Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-28-2013, 03:46 AM
|
#1
|
LQ Newbie
Registered: Feb 2013
Posts: 20
Rep: 
|
Anycasr and ddos -> where occurs the mitigation
Hello,
I was reading -a lot- about anycast.
Seems fine but cannot imagine how wonderfully it may stop a ddos.
I need to be sure :
Where is the unique ip ? dns servers' or the (web)servers' ?
If the former, it is easy to grab a (web)server ip and then anycast is useless.
If the latter, then I can understand how it works and how it is useful. Same ip on all the servers : one cannot attack one server but many.
But what happens when a ddos is directed to the final ip address ? How anycast works in this case ?
I really think that dns servers servicing anycast have the list of all the relevant ip of the infrastructure and know where to transmit the packet with the lowest hops.
Could someone help me understand (I already read a lot but need to be reassured).
Bests,
|
|
|
08-29-2013, 03:52 PM
|
#2
|
Member
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891
Rep: 
|
Anycasting uses the concept of an IP address representing a service rather than a specific host. You can have a number of hosts advertising the same IP address because they all offer an identical service.
The point is that the network will find the topologically closest instance of this service to handle the user request.
Any particular user will always have one instance that is closest as measured by whatever routing protocol you are using, so no you couldn't attack more than one of these instances at a time from a single node.
With a Distributed DOS attack you obviously could, but then this is no more or less vulnerable than a single host. I've not read anywhere that anycasting is supposed to be a protection against DDoS anyway, where did you get this idea from?
Anycasting is basically used for the purposes of redundancy, load-balancing and network efficiency as far as I'm aware.
|
|
|
08-30-2013, 09:20 AM
|
#3
|
LQ Newbie
Registered: Feb 2013
Posts: 20
Original Poster
Rep: 
|
You are right,
Anycast is not actively against ddos.
It is a passive benefit.
Lot of big companies use anycast as a way to optimize network and "localize" ddos.
My concern was about where these ip are set up.
I think the solution is that anycast can be implemented at different levels dns, webservers..
And indeed, the security may be enhanced due to the forced localization of the attack.
Am I right ?
|
|
|
08-30-2013, 01:42 PM
|
#4
|
Member
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891
Rep: 
|
I agree, security is enhanced in as much as to break the service you have to break both locations of the service.
The IP's are actually configured on loopback addresses. So I have two routers in different locations, both configured with the same public IP address. When I advertise them into the internet via BGP the network now knows about both. If I target that IP with a tunnel and the main site goes down, BGP automatically "finds" the other instance thus rerouting the tunnel. The destination appears to BGP to have moved, when in fact its two different sites with the same IP.
A more usual example is that the company I work for has a DNS server at two sites. The DNS servers, on Redhat as it happens, both have an IP on a loopback interface. That IP is advertised via OSPF into the core network.
Any users at at site 1 will hit the server at site 1 as it is "closer" according to OSPF metrics. Likewise users at site 2 hit the site 2 server. If either dies then all traffic will hit the one thats left.
So its a generically useful concept.
|
|
|
08-30-2013, 04:54 PM
|
#5
|
LQ Newbie
Registered: Feb 2013
Posts: 20
Original Poster
Rep: 
|
I think you are right,
Many thanks for your clarifications baldy
See you,
|
|
|
All times are GMT -5. The time now is 02:46 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|