Building a fast CDN with anycast (OSPFv2/3 based)

A Priori : If you didn’t already read the previous post Building a fast CDN with anycast (BGP) about, I would advice you to read it before starting with this one, which is only technical.

Deploying anycast loopback advertising via OSPF

The goal is to make a server, in our case a DNS server, announcing his own IP address in order to get anycast DNS working over several continents. He has to do the announcement itself otherwise he will not disappear from the routing tables and causing DNS request black holing.

Configure the server router

We have to install Quagga from repositories :

apt-get install quagga
sysctl -w net.ipv6.conf.default.router_solicitations=0
sysctl -w net.ipv6.conf.default.accept_ra=0
sysctl -w net.ipv6.conf.default.forwarding=1
sysctl -w net.ipv4.conf.default.forwarding=1

If you don’t want to use IPv6, you shall better not let it active (but of course we prefer deactivate ipv4):

sysctl -w net.ipv6.conf.all.disable_ipv6=1

Edit the file to define what protocols you want running on your server:

vim /etc/quagga/daemons

For example, our file is looking this like:

zebra=yes
bgpd=no
ospfd=yes
ospf6d=yes
ripd=no
ripngd=no
isisd=no

Now we have to configure our network with the right interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface

allow-hotplug eth0
iface eth0 inet static
address 172.16.0.2
netmask 255.255.255.0
gateway 172.16.0.1

auto lo:0
iface lo:0 inet static
address 10.0.0.1
netmask 255.255.255.255

iface lo:0 inet6 static
address 2a01:278:1:f:10:0:0:1
netmask 128

iface eth0 inet6 static
address 2a01:278:1:1::60
netmask 64
gateway 2a01:278:1:1::1

The zebra file can be adapted to look like this:

!
hostname Router
password zebra
enable password zebra
!
interface eth0
 description dns-node-1
 ip address 172.16.0.2/24
 ip forwarding
!
interface lo
  ip address 10.0.0.1/32
  description dns-ip-1
  ip forwarding
!

Now give ospf information about interfaces you want to use :

!
hostname ospfd
password zebra
 enable password zebra
!
interface eth0
!
interface lo
!
router ospf
  network 172.16.0.0/24 area 0.0.0.0
  network 10.0.0.1/32 area 0.0.0.0
  log-adjacency-changes
  redistribute connected
!

Then ospf6d.conf file looks like this in ou example:

hostname ospf6d@plant
password zebra
log stdout
service advanced-vty
!
debug ospf6 neighbor state
!
interface lo0
 ipv6 ospf6 cost 1
 ipv6 ospf6 hello-interval 10
 ipv6 ospf6 dead-interval 40
 ipv6 ospf6 retransmit-interval 5
 ipv6 ospf6 priority 1
 ipv6 ospf6 transmit-delay 1
 ipv6 ospf6 instance-id 0
!
router ospf6
 router-id 255.1.1.1
 interface lo0  area 0.0.0.0
 interface eth0 area 0.0.0.0
 redistribute connected
!

Use this command to display the router shell :

#vtysh

#show run
!
!
interface eth0
 description dns-node-1
 ip address 172.16.0.2/24
 ipv6 nd suppress-ra
!
interface eth1
 ipv6 nd suppress-ra
!
interface lo
 description dns-ip-1
 ip address 10.0.0.1/32 label lo:0
!
router ospf
 log-adjacency-changes
 redistribute connected
 network 10.0.0.1/32 area 0.0.0.0
 network 172.16.0.0/24 area 0.0.0.0
!
ip forwarding
!
line vty

Configure the router

The router configuration is looking like this :

hostname Router
hostname ospfd
hostname ospf6d@plant
log stdout
!
service advanced-vty
!
debug ospf6 lsa unknown
debug ospf6 neighbor state
!
password zebra
enable password zebra
!
interface eth0
 description dns-node-1
 ip address 172.16.0.2/24
 ipv6 nd suppress-ra
 ipv6 ospf6 cost 1
 ipv6 ospf6 dead-interval 40
 ipv6 ospf6 hello-interval 10
 ipv6 ospf6 instance-id 0
 ipv6 ospf6 priority 1
 ipv6 ospf6 retransmit-interval 5
 ipv6 ospf6 transmit-delay 1
!
interface eth1
 ipv6 nd suppress-ra
!
interface lo0
 ipv6 ospf6 cost 1
 ipv6 ospf6 dead-interval 40
 ipv6 ospf6 hello-interval 10
 ipv6 ospf6 instance-id 0
 ipv6 ospf6 priority 1
 ipv6 ospf6 retransmit-interval 5
 ipv6 ospf6 transmit-delay 1
!
router ospf
 log-adjacency-changes
 redistribute connected
 network 10.0.0.1/32 area 0.0.0.0
 network 172.16.0.0/24 area 0.0.0.0
!
router ospf6
 router-id 255.1.1.1
 redistribute connected
 interface lo0 area 0.0.0.0
 interface eth0 area 0.0.0.0
!
ip forwarding
!
line vty
 access-class access4
 exec-timeout 0 0
 ipv6 access-class access6
!

Make sure all settings are set and permissions are right :

chown quagga.quaggavty /etc/quagga/*.conf
chmod 640 /etc/quagga/*.conf

Check the results / Troubleshooting

First, check connectivity with neighbor via ping :

NetIron CER 2024F#ping 172.16.0.2
Sending 1, 16-byte ICMP Echo to 172.16.0.2, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 172.16.0.2      : bytes=16 time=1ms TTL=64
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.

Then, check neighbor statement :

NetIron CER 2024F(config)#show ip ospf neighbor 
Number of Neighbors is 1, in FULL state 1

Port   Address         Pri State      Neigh Address   Neigh ID        Ev Opt Cnt
1/2    172.16.0.1      1   FULL/BDR   172.16.0.2      10.0.0.1        5  2   0

You can check OSPF handled routes :

NetIron CER 2024F(config)#show ip route ospf
Type Codes - B:BGP D:Connected I:ISIS O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
STATIC Codes - d:DHCPv6
        Destination        Gateway         Port          Cost          Type Uptime src-vrf
1       10.0.0.1/32        172.16.0.2      eth 1/2       110/11        O    1h10m  -

or here with ipv6:

NetIron CER 2024F#show ipv6 route ospf
Type Codes - B:BGP C:Connected I:ISIS L:Local O:OSPF R:RIP S:Static
BGP  Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - d:DHCPv6
Type IPv6 Prefix            Next Hop Router          Interface     Dis/Metric     Uptime src-vrf
O1   2a01:278:1:f:10::1/128 fe80::215:60ff:feed:7c3e eth 1/2       110/1          2h57m  -

Finally, try to ping the loopback /32 :

NetIron CER 2024F#ping 10.0.0.1
Sending 1, 16-byte ICMP Echo to 10.0.0.1, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 10.0.0.1        : bytes=16 time=1ms TTL=64
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.

N.B. : If you see any error, please notice it, I would be happy to learn something and would update the post.

Sources

I used a lot of different sources to gather information and knowledge. But here are the main ones:

http://ddiguru.com/blog/118-introduction-to-anycast-dns

http://www.openfusion.net/tags/dns/

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s