Anycast is a widely used technology for boosting service availability. It involves using a distributed server set-up to fend off DDoS attacks. There are two kinds of anycast set-up: global anycast and local anycast. This page outlines how the two systems work.
Global anycast is a successful, proven technology. The principle underpinning it is as simple as it is effective. A number of servers share a single IP address, making routers 'think' that they are all the same server. IP packages are therefore forwarded to the 'nearest' point, with the result that the total network load is distributed across the multiple instances of the server.
Local anycast differs from global anycast insofar as a number of local nodes are created. A node is a computer or another device connected to a given network. Smart routing means that the nodes can only be approached locally. As a result, worldwide DDoS traffic cannot ever reach a local node, regardless of the traffic volume. The only DDoS traffic that can reach the node is locally generated traffic, which is much easier to control. Local anycast is therefore an effective response to the risk of major DDoS attacks.
Who can benefit from local anycast?
SIDN's local anycast-technology is attractive mainly to large ISPs and hosting firms. With local anycast, the .nl domain remains available to customers of the participating ISP or hosting firm, even in the event of a DDoS attack. SIDN also operates so-called 'shared nodes' – local anycast servers that are shared by several firms – which are attractive mainly to smaller players. Any hosting firm can ask to participate, but SIDN does attach a number of conditions to acceptance. For example:
You must have a sound policy for tackling abuse.
You must support IPv6.
If you would like more information about SIDN’s local anycast or you would like to participate, please contact SIDN.