Anycast

Routing schemes organise the data traffic and as­so­ci­ated dis­tri­bu­tion of services in networks. In­di­vidu­al routing methods serve special request profiles. The multicast method is often used in video streaming, because it can send data packets to many re­cip­i­ents at the same time (e.g., to the set-top boxes of IPTV consumers). Another routing strategy is anycast. We will explain how it works, and also present the ad­vant­ages of this method.

Anycast is a routing method that aims to make networks and data transfer more efficient, more reliable, and more flexible. The routing scheme is mainly used in con­nec­tion with Internet Protocol version 6 (IPv6), which is used as the standard method for trans­mit­ting data packets through­out computer networks (successor to IPv4).

With anycast, routing is operated in a specific way: A group of computers is assigned a common IP address. In terms of the goals and methods of anycast, they go strongly against the grain. With the usual method of unicast ad­dress­ing, IP addresses are clearly only assigned to a single instance (classic in­di­vidu­al ad­dress­ing).

Multiple as­sign­ment is not a problem, however, as it does not affect client-server com­mu­nic­a­tion. A client cannot dis­tin­guish between syn­tactic­ally identical anycast addresses and unicast addresses. If, for example, a client makes a specific request, it generally only com­mu­nic­ates with one anycast server from the group. This server then processes the DNS query of the client. The routing scheme only works in its intended form if the IP address that is used has also ex­pli­citly been declared an anycast address on the cor­res­pond­ing routers of an anycast network.

The servers of an anycast network are spatially separated, meaning they can be found in different regions and countries, for example. Each anycast computer rep­res­ents a cor­res­pond­ing route that is com­mu­nic­ated via a routing protocol. The BGP (Border Gateway Protocol) is used on the Internet for such purposes, which allows for data to be trans­por­ted beyond in­di­vidu­al Internet provider networks. Through the com­bin­a­tion of routing scheme (anycast) and BGP-based network com­mu­nic­a­tion, various routing al­tern­at­ives can be made available both nation- and even worldwide.

Anycast DNS is a frequent com­mu­nic­a­tion routine in a network. If, for example, a server fails during a DNS request or is currently un­avail­able, a certain route is no longer propag­ated through the anycast server network and sub­sequent data packets are forwarded to another server. For the al­tern­at­ive route, the closest interface in a group is usually selected in order to save time and money.

Due to the trans­par­ency principle, clients do not notice that the original route is no longer available. All servers respond to the client request with the same answer and the IP address used for routing does not change, although on a technical level, another instance of the anycast group is now re­spons­ible for trans­port­ing the data packet forward. The unicast routing scheme is often used for managing and con­fig­ur­ing an anycast computer network. A unique unicast address is used to address in­di­vidu­al servers directly, re­gard­less of the ambiguous anycast address (which is assigned to several servers), and to ad­min­is­ter them remotely via the network.

Data exchange via anycast ensures load sharing, since the data traffic can be dis­trib­uted over a larger area. The servers of an anycast group can even act in different networks. The sender does not have to take action them­selves in order to dis­trib­ute the data being sent as optimally as possible over many servers. DNS root servers, for example, benefit from this strategy of automated routing. In addition to DNS, other Internet services can also be made available worldwide and sim­ul­tan­eously be dis­trib­uted as ef­fi­ciently and evenly as possible through networks.

The re­dund­ancy principle also increases the avail­ab­il­ity of services. For example, anycast DNS queries are not sent to a specific DNS resolver, but to a network of resolvers. The most ac­cess­ible resolver is then selected. This means that DNS queries and responses are always routed via optimised transport routes. If a DNS resolver goes offline, other servers are still available in the network for queries.

The dis­tri­bu­tion principle of this routing scheme also helps with network problems. Es­pe­cially at peak times or in the event of isolated network, interface or router failures, anycast can con­trib­ute to ac­cel­er­at­ing data transfer with a quickly and auto­mat­ic­ally de­term­ined al­tern­at­ive route, since the shortest possible routes are selected for re­dir­ect­ing and dis­trib­ut­ing data streams.

Companies that have multiple access points to the Internet par­tic­u­larly benefit from increased flex­ib­il­ity. In this way, the failure of a con­nec­tion to the provider or to a router of the provider can be com­pensated im­me­di­ately by another transfer route via an al­tern­at­ive route. With anycast routing, however, senders cannot in­de­pend­ently select the receiving interface, as this is ex­clus­ively defined by the routing protocol.

Anycast does not only make networks and the transfer of data streams more efficient and more resistant to mal­func­tions and failures. Security also benefits from this routing scheme. Dis­trib­uted computing (or dis­trib­uted in­fra­struc­tures) is usually less sus­cept­ible to hacker attacks and can often react better to them. Anycast routing is a par­tic­u­larly effective means against denial of service attacks (also called DDoS attacks), which hackers can use to bring digital in­fra­struc­tures to their knees.

Due to the enormous amount of traffic that is generated by hijacked computers and IoT devices around the world and directed spe­cific­ally to the victim of an attack, over­loaded websites and servers can no longer be reached, at least tem­por­ar­ily. The operators of websites or servers who, for example, are trans­act­ing a large online sales campaign or want to stream a sig­ni­fic­ant live event are then often black­mailed and have to buy their way out in order to avert financial damage.

Anycast can dis­trib­ute DDoS attacks over a large area according to the diffusion principle and thereby at least weaken them (this is com­par­able to the force of a raging river, which is diffused by cleverly dis­trib­ut­ing the water over flood­plain areas and into dis­trib­u­tar­ies). At the same time, the dis­tri­bu­tion can limit the breadth of the attack and continue to give many users access to the affected in­fra­struc­ture via al­tern­at­ive routes. However, the anycast network must be suf­fi­ciently large and efficient to combat such attacks ef­fect­ively and reliably, some of which are extremely complex.

In addition to anycast, other routing methods such as broadcast are used for data traffic in a network. The following table il­lus­trates the dif­fer­ences between anycast and other common routing schemes: