Anycast

Routing schemes organize the data traffic and associated distribution of services in networks. Individual routing methods serve special request profiles. The multicast method is often used in video streaming, because it can send data packets to many recipients at the same time (e.g., to the set-top boxes of IPTV consumers). Another routing strategy is anycast. We will explain how it works, and also present the advantages of this method.

Anycast is a routing method that aims to make networks and data transfer more efficient, more reliable, and more flexible. The routing scheme is mainly used in connection with Internet Protocol version 6 (IPv6), which is used as the standard method for transmitting data packets throughout computer networks (successor to IPv4).

With anycast, routing is operated in a specific way: A group of computers is assigned a common IP address. In terms of the goals and methods of anycast, they go strongly against the grain. With the usual method of unicast addressing, IP addresses are clearly only assigned to a single instance (classic individual addressing).

Multiple assignment is not a problem, however, as it does not affect client-server communication. A client cannot distinguish between syntactically identical anycast addresses and unicast addresses. If, for example, a client makes a specific request, it generally only communicates with one anycast server from the group. This server then processes the DNS query of the client. The routing scheme only works in its intended form if the IP address that is used has also explicitly been declared an anycast address on the corresponding routers of an anycast network.

The servers of an anycast network are spatially separated, meaning they can be found in different regions and countries, for example. Each anycast computer represents a corresponding route that is communicated via a routing protocol. The BGP (Border Gateway Protocol) is used on the Internet for such purposes, which allows for data to be transported beyond individual Internet provider networks. Through the combination of routing scheme (anycast) and BGP-based network communication, various routing alternatives can be made available both nation- and even worldwide.

Anycast DNS is a frequent communication routine in a network. If, for example, a server fails during a DNS request or is currently unavailable, a certain route is no longer propagated through the anycast server network and subsequent data packets are forwarded to another server. For the alternative route, the closest interface in a group is usually selected in order to save time and money.

Due to the transparency principle, clients do not notice that the original route is no longer available. All servers respond to the client request with the same answer and the IP address used for routing does not change, although on a technical level, another instance of the anycast group is now responsible for transporting the data packet forward. The unicast routing scheme is often used for managing and configuring an anycast computer network. A unique unicast address is used to address individual servers directly, regardless of the ambiguous anycast address (which is assigned to several servers), and to administer them remotely via the network.

Data exchange via anycast ensures load sharing, since the data traffic can be distributed over a larger area. The servers of an anycast group can even act in different networks. The sender does not have to take action themselves in order to distribute the data being sent as optimally as possible over many servers. DNS root servers, for example, benefit from this strategy of automated routing. In addition to DNS, other Internet services can also be made available worldwide and simultaneously be distributed as efficiently and evenly as possible through networks.

The redundancy principle also increases the availability of services. For example, anycast DNS queries are not sent to a specific DNS resolver, but to a network of resolvers. The most accessible resolver is then selected. This means that DNS queries and responses are always routed via optimized transport routes. If a DNS resolver goes offline, other servers are still available in the network for queries.

The distribution principle of this routing scheme also helps with network problems. Especially at peak times or in the event of isolated network, interface or router failures, anycast can contribute to accelerating data transfer with a quickly and automatically determined alternative route, since the shortest possible routes are selected for redirecting and distributing data streams.

Companies that have multiple access points to the Internet particularly benefit from increased flexibility. In this way, the failure of a connection to the provider or to a router of the provider can be compensated immediately by another transfer route via an alternative route. With anycast routing, however, senders cannot independently select the receiving interface, as this is exclusively defined by the routing protocol.

Anycast does not only make networks and the transfer of data streams more efficient and more resistant to malfunctions and failures. Security also benefits from this routing scheme. Distributed computing (or distributed infrastructures) is usually less susceptible to hacker attacks and can often react better to them. Anycast routing is a particularly effective means against denial of service attacks (also called DDoS attacks), which hackers can use to bring digital infrastructures to their knees.

Due to the enormous amount of traffic that is generated by hijacked computers and IoT devices around the world and directed specifically to the victim of an attack, overloaded websites and servers can no longer be reached, at least temporarily. The operators of websites or servers who, for example, are transacting a large online sales campaign or want to stream a significant live event are then often blackmailed and have to buy their way out in order to avert financial damage.

Anycast can distribute DDoS attacks over a large area according to the diffusion principle and thereby at least weaken them (this is comparable to the force of a raging river, which is diffused by cleverly distributing the water over floodplain areas and into distributaries). At the same time, the distribution can limit the breadth of the attack and continue to give many users access to the affected infrastructure via alternative routes. However, the anycast network must be sufficiently large and efficient to combat such attacks effectively and reliably, some of which are extremely complex.

In addition to anycast, other routing methods such as broadcast are used for data traffic in a network. The following table illustrates the differences between anycast and other common routing schemes: