Document toolboxDocument toolbox

Anycast Addressing

Owned by Shirly Tsang
Last updated: Sept 27, 2024 by Gary Leicht
4 min read

Anycast is a one-to-nearest network communication, where the sender (client) is directed to the nearest recipient (server), as determined by the underlying routing protocol. If a service is enabled with anycast, the same anycast IP address is configured on multiple server devices. For example, if DNS anycast has been set up on multiple servers, a DNS client that tries to connect to the DNS server IP address is routed to the nearest instance, providing both a performance boost and redundancy to the DNS service.

Anycast addressing provides the following benefits:

  • Improved Reliability and Resiliency: Anycast provides improved reliability, because DNS queries are sent to an Anycast IP address. If the nearest server somehow goes offline, the router forwards the request to the next nearest DNS server advertising the target Anycast IP address.
  • OSPF and BGP Protocols: Anycast uses both Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). 
  • Load Distribution: Anycast distributes the load across multiple DNS servers based on network topology. Dynamic routing enables a fully flexible and path-optimized DNS packet flow.

Infoblox Platform provides multiple Anycast addresses to improve resiliency and reliability. Infoblox recommends that you provision your network firewalls and allow traffic to the following ports:

53udp
53tcp
443tcp

Due to an anycast limitation, there is no option to provide routing ID in the routing configuration. You will not be able to configure anycast advertising on a VLAN interface or multiple interfaces. Anycast will choose the WAN interface by default. For information about creating an anycast service instance, see Configuring Anycast Service Settings.

Anycast and OSPF

A host hardware device or virtual machine appliance can use the OSPF routing protocol to advertise routes for DNS anycast addresses to an upstream router within the autonomous system. The upstream router uses the OSPF advertisement to determine the nearest DNS server from a group of servers within the internetwork. In practice, the NIOS appliance relies upon OSPF to determine the best route for DNS queries to take to the nearest DNS server. The upstream router then forwards the query to the chosen DNS server.

To enable anycast for DNS queries, you configure two or more DNS servers within the AS routing domain with the same anycast address. When you select OSPF as the routing protocol, the upstream router determines the nearest server within the group of servers configured with that anycast address. (The "nearest" DNS server may not necessarily be the geographically closest DNS server; it is the DNS server with the lowest cost associated with its reachability from the current node. This is calculated through the OSPF routing algorithm, a discussion of which is far beyond the scope of this manual.) The nearest DNS server configured with the correct anycast address then responds to the DNS query. In the case where the nearest server becomes unavailable, the next nearest server responds to the query. OSPF anycast provides a dynamically routed failover to ensure that DNS can always resolve client requests within the AS. From the client perspective, anycasting is transparent and the group of DNS servers with the anycast address appears to be a single DNS server.

OSPF determines the nearest server within the intranet or enterprise network. The desktop sends a DNS query to 10.128.1.12, the anycast address. (The example also shows a configured IPv6 Anycast address.) Many servers can possess the anycast address. The routing protocol selects the nearest server (based on metrics generated from the routing algorithm), and that server receives and processes the query and sends back the response. The Client sends a DNS query via intranet to various DNS servers. OSPF determines the nearest server within the intranet or enterprise network. The desktop sends a DNS query to 10.128.1.12, the anycast address. (The example also shows a configured IPv6 Anycast address.) Many servers can possess the anycast address. The routing protocol selects the nearest server (based on metrics generated from the routing algorithm), and that server receives and processes the query and sends back the response. The Client sends a DNS query via intranet to various DNS servers. OSPF determines the nearest server within the intranet or enterprise network. The desktop sends a DNS query to 10.128.1.12, the anycast address. (The example also shows a configured IPv6 Anycast address.) Many servers can possess the anycast address. The routing protocol selects the nearest server (based on metrics generated from the routing algorithm), and that server receives and processes the query and sends back the response. The Client sends a DNS query via intranet to various DNS servers. OSPF determines the nearest server within the intranet or enterprise network. The desktop sends a DNS query to 10.128.1.12, the anycast address. (The example also shows a configured IPv6 Anycast address.) Many servers can possess the anycast address. The routing protocol selects the nearest server (based on metrics generated from the routing algorithm), and that server receives and processes the query and sends back the response. The Client sends a DNS query via intranet to various DNS servers.

Anycast and BGP4

BGP4 (also referred to as BGP) is designed to distribute routing information among ASs, exchange routing, and reachability information with other BGP systems using a destination-based forwarding paradigm. Unlike OSPF, which calculates routes within a single AS, BGP is a vector routing protocol that distributes routing information among different ASs. A unique ASN (autonomous system number) is allocated to each AS to identify the individual network in BGP routing. A BGP session between two BGP peers is an eBGP (external BGP) session if the BGP peers are in different ASs. A BGP session between two BGP peers is an iBGP (internal BGP) session if the BGP peers are in the same AS.

BGP configuration enables large enterprises using BGP as the internetworking protocol, to provide resilient DNS services using the Infoblox solution. While BGP is mostly used by ISPs, it is also used in larger enterprise environments that must interconnect networks, that span geographical and administrative boundaries. In these environments, it is required to use BGP to advertise anycast routes. Using BGP allows the appliance to advertise DNS anycast addresses to neighboring routers across multiple ASs, that also use BGP as their routing protocols.

To enable anycast for DNS queries among three different networks that span different geographical regions, you can configure two DNS servers with the same DNS anycast addresses in the AS 65497 network. Since other network routers in AS 65498 and AS 65499 also use BGP as the routing protocol, the DNS anycast addresses can be advertised across these networks.

Enterprise network AS 65497 uses Infoblox DNS servers to provide DNS services. Anycast DNS addresses and BGP are configured on the appliances so the anycast addresses can be advertised to the enterprise networks AS 65498 and AS 65499, which contains BGP configured routers. Similarly, BGP filters are applied to ensure that the DNS servers only receive default route advertisements from the neighboring routers.

You can configure anycast addressing on the DNS servers and select BGP as the protocol to advertise the anycast addresses to Router 1 and 2 in AS 65499. For more information, see Configuring Anycast Addresses. Once you have configured the DNS servers, the appliances automatically add filters on the advertising interfaces to limit the advertisements to the configured anycast IP addresses. Similarly, BGP filters are applied to ensure that the DNS servers only receive default route advertisements from the neighboring routers.

Configure anycast addresses on the appliances, select BGP as the routing protocol, and then configure Timers, Keep Alive, Hold Down, two Router IPs, and an ASN. Both routers are configured with BGP and peered with the Infoblox DNS servers. Admins can configure filters on the routers to limit advertisements received from the DNS servers.

For additional information on Anycast, see the following: