Anycast

Anycast is a widely used technology for boosting service availability. It involves using a distributed server set-up to fend off DDoS attacks. There are two kinds of anycast set-up: global anycast and local anycast. This page outlines how the two systems work.

Global anycast

Global anycast is a successful, proven technology. The principle underpinning it is as simple as it is effective. A number of servers share a single IP address, making routers 'think' that they are all the same server. IP packages are therefore forwarded to the 'nearest' point, with the result that the total network load is distributed across the multiple instances of the server.

Local anycast

Anycast

Local anycast differs from global anycast insofar as a number of local nodes are created. A node is a computer or another device connected to a given network. Smart routing means that the nodes can only be approached locally. As a result, worldwide DDoS traffic cannot ever reach a local node, regardless of the traffic volume. The only DDoS traffic that can reach the node is locally generated traffic, which is much easier to control. Local anycast is therefore an effective response to the risk of major DDoS attacks.

Who can benefit from local anycast?

SIDN's local anycast-technology is attractive mainly to large ISPs and hosting firms. With local anycast, the .nl domain remains available to customers of the participating ISP or hosting firm, even in the event of a DDoS attack. SIDN also operates so-called 'shared nodes' – local anycast servers that are shared by several firms – which are attractive mainly to smaller players. Any hosting firm can ask to participate, but SIDN does attach a number of conditions to acceptance. For example:

  • You must have a sound policy for tackling abuse.

  • You must support IPv6.

More information

If you would like more information about SIDN’s local anycast or you would like to participate, please contact SIDN.

  • Friday 19 April 2019

    SIDN Labs

    SIDN to promote adoption of the DANE internet standard

    Thumb-e-mail

    E-mail security standard added to the Registrar Scorecard

    Read more
  • Tuesday 11 June 2019

    SIDN Labs

    Who’s knocking? Profiling recursive resolvers on authoritative name servers

    Thumb-knocking-at-the-door

    Their caching properties are particularly useful for speeding up searches

    Read more
  • Wednesday 16 January 2019

    Internet security

    Registrants and operators need to test for EDNS compliance

    Thumb-error-people-inside-computer

    Domain names on non-compliant servers may be unreachable after 1 February

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.