I work for an ISP and we run DNS servers with anycast IPs.
When a customer sends a query to the anycast IP, 10% of the time, the request will land on the server and go unanswered, eventually timing out for the client. If they send a query to the server's real IP, everything works 100% of the time.
I'm confident - bordering on certain - it's not a network fault because it's fairly simple configuration, routes are never being dropped and, as stated above, the queries land on the servers which I verified with tcpdump.
The servers run BIND on Ubuntu 16.04 and they peer with our routers using BIRD/BGP and advertise the anycast IP. Here's a shitty simplified topology:
+----------------+ +------------------+ | | | | | DNS1 | | DNS2 | | 1.1.1.1 | | 2.2.2.2 | | anycast 8.8.8.8| | anycast 8.8.8.8 | +------+---------+ +-----+------------+ | | | | | | | | | | | | | | +--------+--------------+ +-------+-------------+ | | | | | | | | | site 1 +---------------+ | | | | site 2 | | | | | +---------+-------------+ | | | +----------+----------+ | | | | | | | | +---+-------+ | | | | | | +----+------+ | customer 1| | | | | |customer 2 | +-----------+ | | +-----------+
Has anyone observed similar behaviour in the past? What could we be missing?
No comments:
Post a Comment