netcat.ca

VRF is a method to maintain separate and distinct routing tables on a router. You can assign an interface to a VRF and it will not be able to communicate with others in other VRFs. You can the same IP address in VRF1 and VRF2 for example and they will not clash or cause routing loops. We will be using VRF with BGP to create a protected segment of our network. This segment will be filtered automatically by some anti-DDOS devices since the traffic will have to go through them. The setup is quite sophisticated and require new features of the IOS. The Juniper approach is much cleaner and more understandable. I have to admit that it’s not my idea to use VRF and that I would never have come to such conclusion. There is so much to learn…

Anycast routing is a load balancing and redundancy technique that is being used by many companies now. F.root-servers.net runs under anycast. Cachefly too. Anycast is basically having several servers using the same IP address that are geographically dispersed. They use BGP to announce the anycast/virtual IP address. The end-users connects to the nearest server network-wise (BGP). If the server crashes, the BGP session will terminate also. The anycast/virtual IP address will no longer be announced and routed to the crashed server. The trafic will be sent to the remaining anycast servers.

It is a very clever technique involving the use of BGP. It is advisable to run some load balancing software behind the anycast IP. Anycast can also be used for stateful connections (TCP). The routing must be stable otherwise the end-user would ‘hop’ among the anycast servers. This may cause some session issues.

While maintaining the simplicity of our network, I am trying to design a redundant, resilient service that can use anycast as a technique. UDP Anycast for DNS is easy to setup. But more thoughts should be allocated to TCP anycast however