SlideShare a Scribd company logo
Anycast all the things
Load balacing and redundancy in your network
FrOSCon 14 Network and Automation Track
Maximilian Wilhelm
1 / 35
Agenda
1. Who's who
2. Load balancing concepts
1. DNS Round robin
2. Layer 4-7 LBs
3. Anycast
3. How to Anycast
1. Requirements
2. Key elements
3. Routing protocols
4. Anycast in practice
5. Outlook
2 / 35
Who's who Maximilian Wilhelm
Networker
OpenSource Hacker
Fanboy of
(Debian) Linux
ifupdown2
Occupation:
By day: Senior Infrastructure Architect, Uni Paderborn
By night: Infrastructure Archmage, Freifunk Hochstift
In between: Freelance Solution Architect for hire
Contact
@BarbarossaTM
max@sdn.clinic
3 / 35
Who's who
Concepts
Load balancing concepts
4 / 35
Who's who
Concepts
Why load balancing?
Availability
Hardware will fail
Software bugs
Fat fingers
Maintenance
Scalability
Maybe users like your service (base line)
Christmas shopping (peaks)
5 / 35
Who's who
Concepts
Now what?
Availability
Make sure at least one service node is working
Scalability
Make sure enough service nodes are working
Users don't care about your infrastructure.
They care about their user experience.
6 / 35
Who's who
Concepts
How to achieve that?
DNS Round Robin
Load balancer appliance(s) / software
Anycast
A combination of those
7 / 35
Who's who
Concepts
Multiple A / AAAA entries
Balancing by DNS replies
pseudo randomly sorted by DNS
server
DNS Round Robin
8 / 35
Who's who
Concepts
DNS Round Robin
Pros
Easy to set up
Cons
All IPs have to be reachable
Maintenance is hard
Beware of stupid clients
Slow reaction times
Due to TTL of records
Broken caching in resolvers ignoring small TTLs
9 / 35
Who's who
Concepts
DNS Round Robin
Availabilty
Node failure might be noticed by users
DNS caching may prolong failures
Scalability
Add more DNS records
10 / 35
Who's who
Concepts
Some appliance (or cluster there of)
Terminate service IP(s) from clients
perspective
Connection to real backend via
NAT
TCP proxy
Application level proxy
(HAproxy, nginx, ...)
.21 .22 .23
.17
194.107.206.16/28
LB
194.107.206.8
Layer 4-7 Load balancers
11 / 35
Who's who
Concepts
Layer 4-7 Load balancers
Pros
LB appliance can hide complexity
May provide point and click management
LB can manipulate on a per-request basis
Cons
risk of vendor lock-in
LB may become bottle neck
LB config may become to complex to maintain
Backend systems may lose information about client IPs
12 / 35
Who's who
Concepts
Layer 4-7 Load balancers
Availabilty
Have LB cluster
Have multiple backends
Scalabilty
Add more backends
Maybe scale appliance vertically
13 / 35
Who's who
Concepts
Just a bunch of backend servers
have the service IP(s)
configured
On a virtual interface
Terminate service IP(s) from clients
perspective
.21
.22 .23
.17
194.107.206.16/28
194.107.
206.8
194.107.
206.8
194.107.
206.8
Anycast
14 / 35
Who's who
Concepts
Anycast
Pros
Scales horizontally at line-rate
Easy to set up (after losing fear)
Cons
No way to steer where client connection terminates
15 / 35
Who's who
Concepts
Anycast
Availabilty
Have multiple backends
Scalabilty
Have as much backends as needed and some spare
Have enough network bandwidth
16 / 35
Who's who
Concepts
Anycast
How to Anycast
17 / 35
Who's who
Concepts
Anycast
Requirements / Ingredients
At least two services nodes
A spare IP from a different subnet
Router which support ECMP
A dynamic routing protocol
A mechanism to check if a service node is healthy
18 / 35
Who's who
Concepts
Anycast
OSPF or IS-IS
Potentially more well-known
No (good) way to filter prefixes
BGP
Potentially less well-known
Potentially higher learning curve
Filtering is part of protocol design
Choice of routing protocol
19 / 35
Who's who
Concepts
Anycast
Service healthchecker
Each node has to determine it's health
Annouce service IP accordingly
Check definition should be present for monitoring anyway
Why not just reuse it locally?
20 / 35
Who's who
Concepts
Anycast
Practice Anycast in practice
21 / 35
Who's who
Concepts
Anycast
Practice
Three web servers
Debian Linux
nginx
simple static web page
One router
Cisco Catalyst 3750
Assuming BGP on router is
configured
.21
.22 .23
.17
194.107.206.16/28
Example
22 / 35
Who's who
Concepts
Anycast
Practice
Con gure Virtual Anycast IP
Set up a dummy interface on each webserver
The same IP everywhere
#
# /etc/network/interfaces (ifupdown2 style)
#
auto anycast_srv
iface anycast_srv
link-type dummy
#
address 194.107.206.8/32
Bring up the interface
ifup anycast_srv
23 / 35
Who's who
Concepts
Anycast
Practice
Setting up Bird
We'll use Bird Internet Routing Daemon
Simple basic setup up
Use regular host IPv4 IP as Router ID
Default protocol device
#
# /etc/bird/bird.conf
#
# Change this into your BIRD router ID. It's a world-wide unique identification
# of your router, usually one of router's IPv4 addresses.
router id 194.107.206.21;
# The Device protocol is not a real routing protocol. It doesn't generate any
# routes and it only serves as a module for getting information about network
# interfaces from the kernel.
protocol device {
}
See last year's FrOSCon OSPF and BGP talks for details
24 / 35
Who's who
Concepts
Anycast
Practice
Learn Anycast IP in bird
Extend config with a direct protocol
protocol direct anycast_srv {
interface "anycast_srv";
}
Reload bird configuration
birdc configure
Check bird routing table
root@srv01:~# birdc show route
BIRD 1.6.3 ready.
194.107.206.8/32 dev anycast_srv [anycast_srv 16:18:29] * (240)
25 / 35
Who's who
Concepts
Anycast
Practice
RUN BGP
Export Anycast IP to our router
protocol bgp dr_dc_01 {
import none;
export where net = 194.107.206.8/32;
local as 39225;
neighbor 194.107.206.17 as 39225;
}
Reload bird configuration
birdc configure
26 / 35
Who's who
Concepts
Anycast
Practice
RUN BGP
Check protocol status
root@srv01:~# birdc show protocol dr_dc_01
BIRD 1.6.3 ready.
name proto table state since info
dr_dc_01 BGP master up 01:11:35 Established
Check exported prefixes
root@srv01:~# birdc show route export dr_dc_01
BIRD 1.6.3 ready.
194.107.206.8/32 dev anycast_srv [anycast_srv 16:18:30] * (240)
27 / 35
Who's who
Concepts
Anycast
Practice
Setting up the health check
We'll use anycast-healtchecker
Setting up global config
# /etc/anycast-healthchecker/anycast-healthchecker.conf
[DEFAULT]
interface = anycast_srv
check_interval = 3
check_timeout = 2
check_disabled = false
on_disabled = withdraw
ip_check_disabled = false
[daemon]
ipv4 = true
ipv6 = true
bird_conf = /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf
bird6_conf = /var/lib/anycast-healthchecker/anycast-prefixes-v6.conf
bird_variable = ANYCAST_PREFIXES
bird6_variable = ANYCAST_PREFIXES
[...]
dummy_ip_prefix = 10.189.200.255/32
dummy_ip6_prefix = 2001:db8::1/128
[...]
28 / 35
Who's who
Concepts
Anycast
Practice
Setting up the health check
Setting up the check for our web service (trivial version)
# /etc/anycast-healthchecker/check.d/webserver.conf
[webserver_v4]
check_cmd = wget -O/dev/null -q http://localhost/
ip_prefix = 194.107.206.8/32
Let's get it started
systemctl restart anycast-healthchecker.service
Check the bird config snippet
root@srv01:~# cat /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf
# Generated 2019-08-10 01:30:37.375957 by anycast-healthchecker (pid=6825)
# 10.189.200.255/32 is a dummy IP Prefix. It should NOT be used and REMOVED [...]
define ANYCAST_PREFIXES =
[
10.189.200.255/32,
194.107.206.8/32
];
29 / 35
Who's who
Concepts
Anycast
Practice
Glueing it all together
include "/var/lib/anycast-healthchecker/anycast-prefixes-v4.conf";
protocol bgp dr_dc_01 {
import none;
export where net ~ ANYCAST_PREFIXES;
local as 39225;
neighbor 194.107.206.17 as 39225;
}
And again, reconfigure bird
birdc configure
Now what happens when nginx goes down?
30 / 35
Who's who
Concepts
Anycast
Practice
Outlook
Outlook
31 / 35
Who's who
Concepts
Anycast
Practice
Outlook
Why no anycasting LBs?
HAproxy for the win
Production set up at Uni PB
As well as pure Anycast for
Kerberos KDCs
.21 .22 .23
.17
194.107.206.16/28
LB
194.107.206.8
LB
194.107.206.8
Combining forces
32 / 35
Who's who
Concepts
Anycast
Practice
Outlook
Let's scale the shit out of it
There can be lot's of LBs and lot's of backends
All of this can be distributed (anycasted) over the globe
CloudFlare, Facebook, ...
Even with DNS-RR
Or more intelligent solutions
Every CDN out there
33 / 35
Who's who
Concepts
Anycast
Practice
Outlook
Links
Further Reading
BGP basics
https://blog.sdn.clinic/2018/09/froscon-13-network-track/
Anycast with Cisco Nexus 7000 and Debian Linux
https://blog.sdn.clinic/2018/02/anycasted-services-with-debian-bird-anycast-
healthchecker-and-cisco-nexus-7000/
34 / 35
Who's who
Concepts
Anycast
Practice
Outlook
Links
Questions?
Questions?
35 / 35

More Related Content

What's hot

BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)
클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)
클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)
Laehyoung Kim
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
Thomas Graf
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
Robert Bohne
 
Cisco Live Brksec 3032 - NGFW Clustering
Cisco Live Brksec 3032 - NGFW ClusteringCisco Live Brksec 3032 - NGFW Clustering
Cisco Live Brksec 3032 - NGFW Clustering
ib_cims
 
Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution
Cisco Canada
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
Raphaël PINSON
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source
NetProtocol Xpert
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Network Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsNetwork Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspects
deshpandeamrut
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
Cumulus Networks
 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGP
Zenith Networks
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
OFI Overview 2019 Webinar
OFI Overview 2019 WebinarOFI Overview 2019 Webinar
OFI Overview 2019 Webinar
seanhefty
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
APNIC
 
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail AliSP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
MyNOG
 

What's hot (20)

BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
 
클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)
클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)
클라우드 환경을 위한 네트워크 가상화와 NSX(기초편)
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
 
Cisco Live Brksec 3032 - NGFW Clustering
Cisco Live Brksec 3032 - NGFW ClusteringCisco Live Brksec 3032 - NGFW Clustering
Cisco Live Brksec 3032 - NGFW Clustering
 
Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
Network Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsNetwork Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspects
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN Introduction
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGP
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
OFI Overview 2019 Webinar
OFI Overview 2019 WebinarOFI Overview 2019 Webinar
OFI Overview 2019 Webinar
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail AliSP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
 

Similar to Anycast all the things

Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
David Pasek
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...
[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...
[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...
Nur Shiqim Chok
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
Edwin Beekman
 
Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015
Edwin Beekman
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019
Giorgio Bernardi
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
Jim St. Leger
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
Marian Marinov
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
farhanica
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
Tariq Sheikh
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
OpenStack Korea Community
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
Federico Michele Facca
 
4 implementation
4 implementation4 implementation
4 implementation
hanmya
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network Analysis
Joel W. King
 
Linux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guideLinux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guide
jasembo
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
Bob Killen
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
Puppet
 
Kvm for ibm_z_systems_v1.1.2_limits
Kvm for ibm_z_systems_v1.1.2_limitsKvm for ibm_z_systems_v1.1.2_limits
Kvm for ibm_z_systems_v1.1.2_limits
Krystel Hery
 
Building PoC ready ODM Platforms with Arm SystemReady v5.2.pdf
Building PoC ready ODM Platforms with Arm SystemReady v5.2.pdfBuilding PoC ready ODM Platforms with Arm SystemReady v5.2.pdf
Building PoC ready ODM Platforms with Arm SystemReady v5.2.pdf
Paul Yang
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notes
Ryan Aydelott
 

Similar to Anycast all the things (20)

Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...
[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...
[Cisco Connect 2018 - Vietnam] Anh duc le reap the benefits of sdn with cisco...
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
 
Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 
4 implementation
4 implementation4 implementation
4 implementation
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network Analysis
 
Linux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guideLinux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guide
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
 
Kvm for ibm_z_systems_v1.1.2_limits
Kvm for ibm_z_systems_v1.1.2_limitsKvm for ibm_z_systems_v1.1.2_limits
Kvm for ibm_z_systems_v1.1.2_limits
 
Building PoC ready ODM Platforms with Arm SystemReady v5.2.pdf
Building PoC ready ODM Platforms with Arm SystemReady v5.2.pdfBuilding PoC ready ODM Platforms with Arm SystemReady v5.2.pdf
Building PoC ready ODM Platforms with Arm SystemReady v5.2.pdf
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notes
 

More from Maximilan Wilhelm

This is the way - Holistic (Network) Automation
This is the way - Holistic (Network) AutomationThis is the way - Holistic (Network) Automation
This is the way - Holistic (Network) Automation
Maximilan Wilhelm
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
Maximilan Wilhelm
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
Maximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Maximilan Wilhelm
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
Maximilan Wilhelm
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
Maximilan Wilhelm
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Maximilan Wilhelm
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
Maximilan Wilhelm
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
Maximilan Wilhelm
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
Maximilan Wilhelm
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
Maximilan Wilhelm
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
Maximilan Wilhelm
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
Maximilan Wilhelm
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
Maximilan Wilhelm
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
Maximilan Wilhelm
 

More from Maximilan Wilhelm (18)

This is the way - Holistic (Network) Automation
This is the way - Holistic (Network) AutomationThis is the way - Holistic (Network) Automation
This is the way - Holistic (Network) Automation
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
 

Recently uploaded

Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
Azure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdfAzure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdf
AanSulistiyo
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 

Recently uploaded (20)

Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
Azure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdfAzure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdf
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 

Anycast all the things

  • 1. Anycast all the things Load balacing and redundancy in your network FrOSCon 14 Network and Automation Track Maximilian Wilhelm 1 / 35
  • 2. Agenda 1. Who's who 2. Load balancing concepts 1. DNS Round robin 2. Layer 4-7 LBs 3. Anycast 3. How to Anycast 1. Requirements 2. Key elements 3. Routing protocols 4. Anycast in practice 5. Outlook 2 / 35
  • 3. Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 3 / 35
  • 5. Who's who Concepts Why load balancing? Availability Hardware will fail Software bugs Fat fingers Maintenance Scalability Maybe users like your service (base line) Christmas shopping (peaks) 5 / 35
  • 6. Who's who Concepts Now what? Availability Make sure at least one service node is working Scalability Make sure enough service nodes are working Users don't care about your infrastructure. They care about their user experience. 6 / 35
  • 7. Who's who Concepts How to achieve that? DNS Round Robin Load balancer appliance(s) / software Anycast A combination of those 7 / 35
  • 8. Who's who Concepts Multiple A / AAAA entries Balancing by DNS replies pseudo randomly sorted by DNS server DNS Round Robin 8 / 35
  • 9. Who's who Concepts DNS Round Robin Pros Easy to set up Cons All IPs have to be reachable Maintenance is hard Beware of stupid clients Slow reaction times Due to TTL of records Broken caching in resolvers ignoring small TTLs 9 / 35
  • 10. Who's who Concepts DNS Round Robin Availabilty Node failure might be noticed by users DNS caching may prolong failures Scalability Add more DNS records 10 / 35
  • 11. Who's who Concepts Some appliance (or cluster there of) Terminate service IP(s) from clients perspective Connection to real backend via NAT TCP proxy Application level proxy (HAproxy, nginx, ...) .21 .22 .23 .17 194.107.206.16/28 LB 194.107.206.8 Layer 4-7 Load balancers 11 / 35
  • 12. Who's who Concepts Layer 4-7 Load balancers Pros LB appliance can hide complexity May provide point and click management LB can manipulate on a per-request basis Cons risk of vendor lock-in LB may become bottle neck LB config may become to complex to maintain Backend systems may lose information about client IPs 12 / 35
  • 13. Who's who Concepts Layer 4-7 Load balancers Availabilty Have LB cluster Have multiple backends Scalabilty Add more backends Maybe scale appliance vertically 13 / 35
  • 14. Who's who Concepts Just a bunch of backend servers have the service IP(s) configured On a virtual interface Terminate service IP(s) from clients perspective .21 .22 .23 .17 194.107.206.16/28 194.107. 206.8 194.107. 206.8 194.107. 206.8 Anycast 14 / 35
  • 15. Who's who Concepts Anycast Pros Scales horizontally at line-rate Easy to set up (after losing fear) Cons No way to steer where client connection terminates 15 / 35
  • 16. Who's who Concepts Anycast Availabilty Have multiple backends Scalabilty Have as much backends as needed and some spare Have enough network bandwidth 16 / 35
  • 18. Who's who Concepts Anycast Requirements / Ingredients At least two services nodes A spare IP from a different subnet Router which support ECMP A dynamic routing protocol A mechanism to check if a service node is healthy 18 / 35
  • 19. Who's who Concepts Anycast OSPF or IS-IS Potentially more well-known No (good) way to filter prefixes BGP Potentially less well-known Potentially higher learning curve Filtering is part of protocol design Choice of routing protocol 19 / 35
  • 20. Who's who Concepts Anycast Service healthchecker Each node has to determine it's health Annouce service IP accordingly Check definition should be present for monitoring anyway Why not just reuse it locally? 20 / 35
  • 22. Who's who Concepts Anycast Practice Three web servers Debian Linux nginx simple static web page One router Cisco Catalyst 3750 Assuming BGP on router is configured .21 .22 .23 .17 194.107.206.16/28 Example 22 / 35
  • 23. Who's who Concepts Anycast Practice Con gure Virtual Anycast IP Set up a dummy interface on each webserver The same IP everywhere # # /etc/network/interfaces (ifupdown2 style) # auto anycast_srv iface anycast_srv link-type dummy # address 194.107.206.8/32 Bring up the interface ifup anycast_srv 23 / 35
  • 24. Who's who Concepts Anycast Practice Setting up Bird We'll use Bird Internet Routing Daemon Simple basic setup up Use regular host IPv4 IP as Router ID Default protocol device # # /etc/bird/bird.conf # # Change this into your BIRD router ID. It's a world-wide unique identification # of your router, usually one of router's IPv4 addresses. router id 194.107.206.21; # The Device protocol is not a real routing protocol. It doesn't generate any # routes and it only serves as a module for getting information about network # interfaces from the kernel. protocol device { } See last year's FrOSCon OSPF and BGP talks for details 24 / 35
  • 25. Who's who Concepts Anycast Practice Learn Anycast IP in bird Extend config with a direct protocol protocol direct anycast_srv { interface "anycast_srv"; } Reload bird configuration birdc configure Check bird routing table root@srv01:~# birdc show route BIRD 1.6.3 ready. 194.107.206.8/32 dev anycast_srv [anycast_srv 16:18:29] * (240) 25 / 35
  • 26. Who's who Concepts Anycast Practice RUN BGP Export Anycast IP to our router protocol bgp dr_dc_01 { import none; export where net = 194.107.206.8/32; local as 39225; neighbor 194.107.206.17 as 39225; } Reload bird configuration birdc configure 26 / 35
  • 27. Who's who Concepts Anycast Practice RUN BGP Check protocol status root@srv01:~# birdc show protocol dr_dc_01 BIRD 1.6.3 ready. name proto table state since info dr_dc_01 BGP master up 01:11:35 Established Check exported prefixes root@srv01:~# birdc show route export dr_dc_01 BIRD 1.6.3 ready. 194.107.206.8/32 dev anycast_srv [anycast_srv 16:18:30] * (240) 27 / 35
  • 28. Who's who Concepts Anycast Practice Setting up the health check We'll use anycast-healtchecker Setting up global config # /etc/anycast-healthchecker/anycast-healthchecker.conf [DEFAULT] interface = anycast_srv check_interval = 3 check_timeout = 2 check_disabled = false on_disabled = withdraw ip_check_disabled = false [daemon] ipv4 = true ipv6 = true bird_conf = /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf bird6_conf = /var/lib/anycast-healthchecker/anycast-prefixes-v6.conf bird_variable = ANYCAST_PREFIXES bird6_variable = ANYCAST_PREFIXES [...] dummy_ip_prefix = 10.189.200.255/32 dummy_ip6_prefix = 2001:db8::1/128 [...] 28 / 35
  • 29. Who's who Concepts Anycast Practice Setting up the health check Setting up the check for our web service (trivial version) # /etc/anycast-healthchecker/check.d/webserver.conf [webserver_v4] check_cmd = wget -O/dev/null -q http://localhost/ ip_prefix = 194.107.206.8/32 Let's get it started systemctl restart anycast-healthchecker.service Check the bird config snippet root@srv01:~# cat /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf # Generated 2019-08-10 01:30:37.375957 by anycast-healthchecker (pid=6825) # 10.189.200.255/32 is a dummy IP Prefix. It should NOT be used and REMOVED [...] define ANYCAST_PREFIXES = [ 10.189.200.255/32, 194.107.206.8/32 ]; 29 / 35
  • 30. Who's who Concepts Anycast Practice Glueing it all together include "/var/lib/anycast-healthchecker/anycast-prefixes-v4.conf"; protocol bgp dr_dc_01 { import none; export where net ~ ANYCAST_PREFIXES; local as 39225; neighbor 194.107.206.17 as 39225; } And again, reconfigure bird birdc configure Now what happens when nginx goes down? 30 / 35
  • 32. Who's who Concepts Anycast Practice Outlook Why no anycasting LBs? HAproxy for the win Production set up at Uni PB As well as pure Anycast for Kerberos KDCs .21 .22 .23 .17 194.107.206.16/28 LB 194.107.206.8 LB 194.107.206.8 Combining forces 32 / 35
  • 33. Who's who Concepts Anycast Practice Outlook Let's scale the shit out of it There can be lot's of LBs and lot's of backends All of this can be distributed (anycasted) over the globe CloudFlare, Facebook, ... Even with DNS-RR Or more intelligent solutions Every CDN out there 33 / 35
  • 34. Who's who Concepts Anycast Practice Outlook Links Further Reading BGP basics https://blog.sdn.clinic/2018/09/froscon-13-network-track/ Anycast with Cisco Nexus 7000 and Debian Linux https://blog.sdn.clinic/2018/02/anycasted-services-with-debian-bird-anycast- healthchecker-and-cisco-nexus-7000/ 34 / 35