Essentially, the same route is being advertised from multiple data centers around the world. Thus, clients will be sent to the "best" and "closest" based on BGP routes, data center. Why Anycast? Why use Anycast instead of Unicast?
Unicast is really good for a site with one web server and moderate traffic. However, if a service has millions of subscribers, then it usually uses many web servers, each with the same IP address. These servers are geographically distributed to optimally serve requests.
In this scenario, Anycast will improve performance (traffic is directed to the user with minimal latency), ensure service reliability (thanks to redundant servers) and load balancing - routing to multiple servers will effectively distribute the load between them, improving the speed of the site.
Operators offer customers various types of load balancing based on Anycast and DNS. Clients can specify IP addresses to which requests will be sent depending on the geographic location of the site. This makes it possible to more flexibly distribute user requests.
Suppose there are several sites between which you need to distribute the load (users), for example, an online store with 100,000 requests per day or a popular blog. To restrict the region from where users enter a specific site, you can use the Geo Community option. It allows you to limit the region within which the operator will advertise the route.
Anycast vs. Unicast: The Difference
Anycast is often used in applications such as DNS (Domain Name System) and CDN (Content Delivery Networks) to enable routing decisions that improve network performance. Content delivery networks use Anycast, since they deal with large volumes of traffic, and Anycast provides a number of advantages in this case (more about them below). In DNS, Anycast can significantly increase the level of reliability and fault tolerance of the service.
In Anycast IP, when using BGP, there are several routes to a specific host. These are actually copies of hosts in multiple datacenters used to establish lower latency connections.
So, in the Anycast network, the same IP address is advertised from different locations, and the network decides where to direct the user's request based on the "cost" of the route. For example, BGP is often used to determine the shortest route for data transmission. When a user sends an Anycast request, BGP determines the best route for the Anycast servers available on the network.
Anycast benefits
| Reducing latency | Anycast , . «» ( ) DNS-. Anycast . , . |
|
|
, , , , .
|
|
|
IP, . Anycast //.
, , , Anycast, , DNS. DNS - . Anycast , . |
|
|
Anycast . , , . , , . .
|
| DoS-
|
Anycast – DDoS. DDoS- Anycast, .
DDoS- , , . Anycast , «» , . « », , . |
|
|
Anycast . , Anycast, , . .
, . , . , . , , , . . , 10 25 /. 100 IP- . |
|
|
, Anycast — DNS. DNS-, DNS-. , , . DNS-. , , DNS- , , DNS- .
Anycast , , , . . |
No special servers, networks or special components are required to use Anycast technology from the client side. But Anycast has its drawbacks. It is believed that its implementation is a complex task that requires additional equipment, reliable providers and proper traffic routing.
From a pure source to a beautiful far
While Anycast routes users based on the least hops, it doesn't necessarily mean the least latency. Latency is a more complex metric, as one transition can have more than ten.
Example: Intercontinental communications may involve one very high latency hop.
Anycast is mainly used for UDP based services like DNS. User requests are directed to the "best" and "closest" data centers based on BGP routes.
Example: A DNS client workstation with an Anycast DNS IP address 123.10.10.10, performs DNS resolution for the closest of three DNS name servers deployed using the same Anycast IP address. If router R1 or server A fails, the DNS client packets will be automatically forwarded to the next nearest DNS server via R2 and R3. In addition, the route to our server A will be removed from the routing tables, preventing further use of this nameserver.
Deployment scripts
There are two general schemes that are used to determine which server a user is connecting to:
- Anycast network layer . Connects the user to the nearest server. The network path from the user to the server is important here.
- Anycast . , , , . . , .
CDN Anycast
Let's return now to the use of Anycast in content delivery networks. Anycast is certainly an interesting networking concept and is gaining increasing acceptance from next generation CDN providers.
CDN is a distributed network of servers that deliver content to end users with high availability and low latency. Content delivery networks play an important role today as the backbone of numerous online multimedia services, and consumers are increasingly less tolerant of slow download speeds. Video and voice applications are especially sensitive to network jitter and latency.
CDN brings all servers into one network and provides faster content loading. Sometimes it is possible to reduce the user's waiting time by 5-6 seconds. The goal of a CDN is to optimize delivery by serving content from the server closest to the end user. This is very similar to Anycast, where the closest server is selected based on the end user's location. It would seem that every CDN provider will use Anycast by default, but in reality it is not.
Applications using protocols such as HTTP / TCP rely on the established connection. If a new Anycast node is selected (for example, if the server fails), then the service may be interrupted. This is why Anycast was previously recommended for connectionless services such as UDP and DNS. However, Anycast works well for connection-oriented protocols, for example TCP works fine in Anycast mode.
Some CDN providers use Anycast-based routing, others prefer DNS-based routing: the closest server is chosen depending on where the user's DNS server is located.
Hybrid and multi-data center infrastructures are another use case for Anycast. The Load Balancing IP address received from the provider allows you to distribute the load between the IP addresses of different client services in the provider's data center. With any device addressing technology, it provides better performance for high traffic, resiliency, and helps optimize response times for large numbers of users.
In hybrid multi-datacenter infrastructures, you can distribute traffic across servers or even virtual machines on dedicated servers.
Thus, there is a huge selection of technical solutions for building infrastructure. You can also configure IP load balancing across multiple datacenters, using any device in the group to optimize site performance.
You can distribute traffic according to your own rules, defining the "weight" of each of the distributed servers in each data center. This configuration is especially useful when there is a distributed server park and the performance of the services is not uniform. This will allow you to distribute traffic more often to improve server performance.
To create a monitoring system using the ping command, it is possible to configure probes. This allows the administrator to define their own monitoring procedures and gain a clearer view of the health of each component in the infrastructure. In this way, criteria for accessibility can be defined.
There is a possibility of building a hybrid infrastructure: sometimes it is convenient to leave the back office in the corporate network, and transfer the front-end part to outsourcing to the provider.
It is possible to add SSL certificates for load balancing, encryption of transmitted data, and security of communication between site visitors and corporate infrastructure. In the case of load balancing between data centers, SSL can also be used.
Anycast address load balancing service is available from your ISP. This feature will help improve the way users interact with apps based on location. It is enough to declare what services are available in the data center, and traffic will be redirected to the nearest infrastructure. If there are dedicated servers, for example in France or North America, then the clients will be directed to the closest server on the network.
One use case for Anycast is the optimal choice of operator's point of presence (PoP). Let's give an example... LinkedIn (blocked in Russia) strives not only to improve the performance and speed of its products - mobile and web applications, but also to improve the network infrastructure for accelerated content delivery. For this dynamic content delivery, LinkedIn actively uses PoPs - points of presence. Anycast is applied to direct users to the nearest PoP.
The reason is that in the case of Unycast, each PoP on LinkedIn has a unique IP address. Users are then assigned PoPs based on their geographic location using DNS. The problem is that when using DNS, about 30% of users in the United States were redirected to sub-optimal PoP. With the phased implementation of Anycast, sub-optimal PoP assignment dropped from 31% to 10%.
, Y — PoP. «» Anycast PoP.
Anycast
In theory, Anycast networks are simple: multiple physical servers are assigned the same IP address that BGP uses to determine the route. But the implementation and design of Anycast platforms is complex, and Anycast fault-tolerant networks are especially famous for this. Even more challenging is the effective monitoring of the Anycast network to quickly identify and isolate faults.
If services use a third-party CDN provider to serve their content, it is very important for them to monitor and verify network performance. Anycast-based CDN monitoring focuses on measuring end-to-end latency and penultimate hop performance to understand which datacenter is serving the content. Parsing the HTTP server headers is another way to determine where the data is coming from.
Example: HTTP response headers indicating the location of the CDN server.
For example, CloudFlare uses its own CF-Ray header in HTTP Response messages, which includes an indication of the datacenter to which the request was made. In the case of Zendesk, the CF-Ray header for the Seattle region is CF-RAY: 2a21675e65fd2a3d-SEA, and for Amsterdam it is CF-RAY: 2a216896b93a0c71-AMS. You can also use the HTTP X headers from the HTTP response to determine where the content is located.
Other addressing methods
There are other addressing methods for routing user requests to a specific network endpoint:
| Unicast
|
Most of the internet today uses this method. Unicast is a unicast transmission, an IP address is associated with only one specific node on the network. This is called a one-to-one correspondence.
|
| Multicast
|
Multicast « » « ». . ( ). Multicast Anycast, , Anycast , .
|
| Broadcast
|
, . , ( ).
|
| Geocast
|
Geocast Multicast: . , . .
(Geo Router) . , , . . |
Unicast, Multicast and Broadcast.
The use of Anycast technology increases the level of reliability, resiliency and security of the DNS. Using this technology, operators offer their clients various types of DNS-based load balancing. In the control panel, you can specify the IP addresses to which requests will be sent depending on the geographic location. This will give clients the ability to more flexibly distribute user requests.
Some operators use POP route monitoring: the system automatically analyzes the shortest local and global routes for points of presence and redirects them to geographic locations with the lowest latency with zero downtime.
At the moment, Anycast is the most stable and reliable solution for building highly loaded DNS services, which are subject to high requirements for stability and reliability.
The .ru domain supports 35 Anycast DNS servers, grouped into 20 nodes, distributed across five Anycast clouds. In this case, the principle of construction by geography is used, i.e. Geocast. When placing DNS nodes, it is planned to move them to geographically dispersed locations close to the most active users, the maximum concentration of Russian providers at the site of the node, as well as the availability of free capacities and ease of interaction with the site.
How do I build a CDN?
CDN is a network of servers that accelerates the delivery of content to users. The content delivery network connects all servers into one network and provides faster content loading. The distance from the server to the user plays an important role in the download speed.
CDN allows you to use servers that are closest to your target audience. This reduces the waiting time, helps speed up the loading of site content for all visitors, which is especially critical for sites with large files or multimedia services. Typical CDN applications are e-commerce and entertainment.
The network of additional servers created in the CDN infrastructure, which are located as close as possible to users, contributes to more stable and faster data delivery. According to statistics, using a CDN reduces the latency when accessing a site by more than 70% compared to sites without a CDN.
How to create a CDN using DNS? Setting up a CDN using your own Anycast solution can be quite an expensive project, but there are cheaper options. For example, you can use GeoDNS and regular servers with unique IP addresses. With GeoDNS services, you can create a geolocated CDN where decisions are made based on the visitor's real location, not the location of the DNS resolver. You can configure your DNS zone to show the IP addresses of American servers to visitors from the United States, and European visitors will see the IP address from Europe.
With GeoDNS, it is possible to return different DNS responses depending on the user's IP address. To do this, the DNS server is configured to return different IP addresses depending on the original IP address in the request. Typically, the GeoIP database is used to determine the region from which the request is made. Geolocation using DNS allows you to send content to users from a nearby site.
GeoDNS defines the IP address of the client that made the DNS request, or the IP of the ISP's recursive DNS server, which is used to process the client request. The country / region is determined by the client's IP and GeoIP base. The client then gets the IP address of the nearest CDN server. You can read more about setting up GeoDNS here .
Anycast or GeoDNS?
While Anycast is a great way to deliver content globally, it lacks specificity. This is where GeoDNS comes in. This service allows you to create rules that send users to unique endpoints based on their location.
Example: Users from Europe are directed to a different endpoint.
You can also deny access to domains by dropping all requests. This is, in particular, a quick way to cut off intruders.
GeoDNS provides more accurate answers than Anycast. Whereas in the case of Anycast, the shortest route is determined by the number of hops, in GeoDNS, routing for end users is based on their physical location. This reduces latency and improves accuracy when creating granular routing rules.
When switching to a domain, the browser contacts the nearest DNS server, which, depending on the domain, issues an IP address for loading the site. Suppose an online store is popular in the United States and Europe, and DNS servers for it are only in Europe. Then users from the United States who want to use the store's services will have to send a request to the nearest server, and since it is very far away, it will take a long time to wait for an answer - the site will not load quickly.
When a GeoDNS server is located in the USA, users will already refer to it. The answer will be fast, which will affect the site's loading speed.
In a situation with an existing DNS server in the United States, when a user from the United States goes to this domain, he will contact the nearest server, which will give the desired IP. The user will be directed to the server that contains the content of the site, but since the servers with the content are far away, he will not receive it quickly.
If we host CDN servers with cached data in the USA, then upon loading the client's browser will send a request to the nearest DNS server, which will send back the correct IP address. The browser with the obtained IP addresses the nearest CDN server and the main server, and the CDN server sends the cached content to the browser. While the cached content is being loaded, the files that are missing to load the full site are received from the main server. As a result, the site load time is reduced, as there are much fewer files sent from the main server.
Determining the exact location of a specific IP address is not always an easy task: there are many factors at play, and the owners of the IP address range may decide to announce it on the other side of the world (then you have to wait for the database to update to get the correct location). At times, VPS providers will assign addresses that are believed to be in the US for a VPS in Singapore.
Unlike using Anycast addresses, distribution is done during name resolution, not during connection to the caching server. If the recursive server does not support EDNS client subnets, then the location of that recursive server is used, not the user who will connect to the cache server.
Client Subnets in DNS is a DNS extension (RFC7871) that defines how recursive DNS servers can send client information to a DNS server, specifically network information that a GeoDNS server can use to more accurately locate a client.
Most use their ISP's DNS servers or DNS servers that are geographically close to them, but if someone in the US, for some reason, decides to use a DNS resolver located in Australia, they will most likely get an IP. server address closest to Australia.
If you want to use GeoDNS, it is important to be aware of these features, as in some cases it can increase the distance between the caching servers and the client.
Summary: if you want to combine several VPSs in a CDN, then the best deployment option is to use a DNS server bundle with the GeoDNS + Anycast function out of the box.
