[BBLISA] BGP and multicast (thread renamed)

Robert Keyes bob at sinister.com
Tue Jul 20 19:05:24 EDT 2010 


On Mon, 19 Jul 2010, Dean Anderson wrote:

>
>>> through. I think some of the DNS root servers are using "anycast"
>>> and small BGP announcements for redundancy purposes.
>>
>> Anycast! Yes I hadn't thought of that..it makes sense. Well, that's
>> the first new thing I've learned today.
>
> <grin>For some reason, last year ISC (the principal anycast DNS
> promoter)  has lost most of its ordinary funding. I've been trying to
> figure out exactly what the makeup of that funding was, but whatever it
> was, its gone now. Rick Adams had to make up $1.6 million out of about
> $2 million. Vixie himself still takes $252,000 of the $2 million,
> according to their IRS form 990.  [non-profits aren't supposed to inure
> benefits to their founders beyond fair salary. Pretty much, no small
> non-profits don't pay their CEOs roughly 12% of revenue--a company isn't
> really non-profit at that rate--that's in the realm of a for-profit
> S-Corp. Even large non-profits don't usually pay $252,000/yr to CEOs;
> that's a scandalously large amount. That amount is an unconscionably
> high both in dollars and in percentage of non-profit revenue; similar
> numbers have been focus of TV news expose's).

I don't want to come to the defense of Vixie, nor start another flame war, 
but perhaps some of the costs were related to running their rather large 
net connection and servers. I see that as requiring network engineers, 
sysops, programmers, and of course the corporate friction to go along with 
it: accountants, secretaries, lawyers..so perhaps that's where some of the 
money went.

> Anyway, pretty much everyone knows by now that Anycast isn't stable with
> TCP. Anycast only works for stateless protocols and TCP isn't stateless.

Yeah, it makes sense that there's a possibility of an unseen routing 
change due to anycast...but how often does that happen? and what happens 
if the TCP connection gets hosed...does it (the dns server just try again? 
Unless routes are flagging all over the place, I don't see this being a 
really huge problem. Then again, it does speak to a rather kludgy protocol 
design.

> And TCP is now on the top of the DNS list thanks to ... [drum roll]:
> DNSSEC!! [DNSSEC is another Vixie-IETF-disaster for reasons Dan
> Bernstein, myself, and others detailed some years ago; The Vixie/Cerf
> mafia tried to silence us, but they failed at that, too]. That's not to
> say they weren't successful in business, though. I just feel sorry for
> the people who wasted their money on buying Anycast DNS services from
> ISC, Affilias/Neustar etc. And I will someday feel sorry for the
> Internet when some of the other DNS "Vixie-flaws" are eventually
> exploited. But, aside from those things...I'm having a very happy year
> :-)  </grin>

hrm, yes, well like I said it all depends on the stability of the net for 
the course of TCP dns transactions, which may be sufficient. I don't have 
enough data to say one way or the other. Do you?

I am not trying to pick a fight, just ponder why something which seems an 
obvious fatal flaw on the surface would be considered acceptable. There 
must be some reason.

-Bob

More information about the bblisa mailing list