North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

oh k can you see

  • From: Randy Bush
  • Date: Mon Oct 31 17:21:11 2005

so a few of us are still looking at routing through the anycast
sunglasses.  a particular probe is seeing instability [0] for [1].  so we hop on to a router nearby, and
have some fun looking at things.  we discover an anomaly which
takes a while to sort out

  o some of the anycasted servers mark their announcements with
    the magic NO_EXPORT community in an attempt to localize
    their distribution (it would be good if a server in kenya
    did not take load from nyc)

  o they also have a server or two which does not so mark their
    announcements on the presumption that the rest of the world
    can get to those non-marking server(s)

this last assumption is not safe

  o consider large providers p0 and p1 which are connected to
    k0 which announces with NO_EXPORT

  o there is also server k1 which is out there somewhere and
    announcing without NO_EXPORT

  o test point t0 is in a multi-homed asn connected to p0 and

  o the routers in p0 and p1 at which t0's router is connected
    have their best path to k being the one to k0

  o this obscures their path to k1

  o and, as they obey k0's NO_EXPORT, they can not export any
    route to a server to t0

  o so t0 sees no route to

this implies that a non-trivial part of the net can not see
anycast services for which some of the servers are marking
their announcements as NO_EXPORT.

note that we saw this from a multi-homed site in seattle, not
from some more net-isolated probe.




[0] - please remember, this is not that the servers are unstable,
      but rather that routing near the probe is unstable, and the
      anycasted prefixes are likely to show this more than those
      which are unicast.

[1] - side note: we got misled for a few seconds by
	% host has address
	% host has address