How Anycast Works - An Introduction to Networking
If you've ever been browsing the internet and noticed how quickly and seamlessly websites load, you might be surprised to know that it's not just your internet connection that's responsible. Behind the scenes, a complex network of servers and routing protocols ensures that web content is delivered to your device as quickly and efficiently as possible.
One of the technologies that make this possible is anycast, a routing technique that allows traffic to be routed to the nearest server in a group of identical servers. In this article, we'll take a closer look at how anycast works and why it's so important for modern networking.
What is anycast?
Anycast, also known as IP anycast, is a networking technique that allows for multiple machines to share the same IP address. Based on the location of the user request, the routers send it to the machine in the network that is closest. This is beneficial since, among other things, it reduces latency and increases redundancy. If a particular data center were to go offline, an anycasted IP would choose the best path for users and automatically redirect them to the next closest data center. The following outlines some of the pros and cons that are associated with configuring anycast.
- Speed. Traffic going to an anycast node will be routed to the nearest node thus reducing latency between the client and the node itself. This ensures that speeds will be optimized no matter where the client is requesting information from.
- Redundancy. Anycast improves redundancy by placing multiple servers across the globe using the same IP. This allows for traffic to be rerouted to the next nearest server in the case that one server fails or goes offline.
- DDoS mitigation. DDoS attacks are caused by botnets which can generate so much traffic they overwhelm a typical Unicast machine. The benefit of having an anycast configuration in this situation is that each server is able to "absorb" a portion of the attack resulting in less strain on the server overall.
- Load balancing. Load balancing can be utilized in the case that there are multiple nodes all within the same geographic distance from the request. This takes some of the resource requirements off of a singular node and disperses them across multiple nodes.
- Scalability. Anycast also provides scalability by allowing services to add servers as needed without changing IP addresses or network configurations. This makes it easier to add capacity to handle increasing traffic loads or to expand services to new geographic regions.
- Difficult to implement. Implementing IP anycast is a complex endeavor that requires additional hardware, reliable upstream providers, and proper traffic routing.
- Limited control. Anycast routing is dependent on network topology and BGP routing tables, which are controlled by ISPs and network operators. This means that services may not always be able to control how traffic is routed to their servers.
- Limited flexibility. Anycast routing requires identical servers with the same IP address, which can limit flexibility when deploying and managing servers. Services must ensure that all servers are identical and configured in the same way, which can be challenging in complex environments.
Border gateway protocol and autonomous systems
Border Gateway Protocol (BGP) and Autonomous Systems (AS) are integral parts in the way IP anycast functions. The BGP exchanges routing and reachability information between AS. It makes routing decisions based on paths, policies, and rule sets which is a key component of what IP anycast offers. Within BGP routing there are multiple routes for the same IP address which are pointing to different locations.
An Autonomous System is a single or collection of networks all administered by the same administrator. Autonomous Systems each have a unique ASN, or Autonomous System Number, for use in BGP routing since each ASN identifies each network on the internet.
Tools like ExaBGP can be used to transform BGP messages into text or JSON which can then be handled by simple scripts. This allows administrators to easily detect and handle network or service failures.
How does anycast work?
As previously mentioned, anycast directs user requests to the nearest node in order to reduce page latency. It does this by following these steps.
- Multiple service instances announce they share the same IP address.
- When the user's browser makes a request, the router receives that request and simply chooses the route with the shortest distance to the nearest server based on the AS path.
Using Unicast, which will be explained in the following section, the path would only lead to one destination no matter the distance. Using anycast, the route is optimized due to it always selecting the best path. In the case that a server is down, the BGP will simply find the next best path and route the request there.
It should be noted however that anycast can be configured not only to route request based on distance but also other factors, for example:
- Availability of server
- Number of connections
- Time to response
Examples of Anycast in Action
Anycast is used in a wide range of applications, from CDN providers to DNS servers. Here are a few examples of how anycast is used in practice:
Content delivery networks (CDNs)
CDNs use anycast to distribute content across multiple servers in different locations. When a user requests content from a CDN, the request is routed to the nearest server based on network topology. This reduces latency and improves overall performance.
Domain name system (DNS) servers
DNS servers use anycast to provide fast and reliable DNS resolution. When a client sends a DNS request, the request is sent to the nearest DNS server based on network topology. This ensures that clients receive fast and accurate DNS resolution, which is critical for web browsing and other internet applications.
Distributed denial of service (DDoS) protection
Anycast is also used for DDoS protection by distributing traffic across multiple servers. When a DDoS attack occurs, traffic is automatically routed to the nearest available server, reducing the impact of the attack and preventing service disruption.
Other addressing methods
Other addressing methodologies exist as well for routing user requests to a particular network endpoint. These include unicast, multicast, broadcast, and geocast. We'll go into further detail for each in the sections below.
Most of the Internet today uses this method. Unicast restricts an IP address to be associated to only one particular node in a network. This is known as a one-to-one association. Although much of the internet uses this method, it is sub-optimal due to the restrictions of only being able to associate an IP address with one node.
Multicast uses a one-to-many-of-many or many-to-many-of-many association. Multicast allows for a request from a sender to be routed to various selected endpoints simultaneously. This allows for a client to download a file in chunks from multiple hosts at the same time (useful for streaming audio or video). Multicast is often confused with anycast, however the main difference is that anycast routes the sender to one specific node even though multiple nodes are available for use.
Broadcast uses a one-to-all association. A datagram from a singular sender is routed to all endpoints associated with the broadbast address. The network automatically replicates the datagrams so that it is able to reach all recipients within the broadcast, which generally consists of an entire network subnet.
Geocast is somewhat similar to multicast in that requests from a sender are routed to multiple endpoints simultaneously, however, the difference is that the network is defined by their geographical location.
Anycast and IPv4 vs IPv6
Anycast is not officially supported in IPv4 however, this can be worked around through using BGP. Essentially, multiple hosts are given the same unicast IP and routes are announced through BGP. Therefore, routers interpret this as multiple routes to the same destination whereas in fact, they are routed to different destinations with the same address.
The drawback to this approach, however, is that the network may perform what is called a "POP switch" which changes the routing packets in the event that there is congestion or changes in the network.
IPv6 on the other hand explicitly supports anycast. IPv6 routers typically won't distinguish an anycast packet from a unicast packet through the network although special handling from the routers near the destination is required.
Moreover, the same process used in IPv4 can be used in IPv6 as well. This method does not depend on anycast-aware routers however you will run into the same problems as discussed above.
It is clear that anycast is a powerful technique for, among other things, reducing page latency and mitigating attacks. Although it is a complex endeavor to implement, the payoff is vast for both the users and the service providers alike.
KeyCDN is happy to offer anycast to help improve the overall efficiency of services to our customers.