Re: Automatic mirror detection
Hi all.
On Wed, Oct 31, 2007 at 02:57:59PM +0100, Leo costela Antunes said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Miguel Ramos wrote:
> > The solution you talk about (wich is software based) can be implemented at the
> > network "layer". The solution is _anycast_.
> > If we can manage to technicaly implement it, it would work as you propose.
>
> I never implemented anycast, but my understanding of it is that - being
> a routing scheme - it's not suited for connection oriented protocols
> like TCP (and HTTP/FTP by extension). In practice this problem shouldn't
> arise that often, but doing so (in a situation where the "nearest"
> definition is dubious and the router hops constantly between two close
> mirrors, for instance), it would be really annoying to debug/fix.
FWIW, nz.d.o is implemented on an anycast CDN - we have a couple of
nodes in NZ, and another in California. Given the stability of the
underpinning network, flaps rarely cause an issue, but that's because
the nodes are topologically distant. If flaps are a problem, you can
get around that by redirecting from the anycast address back to a local
unicast address - so that once a server has been selected via anycast,
the user TCP session uses the same unicast server. We've not bothered
to do that, because it really hasn't been an issue - in reality, the old
bogey of "anycast is bad for TCP" doesn't seem to be as much of an issue
as the naysayers make out (but it really would depend on the topologic
closeness of your nodes).
> Also, the fact that not all out mirrors are interested or otherwise
> capable of performing routing configuration changes on their networks
> makes this a bit more difficult, since it would have to be AFAIK a
> coordinated distributed BGP configuration, for instance.
The anycast infrastructure works really well, but you do have to have
pretty close control of the BGP configs. It's likely that at any given
time, somebody will have fouled up their BGP config and blackholed a
chunk of the interweb from access to the anycast cloud, so you'd
probably need to maintain a set of non-anycast servers (as exists now).
At that point, it's not clear if an anycast network actually gains
debian a great deal.
Cheers
Si
Reply to: