Steering traffic at the network layer with IP Anycast – Understanding Network and Security for Near-Edge Computing

IP Anycast is another common approach for global traffic distribution. Figure 2.13 depicts an example of how it works:

Figure 2.10 – IP Anycast

Both servers have a public IP address of 144.12.11.5. Customers are automatically routed to the closest one. This makes DNS simple; you just need a single A record for myapp.io pointing to that IP.

You may be asking yourself: wait, I thought public IP addresses had to be unique on the internet? That is normally true. However, if one has access to their provider-independent IP space from IANA, some tricks can be utilized.

Recall the situation in Figure 2.3, which shows the peering that happens between different ASs on the internet. When that peering happens, one AS tells another AS about the IP prefixes inside of it. It also passes along BGP community information, which is a series of variables that can override the normal mechanism BGP uses to figure out the best path to get to a destination within that AS. This information can be manipulated in such a way as to make all other ASs think whatever we want them to think about how to get to an IP we control.

However, if your AS peers with multiple ISPs, you will need to get both of them to cooperate concerning how your IP prefixes are advertised. This compounds the already difficult task of obtaining your own public IP space from IANA in the first place. Thus, IP Anycast is typically the province of the ISPs themselves. Most organizations lease individual IP Anycast addresses from their ISPs:

Figure 2.11 – IP Anycast path convergence

One of the reasons you might choose IP Anycast over GSLB is because it has a shorter path convergence time. With GSLB, if one of the data centers goes offline, the GSLB server needs to realize this and then start handing out a different IP – but due to the way DNS caching works on devices and at their ISPs, the timeout for this to happen can be lengthy. Unless you can enforce low Time-To-Live (TTL) values on the cache of all intermediate DNS servers and keep device cache times short (an unlikely prospect), they will be re-routed to the other data center more quickly with IP Anycast.

One of the main downsides to IP Anycast is that the routing decisions are only made in the network, which is not typically something an application owner has an understanding of or the access to modify if they did. It is more straightforward for a developer to specify the behavior they want with GSLB, and more parameters can be taken into consideration.