<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] More Root-Servers?
Marc, Daniel, and all assembly members, stakeholders or other interested
parties,
It would seem more logical to fix the protocol to allow for more Root
servers than to use Anycast to piggyback additional Root servers.
Even better would be a SROOTS or MultiRoot structure. But of course
ICANN is strongly against that... :( None the less, Bind 9.0+ has
been modified in our [INEG. INC] version to allow for up to 255
root servers. We call this fix or improved/inhanced version, BindPlus,
and have been quietly deploying it for some time now..
I do believe that Anycast or Multicast can and has been tested a number
of times to be used for linking/stacking of Root servers under existing
Bind restrictions. One might consider asking Paul Vixie about some of
this if I recall correctly.
Marc Schneiders wrote:
> Yesterday suggestions were made here for placing root-servers more
> geographically spread around the world. The problem is that 13 is
> the maximum.
>
> Below an idea that RIPE (which operates K) is considering. In short:
> there would be several machines with the same IP number in different
> places using anycast. So there would in fact be more root-servers that
> appear to be just one of the 13.
>
> ---------- Forwarded message ----------
> Date: Tue, 05 Nov 2002 13:12:22 +0100
> From: Daniel Karrenberg <Daniel.Karrenberg@ripe.net>
> To: RIPE DNS WG <dns-wg@ripe.net>
> Cc: RIPE Routing WG <routing-wg@ripe.net>
> Subject: Distributing K-Root Service by Anycast Routing
>
> Dear Colleagues,
>
> below you find the proposal to start distributing the service
> of k.root-servers.net by using anycast. I welcome comments
> and suggestions either privately or on the DNS WG list.
> I would like to see a good discussion so that we can proceed
> with support from the RIPE community. Can we have this
> discussion on the DNS WG list too please? In particular
> I would like to hear technical suggestions for Appendix A.
>
> Thanks
>
> Daniel
>
> ---------
>
> Distributing K-Root Service by Anycast Routing of
> 193.0.14.129
>
> Daniel Karrenberg
> <daniel.karrenberg@ripe.net>
>
> $Id: k-any.ms,v 1.9 2002/11/05 12:03:32 dfk Exp $
>
> ABSTRACT
>
> This memo proposes to distribute the DNS ser-
> vice provided by k.root-servers.net across multi-
> ple locations in the Internet topology. It dis-
> cusses the motivation for and the principles of
> implementation. A first inventory of detailed
> issues is provided in an appendix.
>
> 1. Introduction
>
> DNS root name servers need to be accessible by Internet
> hosts in order for the DNS to function properly. Accessi-
> bility is determined by the ability of the server to handle
> a given query load and by the connectivity of the server to
> the rest of the Internet.
>
> The RIPE NCC operates k.root-servers.net (K-root) in the
> RIPE region in order to help safeguard the quality of the
> DNS in the Internet and in the RIPE region in particular.
> The RIPE NCC obtains guidance from RIPE.
>
> For K-root the connectivity issue has been addressed by
> placing it at the LINX, a topologically very well connected
> point. The server load issue has been addressed by deploy-
> ing successive generations of hardware with increased pro-
> cessing power and by distributing the load locally among a
> number of machines at different LINX sites. A cold spare
> system has been available in Amsterdam at all times to pro-
> vide continuity in case of catastrophic failures at the pri-
> mary server location. Over the years this set-up has pro-
> vided very reliable service.
>
> However issues about differences in connectivity to the ser-
> vice across the RIPE region have been raised repeatedly. A
> more distributed provision of the service is generally seen
> as positive because of
>
> - lower network delays due to shorter paths between
> clients and servers,
>
> - less dependence on connectivity to a single location,
>
> - better load and DDoS attack resiliance because of dis-
> tributed servers,
>
> - more overall redundancy.
>
> For these reasons numerous organisations have offered to
> host additional servers operated by the RIPE NCC. So far
> this has not been considered because the number of unique IP
> addresses at which the service can be provided is exhausted
> by currently assigned servers.
>
> 2. Scope of this Memo
>
> This memo proposes to deploy multiple servers providing
> k.root-servers.net name service across the RIPE region, each
> using the same IP address. This is commonly called 'any-
> casting'. A detailed description of one implementation can
> be found in RFC3258. The intention of this memo is to
> establish the principles of this, inventarise the major
> issues and request comments from the RIPE community and
> other interested parties. An initial inventory of detailed
> issues is provided as an appendix.
>
> 3. Proposal
>
> Simply put the RIPE NCC will provide K-root name service at
> multiple locations dispersed over the Internet topology but
> at the same IP address. No DNS client/resolver changes are
> necessary. The service will appear exactly the same for the
> users. Normal Internet routing will distribute the traffic
> among the different instances of K-root.
>
> This will be implemented by installing multiple copies of
> the current server sets at different points and announcing
> the current prefix 193.0.14/24 from these points.
>
> The main challenge with this set-up is to ensure consis-
> tency:
>
> operation -
> All servers will be operated in a consistent way by the
> RIPE NCC. They will have appropriate out-of-band
> access path to ensure that the operations centre can
> access them.
>
> monitoring -
> The availability and responses will be monitored by
> dedicated monitoring systems installed at multiple
> locations. Also the BGP propagation of the prefix
> 193.0.14/24 will be monitored constantly by the exist-
> ing remote route collectors. [http://www.ripe.net/ris]
> Users will be able to identify the particular instance
> they are using by published methods using DNS queries.
> [draft-ietf-dnsop-serverid]
>
> correctness -
> The correctness and authenticity of the root zone data
> will eventually be guaranteed using DNSSEC. Until this
> can be deployed the current method will need to be
> employed: ISPs will need to closely monitor where they
> route traffic to 193.0.14/24 and from where they accept
> traffic from that address. The RIPE NCC will publish
> and maintain a list with the locations of the k-root
> instances, the BGP autonomous system numbers of their
> immediate neighbors and any other information that can
> help ISPs and others to ensure that they reach an
> authentic instance of K-root. This list will be main-
> tained until appropriate routing security technology is
> widely deployed.
>
> The RIPE NCC and K-root itself are well suited for this mode
> of operation. IANA asked the RIPE NCC to operate K-root,
> the geographic and topological location of K-root was not
> specified in any way other than "somewhere in the RIPE
> region". The RIPE NCC was chosen because it is neutral and
> professional but above all directly accountable to RIPE and
> its membership.
>
> The location at the LINX was subsequently chosen based on
> evaluation of the Internet topology in the region and a rec-
> ommendation by the RIPE DNS working group. Distributing K-
> root over a number of places is a natural continuation of
> this policy.
>
> In addition to operating K-root at a remote location the
> RIPE NCC has considerable experience in operating dis-
> tributed services. The Test Traffic Measurements Service
> operates more than 80 machines all over the world to collect
> performance measurements. Some of these can be used to mon-
> itor the DNS service of K-root as well. The Routing Infor-
> mation Service operates 9 remote route collectors at
> exchange points all over the world to collect BGP routing
> information. These route collectors will be used to monitor
> the routing of 193.0.14/24.
>
> At any point in time there is a trade-off between the added
> benefit of adding more servers and the difficulty of operat-
> ing them consistently. The optimal number of servers
> depends on a large number of constantly changing factors.
> It needs to be evaluated continuously as things progress.
>
> 4. Operational & Funding Models
>
> For the purpose of stability and for gaining experience all
> instances of K-root will be operated by the RIPE NCC. This
> ensures smooth transitions, consistency and correctness of
> root zone data.
>
> After the initial deployment there are a number of possible
> operational and funding models.
>
> 4.1. Traditional
>
> Traditionally K-root operations have been part of general
> RIPE NCC activities and thus have been collectively funded
> by the RIPE NCC membership. This is an appropriate funding
> model as all members benefit from stable root name service.
> It is also easy to administer. Difficulties may arise when
> the number of locations is such that the operational costs
> increase very significantly. Another important drawback of
> this model is that the number of additional sites will be
> limited by available funds and the sites will have to be
> determined by a selection procedure based on criteria
> including
>
> - position in Internet topology,
>
> - position relative to existing K-root instances,
>
> - local operations support,
>
> - operational requirements [rfc2870],
>
> - commitment to fund operations at a later stage.
>
> 4.2. Location Fees
>
> The drawbacks of the traditional model can be largely over-
> come by charging the organisations hosting K-root instances
> a fee that covers the operational costs. This obviously
> scales better and requires less of a beauty contest, because
> the funds available will more closely match the operational
> costs. It is quite possible that the initial demand will be
> higher than the operational capabilities of the RIPE NCC.
>
> Also it should be observed that in funding and some other
> aspects this is exactly the opposite of the traditional
> model: In the traditional model the RIPE NCC pays facilities
> management fees to the hosts whereas in this model the hosts
> pay.
>
> Transition should be planned carefully.
>
> 4.3. Operated and Funded Decentrally
>
> In this model anyone who wishes would be able to operate a
> K-root instance. This model has such serious problems with
> guaranteeing stability and consistency that it cannot be
> implemented today or in the near future. The minimum
> requirement for this operational mode is a zone signing
> mechanism that ensures consistency and authenticity of root
> zone data. Implementing this also requires a changed model
> of service responsibility as it is obviously impossible to
> hold any one entity responsible for the service. While this
> may ultimately scale the best, it is extremely premature at
> this point.
>
> We propose to continue with the traditional model for now
> and explore other models while gaining operational experi-
> ence. The associated selection procedures will be executed
> by the RIPE NCC and guided by the relevant requirements RFCs
> and the RIPE DNS working group.
>
> 5. Implementation Plan
>
> 5.1. Initial BGP change
>
> The routing announcements of the current server prefix
> 193.0.14/24 will change from AS5459 (LINX) to the dedicated
> new K-root autonomous system number AS25152.
>
> ISPs need to be aware of this and adapt their routing fil-
> ters accordingly. It is recommended that ISPs who do not
> already do so, take precautions, safeguaring that they
> receive this prefix from an authentic K-root via a trusted
> path and that they route traffic to it via trusted paths as
> far as possible. At the same time an initial set of BGP and
> DNS service monitors will be deployed.
>
> 5.2. Move the Cold Standby to Service
>
> The current cold standby server at the RIPE NCC will be
> activated as a regular server. AS25152 will be announced
> also by the RIPE NCC at the AMS-IX. As the server is
> already available and configured this can be done fairly
> rapidly. The distribution of the load, BGP routing informa-
> tion and other operational data will be gathered and evalu-
> ated. ISPs will have the opportunity to test this set-up
> and provide feedback. In case of problems the RIPE NCC
> instance of K-root will be deactivated quickly, returning to
> the previous service level.
>
> 5.3. Implement Further Instances
>
> While monitoring continuously a number of further instances
> of K-root will be deployed. Currently we expect this to be
> about 5 additional instances. This number is limited by
> operational and monitoring capacity. It is important not to
> deploy more instances than can safely be operated and moni-
> tored. Especially the capacity to detect and correct prob-
> lems in this distributed set-up needs to be carefully moni-
> tored.
>
> 5.4. Spreading Further
>
> Planning further than this is currently difficult because of
> lack of experience with distributed K-root operations and
> possible funding models.
>
> Acknowledgements
>
> The author would like to thank Joao Silva Damas for comments
> on an earlier draft as well as Andrei Robachevsky and Henk
> Uijterwaal who provided comments on recent drafts.
>
> Appendix A - Detailed Issues
>
> Using a router or having a server speak BGP?
>
> Withdrawing BGP announcements based on service availability?
>
> Distributed service monitoring: Using current RIPE NCC oper-
> ated machines all over the world is an easy option. Maybe
> distributing automatic monitoring software to be run by vol-
> unteers is another. What is essentially needed is to try a
> small number of queries periodically including the query
> identifying the instance of the server. Then transmitting
> the results back to a (set of) collection point(s).
>
> Distributed BGP Monitoring: The RIS can be used for this.
> Coverage should be sufficient.
>
> Information Campaign: What is needed to reach all ISPs that
> need to know? How long a lead time do they need for the var-
> ious stages of the deployment?
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 972-244-3801
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|