Anycast

Routing schemes organize the data traffic and as­so­ci­at­ed dis­tri­b­u­tion of services in networks. In­di­vid­ual routing methods serve special request profiles. The multicast method is often used in video streaming, because it can send data packets to many re­cip­i­ents at the same time (e.g., to the set-top boxes of IPTV consumers). Another routing strategy is anycast. We will explain how it works, and also present the ad­van­tages of this method.

Anycast is a routing method that aims to make networks and data transfer more efficient, more reliable, and more flexible. The routing scheme is mainly used in con­nec­tion with Internet Protocol version 6 (IPv6), which is used as the standard method for trans­mit­ting data packets through­out computer networks (successor to IPv4).

With anycast, routing is operated in a specific way: A group of computers is assigned a common IP address. In terms of the goals and methods of anycast, they go strongly against the grain. With the usual method of unicast ad­dress­ing, IP addresses are clearly only assigned to a single instance (classic in­di­vid­ual ad­dress­ing).

Multiple as­sign­ment is not a problem, however, as it does not affect client-server com­mu­ni­ca­tion. A client cannot dis­tin­guish between syn­tac­ti­cal­ly identical anycast addresses and unicast addresses. If, for example, a client makes a specific request, it generally only com­mu­ni­cates with one anycast server from the group. This server then processes the DNS query of the client. The routing scheme only works in its intended form if the IP address that is used has also ex­plic­it­ly been declared an anycast address on the cor­re­spond­ing routers of an anycast network.

The servers of an anycast network are spatially separated, meaning they can be found in different regions and countries, for example. Each anycast computer rep­re­sents a cor­re­spond­ing route that is com­mu­ni­cat­ed via a routing protocol. The BGP (Border Gateway Protocol) is used on the Internet for such purposes, which allows for data to be trans­port­ed beyond in­di­vid­ual Internet provider networks. Through the com­bi­na­tion of routing scheme (anycast) and BGP-based network com­mu­ni­ca­tion, various routing al­ter­na­tives can be made available both nation- and even worldwide.

Anycast DNS is a frequent com­mu­ni­ca­tion routine in a network. If, for example, a server fails during a DNS request or is currently un­avail­able, a certain route is no longer prop­a­gat­ed through the anycast server network and sub­se­quent data packets are forwarded to another server. For the al­ter­na­tive route, the closest interface in a group is usually selected in order to save time and money.

Due to the trans­paren­cy principle, clients do not notice that the original route is no longer available. All servers respond to the client request with the same answer and the IP address used for routing does not change, although on a technical level, another instance of the anycast group is now re­spon­si­ble for trans­port­ing the data packet forward. The unicast routing scheme is often used for managing and con­fig­ur­ing an anycast computer network. A unique unicast address is used to address in­di­vid­ual servers directly, re­gard­less of the ambiguous anycast address (which is assigned to several servers), and to ad­min­is­ter them remotely via the network.

Data exchange via anycast ensures load sharing, since the data traffic can be dis­trib­uted over a larger area. The servers of an anycast group can even act in different networks. The sender does not have to take action them­selves in order to dis­trib­ute the data being sent as optimally as possible over many servers. DNS root servers, for example, benefit from this strategy of automated routing. In addition to DNS, other Internet services can also be made available worldwide and si­mul­ta­ne­ous­ly be dis­trib­uted as ef­fi­cient­ly and evenly as possible through networks.

The re­dun­dan­cy principle also increases the avail­abil­i­ty of services. For example, anycast DNS queries are not sent to a specific DNS resolver, but to a network of resolvers. The most ac­ces­si­ble resolver is then selected. This means that DNS queries and responses are always routed via optimized transport routes. If a DNS resolver goes offline, other servers are still available in the network for queries.

The dis­tri­b­u­tion principle of this routing scheme also helps with network problems. Es­pe­cial­ly at peak times or in the event of isolated network, interface or router failures, anycast can con­tribute to ac­cel­er­at­ing data transfer with a quickly and au­to­mat­i­cal­ly de­ter­mined al­ter­na­tive route, since the shortest possible routes are selected for redi­rect­ing and dis­trib­ut­ing data streams.

Companies that have multiple access points to the Internet par­tic­u­lar­ly benefit from increased flex­i­bil­i­ty. In this way, the failure of a con­nec­tion to the provider or to a router of the provider can be com­pen­sat­ed im­me­di­ate­ly by another transfer route via an al­ter­na­tive route. With anycast routing, however, senders cannot in­de­pen­dent­ly select the receiving interface, as this is ex­clu­sive­ly defined by the routing protocol.

Anycast does not only make networks and the transfer of data streams more efficient and more resistant to mal­func­tions and failures. Security also benefits from this routing scheme. Dis­trib­uted computing (or dis­trib­uted in­fra­struc­tures) is usually less sus­cep­ti­ble to hacker attacks and can often react better to them. Anycast routing is a par­tic­u­lar­ly effective means against denial of service attacks (also called DDoS attacks), which hackers can use to bring digital in­fra­struc­tures to their knees.

Due to the enormous amount of traffic that is generated by hijacked computers and IoT devices around the world and directed specif­i­cal­ly to the victim of an attack, over­loaded websites and servers can no longer be reached, at least tem­porar­i­ly. The operators of websites or servers who, for example, are trans­act­ing a large online sales campaign or want to stream a sig­nif­i­cant live event are then often black­mailed and have to buy their way out in order to avert financial damage.

Anycast can dis­trib­ute DDoS attacks over a large area according to the diffusion principle and thereby at least weaken them (this is com­pa­ra­ble to the force of a raging river, which is diffused by cleverly dis­trib­ut­ing the water over flood­plain areas and into dis­trib­u­taries). At the same time, the dis­tri­b­u­tion can limit the breadth of the attack and continue to give many users access to the affected in­fra­struc­ture via al­ter­na­tive routes. However, the anycast network must be suf­fi­cient­ly large and efficient to combat such attacks ef­fec­tive­ly and reliably, some of which are extremely complex.

In addition to anycast, other routing methods such as broadcast are used for data traffic in a network. The following table il­lus­trates the dif­fer­ences between anycast and other common routing schemes: