How Anycast IP Routing Is Used at MaxCDN
December 5, 2013 | Mike Czarny
There’s often a lot of confusion about how Anycast IP routing works for DNS and HTTP requests. We wanted to highlight the difference between the two scenarios and give a quick background on the technology itself.
AnyCast vs. Unicast IP Addresses
Think of an IP address like a phone number. A traditional (unicast) IP is like a direct line to a set location. In a large city, every police station might have its own phone number. If one department has technical issues (the phone gets disconnected), people can’t get the service they need.
Clearly, this isn’t a good setup for critical infrastructure (for your business, your website is critical infrastructure).
Anycast works like a globally recognized phone number, similar to 911. When you dial 911, the phone network connects you to the closest available Public Safety Answering Point. In California? Use 911. Going to Maine? Use 911. On a cell phone in Hawaii? Use 911.
It doesn’t matter where you are, or which departments are offline: you’ll get the routed to the closest available provider. Service providers can hop on or off the network as their availability changes, and users can keep dialing the same number.
Anycast DNS provides the same benefit for your servers: visitors asking for a certain IP (18.104.22.168) are directed to the nearest available server that’s configured to respond to that IP.
Speed, speed, speed: Always connects to the closest MaxCDN location
Intrinsic load-balancing and DDoS mitigation
Matches users and service providers on all continents and locations
Did we mention speed?
Any main reason you wouldn’t use Anycast? Managing the setup.
Just like any other failover system, it takes effort to configure and maintain, updating configurations as servers are added or removed. Lucky for you, we handle the management, so you simply get to enjoy the benefits of low-latency, high-redundancy servers.
Anycast for DNS and HTTP Requests
Let’s see how Anycast works under the hood. When a user makes a request for a file such as http://cdn.example.com/image.png, there are two connections:
DNS request to the name server: What is the IP address of cdn.example.com?
Object request on the server: What are the contents of image.png?
Without Anycast, these lookups can be inefficient: users could connect to servers that are around the world, instead of the nearest location. (It’s possible to use DNS indirection layers to mitigate the problem, but they shouldn’t be relied on exclusively; at MaxCDN we combine DNS indirection with multiple Anycast networks.)
Anycast for DNS requests
When a user wants to access cdn.example.com, they must get the actual IP address using a DNS resolver at their ISP. This resolver could be anywhere on the internet, and it goes up to the authoritative domain to get the IP, return it to the visitor, and cache it for future use.
Our customers often CNAME their domains to us, and we handle DNS resolutions by having a series of Anycast name servers available. When the user’s ISP is resolving the IP address, it’ll be served by our closest name server (wherever it is), providing the lowest latency DNS lookup time. Additionally, we have redundant DNS entries with two providers, who run their own Anycast networks.
Anycast for HTTP requests
Once the user has the IP for cdn.example.com, they’ll connect to that address to download a file or webpage. The IP our name server returns in the first step is actually an Anycast IP address.
When a user makes a request to the IP (on port 80, or 443 for SSL), they are connected to the closest location in our network that is announcing that IP, and gets the file.
In short, the user sees a speedup on both DNS lookups and file downloads. Often times, when I tell people that MaxCDN uses Anycast for HTTP requests, they ask how it’s possible. With the right Anycast setup and mix of providers, you can see how.
How Maintenance is Done
Updating servers is one of the tricky parts of managing an Anycast IP infrastructure. We handle this by stopping the announcement of an Anycast IP address for the entire datacenter, until it can be updated and brought online when ready. Bird and Exabgp are great tools for this.
As mentioned earlier, we incorporate a layer of DNS indirection to send users to nearby locations with a Geo database of Asian and Australian networks. We’re currently experimenting other DNS techniques to improve performance and blend multiple Anycast networks.
That’s how things work under the hood. From your customer’s perspective, Anycast simply means your website will respond quickly and maintain high availability.
PS: Tom Daly from Dyn gave a fantastic presentation on DNS performance at Velocity 2012 in SJC.