nanog mailing list archives

Re: Anycast provider for SMTP?

From: William Herrin <bill () herrin us>
Date: Mon, 15 Jun 2015 14:54:40 -0400

On Mon, Jun 15, 2015 at 2:13 PM, Bill Woodcock <woody () pch net> wrote:

Or you could skip the MX records, and just put both US and European
SMTP servers on the same IP address, which would save a lot of
steps and simplify the system, but leave you with the _very_
occasional corner-case of someone equal-path-length load-balancing
traffic to you such that half of one TCP session goes to Europe, and
half the the US.  That’s a bogeyman that scares a lot of people into not
using anycast for TCP services, particularly long-lived ones, but it’s a
theoretical problem rather than an actually-observed-in-the-wild problem.
But since it scares people, it’s probably safer just doing the DNS
anycast, rather than SMTP anycast, to avoid startling the
easily-upset out there.  :-)


If I had a dollar for every system that's collapsed from a known but
previously "theoretical" problem... It's only theoretical until a VIP
can't connect. Deploy a system without covering the corner cases and
your comeuppance is assured.

Okay, granted you can probably cover your corner case here with a
priority 20 MX that leads to a unicast address on one of the two
servers. SMTP can let the rare fellow with the bisected packet flow
gracefully fall back.

Nevertheless, I think you've offered some really bad advice here Bill.
Hijackers killing the passengers was a bogeyman too. If you just kept
calm and cooperated, you lived through it. Until you didn't, and
allowed yourself to be an instrument in killing thousands on the
ground as a bonus. Sometimes the math offers really bad advice.


On Mon, Jun 15, 2015 at 2:28 PM, Nick Hilliard <nick () foobar org> wrote:

On 15/06/2015 19:09, William Herrin wrote:

Anycast + TCP = much pain, for reasons which should be obvious.


This was presented at some conference or other a couple of years ago:
https://www.nanog.org/meetings/nanog37/presentations/matt.levine.pdf


Thought the comment on page 22 was apropos: their plan is to be dead
before future change catches up with them.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>

Current thread:

Re: Anycast provider for SMTP?, (continued)
- - Re: Anycast provider for SMTP? Nick Hilliard (Jun 15)
    - Re: Anycast provider for SMTP? Dave Taht (Jun 15)
    - Re: Anycast provider for SMTP? Joe Abley (Jun 15)
    - Re: Anycast provider for SMTP? Dave Taht (Jun 15)
    - Re: Anycast provider for SMTP? Randy Bush (Jun 15)
    - Re: Anycast provider for SMTP? Dave Taht (Jun 15)
    - Re: Anycast provider for SMTP? Matt Palmer (Jun 16)
    - Re: Anycast provider for SMTP? Rafael Possamai (Jun 17)
    - Re: Anycast provider for SMTP? John Orthoefer (Jun 15)
- Re: Anycast provider for SMTP? Bill Woodcock (Jun 15)
  - Re: Anycast provider for SMTP? William Herrin (Jun 15)
    - Re: Anycast provider for SMTP? Christopher Morrow (Jun 15)
    - Re: Anycast provider for SMTP? John Levine (Jun 15)
    - Re: Anycast provider for SMTP? Bill Woodcock (Jun 16)
    - Re: Anycast provider for SMTP? William Herrin (Jun 16)
    - Re: Anycast provider for SMTP? Bill Woodcock (Jun 16)
    - Re: Anycast provider for SMTP? Mark Andrews (Jun 16)
    - Re: Anycast provider for SMTP? John Levine (Jun 16)
    - Re: Anycast provider for SMTP? Masataka Ohta (Jun 16)
    - Re: Anycast provider for SMTP? Owen DeLong (Jun 16)
    - Re: Anycast provider for SMTP? Jon Lewis (Jun 16)

(Thread continues...)