SlideShare una empresa de Scribd logo

Routing for an Anycast CDN

Tom Paseka
Tom Paseka

CloudFlare operates a global anycast content delivery network (CDN) to improve website performance and security. Their network routes web traffic through data centers located around the world, where services like caching, security filtering, and optimizations are applied. Anycast routing allows a client to connect to the closest data center, and if that location fails traffic will automatically reroute to the next closest one. Operating an anycast CDN presents challenges around efficient routing, new market deployments, and troubleshooting unusual routing behaviors between networks. Peering is important for reachability but must be considered economically in each region.

Tecnología
1 de 26
Descargar para leer sin conexión
Tom Paseka Routing for an Anycast CDN Network Engineer tom@cloudflare.com
What is CloudFlare? CloudFlare makes websites faster and safer using our globally distributed network to deliver essential services to any website: • Performance • Analytics • Content Optimization • Third party services • Security www.cloudflare.com 2
How does CloudFlare Work? CloudFlare works at the network level. • Once a website is part of the CloudFlare community, its web traffic is routed through CloudFlare’s global network of 23 (and growing) data centers. • At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimization and third party app installations. www.cloudflare.com 3
IPv6 Gateway With the Internet's explosive growth and the number of on-net devices closing in on IPv4's maximum capacity, CloudFlare now offers an automatic IPv6 gateway seamlessly bridging the IPv4 and IPv6 networks. • For most businesses, upgrading to the IPv6 protocol is costly and time consuming. • CloudFlare’s solution requires NO hardware, software, or other infrastructure changes by the site owner or hosting provider. • Enabled via the flip of a switch on the site owner’s CloudFlare dashboard. • Users can choose two options: (FULL) which will enable IPv6 on all subdomains that are CloudFlare Enabled, or (SAFE) which will automatically create specific IPv6-only subdomains (e.g. www.ipv6.yoursite.com). www.cloudflare.com 4
Anycast CDN
Anycast CDN Anycast prefixes • Same IP Prefixes advertised in each site. • 23 Sites around the world. • No unicast used for content delivery • Unicast used to pull traffic from “origin” and management Traffic Control • How the eyeball ISP routes • ISP A routes to CloudFlare in Hong Kong, traffic will be served for ISP A from Hong Kong. www.cloudflare.com 6
Anycast CDN Traceroute from Singapore: traceroute to 173.245.61.248 (173.245.61.248), 30 hops max, 40 byte packets 1 202-150-221-169.rev.ne.com.sg (202.150.221.169) 0.351 ms 0.406 ms 0.456 ms 2 s4-6-r10.cyberway.com.sg (203.117.6.209) 0.610 ms 0.652 ms 0.692 ms 3 anutsi10.starhub.net.sg (203.118.3.162) 2.579 ms 2.575 ms 2.562 ms 4 six2utsi1.starhub.net.sg (203.118.3.189) 1.452 ms 1.633 ms 1.768 ms 5 SH.gw5.sin1.asianetcom.net (203.192.169.41) 1.561 ms 1.620 ms 1.610 ms 6 te0-0-2-0.wr1.sin0.asianetcom.net (61.14.157.109) 2.135 ms 1.921 ms 1.950 ms 7 gi4-0-0.gw2.sin3.asianetcom.net (61.14.157.134) 1.909 ms 1.907 ms 1.882 ms 8 CDF-0003.gw2.sin3.asianetcom.net (203.192.154.26) 1.417 ms 1.504 ms 1.493 ms 9 cf-173-245-61-248.cloudflare.com (173.245.61.248) 1.470 ms 1.461 ms 1.520 ms Traceroute Completed. Traceroute from Hong Kong: From traceroute.hgc.com.hk to 173.245.61.248 traceroute to 173.245.61.248 (173.245.61.248), 64 hops max, 44 byte packets 1 bbs-1-250-0-210.on-nets.com (210.0.250.1) 0.423 ms 0.329 ms 0.320 ms 2 10.2.193.17 (10.2.193.17) 0.719 ms 0.661 ms 0.682 ms 3 peer (218.189.96.62) 0.569 ms 0.550 ms 0.545 ms 4 cloudflare-RGE.hkix.net (202.40.160.246) 1.893 ms 2.419 ms 1.910 ms 5 cf-173-245-61-248.cloudflare.com (173.245.61.248) 2.101 ms 1.973 ms 1.780 ms www.cloudflare.com 7
Anycast CDN DNS Query DNS result returned with “Anycast” IP Client makes connection to closest server CloudFlare replies Outage Re-routes to next closest cluster Hong Kong www.cloudflare.com 8
Transit
Transit Who? • Choice of Transit Provider is VERY important • We’ve chosen a limited number of providers per region: • Two in US/EU • Two in Asia. • Single Provider makes routing easier, but two for full reach • Transit provider should offer good routing controls • You need to be able to keep routes within a region • Prepend to specific peers • Transit Provider should make use of “Hot Potato” routing to their peers. • ie. Peer and exchange traffic in every mutual location. www.cloudflare.com 10
Transit Routing Controls? • Must be able to keep advertisements within region. • A Customer of your European transit provider is likely to be a peer of your Asian Transit provider • You don’t want to serve traffic from Asia for Europe • Some routing controls listed on: http://www.onesc.net/communities/ • A lot of work should be done in the presales stage to understand the providers network and how they peer. • Looking at AS1299’s (Telia-Sonera) whois entry gives a good idea how they peer. www.cloudflare.com 11
Transit Choices? • Many providers can give you good coverage for common US and EU Locations (San Jose, LA, New York, London, Amsterdam, etc...) • One provider can’t do it all in Asia. • Asian networks are usually somewhat ‘disconnected’ • Few peer with NTT in Asia • NTT, Pacnet, TATA all disconnected from each other. • Transit in the US could be far cheaper for the provider than within Asia. • Supplement this with Peering www.cloudflare.com 12
Peering
Peering USA Peering • Is it economic to peer? • Transit is < US$1 • Eyeball networks probably *wont* peer with you • Comcast (not at any exchange) • ATT • South America? • Peering in Miami • Most networks open to peering www.cloudflare.com 14
Peering EU Peering • Same argument as US, might be more costly to peer • Many networks more open to peering however • Major providers / incumbents more difficult, probably wont peer: • DTAG • TeliaSonera • Telecom Italia Sparkle • Telefonica • France Telecom • IX’s have good reach to surrounding regions. • AMS-IX, DE-CIX, netnod, LINX www.cloudflare.com 15
Peering Asia Peering • Very economical. • Large providers may not peer • HKIX……. (and Hong Kong Equinix) • Local Loop to HKIX can be around US$1,000 for 1G • No IX charges. • HKIX will get you 100% of domestic Hong Kong. • Very Good Vietnam and some Taiwan, Korea, Japan and China routes too • Singapore Equinix • Priced competitively • Great Coverage for South East Asia (Indonesia, Thailand, Malaysia, India) • JPIX and JPNAP much more costly. www.cloudflare.com 16
Peering Asia/Hong Kong Peering Economics • Transit ~US$10/M (HK) • HKIX US$2/M at 50% utilisation • Worthwhile after just 100mbit utilization. • If transit is more expensive, justification comes faster! • Hong Kong users will be upset if you don’t peer at HKIX • Quoting a customer: “Having a PoP in HKG without announcing prefixes to HKIX is like a dinner without fork.” www.cloudflare.com 17
Peering Asia/Sydney Peering Economics • Transit ~US$30+/M • Equinix/PIPE ~US$2/M at 50% utilisation • Worthwhile after around 30mbit. • Around half the “Eyeballs” Connect to Equinix or PIPE in Sydney, WAIX in Perth. • No Telstra, Optus. (or AAPT/Verizon) www.cloudflare.com 18
Challenges
Challenges Challenges • Routing • Inefficient routing, optimizing. • Turning up peering, causing unexpected routing changes • Russian Network preferred our routes via HKIX instead of in Europe. • Keeping optimal routing to Eyeball Networks • Deployments into new markets • China • South America. www.cloudflare.com 20
Challenges SOME NETWORKS DO STRANGE THINGS! • An Israeli ISP is doing per-packet load sharing over multiple ISPs • A SYN will connect in Amsterdam • Amsterdam anycast node replies with SYN-ACK • Washington DC receives ACK. • TCP IS BROKEN! • Troubleshooting is not easy. www.cloudflare.com 21
Challenges How to troubleshoot? • Whole new techniques • Ping is wonderful tool. • Ping from Anycast IP, to determine if remote side is reachable from that node. • Ping from Unicast IP, to determine if remote side is reachable. www.cloudflare.com 22
Challenges Look at the Seq Numbers Lots of packet loss www.cloudflare.com 23
Challenges Unicast sourced ping looks nicer. www.cloudflare.com 24
Challenges Anycast source ping no reply? Remote side replies to different colo. www.cloudflare.com 25
26 Questions?

Recomendados

Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
Dhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETF
Dhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETFDhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETF
Dhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETFzarigatongy
 
Route Redistribution between OSPF and EIGRP
Route Redistribution between OSPF and EIGRPRoute Redistribution between OSPF and EIGRP
Route Redistribution between OSPF and EIGRPNetProtocol Xpert
 
Tutorial radius client mikrotik
Tutorial radius client mikrotikTutorial radius client mikrotik
Tutorial radius client mikrotikAdi Utami
 
Sobanski odl summit_2015
Sobanski odl summit_2015Sobanski odl summit_2015
Sobanski odl summit_2015John Sobanski
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 

Recomendados

Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
Dhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETF
Dhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETFDhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETF
Dhcpv6 Tutorial Overview, DHCP for Ipv6 ,RFC 3315 - IETFzarigatongy
 
Route Redistribution between OSPF and EIGRP
Route Redistribution between OSPF and EIGRPRoute Redistribution between OSPF and EIGRP
Route Redistribution between OSPF and EIGRPNetProtocol Xpert
 
Tutorial radius client mikrotik
Tutorial radius client mikrotikTutorial radius client mikrotik
Tutorial radius client mikrotikAdi Utami
 
Sobanski odl summit_2015
Sobanski odl summit_2015Sobanski odl summit_2015
Sobanski odl summit_2015John Sobanski
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT TutorialAPNIC
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
BIRD Routing Daemon
BIRD Routing DaemonBIRD Routing Daemon
BIRD Routing DaemonAPNIC
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydneyMiguel Lavalle
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightManageEngine, Zoho Corporation
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
Pfsense
PfsensePfsense
PfsenseAntonio Del Río
 
F5_Active-Active Data Center.pdf
F5_Active-Active Data Center.pdfF5_Active-Active Data Center.pdf
F5_Active-Active Data Center.pdfSolutions Architect
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudMarco Rodrigues
 
Network Service Mesh
Network Service MeshNetwork Service Mesh
Network Service MeshPrem Sankar Gopannan
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Netgate
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015Netgate
 
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? OVHcloud
 
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...Irontec
 
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Netgate
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network GLC Networks
 
Service Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastService Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastSean Jain Ellis
 
Anycast & Multicast
Anycast & MulticastAnycast & Multicast
Anycast & MulticastRam Dutt Shukla
 

Más contenido relacionado

La actualidad más candente

464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT TutorialAPNIC
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
BIRD Routing Daemon
BIRD Routing DaemonBIRD Routing Daemon
BIRD Routing DaemonAPNIC
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydneyMiguel Lavalle
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightManageEngine, Zoho Corporation
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
F5_Active-Active Data Center.pdf
F5_Active-Active Data Center.pdfF5_Active-Active Data Center.pdf
F5_Active-Active Data Center.pdfSolutions Architect
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudMarco Rodrigues
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Netgate
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015Netgate
 
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? OVHcloud
 
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...Irontec
 
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Netgate
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network GLC Networks
 

La actualidad más candente (20)

464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT Tutorial
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
BIRD Routing Daemon
BIRD Routing DaemonBIRD Routing Daemon
BIRD Routing Daemon
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings right
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutes
 
Pfsense
PfsensePfsense
Pfsense
 
F5_Active-Active Data Center.pdf
F5_Active-Active Data Center.pdfF5_Active-Active Data Center.pdf
F5_Active-Active Data Center.pdf
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco Cloud
 
Network Service Mesh
Network Service MeshNetwork Service Mesh
Network Service Mesh
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
 
RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015
 
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
 
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
IVOZ Provider Open Source - La solución VoIP opensource para operadores e int...
 
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network
 

Destacado

Service Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastService Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastSean Jain Ellis
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetTom Paseka
 
Root DNS Anycast in South Asia
Root DNS Anycast in South AsiaRoot DNS Anycast in South Asia
Root DNS Anycast in South AsiaAPNIC
 
High Performance Magnolia with Anycast Routing
High Performance Magnolia with Anycast RoutingHigh Performance Magnolia with Anycast Routing
High Performance Magnolia with Anycast Routingbkraft
 
Slow is the New Down - Global Ecommerce
Slow is the New Down - Global EcommerceSlow is the New Down - Global Ecommerce
Slow is the New Down - Global EcommerceMark Lewis
 
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...Michael Kehoe
 
How LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterHow LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterShawn Zandi
 
Highly Available Docker Networking With BGP
Highly Available Docker Networking With BGPHighly Available Docker Networking With BGP
Highly Available Docker Networking With BGPOpenDNS
 
GPGPU Accelerates PostgreSQL (English)
GPGPU Accelerates PostgreSQL (English)GPGPU Accelerates PostgreSQL (English)
GPGPU Accelerates PostgreSQL (English)Kohei KaiGai
 
Automobile industry pocket guide 2013 (ACEA)
Automobile industry pocket guide 2013 (ACEA)Automobile industry pocket guide 2013 (ACEA)
Automobile industry pocket guide 2013 (ACEA)Kurthan Tarakcioglu
 
High Availability (HA) Explained
High Availability (HA) ExplainedHigh Availability (HA) Explained
High Availability (HA) ExplainedMaciej Lasyk
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationSDN Hub
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
AWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAmazon Web Services
 
Aws multi-region High Availability
Aws multi-region High Availability Aws multi-region High Availability
Aws multi-region High Availability Adam Book
 

Destacado (20)

Service Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastService Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using Anycast
 
Anycast & Multicast
Anycast & MulticastAnycast & Multicast
Anycast & Multicast
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internet
 
Healthy Living
Healthy LivingHealthy Living
Healthy Living
 
Root DNS Anycast in South Asia
Root DNS Anycast in South AsiaRoot DNS Anycast in South Asia
Root DNS Anycast in South Asia
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
 
High Performance Magnolia with Anycast Routing
High Performance Magnolia with Anycast RoutingHigh Performance Magnolia with Anycast Routing
High Performance Magnolia with Anycast Routing
 
Slow is the New Down - Global Ecommerce
Slow is the New Down - Global EcommerceSlow is the New Down - Global Ecommerce
Slow is the New Down - Global Ecommerce
 
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
 
How LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterHow LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site faster
 
Highly Available Docker Networking With BGP
Highly Available Docker Networking With BGPHighly Available Docker Networking With BGP
Highly Available Docker Networking With BGP
 
Europ Assistance and Care Services
Europ Assistance and Care ServicesEurop Assistance and Care Services
Europ Assistance and Care Services
 
GPGPU Accelerates PostgreSQL (English)
GPGPU Accelerates PostgreSQL (English)GPGPU Accelerates PostgreSQL (English)
GPGPU Accelerates PostgreSQL (English)
 
Automobile industry pocket guide 2013 (ACEA)
Automobile industry pocket guide 2013 (ACEA)Automobile industry pocket guide 2013 (ACEA)
Automobile industry pocket guide 2013 (ACEA)
 
High Availability (HA) Explained
High Availability (HA) ExplainedHigh Availability (HA) Explained
High Availability (HA) Explained
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network Virtualization
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 
AWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS Failover
 
Aws multi-region High Availability
Aws multi-region High Availability Aws multi-region High Availability
Aws multi-region High Availability
 

Similar a Routing for an Anycast CDN

PacNOG 31: Internet Exchange Points
PacNOG 31: Internet Exchange PointsPacNOG 31: Internet Exchange Points
PacNOG 31: Internet Exchange PointsAPNIC
 
PITA 27th AGM & Business Forum Expo 23: Internet Exchange Points
PITA 27th AGM & Business Forum Expo 23: Internet Exchange PointsPITA 27th AGM & Business Forum Expo 23: Internet Exchange Points
PITA 27th AGM & Business Forum Expo 23: Internet Exchange PointsAPNIC
 
The Path to 100+ IXes
The Path to 100+ IXesThe Path to 100+ IXes
The Path to 100+ IXesAPNIC
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNsMyNOG
 
AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayRJ Jafarkhani ☁
 
BBIX Asia Internet
BBIX Asia InternetBBIX Asia Internet
BBIX Asia InternetTom Paseka
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct ConnectJulien SIMON
 
The Future of Internet Exchange Points - NANOG 47
The Future of Internet Exchange Points - NANOG 47The Future of Internet Exchange Points - NANOG 47
The Future of Internet Exchange Points - NANOG 47Richard Steenbergen
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMatsuo Sawahashi
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingAPNIC
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloudjon_graham1977
 
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...Amazon Web Services
 
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]APNIC
 
Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012
Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012
Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012ChinaNetCloud
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
ExEC: Elastic Extensible Edge Cloud
ExEC: Elastic Extensible Edge Cloud ExEC: Elastic Extensible Edge Cloud
ExEC: Elastic Extensible Edge Cloud Nitinder Mohan
 
Wholesale services over VxC Fabrics
Wholesale services over VxC FabricsWholesale services over VxC Fabrics
Wholesale services over VxC FabricsSkeeve Stevens
 

Similar a Routing for an Anycast CDN (20)

PacNOG 31: Internet Exchange Points
PacNOG 31: Internet Exchange PointsPacNOG 31: Internet Exchange Points
PacNOG 31: Internet Exchange Points
 
PITA 27th AGM & Business Forum Expo 23: Internet Exchange Points
PITA 27th AGM & Business Forum Expo 23: Internet Exchange PointsPITA 27th AGM & Business Forum Expo 23: Internet Exchange Points
PITA 27th AGM & Business Forum Expo 23: Internet Exchange Points
 
Traffic Engineering for CDNs
Traffic Engineering for CDNs Traffic Engineering for CDNs
Traffic Engineering for CDNs
 
The Path to 100+ IXes
The Path to 100+ IXesThe Path to 100+ IXes
The Path to 100+ IXes
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNs
 
AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit Gateway
 
BBIX Asia Internet
BBIX Asia InternetBBIX Asia Internet
BBIX Asia Internet
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct Connect
 
The Future of Internet Exchange Points - NANOG 47
The Future of Internet Exchange Points - NANOG 47The Future of Internet Exchange Points - NANOG 47
The Future of Internet Exchange Points - NANOG 47
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architecture
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routing
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloud
 
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
 
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
 
Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012
Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012
Dealing with Chinese Network Anatomy | NC SZ Architect Event Speech 2012
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWS
 
ExEC: Elastic Extensible Edge Cloud
ExEC: Elastic Extensible Edge Cloud ExEC: Elastic Extensible Edge Cloud
ExEC: Elastic Extensible Edge Cloud
 
Wholesale services over VxC Fabrics
Wholesale services over VxC FabricsWholesale services over VxC Fabrics
Wholesale services over VxC Fabrics
 

Más de Tom Paseka

Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringTom Paseka
 
The New Edge of the Network
The New Edge of the NetworkThe New Edge of the Network
The New Edge of the NetworkTom Paseka
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?Tom Paseka
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP'sTom Paseka
 
Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017Tom Paseka
 
KINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of InterconnectionKINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of InterconnectionTom Paseka
 
Interconnection in Regional Markets
Interconnection in Regional MarketsInterconnection in Regional Markets
Interconnection in Regional MarketsTom Paseka
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
 
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapCloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapTom Paseka
 
New Zealand and the world as a CDN
New Zealand and the world as a CDNNew Zealand and the world as a CDN
New Zealand and the world as a CDNTom Paseka
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013Tom Paseka
 
Unicast vs Anycast
Unicast vs AnycastUnicast vs Anycast
Unicast vs AnycastTom Paseka
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursorTom Paseka
 

Más de Tom Paseka (15)

Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
 
The New Edge of the Network
The New Edge of the NetworkThe New Edge of the Network
The New Edge of the Network
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP's
 
Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017
 
KINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of InterconnectionKINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of Interconnection
 
Interconnection in Regional Markets
Interconnection in Regional MarketsInterconnection in Regional Markets
Interconnection in Regional Markets
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering Automation
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
 
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapCloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
 
New Zealand and the world as a CDN
New Zealand and the world as a CDNNew Zealand and the world as a CDN
New Zealand and the world as a CDN
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013
 
nanog
nanognanog
nanog
 
Unicast vs Anycast
Unicast vs AnycastUnicast vs Anycast
Unicast vs Anycast
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursor
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Routing for an Anycast CDN

  • 1. Tom Paseka Routing for an Anycast CDN Network Engineer tom@cloudflare.com
  • 2. What is CloudFlare? CloudFlare makes websites faster and safer using our globally distributed network to deliver essential services to any website: • Performance • Analytics • Content Optimization • Third party services • Security www.cloudflare.com 2
  • 3. How does CloudFlare Work? CloudFlare works at the network level. • Once a website is part of the CloudFlare community, its web traffic is routed through CloudFlare’s global network of 23 (and growing) data centers. • At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimization and third party app installations. www.cloudflare.com 3
  • 4. IPv6 Gateway With the Internet's explosive growth and the number of on-net devices closing in on IPv4's maximum capacity, CloudFlare now offers an automatic IPv6 gateway seamlessly bridging the IPv4 and IPv6 networks. • For most businesses, upgrading to the IPv6 protocol is costly and time consuming. • CloudFlare’s solution requires NO hardware, software, or other infrastructure changes by the site owner or hosting provider. • Enabled via the flip of a switch on the site owner’s CloudFlare dashboard. • Users can choose two options: (FULL) which will enable IPv6 on all subdomains that are CloudFlare Enabled, or (SAFE) which will automatically create specific IPv6-only subdomains (e.g. www.ipv6.yoursite.com). www.cloudflare.com 4
  • 6. Anycast CDN Anycast prefixes • Same IP Prefixes advertised in each site. • 23 Sites around the world. • No unicast used for content delivery • Unicast used to pull traffic from “origin” and management Traffic Control • How the eyeball ISP routes • ISP A routes to CloudFlare in Hong Kong, traffic will be served for ISP A from Hong Kong. www.cloudflare.com 6
  • 7. Anycast CDN Traceroute from Singapore: traceroute to 173.245.61.248 (173.245.61.248), 30 hops max, 40 byte packets 1 202-150-221-169.rev.ne.com.sg (202.150.221.169) 0.351 ms 0.406 ms 0.456 ms 2 s4-6-r10.cyberway.com.sg (203.117.6.209) 0.610 ms 0.652 ms 0.692 ms 3 anutsi10.starhub.net.sg (203.118.3.162) 2.579 ms 2.575 ms 2.562 ms 4 six2utsi1.starhub.net.sg (203.118.3.189) 1.452 ms 1.633 ms 1.768 ms 5 SH.gw5.sin1.asianetcom.net (203.192.169.41) 1.561 ms 1.620 ms 1.610 ms 6 te0-0-2-0.wr1.sin0.asianetcom.net (61.14.157.109) 2.135 ms 1.921 ms 1.950 ms 7 gi4-0-0.gw2.sin3.asianetcom.net (61.14.157.134) 1.909 ms 1.907 ms 1.882 ms 8 CDF-0003.gw2.sin3.asianetcom.net (203.192.154.26) 1.417 ms 1.504 ms 1.493 ms 9 cf-173-245-61-248.cloudflare.com (173.245.61.248) 1.470 ms 1.461 ms 1.520 ms Traceroute Completed. Traceroute from Hong Kong: From traceroute.hgc.com.hk to 173.245.61.248 traceroute to 173.245.61.248 (173.245.61.248), 64 hops max, 44 byte packets 1 bbs-1-250-0-210.on-nets.com (210.0.250.1) 0.423 ms 0.329 ms 0.320 ms 2 10.2.193.17 (10.2.193.17) 0.719 ms 0.661 ms 0.682 ms 3 peer (218.189.96.62) 0.569 ms 0.550 ms 0.545 ms 4 cloudflare-RGE.hkix.net (202.40.160.246) 1.893 ms 2.419 ms 1.910 ms 5 cf-173-245-61-248.cloudflare.com (173.245.61.248) 2.101 ms 1.973 ms 1.780 ms www.cloudflare.com 7
  • 8. Anycast CDN DNS Query DNS result returned with “Anycast” IP Client makes connection to closest server CloudFlare replies Outage Re-routes to next closest cluster Hong Kong www.cloudflare.com 8
  • 10. Transit Who? • Choice of Transit Provider is VERY important • We’ve chosen a limited number of providers per region: • Two in US/EU • Two in Asia. • Single Provider makes routing easier, but two for full reach • Transit provider should offer good routing controls • You need to be able to keep routes within a region • Prepend to specific peers • Transit Provider should make use of “Hot Potato” routing to their peers. • ie. Peer and exchange traffic in every mutual location. www.cloudflare.com 10
  • 11. Transit Routing Controls? • Must be able to keep advertisements within region. • A Customer of your European transit provider is likely to be a peer of your Asian Transit provider • You don’t want to serve traffic from Asia for Europe • Some routing controls listed on: http://www.onesc.net/communities/ • A lot of work should be done in the presales stage to understand the providers network and how they peer. • Looking at AS1299’s (Telia-Sonera) whois entry gives a good idea how they peer. www.cloudflare.com 11
  • 12. Transit Choices? • Many providers can give you good coverage for common US and EU Locations (San Jose, LA, New York, London, Amsterdam, etc...) • One provider can’t do it all in Asia. • Asian networks are usually somewhat ‘disconnected’ • Few peer with NTT in Asia • NTT, Pacnet, TATA all disconnected from each other. • Transit in the US could be far cheaper for the provider than within Asia. • Supplement this with Peering www.cloudflare.com 12
  • 14. Peering USA Peering • Is it economic to peer? • Transit is < US$1 • Eyeball networks probably *wont* peer with you • Comcast (not at any exchange) • ATT • South America? • Peering in Miami • Most networks open to peering www.cloudflare.com 14
  • 15. Peering EU Peering • Same argument as US, might be more costly to peer • Many networks more open to peering however • Major providers / incumbents more difficult, probably wont peer: • DTAG • TeliaSonera • Telecom Italia Sparkle • Telefonica • France Telecom • IX’s have good reach to surrounding regions. • AMS-IX, DE-CIX, netnod, LINX www.cloudflare.com 15
  • 16. Peering Asia Peering • Very economical. • Large providers may not peer • HKIX……. (and Hong Kong Equinix) • Local Loop to HKIX can be around US$1,000 for 1G • No IX charges. • HKIX will get you 100% of domestic Hong Kong. • Very Good Vietnam and some Taiwan, Korea, Japan and China routes too • Singapore Equinix • Priced competitively • Great Coverage for South East Asia (Indonesia, Thailand, Malaysia, India) • JPIX and JPNAP much more costly. www.cloudflare.com 16
  • 17. Peering Asia/Hong Kong Peering Economics • Transit ~US$10/M (HK) • HKIX US$2/M at 50% utilisation • Worthwhile after just 100mbit utilization. • If transit is more expensive, justification comes faster! • Hong Kong users will be upset if you don’t peer at HKIX • Quoting a customer: “Having a PoP in HKG without announcing prefixes to HKIX is like a dinner without fork.” www.cloudflare.com 17
  • 18. Peering Asia/Sydney Peering Economics • Transit ~US$30+/M • Equinix/PIPE ~US$2/M at 50% utilisation • Worthwhile after around 30mbit. • Around half the “Eyeballs” Connect to Equinix or PIPE in Sydney, WAIX in Perth. • No Telstra, Optus. (or AAPT/Verizon) www.cloudflare.com 18
  • 20. Challenges Challenges • Routing • Inefficient routing, optimizing. • Turning up peering, causing unexpected routing changes • Russian Network preferred our routes via HKIX instead of in Europe. • Keeping optimal routing to Eyeball Networks • Deployments into new markets • China • South America. www.cloudflare.com 20
  • 21. Challenges SOME NETWORKS DO STRANGE THINGS! • An Israeli ISP is doing per-packet load sharing over multiple ISPs • A SYN will connect in Amsterdam • Amsterdam anycast node replies with SYN-ACK • Washington DC receives ACK. • TCP IS BROKEN! • Troubleshooting is not easy. www.cloudflare.com 21
  • 22. Challenges How to troubleshoot? • Whole new techniques • Ping is wonderful tool. • Ping from Anycast IP, to determine if remote side is reachable from that node. • Ping from Unicast IP, to determine if remote side is reachable. www.cloudflare.com 22
  • 23. Challenges Look at the Seq Numbers Lots of packet loss www.cloudflare.com 23
  • 24. Challenges Unicast sourced ping looks nicer. www.cloudflare.com 24
  • 25. Challenges Anycast source ping no reply? Remote side replies to different colo. www.cloudflare.com 25