6 packets to be transmitted over an IPv4 network. ...

Security of anycast

Anycast allows any operator whose routing information is accepted by an intermediate router to hijack any packets intended for the anycast address. While this at first sight appears insecure, it is no different from the routing of ordinary IP packets, and no more or less secure. As with conventional IP routing, careful filtering of who is and is not allowed to propagate route announcements is crucial to prevent man-in-the-middle or blackhole attacks. In cryptography, a man in the middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. ... In computer networking a packet drop attack or blackhole attack is a type of denial-of-service attack accomplished by selectively dropping packets for a particular network destination. ...

Reliability of anycast

Anycast is normally highly reliable, as it can provide automatic failover. Anycast applications typically feature external "heartbeat" monitoring of the server's function, and withdraw the route announcement if the server fails. In some cases this is done by the actual servers announcing the anycast prefix to the router over OSPF or another IGP protocol. If the servers die, the router will automatically withdraw the announcement. Open Shortest Path First (OSPF) is a link-state, hierarchical Interior Gateway Protocol (IGP) routing protocol. ... IGP stands for Interior Gateway Protocol Integrated Graphics Processor Inspector General of Police, a rank of police officer in at least 2 countries, Malaysia and India. ...

"Heartbeat" functionality is important because, if the announcement continues for a failed server, the server will act as a "black hole" for nearby clients; this failure mode is the most serious mode of failure for an anycast system. Even in this event, this kind of failure will only cause a total failure for clients that are closer to this server than any other, and will not cause a global failure.

(D)DoS and anycast

Anycast on the internet can help to distribute DDoS attacks and reduce their effectiveness. As traffic is routed to the closest node (and the attacker has no control over this behaviour) the DDoS traffic flow will be distributed amongst the closest nodes. This often means that not all nodes will be affected. This is often an important reason to deploy anycast. A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ...

The effectiveness of this can however be decreased when unicast addresses (used for maintenance) are easy to recover. An attacker can then attack every node from any location, just as if there was no anycast and all nodes were separate servers.

Local vs Global

In some situations of anycast deployment on the internet there is a difference between local and global nodes. Local nodes are often more intended to provide benefit for the direct local community. Local node announcements are often announced with the no-export BGP community to prevent peers from announcing them to their peers (i.e. the announcement is kept in the local area). Where both local and global nodes are deployed, the announcements from global nodes are often AS prepended (i.e. the AS is added a few more times) to make the path longer so that a local node announcement is preferred over a global node announcement. The border gateway protocol (BGP) is one of the core routing protocols in the Internet. ...

Both F and K root name servers currently use local and global nodes.

External links

• Anycast Addressing on the Internet
• Hierarchical Anycast for Global Service Distribution, ISC document on anycast
• Effect of anycast on K-root, presentation by Lorenzo Colitti (RIPE NCC) at DNS-OARC in July 2005
• The Impact of anycast on Root DNS Servers: The Case of K-root, presentation by Lorenzo Colitti (RIPE NCC) at RIPE 52 in April 2006