SlideShare ist ein Scribd-Unternehmen logo

INEX June Meeting - Root DNS Anycast Performance in UK & Ireland

A
Anurag Bhatia
1 von 20
Downloaden Sie, um offline zu lesen
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK & Ireland INEX June Meeting, Dublin
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland What are root DNS servers? ● Authoritative DNS servers for top level “dot” ● Knows authoritative DNS server of each TLD & it’s glue ● Logically 13 servers (from a to m) ● Heavily anycast across hundreds of servers located across the world
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland What is anycast? ● Announcing same address pool from multiple locations ● In theory routers sending traffic off to nearest anycast node ● Works well with lot of peering but limited set of transits ● Breaks often due to networks having own preference for each other networks
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Testing Methodology Two ways to test anycast performance: 1. Triggering dig CHAOS id.server @$ROOT txt from root servers 2. Triggering ping to the root servers from RIPE Atlas probes in the region
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Testing Methodology Two ways to test anycast performance: 1. Triggering dig CHAOS id.server @$ROOT txt from - Works for 9 out of 13 root DNS servers 2. Triggering dig CHAOS hostname.bind @$ROOT txt from - Works for 4 out of 13 root DNS servers 3. Triggering ping to the root servers from RIPE Atlas probe in the region - Works for 12 out of 13 root servers
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Limitations 1. No way to practically test IPv6 due to very low number of IPv6 enabled RIPE atlas probes. 2. Due to blocked ICMP - G root was excluded from comparison of latency. 3. Diversification of RIPE Atlas probes across ASNs is not well tested. It is there in some cases while missing in other cases. 4. A considerable number of RIPE Atlas probes are on DSL and it may have it’s own overhead in the resolution.
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root servers which support CHAOS Class Queries Root Server id.server support hostname.bind support a.root-servers.net. Yes No b.root-servers.net. No Yes c.root-servers.net. No Yes d.root-servers.net. Yes No e.root-servers.net. Yes No f.root-servers.net. Yes No g.root-servers.net. No Yes h.root-servers.net. Yes No i.root-servers.net. Yes No j.root-servers.net. Yes No k.root-servers.net. Yes No l.root-servers.net. Yes No m.root-servers.net. No Yes
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Countries with root DNS servers 1. UK (13) 2. Ireland (3)
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Countries with active RIPE Atlas Probes 1. UK (611) 2. Ireland (109)
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK 1. A root - London 2. D root - London 3. D root - Leeds 4. D root - Manchester 5. E root - London 6. F root - London 7. I root - London 8. J root - Leeds 9. K root - London 10. L root - London 11. L root - Leeds 12. L root - Rochester 13. L root - Dundee
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK Root Server Locally Present Average Latency % of DNS Traffic within Country % of DNS Traffic within region % of DNS Traffic outside region A root Yes 12.9 100.00% 0.00% 0.00% B root No 143.2 0.00% 0.00% 100.00% C root No 17.93 0.00% 100.00% 0.00% D root Yes 22.75 62.22% 20.00% 17.78% E root Yes 37 95.12% 4.88% 0% F root Yes 28.39 36.17% 34.04% 29.79% G root No 0.00% 82.61% 17.39% H root No 93.64 0.00% 100.00% 0.00% I root Yes 53.05 55.32% 21.28% 23.40% J root Yes 69.5 0.00% 51.06% 48.94% K root Yes 39.42 63.04% 19.57% 17.39% L root Yes 57.88 15.22% 54.35% 30.43% M root No 37.04 0.00% 93.62% 6.38%
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in Ireland 1. D root - Dublin 2. E root - Dublin 3. J root - Dublin
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in Ireland Root Server Locally Present Average Latency % of DNS Traffic within Country % of DNS Traffic within region % of DNS Traffic outside region A root No 29.26 0.00% 100.00% 0.00% B root No 178.24 0.00% 0.00% 100.00% C root No 71.14 0.00% 57.45% 42.55% D root Yes 26.47 97.87% 0.00% 2.13% E root Yes 22.75 97.87% 2.13% 0.00% F root No 35.63 0.00% 89.36% 10.64% G root No 0.00% 93.62% 6.38% H root No 117.1 0.00% 0.00% 100.00% I root No 48.99 0.00% 89.36% 10.64% J root Yes 17.9 97.87% 2.13% 0.00% K root No 38.44 0.00% 97.87% 2.13% L root No 44.21 0.00% 97.87% 2.13% M root No 31.76 0.00% 100.00% 0.00%
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in Ireland
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Why does anycast fail? 1. Networks often prefer a customer route over peering, over transit path. 2. BGP best path is not always the geographically best path. 3. Things break due to route leaks where announcement propagates beyond geography. 4. Use of “no-export” in peered routes is debatable.
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Misc Points about the study 1. End users “speak to” DNS recursor of ISP and not root DNS servers directly. 2. Presence of even a single root server impacts as DNS recursor software picks it up based on performance & hence low latency with just one or more root DNS server helps in overall resolution time. 3. Users not using local ISPs server & relying on popular open DNS recursors have different resolution path alltogether.
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Conclusions 1. More root DNS servers are good for a country, it reduces latency considerably. 2. IXP where root DNS can peer with large number of networks is good. 3. Apart from latency, more DNS servers ensure low impact of submarine or long distance terrestrial cable cuts. 4. It’s better to buy IP transit from a provider with a network & peering in large geography as compared to a localized player.
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland References ● RIPE Atlas Project - http://atlas.ripe.net ● Root DNS servers Information - http://root-servers.org/ ● DNS Chaos Class (Chaosnet) - https://en.wikipedia.org/wiki/Chaosnet ● Root DNS Zone - ftp://ftp.rs.internic.net/domain/root.zone ● Anycast - https://en.wikipedia.org/wiki/Anycast ● Kabindra Shrestha from PCH - https://www.pch.net
20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Thankyou! Questions? Peering? Email: anurag@he.net Twitter: @anurag_bhatia ASN: 6939 Web: http://he.net Peeringdb: http://as6939.peeringdb.net

Empfohlen

IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
CommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTCommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksAPNIC
 
How You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from NowHow You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from Nowjulievreeland
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 TransitionSwiss IPv6 Council
 
Update on IPv6 activity in CERNET2
Update on IPv6 activity in CERNET2Update on IPv6 activity in CERNET2
Update on IPv6 activity in CERNET2APNIC
 
I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4Hussein Elmenshawy
 

Empfohlen

IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
CommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTCommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksAPNIC
 
How You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from NowHow You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from Nowjulievreeland
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 TransitionSwiss IPv6 Council
 
Update on IPv6 activity in CERNET2
Update on IPv6 activity in CERNET2Update on IPv6 activity in CERNET2
Update on IPv6 activity in CERNET2APNIC
 
I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4Hussein Elmenshawy
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesOlle E Johansson
 
Tracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerTracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerVere Software
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challengesIvan Pepelnjak
 
Measuring IPv6 at Web Clients and Caching Resolvers
Measuring IPv6 at Web Clients and Caching ResolversMeasuring IPv6 at Web Clients and Caching Resolvers
Measuring IPv6 at Web Clients and Caching ResolversRIPE Meetings
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name CollisionICANN
 
RIPE NCC DNS Update
RIPE NCC DNS UpdateRIPE NCC DNS Update
RIPE NCC DNS UpdateRIPE Meetings
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedFaelix Ltd
 
Small but Interesting Things
Small but Interesting ThingsSmall but Interesting Things
Small but Interesting ThingsRIPE Meetings
 
Avb pov 2017 v2
Avb pov 2017 v2Avb pov 2017 v2
Avb pov 2017 v2Jeff Green
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
6Rd
6Rd6Rd
6RdFred Bovy
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Analysis of RD=0 and RD=1 queries seen at Root; JP
Analysis of RD=0 and RD=1 queries seen at Root; JPAnalysis of RD=0 and RD=1 queries seen at Root; JP
Analysis of RD=0 and RD=1 queries seen at Root; JPAPNIC
 
India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2Arin Burman
 
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderHSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderSplend
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
Is IPv6 Really Faster?
Is IPv6 Really Faster?Is IPv6 Really Faster?
Is IPv6 Really Faster?APNIC
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ CloudflareInternet Society
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksAPNIC
 

Weitere ähnliche Inhalte

Was ist angesagt?

Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesOlle E Johansson
 
Tracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerTracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerVere Software
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challengesIvan Pepelnjak
 
Measuring IPv6 at Web Clients and Caching Resolvers
Measuring IPv6 at Web Clients and Caching ResolversMeasuring IPv6 at Web Clients and Caching Resolvers
Measuring IPv6 at Web Clients and Caching ResolversRIPE Meetings
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name CollisionICANN
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedFaelix Ltd
 
Small but Interesting Things
Small but Interesting ThingsSmall but Interesting Things
Small but Interesting ThingsRIPE Meetings
 
Avb pov 2017 v2
Avb pov 2017 v2Avb pov 2017 v2
Avb pov 2017 v2Jeff Green
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 

Was ist angesagt? (14)

Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
 
Tracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary KesslerTracing IP Addresses: Gary Kessler
Tracing IP Addresses: Gary Kessler
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challenges
 
Measuring IPv6 at Web Clients and Caching Resolvers
Measuring IPv6 at Web Clients and Caching ResolversMeasuring IPv6 at Web Clients and Caching Resolvers
Measuring IPv6 at Web Clients and Caching Resolvers
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name Collision
 
RIPE NCC DNS Update
RIPE NCC DNS UpdateRIPE NCC DNS Update
RIPE NCC DNS Update
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I started
 
Small but Interesting Things
Small but Interesting ThingsSmall but Interesting Things
Small but Interesting Things
 
Avb pov 2017 v2
Avb pov 2017 v2Avb pov 2017 v2
Avb pov 2017 v2
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
 
6Rd
6Rd6Rd
6Rd
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
 

Ähnlich wie INEX June Meeting - Root DNS Anycast Performance in UK & Ireland

Analysis of RD=0 and RD=1 queries seen at Root; JP
Analysis of RD=0 and RD=1 queries seen at Root; JPAnalysis of RD=0 and RD=1 queries seen at Root; JP
Analysis of RD=0 and RD=1 queries seen at Root; JPAPNIC
 
India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2Arin Burman
 
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderHSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderSplend
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
Is IPv6 Really Faster?
Is IPv6 Really Faster?Is IPv6 Really Faster?
Is IPv6 Really Faster?APNIC
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksAPNIC
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Medium-Large Enterprise Small Cell Deployment Case Studies
Medium-Large Enterprise Small Cell Deployment Case StudiesMedium-Large Enterprise Small Cell Deployment Case Studies
Medium-Large Enterprise Small Cell Deployment Case StudiesSmall Cell Forum
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...eCommConf
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
ESnet Defined: Challenges and Overview Department of Energy ...
ESnet Defined: Challenges and Overview Department of Energy ...ESnet Defined: Challenges and Overview Department of Energy ...
ESnet Defined: Challenges and Overview Department of Energy ...Videoguy
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaAPNIC
 
IPv6 Performance
IPv6 PerformanceIPv6 Performance
IPv6 PerformanceAPNIC
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6Rishu Mehra
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6technext1
 
ASN-FWD: Shrinking the IPv4 Share on the Forwarding Information Base
ASN-FWD: Shrinking the IPv4 Share on the Forwarding Information BaseASN-FWD: Shrinking the IPv4 Share on the Forwarding Information Base
ASN-FWD: Shrinking the IPv4 Share on the Forwarding Information BaseLasaro Camargos
 

Ähnlich wie INEX June Meeting - Root DNS Anycast Performance in UK & Ireland (20)

Analysis of RD=0 and RD=1 queries seen at Root; JP
Analysis of RD=0 and RD=1 queries seen at Root; JPAnalysis of RD=0 and RD=1 queries seen at Root; JP
Analysis of RD=0 and RD=1 queries seen at Root; JP
 
India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2
 
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderHSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
 
Is IPv6 Really Faster?
Is IPv6 Really Faster?Is IPv6 Really Faster?
Is IPv6 Really Faster?
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networks
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Medium-Large Enterprise Small Cell Deployment Case Studies
Medium-Large Enterprise Small Cell Deployment Case StudiesMedium-Large Enterprise Small Cell Deployment Case Studies
Medium-Large Enterprise Small Cell Deployment Case Studies
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
ESnet Defined: Challenges and Overview Department of Energy ...
ESnet Defined: Challenges and Overview Department of Energy ...ESnet Defined: Challenges and Overview Department of Energy ...
ESnet Defined: Challenges and Overview Department of Energy ...
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, Mongolia
 
IPv6 Performance
IPv6 PerformanceIPv6 Performance
IPv6 Performance
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6
 
TransPAC3/ACE Measurement & PerfSONAR Update
TransPAC3/ACE Measurement & PerfSONAR UpdateTransPAC3/ACE Measurement & PerfSONAR Update
TransPAC3/ACE Measurement & PerfSONAR Update
 
ASN-FWD: Shrinking the IPv4 Share on the Forwarding Information Base
ASN-FWD: Shrinking the IPv4 Share on the Forwarding Information BaseASN-FWD: Shrinking the IPv4 Share on the Forwarding Information Base
ASN-FWD: Shrinking the IPv4 Share on the Forwarding Information Base
 

INEX June Meeting - Root DNS Anycast Performance in UK & Ireland

  • 1. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK & Ireland INEX June Meeting, Dublin
  • 2. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland What are root DNS servers? ● Authoritative DNS servers for top level “dot” ● Knows authoritative DNS server of each TLD & it’s glue ● Logically 13 servers (from a to m) ● Heavily anycast across hundreds of servers located across the world
  • 3. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland What is anycast? ● Announcing same address pool from multiple locations ● In theory routers sending traffic off to nearest anycast node ● Works well with lot of peering but limited set of transits ● Breaks often due to networks having own preference for each other networks
  • 4. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Testing Methodology Two ways to test anycast performance: 1. Triggering dig CHAOS id.server @$ROOT txt from root servers 2. Triggering ping to the root servers from RIPE Atlas probes in the region
  • 5. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Testing Methodology Two ways to test anycast performance: 1. Triggering dig CHAOS id.server @$ROOT txt from - Works for 9 out of 13 root DNS servers 2. Triggering dig CHAOS hostname.bind @$ROOT txt from - Works for 4 out of 13 root DNS servers 3. Triggering ping to the root servers from RIPE Atlas probe in the region - Works for 12 out of 13 root servers
  • 6. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Limitations 1. No way to practically test IPv6 due to very low number of IPv6 enabled RIPE atlas probes. 2. Due to blocked ICMP - G root was excluded from comparison of latency. 3. Diversification of RIPE Atlas probes across ASNs is not well tested. It is there in some cases while missing in other cases. 4. A considerable number of RIPE Atlas probes are on DSL and it may have it’s own overhead in the resolution.
  • 7. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root servers which support CHAOS Class Queries Root Server id.server support hostname.bind support a.root-servers.net. Yes No b.root-servers.net. No Yes c.root-servers.net. No Yes d.root-servers.net. Yes No e.root-servers.net. Yes No f.root-servers.net. Yes No g.root-servers.net. No Yes h.root-servers.net. Yes No i.root-servers.net. Yes No j.root-servers.net. Yes No k.root-servers.net. Yes No l.root-servers.net. Yes No m.root-servers.net. No Yes
  • 8. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Countries with root DNS servers 1. UK (13) 2. Ireland (3)
  • 9. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Countries with active RIPE Atlas Probes 1. UK (611) 2. Ireland (109)
  • 10. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK 1. A root - London 2. D root - London 3. D root - Leeds 4. D root - Manchester 5. E root - London 6. F root - London 7. I root - London 8. J root - Leeds 9. K root - London 10. L root - London 11. L root - Leeds 12. L root - Rochester 13. L root - Dundee
  • 11. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK Root Server Locally Present Average Latency % of DNS Traffic within Country % of DNS Traffic within region % of DNS Traffic outside region A root Yes 12.9 100.00% 0.00% 0.00% B root No 143.2 0.00% 0.00% 100.00% C root No 17.93 0.00% 100.00% 0.00% D root Yes 22.75 62.22% 20.00% 17.78% E root Yes 37 95.12% 4.88% 0% F root Yes 28.39 36.17% 34.04% 29.79% G root No 0.00% 82.61% 17.39% H root No 93.64 0.00% 100.00% 0.00% I root Yes 53.05 55.32% 21.28% 23.40% J root Yes 69.5 0.00% 51.06% 48.94% K root Yes 39.42 63.04% 19.57% 17.39% L root Yes 57.88 15.22% 54.35% 30.43% M root No 37.04 0.00% 93.62% 6.38%
  • 12. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in UK
  • 13. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in Ireland 1. D root - Dublin 2. E root - Dublin 3. J root - Dublin
  • 14. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in Ireland Root Server Locally Present Average Latency % of DNS Traffic within Country % of DNS Traffic within region % of DNS Traffic outside region A root No 29.26 0.00% 100.00% 0.00% B root No 178.24 0.00% 0.00% 100.00% C root No 71.14 0.00% 57.45% 42.55% D root Yes 26.47 97.87% 0.00% 2.13% E root Yes 22.75 97.87% 2.13% 0.00% F root No 35.63 0.00% 89.36% 10.64% G root No 0.00% 93.62% 6.38% H root No 117.1 0.00% 0.00% 100.00% I root No 48.99 0.00% 89.36% 10.64% J root Yes 17.9 97.87% 2.13% 0.00% K root No 38.44 0.00% 97.87% 2.13% L root No 44.21 0.00% 97.87% 2.13% M root No 31.76 0.00% 100.00% 0.00%
  • 15. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Root DNS Anycast in Ireland
  • 16. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Why does anycast fail? 1. Networks often prefer a customer route over peering, over transit path. 2. BGP best path is not always the geographically best path. 3. Things break due to route leaks where announcement propagates beyond geography. 4. Use of “no-export” in peered routes is debatable.
  • 17. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Misc Points about the study 1. End users “speak to” DNS recursor of ISP and not root DNS servers directly. 2. Presence of even a single root server impacts as DNS recursor software picks it up based on performance & hence low latency with just one or more root DNS server helps in overall resolution time. 3. Users not using local ISPs server & relying on popular open DNS recursors have different resolution path alltogether.
  • 18. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Conclusions 1. More root DNS servers are good for a country, it reduces latency considerably. 2. IXP where root DNS can peer with large number of networks is good. 3. Apart from latency, more DNS servers ensure low impact of submarine or long distance terrestrial cable cuts. 4. It’s better to buy IP transit from a provider with a network & peering in large geography as compared to a localized player.
  • 19. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland References ● RIPE Atlas Project - http://atlas.ripe.net ● Root DNS servers Information - http://root-servers.org/ ● DNS Chaos Class (Chaosnet) - https://en.wikipedia.org/wiki/Chaosnet ● Root DNS Zone - ftp://ftp.rs.internic.net/domain/root.zone ● Anycast - https://en.wikipedia.org/wiki/Anycast ● Kabindra Shrestha from PCH - https://www.pch.net
  • 20. 20 June 2016 - Anurag Bhatia - Hurricane Electric - INEX June Meeting - Dublin, Ireland Thankyou! Questions? Peering? Email: anurag@he.net Twitter: @anurag_bhatia ASN: 6939 Web: http://he.net Peeringdb: http://as6939.peeringdb.net