Anycast

Anycast is a widely used technology for boosting service availability. It involves using a distributed server set-up to fend off DDoS attacks. There are two kinds of anycast set-up: global anycast and local anycast. This page outlines how the two systems work.

Global anycast

Global anycast is a successful, proven technology. The principle underpinning it is as simple as it is effective. A number of servers share a single IP address, making routers 'think' that they are all the same server. IP packages are therefore forwarded to the 'nearest' point, with the result that the total network load is distributed across the multiple instances of the server.

Local anycast

Local anycast differs from global anycast insofar as a number of local nodes are created. A node is a computer or another device connected to a given network. Smart routing means that the nodes can only be approached locally. As a result, worldwide DDoS traffic cannot ever reach a local node, regardless of the traffic volume. The only DDoS traffic that can reach the node is locally generated traffic, which is much easier to control. Local anycast is therefore an effective response to the risk of major DDoS attacks.

Global anycast

Who can benefit from local anycast?

SIDN's local anycast-technology is attractive mainly to large ISPs and hosting firms. With local anycast, the .nl domain remains available to customers of the participating ISP or hosting firm, even in the event of a DDoS attack.

SIDN also operates so-called 'shared nodes' – local anycast servers that are shared by several firms – which are attractive mainly to smaller players. Any hosting firm can ask to participate, but SIDN does attach a number of conditions to acceptance. For example:

  • You must have a sound policy for tackling abuse.
  • You must support IPv6.

More information

If you would like more information about SIDN’s local anycast or you would like to participate, please contact SIDN.

Comments

  • Monday 3 September 2018 Internet security

    Root KSK rollover resumed: switch now scheduled for 11 October

    Check je DNSSEC trust anchors!

    Afbeelding van Root KSK rollover resumed: switch now scheduled for 11 October
    Read more
  • Thursday 13 April 2017 Internet security

    Don't let your domain name be your site's Achilles' heel

    Secure changes on your domain name

    Afbeelding van Don't let your domain name be your site's Achilles' heel
    Read more
  • Wednesday 19 April 2017 Knowledge

    What makes your website trustworthy?

    Five best ways to win trust

    Afbeelding van What makes your website trustworthy?
    Read more